Key California Health Laws: AB 211, SB 541. Overview

Similar documents
GENERAL ADMINISTRATIVE POLICY: ADVERSE EVENT REPORTING TO CALIFORNIA DEPARTMENT OF PUBLIC HEALTH (CDPH)

VERMONT2008 Patient Safety, Surveillance, and Improvement System

Consumers Union/Safe Patient Project Page 1 of 7

Serious Reportable Events (SREs) Transparency & Accountability are Critical to Reducing Medical Errors

Subject: Hospital-Acquired Conditions (Page 1 of 5)

Serious Reportable Events in Healthcare 2011 Update

ETHICAL CONSIDERATIONS THAT ARISE IN LONG TERM CARE PART 2 REPORTING OBLIGATIONS

R. Gregory Cochran, MD, JD

National Health Regulatory Authority Kingdom of Bahrain

Financial Disclosure. Learning Objectives: Preventing and Responding to Sentinel Events in Surgery 10/13/2015

PATIENT RIGHTS TO ACCESS PERSONAL MEDICAL RECORDS California Health & Safety Code Section

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

POLICIES AND PROCEDURE MANUAL

(1) Provides a brief overview of CMS Medicare payment policy for selected HACs;

Sample Reportable Events

POLICY NAME POLICY # Sentinel, Adverse Event and Near Miss. CSP Reporting and Investigation

Serious Reportable Events Madeleine Biondolillo, MD Associate Commissioner Public Health Council August 2014

(9) Efforts to enact protections for kidney dialysis patients in California have been stymied in Sacramento by the dialysis corporations, which spent

Preventing Serious Reportable Events in Health Care

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT

ASSEMBLY BILL No. 214

SENATE, No STATE OF NEW JERSEY. 216th LEGISLATURE INTRODUCED APRIL 28, 2014

Mandatory Reporting Requirements: The Elderly California

NOTICE OF PRIVACY PRACTICES

Current Status: Active PolicyStat ID: COPY CONTRACTOR, MEDICAL STAFF, REFERRAL SOURCE AND EMPLOYEE SCREENING POLICY

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 1999 SESSION LAW SENATE BILL 10

Legal Issues facing Healthcare Employees. Medical Therapeutics Gibson County High School

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

I. Preamble: II. Parties:

Scope of Regulation Excerpt from Business and Professions Code Division 2, Chapter 6, Article 2

Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL Phone Number: (334)

PRESCRIPTION MONITORING PROGRAM STATE PROFILES TENNESSEE

NOTICE OF PRIVACY PRACTICES

Regulations. The regulations which require and govern reports to DBHDS which could be reported in the CHRIS system are:

HIPAA Notice of Privacy Practices

Healthcare Facility Regulation

Prescription Monitoring Program State Profiles - California

RULES AND REGULATIONS OF THE MAINE STATE BOARD OF NURSING CHAPTER 4

Chapter II OVERVIEW OF THE MEDICAL BOARD OF CALIFORNIA

Chapter 9 Legal Aspects of Health Information Management

PATIENT INFORMATION. In Case of Emergency Notification

CITY OF LOS ANGELES DEPARTMENT OF AGING POLICIES AND PROCEDURES RELATED TO MANDATED ELDER ABUSE REPORTER

NOTICE OF PRIVACY PRACTICES

A Review of Current EMTALA and Florida Law

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

Be it enacted by the General Assembly of the Commonwealth of Kentucky: Section 1. KRS is amended to read as follows:

Patient Privacy Requirements Beyond HIPAA

Mandatory Public Reporting of Hospital Acquired Infections

HEALTH CARE PROVIDERS IMMUNITY FROM LIABILITY ACT

Florida s New Law on Controlled Substance Prescribing

States that Allow Prescribers and/or Dispensers to Appoint a Delegate to Access the PMP

Illinois Hospital Report Card Act

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

Mandatory Reporting Requirements: The Elderly Rhode Island

DoD R, December 1982

Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

The University of Chicago Medicine Privacy Program Accounting of Disclosures Definition Table

Advanced Oral & Maxillofacial Surgery, Ltd. NOTICE OF PRIVACY PRACTICES

SENATE BILL No. 323 AMENDED IN SENATE MARCH 26, Introduced by Senator Hernandez (Principal coauthor: Assembly Member Eggman) February 23, 2015

PATIENT BILL OF RIGHTS & NOTICE OF PRIVACY PRACTICES

The Wisconsin epdmp:

Department of Defense INSTRUCTION. SUBJECT: Military Health System (MHS) Patient Safety Program (PSP) (MHSPSP)

Psychological Services Agreement

1303A West Campus Drive

PATIENT NOTICE OF PRIVACY PRACTICES Effective Date: June 1, 2012 Updated: May 9, 2017

PEDIATRIC HEALTH ASSOCIATES HIPAA NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

1). AB-2436 Clinical laboratory testing.( )

States that Allow Prescribers and/or Dispensers to Appoint a Delegate to Access the PMP

MPN PARTICIPATION AGREEMENT FOR MEDICAL GROUP

CHI Mercy Health. Definitions

Prescription Monitoring Program State Profiles - Illinois

NOTICE OF PRIVACY PRACTICES

NC General Statutes - Chapter 131D Article 3 1

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

MCCP Online Orientation

Referred to Committee on Health and Human Services. SUMMARY Makes various changes concerning health care facilities that employ nurses.

WEST VIRGINIA LEGISLATURE. Senate Bill 519

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

HIPAA Training

Title 18 RCW Chapter

STANDARDS OF CONDUCT SCH

physicians, nurses, and technicians and other Facility personnel for review and learning purposes. We may also combine the medical information we

Complaint Investigations of Minnesota Health Care Facilities

Privacy and Consent Primer

The Impact of PSO Confidentiality and Privilege Protections on the Peer Review Process: What you need to know

KANSAS CHILD CARE LICENSING AND REGISTRATION LAWS Chapter 65. PUBLIC HEALTH Article 5. MATERNITY CENTERS AND CHILD CARE FACILITIES

SERIOUS REPORTABLE EVENTS IN HEALTHCARE 2011 UPDATE: A CONSENSUS REPORT

always legally required to follow the privacy practices described in this Notice.

A Better You Counseling Services, LLC 1225 Johnson Ferry Road, Ste 170 Marietta GA

GENERAL INFORMATION: NURSE PRACTITIONER PRACTICE

NOTICE OF PRIVACY PRACTICES

Patient Consent Form

Report to the General Assembly: Nursing Home Inspection and Enforcement Activities. A Report to the 105 th Tennessee General Assembly

Patient Safety Course Descriptions

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2015 HOUSE DRH20205-MG-112 (03/24) Short Title: Enact Death With Dignity Act. (Public)

Pain Specialists of Greater Chicago Notice of Privacy Practices

Notice of Privacy Practices

Department of Health Presentation: May 18 th Presenters: Jacqueline Jones and Bonnie Stevens

Transcription:

Key California Health Laws: AB 211, SB 541 Shirley P. Morrigan, Esq. Foley & Lardner LLP 555 South Flower, #3500 Los Angeles, CA 90071 tel: (213) 972-4668 fax: (213) 486-0065 cell: (310) 488-8788 email: smorrigan@foley.com M. Leeann Habte, Esq. Foley & Lardner LLP 555 South Flower, #3500 Los Angeles, CA 90071 tel: (213) 972-4679 fax: (213) 486-0065 email: lhabte@foley.com Foley & Lardner LLP Web Conference Los Angeles, CA October 15, 2008 2008 Foley & Lardner LLP-Attorney Advertising-Prior results do not guarantee a similar outcome-models used are not actual clients but are representative of clients-321 N. Clark Street, Suite 2800, Chicago, IL 60610-312.832.4500 Overview Background on New Legislation AB 211 SB 541 Recent Board of Pharmacy Enforcement Initiatives Recent Fines Imposed by Department of Public Health for Immediate Jeopardy 1 1

Background AB 211 and SB 541 were prompted by the disclosure of snooping into celebrity medical records at UCLA, use of patient data for fundraising at UCSF, and other inappropriate uses Snooping did not constitute illegal disclosure under CMIA or HIPAA Enforcement is currently a prerogative of the state Attorney General or District Attorneys 2 Background Repeated violations of patient confidentiality are potentially harmful to Californians, which is why financial penalties are needed to ensure employees and facilities do not breach confidential medical information. Californians seeking care at a hospital or health facility should never have to worry that their private medical information will be shared. Governor Arnold Schwarzenegger September 30, 2008 3 2

Background Goals of new laws Improve privacy protections Increase enforcement actions for medical errors Give the state the tools to assess and enforce fines against health facilities and individuals who inappropriately obtain, access, use, or disclose medical information 4 AB 211 Increases Privacy Protections Requires health care providers to prevent unlawful access, use, or disclosure of patients' medical information Holds health care providers and individuals accountable for ensuring the privacy of patients medical information Adds Cal. Health & Safety Code 130200-130205, revises Cal. Civil Code 56.36 Effective January 1, 2009 5 3

AB 211 Increases Privacy Protections Your medical information should not be flapping in the breeze like an open hospital gown. Assemblyman Dave Jones (D) 6 Confidentiality of Medical Information Act (CMIA) CMIA currently prohibits Disclosure of medical information Regarding a patient of the provider of health care or an enrollee or subscriber of a health care service plan By a provider of health care, health care service plan, or contractor Without prior written authorization Unless specific exceptions for required and permissive disclosures exist (Cal. Civ. Code 56.10) 7 4

Applicability of CMIA Provider of health care is defined as Any person licensed or certified under the Business and Professions Code such as dentists, physicians, physical therapists, and others Chiropractors and osteopaths Any clinic, health dispensary, or health facility (such as nursing facilities, home health agencies, etc.) licensed under the Health & Safety Code (Cal. Civ. Code 56.05) 8 Applicability of CMIA Provider of health care also includes Any business organized for the purpose of maintaining medical information in order to make the information available to providers or individuals to either allow the individual to manage his or her information or for the diagnosis and treatment of the individual (Cal. Civ. Code 56.06) Section 56.06 was revised in 2008 to apply to all businesses that maintain medical information whether or not maintaining medical information is the primary purpose of the business 9 5

Punishment of CMIA Violations Violation of CMIA that results in economic loss or damage Punishable as misdemeanor An individual may bring a civil action for nominal or actual damages against any person or entity who has negligently released confidential information or records concerning him/her in violation of CMIA 10 Punishment of CMIA Violations In addition, administrative fines and civil penalties may be assessed against any person or entity, whether licensed or unlicensed by the licensing agency or certifying board or court In amounts of $2,500 for negligent disclosure Up to $25,000 for knowingly and willfully obtaining, disclosing and using medical information in violation of CMIA Up to $250,000 if information is also used for financial gain (Cal. Civil Code 56.36) 11 6

Health Insurance Portability and Accountability Act (HIPAA) Pursuant to the Privacy Rule, a covered entity May not use or disclose Protected health information Except as permitted or required by HIPAA (45 CFR 164.502) 12 Applicability of HIPAA Covered entity is defined as a Health plan Health care clearinghouse or Health care provider who transmits any health information in electronic form in connection with a transaction covered by HIPAA (45 CFR 164.104) 13 7

HIPAA Privacy and Security Rules Security Rule requires Covered Entities to implement physical safeguards and policies and procedures to Ensure confidentiality of protected health information and Protect against reasonably anticipated threats or unauthorized uses or disclosures of protected health information (45 CFR 164.306) 14 AB 211 Requires Providers to Prevent Unauthorized Access Requires every provider of health care to Implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient s medical information Safeguard patient medical information from unauthorized or unlawful access, use, or disclosure 15 8

AB 211 Defines Unauthorized Access Unauthorized access is defined as the inappropriate review or viewing of patient medical information without a direct need for diagnosis, treatment, or other lawful use as permitted by the Confidentiality of Medical Information Act (CMIA)... or by other statutes or regulations governing the lawful access, use, or disclosure of medical information 16 AB 211 Definition of Providers Provider of health care means the term as defined on pp. 8-9 of this outline Definition does not include health care service plans or contractors 17 9

AB 211 Definition of Medical Information Medical information means any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health care service plan, pharmaceutical company, or contractor regarding a patient's medical history, mental or physical condition, or treatment. Individually identifiable means that the medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the patient's name, address, electronic mail address, telephone number, or social security number, or other information that, alone or in combination with other publicly available information, reveals the individual's identity. Cal. Civ. Code 56.05(g) 18 AB 211 Creates New State Office to Enforce CMIA Creates the Office of Health Information Integrity ( OHII ) within the California Health and Human Services Agency Purpose To ensure enforcement of CMIA To impose administrative penalties for unauthorized use of medical information 19 10

AB 211 Definition of Providers Will the new law apply to businesses organized to maintain medical information? OHII is chaptered under Cal. Health & Safety Code 130200-130205 Section 56.06 states that nothing in this section shall be construed to make a business specified in this subdivision a provider of health care for the purposes of any law other than this part, including laws that specifically incorporate by reference the definitions of this part. 20 AB 211 Allows OHII to Assess Penalties Penalties may be assessed Against any person or provider of health care, whether licensed or unlicensed Up to $250,000 as set forth in CMIA Requires referral from DPH for assessment of fines 21 11

AB 211 Allows OHII to Assess Penalties OHII shall consider History of compliance Extent to which the facility detected violations and took preventive action to correct and prevent reoccurrence Factors outside its control that restricted the facility s ability to comply AB 211 Allows OHII to Refer for Further Action Gives OHII the authority To refer individuals, if licensed, to appropriate licensing boards for discipline Documentation and accompanying evidence is deemed an investigative communication and protected from public disclosure To recommend that civil actions be brought by the Attorney General, District Attorney, county counsel, city attorney, city prosecutor 23 12

AB 211 Prevents Double Administrative Penalties Enforcement authority is limited to persons or providers not governed by provisions enacted in SB 541 OHII may not assess administrative penalties against clinics, health facilities (hospitals, nursing facilities and other health facilities), home health agencies, or hospices licensed under Health & Safety Code 1204, 1250, 1725, or 1745 24 AB 211 Budget Considerations OHII shall be funded through non-general Fund sources Fines assessed by OHII pursuant to Cal. Civil Code 56.06 must be deposited in the Health Information Integrity Quality Improvement Account Money can be used for supporting OHII s quality improvement activities, on appropriation from the legislature Authorizes OHII to adopt rules to carry out statutory responsibilities No timeframe for promulgating rules 25 13

SB 541 Increases Amounts of Fines for Adverse Events Increases the fines for immediate jeopardy Extends the law to apply beyond hospitals to nursing homes and other health facilities, clinics, home health agencies, and hospices Sets health facility fines for privacy breaches Amends Sections 1280.1 and 1280.3 and adds Section 1280.15 to the Health and Safety Code Effective January 1, 2009 26 Definition of Immediate Jeopardy Current law "Immediate jeopardy" is a situation in which the hospital's noncompliance with one or more requirements of licensure has caused, or is likely to cause, serious injury or death to the patient Regulations not yet promulgated to the criteria to assess an administrative penalty against a health facility Under new law, regulations are not required to implement increased administrative penalty 27 14

Current Law Applies to Hospitals Under Cal. Civil Code 1279.1, DPH may assess penalties for deficiencies against General acute care hospitals, acute psychiatric hospitals and special hospitals For deficiencies After an investigation of a facilities' non-compliance with licensure standards By the DPH, Licensing and Certification Program 28 SB 541 Extends Administrative Penalties to Other Health Facilities and Providers Under SB 541, penalties are assessed against Clinics Health facilities (hospitals, intermediate care facilities, congregate living facilities, correctional treatment centers, and nursing facilities) Home health agencies Hospices Licensed under the Health & Safety Code 1204, 1250, 1725, or 1745 29 15

Current Law Requires Reporting of Adverse Events California Health & Safety Code 1279.1 Requires hospitals to report adverse events to DPH within 5 days of detection or if event is an ongoing urgent, emergent, threat to the welfare, health or safety of patients, personnel or visitors not later than 24 hours Hospitals must inform patient of the adverse event before reporting 30 Current Law Requires Reporting of Unusual Occurrences 22 Cal. Code Regs. 75053 Requires hospitals to report unusual occurrences Occurrences such as epidemic outbreaks, poisonings, fires, major accidents, deaths from unnatural causes or other catastrophes and unusual occurrences which threaten the welfare, safety or health of patients, personnel or visitors 31 16

Current Law Requires Reporting of Unusual Occurrences What does that mean? The State has tried to define unusual occurrences broadly Triggers reporting requirements Not privacy breaches 32 Reportable Adverse Events Never 28 Surgical events Surgery performed on a wrong body part Surgery performed on the wrong patient The wrong surgical procedure performed on a patient Retention of a foreign object in a patient after surgery or other procedure Death during or up to 24 hours after induction of anesthesia after surgery of a normal, healthy patient 33 17

Reportable Adverse Events Product or device events Patient death or serious disability associated with the use of a contaminated drug, device, or biologic Patient death or serious disability associated with the use or function of a device in patient care in which the device is used or functions other than as intended Patient death or serious disability associated with intravascular air embolism 34 Reportable Adverse Events Patient protection events An infant discharged to the wrong person Patient death or serious disability associated with patient disappearance for more than four hours A patient suicide or attempted suicide resulting in serious disability 35 18

Reportable Adverse Events Care management events A patient death or serious disability associated with a medication error A patient death or serious disability associated with a hemolytic reaction due to the administration of ABO-incompatible blood or blood products Maternal death or serious disability associated with labor or delivery in a low-risk pregnancy 36 Reportable Adverse Events Care management events, cont d Patient death or serious disability directly related to hypoglycemia Death or serious disability, including kernicterus, associated with failure to identify and treat hyperbilirubinemia in neonates during the first 28 days of life A Stage 3 or 4 ulcer, acquired after admission to a health facility A patient death or serious disability due to spinal manipulative therapy 37 19

Reportable Adverse Events Environmental events A patient death or serious disability associated with an electric shock Any incident in which a line designated for oxygen or other gas to be delivered to a patient contains the wrong gas or is contaminated by a toxic substance A patient death or serious disability associated with a burn incurred from any source A patient death associated with a fall A patient death or serious disability associated with the use of restraints or bedrails 38 Reportable Adverse Events Criminal events Any instance of care ordered by or provided by someone impersonating a physician, nurse, pharmacist, or other licensed health care provider The abduction of a patient of any age The sexual assault on a patient within or on the grounds of a health facility The death or significant injury of a patient or staff member resulting from a physical assault that occurs within or on the grounds of a facility 39 20

Reportable Adverse Events Catch-All # 28 An adverse event or series of adverse events that cause the death or serious disability of a patient, personnel, or visitor What does this mean? 40 SB 541 Also Requires Reporting of Privacy Breaches Licensed health facilities (e.g. hospitals, nursing facilities, and others) must report all privacy breaches to the patient and DPH or face fines for non-reporting $100/day beginning 5 days after detection The total combined penalty may not exceed $250,000 41 21

SB 541 Definition of Privacy Breach The law requires A licensed clinic, health facility (hospital, nursing facility or other), home health agency, or hospice To prevent unlawful or unauthorized access to, use, or disclosure of a patient s medical information as defined in CMIA 42 SB 541 Increases Facility Fines for Immediate Jeopardy Current Law $25,000 for initial breach Fines will rise to $50,000 when regulations are written SB 541 50,000-1st violation $75,000-2nd violation $100,000-3rd violation Fines will rise by $25,000 increments (to $75,000, $100,000, and $125,000) when regulations are written Must consider special conditions of small, rural hospitals 43 22

SB 541 Increases Administrative Fines for Reportable Adverse Events Deficiencies that are not immediate jeopardy Current Law $17,500 SB 541 Fines will rise to $25,000 44 SB 541 Administrative Penalties Administrative penalty issued 3 years after date of last issued immediate jeopardy violation shall be considered a first administrative penalty As long as the facility has not received additional immediate jeopardy violations and That facility is found by DPH to be in substantial compliance with all state and federal licensing laws and regulations 45 23

SB 541 Penalties for Privacy Breach DPH may assess an administrative penalty of up to $25,000 per patient whose medical information was unlawfully or without authorization accessed, used, or disclosed Up to $17,500 for each subsequent occurrence Unauthorized access is defined as on p. 16 of this outline 46 SB 541 Penalties for Privacy Breach Total combined penalties may not exceed $250,000 per reported event Reported event means all breaches included in any single report that is made pursuant to California Health & Safety Code Section 1280.15, regardless of the number of breach events contained in the report 47 24

SB 541 Penalties for Privacy Breach DPH shall consider Must consider special conditions of small rural hospitals and primary care clinics For long-term care facilities, penalty should be higher penalties under Health & Safety Code 1280.15 or 1423, 1424, 1424.1, or 1424.5 48 Appeals Process May request a hearing pursuant to Section 131071 within 10 days of penalty assessment Or must pay 75 percent of the total for each violation within 10 business days of receipt of administrative penalty Same appeals process as for other administrative penalties imposed for reportable adverse events May refer violations to OHII 49 25

SB 541 Budget Considerations Administrative penalties assessed must be deposited in the Internal Departmental Quality Improvement Account Money can be used for supporting the Licensing and Certification Program s quality improvement activities, on appropriation from the legislature 50 Enforcement of Immediate Jeopardy First fines were assessed in October 2007 DPH has issued 61 penalties to 42 hospitals Totaling $1,525,000 Immediate jeopardy citations have all been fined at highest level of $25,000 51 26

Recent Board of Pharmacy Enforcement Actions Recalls on Heparin The Board of Pharmacy cited 94 hospitals and fined their head pharmacists for keeping tainted Heparin on the shelf Penalties of $5,000 were imposed on about 15 hospitals for injecting patients with the recalled drug Penalties of $2,500 were imposed on pharmacist and on hospital if Heparin was found on shelf Facilities could face harsher fines if DPH determines immediate jeopardy existed Board is expected to issue an advisory in a few weeks to pharmacists on how to check orders for patient condition 52 Recent Board of Pharmacy Enforcement Actions The FDA ordered a full recall of the drug in March In August, manufacturers said that California hospitals stocking Heparin had all been told about the recall It is not clear whether smaller Heparin manufacturers also sent recall notices to California hospitals One out of four of the hospitals violating the recall still had Heparin after being warned by pharmacy regulators to remove it About 200 patients received Heparin after the recall was announced, according to the citations 53 27

Enforcement of Immediate Jeopardy Nine hospitals were fined in 2007 Key deficiencies Medication errors Lack of effective system for distribution/administration/monitoring of drugs and biologicals Failure to appropriately assess, treat, refer patients presenting at ER 54 DPH Enforcement of Immediate Jeopardy Most recent citations were in August 2008 DPH cited 19 hospitals and assessed 44 penalties Immediate jeopardy citations include patient deaths from Medication errors Lack of response to lab results Failure to activate ventilator Failure to use seatbelt in wheelchair 55 28

Other DPH Immediate Jeopardy Enforcement Actions Citations for having caused serious injury or death to the patient Patient fell off surgical cart Insufficient anesthesia Sponge left in Sexual assault Surgery on wrong patient Device safety issues Lack of competent insertion of catheter Failure to prove prompt emergency care, etc. Failure to monitor condition or medication 56 Other DPH Immediate Jeopardy Enforcement Actions Citations where adverse event was likely to cause serious injury or death to the patient Lack of on-call surgeon Lack of proper refrigeration/food handling Failure to develop and implement a hospital infection control program Lack of sufficient nursing staff Failure to appropriately screen ER patients Failure to supply appropriate emergency equipment/supplies Failure to sterilize surgical equipment Unsafe bed rails 57 29

Recommendations AB 211 Ensure that policies prohibit unauthorized, rather than merely unlawful, access to medical information Assess security measures, including administrative, technical, and physical safeguards for medical information Implement robust security audits of access to medical information that identify unauthorized access 58 Recommendations Educate employees on privacy laws and the provider s policies on privacy of medical information Include access to medical information within the provider s compliance program and encourage reporting by employees of suspected unauthorized access Report to OHII and take appropriate action which is documented if unauthorized access to medical information occurs 59 30

Recommendations SB 541 Understand state reporting laws Report when legally required to do so Assess all events that involve noncompliance with licensure that causes, or is likely to cause, serious injury or death to the patient Look widely for opportunities for improvement and take appropriate action if reportable events occur 60 Shirley P. Morrigan, Esq. Foley & Lardner LLP 555 South Flower, #3500 Los Angeles, CA 90071 tel: (213) 972-4668 fax: (213) 486-0065 cell: (310) 488-8788 email: smorrigan@foley.com M. Leeann Habte, Esq. Foley & Lardner LLP 555 South Flower, #3500 Los Angeles, CA 90071 tel: (213) 972-4679 fax: (213) 486-0065 email: lhabte@foley.com 61 31

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback