John Falcetano (john.falcetano@brooksrehab.org) is Director Corporate Compliance at Brooks Health System in Jacksonville, FL.
A critical element of any effective compliance program is monitoring. As a service to our members, each month this column focuses on potential monitors for specific business lines.
This column entry was written in early March, and some of the information may be dated.
According to the Centers for Disease Control and Prevention, human coronaviruses are common and usually cause mild to moderate upper-respiratory tract illnesses, such as the common cold. As cases of COVID-19 have spread worldwide, fear has grown among everyone, including healthcare workers. Some people are mistakenly comparing the COVID-19 pandemic to the influenza pandemic of 1918, which was responsible for millions of deaths worldwide, and others fear the asymptomatic carrier of the virus.
Many Americans remember Mary Mallon, better known as “Typhoid Mary.” Mary Mallon harbored contagious bacteria that cause typhoid fever, but she never demonstrated any of its symptoms. Since she was an asymptomatic carrier, she easily passed it to others. Now, steps to prevent the spread of the coronavirus have and are being taken to address the fear some people have that COVID-19 will get into their communities through an asymptomatic individual who will infect others and spread the disease, resulting in many deaths. But some people are concerned that even when they follow recommendations to prevent the spread of COVID-19—frequent handwashing; not touching their eyes, nose, and mouth with unwashed hands; social distancing, etc.—they still may fail.
While COVID-19 may not seem like something compliance professionals would be concerned about monitoring, think again.
Electronic health records enable healthcare staff to gain access to patient data. Fear of contracting COVID-19 may cause staff to inappropriately view patient’s medical records to determine whether the patient was exposed to COVID-19. While many healthcare facilities have implemented security for their electronic health records to prevent such inappropriate access, some staff have nearly unrestricted access.
Compliance professionals must ensure management has implemented systems to monitor such activity so the administrator can be alerted of potential inappropriate access. Because of COVID-19, there may be increased attempts to access patient records. Each alert should be investigated to determine whether the access was appropriate or inappropriate.
In conclusion, compliance professionals should review all the processes in place to monitor for inappropriate access of patient protected health information and investigate any instances of inappropriate access.