So, what’s the word on the street about OASIS privacy notices? Well, actually, the street’s been really quiet about these notices — which could mean very bad news for your agency if you haven’t been doing anything to inform patients of their privacy rights.
The Centers for Medicare & Medicaid Services created the Beneficiary Notices Initiative (BNI) with an objective to “improve agency-to-beneficiary communications” in order “to facilitate access to and exercise of individual rights and protections,” reports the BNI Web site.
The BNI site contains a number of readily available beneficiary communications, including an “OASIS Statement of Patient Privacy Rights” (see related document, p. 3), an “OASIS Notice about Privacy for Patients Who Do Not Have Medicare or Medicaid Coverage,” and a “Privacy Act Statement,” which concerns the use of health care records. Each of these notices is available in both English and Spanish.
“Agencies had better know about these privacy notices,” stresses consultant Pat Sevast with American Express Tax & Business Services in Timonium, MD. Agencies must make sure to distribute such notices and inform their patients of OASIS data requirements at the time of admission, she explains.
The HHA must tell the patient that it is required to collect OASIS data at certain points in time and to transmit that information to a state depository or agency, reports Sevast. Most importantly, it is vital to explain to patients that any OASIS information is confidential and that it will be used for reporting purposes only, she states.
HHAs should include copies of the privacy notices in their standard OASIS admission packets for all new home health admissions, says Rebecca Friedman Zuber, a Chicago-based consultant. At that time, agencies can also ask the patient to sign an acknowledgment that she received the privacy notices. However, it’s important for agencies to realize they “can’t deny patients service because they refuse to sign an acknowledgement statement that they’ve received a privacy notice,” Zuber adds.
If a patient can’t understand the privacy notice, the HHA can review it with a family member or caregiver, reports Burtonsville, MD-based attorney Elizabeth Hogue. If this is the case, agencies still should be sure to document that they attempted to review the notice with the patient, but the patient clearly could not understand it.
“If you can’t get it signed, it’s OK, as long as you document why it is you couldn’t get it signed,” advises Hogue. “That should be a standard practice with respect to privacy notices,” she says, adding that failure to distribute these notices properly could lead to survey citations, among other potential penalties.
Who Knew?
While experts agree that OASIS privacy notices must be an integral part of any HHA’s admission routine, not everyone is convinced that all agencies are aware of their importance — or even existence.
“As I have gone around, I have [seen] mixed knowledge” of these notices, reports Kathy Green, vice president of clinical advisement at Tampa, FL-based HQS (formerly Provider Solutions). Green observes that “if an agency is large enough to have an IT department,” then it is likely to know about such notices, since IT units have had to prepare for the soon-to-be-enforced privacy standards of the Health Insurance Portability and Accountability Act.
Otherwise, Green states, “there seems to be no real pattern of who does and who doesn’t” know about CMS’ OASIS privacy notices. “You’d be amazed at how many people don’t get” these sample documents or releases from CMS, she maintains. “If they’re not part of a state association or an enlarged corporate agency, they miss those CMS statements more than they get them.”
The sad truth, says Green, is that certain agencies are likely to wait until these privacy notices are put right in front of their faces, perhaps by a nurse or therapist who has transferred from a different HHA.
As is usually the case, though, ignorance of the rules is not an excuse for breaking them in the government’s eyes. To keep yourself off the radar screen, make these privacy notices a standard part of your patient admission repertoire.
Editor’s note: To access CMS’ BNI Web site and the OASIS privacy notices, go to http://cms.hhs.gov/medicare/bni.