States, counties and cities nationwide are currently at varying levels of reopening their economies after the coronavirus outbreak. Some states, such as Texas and Florida, have backtracked by closing off various businesses again after a surge of COVID-19 cases in those areas. Such instances have made governors wary of reopening too quickly, especially in the states that were hit the hardest at the onset of COVID-19’s entry to the U.S. – New York and New Jersey. Given the tragic loss experienced in nursing homes and the known impact that this virus has on seniors, long-term care facilities (including nursing homes and assisted living facilities) may be among the last business to undergo a “reopening.” Strict adherence to the federal, state and local precautions will be required, as well as close monitoring for outbreaks in the facility. This article discusses what “reopening” means for these facilities since they were not technically closed in the way that most other businesses were. Then, it will cover the recent CMS recommendations to state and local officials on reopening nursing homes as states progress through the phases of the White House Guidelines for Opening Up America Again.
On January 13, 2017, the Centers for Medicare and Medicaid Services (“CMS”) sent a Memorandum (“Memo”) to State survey agency directors encouraging long-term care providers to “consider cybersecurity when developing or reviewing their emergency preparedness plans.” The Memo was a follow-up to the CMS long-term care emergency preparedness rule published in the Federal Register on September 16, 2016: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Under that final rule, long-term care facilities were held to additional standards, including requirements to have emergency and standby power systems in place. Nursing homes were also required to create plans regarding missing residents that could be activated regardless of whether the facility has activated its full-scale emergency plan. The rule was spurred on by recent flooding in Baton Rouge, Louisiana, and other emergency disasters, such as Hurricane Sandy and the 2009 H1N1 pandemic, according to CMS.
Whether State surveyors will actually enforce lack of cybersecurity plans for emergency preparedness as violations remains to be seen from this Memo. But certainly, a State survey agency could impose deficiencies for failure to have a proper cybersecurity plan and/or a proper cybersecurity back‑up plan as part of a facility’s emergency preparedness going forward. It is not clear why CMS decided to send this encouragement Memo three months after the Final Rule on emergency preparedness, but it likely has something to do with the fact that 2016 was a banner year for HIPAA privacy infractions and HIPAA enforcement by the Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance. In 2016, payouts for HIPAA violations skyrocketed to record heights of $23.51 million from OCR enforcers against health care providers. That number was triple the previous record of almost $7.94 million in payouts in 2014, followed by $6.19 million in payouts in 2015.
Recently, the American Hospital Association published in its newletter Trendwatch a detailed 16 page article entitled “The Role of Post-Acute Care in New Care Delivery Models,” December 2015. The article discusses what we have been trying to tell our post-acute care, especially nursing home clients, for years: become a valued partner of an Accountable Care Organization (“ACO”) and be ready to show your value to those ACOs, or continue to operate as you historically have at your own peril.
When ACOs first started, there was virtually no room or focus on long-term care providers being involved in an ACO. Some hospitals talked initially about home health care, but very little discussion was geared towards long-term care providers being in an ACO network because hospitals did not understand the long-term care environment. Continue reading ACOs Waking Up to the Value of Post-Acute Care Providers