Sam Hazen will donate 100% of his pay in April and May to the HCA Healthcare Hope Fund; senior leadership will be taking a 30% pay cut "until the pandemic passes."
In a message to all HCA Healthcare colleagues, CEO Sam Hazen announced initiatives to financially support employees across the healthcare organization's 21-state network of 184 hospitals and 2,000 sites of care due to the COVID-19 pandemic.
"When we started our planning to respond to this massive public health emergency, we did it with the goal of protecting our employees and protecting our physicians so that we could best serve our patients," Hazen said. "So far, we have achieved that goal, and now we will continue to support you with our pandemic pay continuation programs."
Numerous HCA outpatient facilities, clinics, and departments have closed in the past few weeks due to a drop in patient volume, causing the organization to redeploy staff where needed to "keep team members working," Hazen said. HCA's pay program will assist full- and part-time staff in clinical and non-clinical support services who cannot be redeployed to other facilities. They will be eligible for 70% of their base pay for up to seven weeks (through May 16).
A similar plan will be implemented for office staff in HCA's division and corporate offices.
Staff members who work in patient care facilities and have to be quarantined will receive their full base pay for scheduled hours. Staff who don't work in patient care facilities and fall ill may be eligible for short-term disability or leave of absence.
The HCA Healthcare senior leadership team is taking a 30% pay cut "until the pandemic passes" in order to support the pay programs, according to Hazen.
Hazen said, "I will also donate 100 percent of my pay in April and May to the HCA Hope Fund, and believe other senior leaders will make significant contributions to it also."
The HCA Healthcare Hope Fund is a public 501(c)3 charity that's employee-run and employee-supported "to help HCA Healthcare employees and their immediate families who are affected by financial hardship."
The Board of Directors decided to waive "their cash compensation for the remainder of the year allowing the company to make an additional contribution to the HCA Hope Fund."
With this new procedure in place, response time to partnerships and procompetitive collaboration among health systems and hospitals and outside businesses are expedited amid COVID-19 needs.
The Antitrust Division of the U.S. Department of Justice (DOJ) and the Bureau of Competition of the Federal Trade Commission (FTC) released a joint antitrust statement to expedite the response time for approving procompetitive collaboration for COVID-19–related requests.
The new expedited procedure is "solely" for COVID-19–related requests from healthcare organizations and businesses wanting to partner to address public health and safety and will ensure a faster statement review and response time of no more than seven calendar days. This enables faster partnerships between healthcare facilities to ensure communities possess the proper resources and services. These partnerships may also include aligning with outside businesses for production and distribution of COVID-19–related supplies. In the past, the statement response time could take up to several months.
According to FTC Chairman Joe Simons in a press release, "Under these extraordinary circumstances, we understand that businesses collaborating on public health initiatives may need an expedited response from U.S. antitrust authorities. We are committed to doing everything we can to help with these efforts, while continuing to aggressively enforce the antitrust laws."
In addition, in their joint statement, the FTC and the DOJ cite collaborative activities "that would likely be consistent with the antitrust laws" if immediate action is needed from procompetitive collaborations between healthcare systems and businesses to address the pandemic.
These instances wouldn't need to wait for a statement from the FTC and DOJ.
The following partnerships follow guidelines consistent with antitrust laws:
Collaboration on research and development
Sharing general technical know-how without entrusting sensitive information
Providers' suggested practice parameters to assist in clinical decision-making
Joint purchasing agreements among healthcare providers when done to increase efficiency of procurement and to reduce transaction costs
Private lobbying addressed to the use of federal emergency authority to discuss strategies around COVID-19
The FTC and DOJ also warn that any criminal violations of the antitrust laws will end in prosecution, and the agencies stand ready to pursue any civil violations of the antitrust laws.
Health systems and hospitals are not immune to the threat of hackers during the COVID-19 pandemic.
A cyberattack on the U.S. Department of Health and Human Services (HHS) earlier this month could serve as a wake-up call to health system and hospital leaders that no organization is immune to the threat of computer hackers, even during a pandemic like COVID-19. Cyberattacks can affect critical aspects of health systems and hospitals that are dependent on an organization's computer network, such as access to patient data and electronic health records.
It seems that increased cybersecurity is more important than ever at hospitals and health systems, as "the number of malicious reports related to Coronavirus has increased" more than 475% so far in the month of March, as compared to February, with healthcare being among the most targeted sectors, according to Bitdefender.
HealthLeaders spoke with Jorge Rey, chief information security officer and cybersecurity and compliance principal for Kaufman Rossin about strategies he suggests hospitals should follow to ensure that they stay “cybersafe” during a pandemic. Rey heads the cybersecurity consultant division, which includes cybersecurity training, cyber security risk assessment, and HIPAA compliance for healthcare providers and business associates.
This transcript has been edited for clarity and brevity.
HealthLeaders: Due to the COVID-19 pandemic, do health systems and hospitals have to be more vigilant than ever in keeping their networks safe?
Jorge Rey: The answer's yes. We definitely have seen an increase of phishing-related scams as related to the coronavirus, and they've been targeted into the health systems. In the past two to three weeks, there's been a spike on these types of attacks.
HL: What steps can healthcare executives take to ensure their organizations' networks are secure during a pandemic?
Rey: Ultimately, your best channel is to improve your communication and make sure that people are fully aware of what the risks are and the best practices to follow. Following the [policies] that have been designed and implemented is key in making sure that our hospitals are not taking shortcuts without recognizing the risks that that brings.
HL: What general guidelines can hospitals and health systems follow to stay safe and strengthen their cyber health during a pandemic?
Rey: Ultimately, I think it goes on a case-by-case basis. Right now, a lot of companies, including hospitals, [are] faced with specific challenges just because of the nature of the situation.
We're all under what's called a disaster recovery situation. A lot of companies are doing a business continuity plan, meaning working remotely. And so, by doing that, we create a little bit of a different risk landscape for the hospitals.
Ideally, what all hospitals should be doing from a security perspective is reviewing the risk assessment and validating whether working remotely or telecommuting would increase their risk and make sure that they have the current security in place. [They should] make sure that can be managed going forward.
HL: What is the biggest risk? Do you think working remotely or utilizing telehealth services are creating a higher cybersecurity risk? If hospitals are running on outdated software, does that increase risk?
Rey: I do believe that with the current coronavirus situation [there’s] increased risk and there's different reasons why that is.
One, you have targeted phishing scams trying to get people to do something using the coronavirus as your trigger. You have changed your existing operations to be working remotely so, by design, that is changing the risk.
I don't think that having an older software increases the risk, as long as that has been identified in a prior risk assessment, and the hospitals have identified complementary controls. Sometimes, in these situations, we have system limitations that don't allow us to upgrade to a better software or more updated software. But that doesn't mean that the system by design is more insecure. We just need to make sure that it’s been assessed and secured accordingly. Like, for example, with a firewall.
I do agree that the current situation has changed the risk and it has changed the threat landscape. If before you were not working remotely and you [are now], do you have access to print personal health information from your house, and do you have the proper methods to destroy that information? Is the computer you’re using to connect to the hospital network secure?
HL: Do you have anything else you'd like to add?
Rey: At the end of the day, we’re in a challenging situation, and we just need to make sure that we adapt to that situation. If hospitals have not done risk assessment [and] risk analysis, I think they’re creating risk for themselves.
We don't know when this [pandemic] is going to end, but we all know that it’s going to end. So hopefully when that happens, there are some lessons learned from it that actually can be incorporated into their security culture going forward.