Small and midsized enterprises (SMEs) continue to be targeted by ransomware, phishing and other cyberattacks; the consequences of which could be devastating. Those consequences include putting SMEs out of business, which is unfortunately the case for one small medical practice in Battle Creek, Michigan, as reported by HIPAAJournal. Our colleagues in the Privacy, Data and Cybersecurity practice group discuss the need to be prepared to respond to these and similar kinds of attacks. You can read it here.
Healthcare employers, along with other high-risk industries, continually look for ways to minimize risk and to promote a positive work culture for employees. One approach is the implementation of a “just culture” framework.
In essence, “just culture” is a shared accountability methodology. In a “just culture” framework, both employers and employees are responsible for their respective roles when patient harm occurs and, ideally, for preventing it. Under this theory, employers are responsible for creating system design and enforcement tools that eliminate factors that place employees in a position whereby harm is likely to occur if there is human error, which is inevitable. Employees are also responsible for their conduct; however, this methodology places less emphasis on punitive action when employees make mistakes if the system design (as opposed to the employee’s reckless conduct) led to the ultimate patient harm. This theory differs from the traditional labor law theory of “just cause” but the principles of “just culture” are rooted in legal theories underlying both labor and tort law.
Classic examples of systems designed by healthcare employers to minimize the effects of human error are processes such as: the six rights “6 Rs” of medication administration, pre-surgery “time outs” or bar code scanning of patients’ wrist bands and medications before administration. There are various approaches to the “just culture” concept, but they all seek to create precisely what the name entails–a culture whereby accountability (and resulting employee discipline) is just.
Many “just culture” proponents (including practitioners) appreciate the, almost scientific, algorithm utilized in determining whether a specific patient harm was caused by failures in system design, as opposed to reckless employee conduct. Generally, when implementing “just culture”, managers follow a formulaic analysis tool to determine whether the resulting patient harm was caused by system design failure (something that should be fixed and for which employee discipline may not be appropriate), as opposed to reckless conduct by the employee in disregard of the system’s preventative measures.
Medical practitioners are often familiar with the concept of “just culture” but counsel, human resources and other risk management professionals may not be, resulting in opportunity for increased partnership between these groups to better manage risk and create a positive work environment. When implemented correctly, “just culture” can: (1) create consistency in determining whether employee discipline is appropriate; (2) minimize patient harm; and (3) create a workplace culture of self-reporting (since employees understand that mistakes won’t necessarily result in punitive action when the system design failed, as opposed to their reckless conduct causing the harm). However, “just culture” does not dictate what discipline level is appropriate. Similarly, it does not take into account other practical or legal considerations often at play in determining whether employee discipline may be appropriate.
Whether or not an employer deems “just culture” methodology right for its organization, human resources professionals, in-house counsel and other risk management professionals should review how, and to what extent, “just culture” is implemented in their organization as part of ongoing risk management efforts. For more information about how your organization can promote a positive workplace culture, contact your Jackson Lewis attorney, or a member of the Healthcare team.
On February 23, 2019, Modern Healthcare reported key takeaways from its “CEO Power Panel.” Of the 24 CEOs who completed the survey, only three (12.5 percent) responded that mergers and acquisitions “will be their primary growth strategy in 2019,” down from 25.8 percent of respondents in 2018. CEOs questioned whether organizations achieved any actual value in terms of cost savings or efficiencies when they merged, and cautioned against “getting big for big’s sake.”
At the same time, the CEOs reported a continued focus on hiring, in particular front-line staff. In comparison to 2018, 62.5 percent of respondents expect to hire the same amount or more employees. Some organizations reported shortages in terms of their staffing needs, and described the unemployment rate for qualified healthcare workers at “effectively zero.”
This is all consistent with the Bureau of Labor Statistics’ prediction that “[e]mployment of healthcare occupations is projected to grow 18 percent from 2016 to 2026, much faster than the average for all occupations, adding about 2.4 million new jobs. Healthcare occupations are projected to add more jobs than any of the other occupational groups.”
Almost 60 percent of the CEOs that Modern Healthcare surveyed selected “competition for talent” as their organization’s greatest challenge for 2019. It is clear that healthcare organizations—of all sizes—will need to continue focusing on attracting and retaining talent in 2019. Some CEOs reported that their organizations plan to focus on training their existing workforce to develop skills in newer technologies, such as AI, virtual reality, and 3-D printing. Continued training should help retain employees, but how should your organization set itself apart to attract talent in the first place? Please refer to our earlier post, which outlines helpful strategies to diversify and improve your healthcare workforce. For more information about how your organization can take a proactive approach regarding its diversity and inclusion performance, contact your Jackson Lewis attorney, or a member of the Corporate Diversity Counseling team.
The Department of Justice recently reported that the healthcare industry accounted for $2.5 billion of the $2.8 billion dollars it recovered in False Claims Act (FCA) cases in Fiscal Year 2018. Qui tam actions (FCA claims brought by private individuals on behalf of the government) allow whistleblowers to receive up to 30 percent of the amount of recovered when a court finds a healthcare organization submitted false claims for payment. Additionally, individuals engaging in protected activity under the FCA may recover damages under the law’s anti-retaliation provision.
Two recent court decisions out of the First Circuit Court of Appeals and Eastern District of Tennessee serve as a reminder that healthcare employers can be liable under the FCA’s anti-retaliation provisions even if there is no finding that they submitted a false claim. In Guilfoile v. Shields, 2019 U.S. App. LEXIS 1322 (1st Cir. Jan. 15, 2019), Guilfoile brought a retaliation claim against his former employer, a pharmacy chain, alleging that he was fired in retaliation for accusing the employer of making false representations in customer contracts and violating the Anti-Kickback Statute by making quarterly payments to a consulting firm for each hospital contract the firm referred. In determining that the plaintiff adequately alleged protected activity (the first element of a FCA retaliation claim), the First Circuit stated: “[R]ather than plausibly pleading the existence of a fire — the actual submission of a false claim — a plaintiff alleging FCA retaliation need only plausibly plead a reasonable amount of smoke — conduct that could reasonably lead to an FCA action based on the submission of a false claim.”
Similarly, in Forsythe v. National Health Corp., 2019 U.S. Dist. LEXIS 15543 (E.D. Tenn. Jan. 31, 2019), in addition to filing a qui tam action, Forsythe brought a retaliatory discharge claim under the FCA. He alleged that his supervisor instructed him and others to code group physical therapy as one-on-one instead of using a group code, contrary to Medicare regulations. Forsythe alleged that he was chastised for refusing to comply with the directive and ultimately complained through the employer’s hotline. He claimed that, thereafter, he was referred to as a “snitch,” his requests for time off were denied, he was “given the cold shoulder,” and eventually was terminated for creating a hostile work environment. Similar to the First Circuit’s decision in Guilfoile, in finding that Forsythe engaged in protected activity, the Eastern District of Tennessee emphasized that, to state a retaliation claim, a plaintiff simply needs to establish “some nexus to the FCA,” not a “concrete violation.”
These decisions illustrate that refraining from illicit activity, alone, will not insulate employers from FCA whistleblower retaliation claims. So what is a healthcare employer to do? There are several steps employers can take to minimize, or mitigate against, such claims:
- Promote a culture where employees do not presume that wrongful conduct may be occurring. When employees understand an organization’s values and see those values lived day-to-day, they are less apt to jump to assumptions of fraudulent conduct; instead, reporting internally with a justified belief that the employer will investigate and take appropriate action if fraudulent conduct is occurring.
- Establish multiple, known reporting channels to facilitate internal reporting so that employees do not feel their only recourse is to report externally.
- Ensure policies contain appropriate language covering issues under the FCA with adequate notice as to where employees can go to raise concerns.
- Address employee concerns promptly and thoroughly.
- Train managers on FCA obligations and reporting options, giving them the skills to respond properly to employees who raise concerns.
For more about the firm’s healthcare industry team and specifics about how we can help you, please contact your Jackson Lewis attorney.
Healthcare employers can expect the rise of class action lawsuits to continue, as 2019 has seen a steady influx of class actions against healthcare employers under the Fair Labor Standards Act (FLSA) and various state wage-and-hour counterparts.
A hospital system is defending a class action suit filed by nurses in Oregon alleging that they were not given bona fide thirty-minute meal breaks. A similar class action lawsuit was recently filed in Texas federal court. Patient needs in long-term care and hospital settings can make it challenging for employers to allow employees to be relieved for extended periods of time from responding to emergencies or other patient issues. However, failing to establish policies and practices that allow for safe patient care and compliance with meal break laws can lead to costly litigation and severe business disruption.
After two years of litigation resulting in a $20 million settlement, a class of some 8,000 California nurses recently requested nearly $7 million in attorneys’ fees. Class counsel claims to have spent 5,000 hours litigating the case, and it is likely that the Court will award at least some, if not all, of the requested attorneys’ fees.
In sum, there are a variety of ways in which an employer can fall short in meeting its statutory wage-and-hour requirements. These issues can stem anywhere from unlawful corporate policies to local managers failing to properly enforce otherwise lawful policies. It is vital for healthcare administrators to evaluate company pay practices to avoid costly litigation that can last years and eat up hundreds of hours of employee work time.
In a decision that affects both union and non-union employers, the National Labor Relations Board (NLRB or Board) has taken what is likely the first step toward reining in the expanded scope of what the Obama-era Board considered “protected, concerted activity” under the National Labor Relations Act (NLRA).
In Alstate Maintenance, the NLRB overturned its WorldMark by Wyndham decision, which held that an individual employee’s complaint made in a group setting was, per se, concerted activity. 367 NLRB No. 689 (January 11, 2019). The Board noted the case had “blurred the distinction between protected group action and unprotected individual action” and clarified that “individual griping does not qualify as concerted activity solely because it is carried out in the presence of other employees and a supervisor and includes the use of the first-person plural pronoun.”
Although Alstate Maintenance provides some welcome clarification for employers, properly identifying protected, concerted activity still requires a thorough and detailed analysis. In addition to protecting employees who engage in union activities, Section 7 of the NLRA protects employees’ right to engage in “concerted activities for the purpose of . . . mutual aid or protection,” regardless of whether they are union-related.
In determining whether employee activity is entitled to protection, the NLRB considers the following:
- Whether the activity is “concerted”;
- Whether the activity is “for mutual aid or protection”; and
- Whether the activity has lost the protection of Section 7 by its means or objectives.
The NLRB in Alstate Maintenance clarified that—in addition to situations in which two or more employees act together—a single employee may engage in “concerted” activity if he or she is acting “with or on authority of other employees, and not solely by and on behalf of the employee himself.” An employee’s actions can be “concerted” if he or she “brings truly group complaints to the attention of management” or “seek[s] to initiate or to prepare for group action.” Such concerted activities become “protected” if they relate to the terms and conditions of employment, such as pay or working conditions.
Examples of protected, concerted activity may include:
- Employees wearing buttons advocating a particular cause;
- Employees making statements that appear to attack the employer’s reputation or a member of management, including on Facebook or other forms of social media;
- Employees complaining about employer work policies or terms and conditions of employment; and
- Employees handing out leaflets in non-working areas during non-working time, including parking lots while off duty.
While many employers are able to identify protected, concerted activity, missteps often occur when the employee’s actions also violate workplace conduct policies, such as name-calling and the use of profanity. The NLRB has a surprisingly high standard for determining an employee’s protected, concerted actions have lost the protection of Section 7. This generally occurs when employees engage in reckless or malicious behavior, such as sabotaging equipment, threatening violence, spreading lies about a product, or revealing trade secrets. The NLRB often finds other forms of offensive or profane conduct to be protected. For example, the NLRB has held that Section 7 protection applied even when the employee called his supervisor a “NASTY MOTHERF**ER” in a Facebook post.
Healthcare employers should be especially wary of the issues unique to the industry. Restrictions on solicitation, distribution, and wearing certain union apparel outside of immediate patient care areas may violate the NLRA, despite the healthcare employer’s legitimate interest in limiting these activities. The Board has even held that employees of contractors and vendors, such as nurses, nurses’ aides, and food service and environmental service workers, may have a right to handbill on company property in non-working areas, and tell the media that a healthcare facility’s staffing levels have an adverse effect on patient care.
To avoid potential unfair labor practice charges, both union and non-union healthcare organizations should be familiar with what the Board considers protected, concerted activity and lawful responses to such activity. Employers are well advised to weigh employment decisions that may involve protected, concerted activity carefully and to consult experienced labor counsel when necessary.
Visit our Labor & Collective Bargaining blog for further discussion regarding the NLRB’s Alstate Maintenance decision, or contact the Jackson Lewis attorney with whom you typically work.
Speakers at the 2019 American Health Lawyers Association’s Physicians and Hospitals Law Institute repeatedly emphasized the importance of a coordinated approach to preventing harassment in hospitals.
Programs at the conference reviewed the history of the #MeToo movement and its effect on hospitals and the healthcare field generally. One speaker cited Medscape’s Sexual Harassment of Physicians Report 2018, which found that more than one in ten female physicians and 16 percent of female residents have experienced sexual harassment within the past three years. This same study found that 47 percent of physicians who reported they had been sexually harassed said they were harassed by another physician. This phenomenon poses significant risks to hospitals, particularly since the EEOC reported in October 2018 that:
- Charges filed with the EEOC alleging sexual harassment increased by 13.6 percent from fiscal year 2017.
- For charges alleging harassment, reasonable cause findings increased by 23.6 percent to nearly 1,200 in FY 2018.
- The EEOC recovered nearly $70 million for the victims of sexual harassment through administrative enforcement and litigation in FY 2018, up from $47.5 million in FY 2017.
All of these figures make clear it is imperative that hospitals and other healthcare employers invest in training and a top-down approach to modeling behavior to create and maintain a workplace free from sexual and other forms of unlawful harassment.
Speakers at the conference, as well as their healthcare lawyer colleagues in the audience, repeatedly called for a collaborative approach to addressing the issue of sexual harassment in the healthcare workplace. They noted the benefit of medical staff leaders working together with human resource departments and counsel to create strong preventive practices and to promptly investigate and, where appropriate, remediate claims of sexual harassment. There also was much discussion regarding best practices for addressing misconduct by physicians who are members of a hospital’s medical staff, but are not employed by the hospital. Complaints regarding these medical staff members may be handled differently than those involving employed physicians, but they must be addressed nonetheless.
Another common theme in these presentations was the importance of reviewing and revising medical staff bylaws to incorporate anti-harassment and anti-retaliation concepts long present in personnel policies. As one speaker noted, many of these concepts already are embodied in guidance from the Accreditation Council for Graduate Medical Education and The Joint Commission. Thus, there is a foundation for making harassment prevention an essential part of being a member of a hospital medical staff.
For more information about how to implement an effective anti-harassment program for physicians or to learn about Jackson Lewis’ EngageMD service for addressing physician conduct issues, please contact Michael Bertoncini or the member of Jackson Lewis healthcare industry team with whom you regularly work.
Title IV of the Health Care Quality Improvement Act of 1986 (HCQIA), created the National Practitioner Data Bank (NPDB). The NPDB is a national clearinghouse and repository of information on medical malpractice payments and adverse actions taken against licensed healthcare providers. Hospitals and health systems with formal peer review are among the entities required to report to the NPDB.
The Health Resources and Services Administration (HRSA) publishes the NPDB Guidebook (Guidebook) which is a policy manual that provides an interpretation of NPDB requirements for entities with mandatory reporting obligations. The Guidebook states that the purpose of the NPDB is to function as a “flagging system that may serve to alert users that a more comprehensive review of the qualifications and background of a health care practitioner may be prudent.”
In October 2018, the HRSA updated the Guidebook for the first time since April 2015. The recent revisions to the Guidebook’s chapter on reporting requirements are significant because they provide clarification (and take a more expansive view) on the types of events that trigger reporting obligations.
Below are the top five new clarifications that all institutions with reporting obligations should keep on their radar as 2019 progresses.
- Quality Improvement Plans. If a quality improvement plan restricts a practitioner’s clinical privileges, is the result of a professional review action, concerns the practitioner’s professional competence or conduct, and is in place longer than 30 days, the plan may be reportable.
- Leaves of Absence. If a leave of absence while under investigation restricts privileges, it is reportable. If a practitioner can take a leave of absence without affecting his or her privileges, and his or her privileges remain intact during the leave of absence, the leave of absence is not reportable.
- Restrictions on Privileges. A restriction imposed on an entire class of physicians (i.e., all new surgeons are required to operate with a qualified first assistant) is not a restriction of privileges that is reportable. However, if such a requirement is imposed on a licensed healthcare provider as part of a professional review action about professional competence and conduct, and runs more than 30 days, the action is reportable as a restriction of clinical privileges.
- Lapses in Privileges. If the Medical Executive Committee recommends that a physician not be reappointed, and the physician’s appointment term ends while the parties are waiting for a hearing, the lapse is reportable.
- Informal Agreements Not to Exercise Privileges. An agreement not to exercise privileges is a restriction of privileges. Any restriction of privileges while under investigation, temporary or otherwise, is considered a resignation and must be reported.
For more information about the 2018 updates to the Guidebook, please contact Mary McCudden or the member of Jackson Lewis healthcare industry team with whom you regularly work.
Over the past thirty days, the Office for Civil Rights (OCR) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of instituting basic best practices for data breach prevention and response. Our colleagues in the Workplace Privacy, Data Management & Security practice group discusses the need for healthcare organizations and their business associates to address basic best practices including: terminating employee access in a timely manner, maintaining proper business associate agreements, and having a plan for media relations. You can read it here.
The Illinois Health Care Violence Prevention Act mandates hospitals and other healthcare providers to comply with requirements aimed at protecting their workers from violence. Beginning January 1, 2019, healthcare providers in Illinois will need to implement specific violence-prevention policies outlined in the Act (Public Act 100-1051). Our Workplace Safety and Health colleagues offer details on the requirements. You can read more about it here.