NEW CMS FINAL RULE DEADLINE MAY REDUCE CMS FUNDING FOR HEALTHCARE PROVIDERS

The new CMS Emergency Preparedness Final Rule and its Financial Impact on Healthcare Provider Reimbursements in 2017

by  Caroline Ramsey Hamilton and Dr. Donald  Miller

BACKGROUND

In late December, of 2013, CMS issued a draft of a Final Rule on Emergency Preparedness.  The bill was also submitted to the Obama White House, Office of Budget and Management.

The bill was designed to avoid another situation like Hurricane Katrina, or the Boston Marathon Bombing, where healthcare facilities were enormously stressed by events that resulted in deaths, injuries, and a catastrophic lack of preparedness by not only institutions, but by all levels of the city, county, state and federal government.

To address this situation, the Final Rule had been carefully crafted, and submitted for review to a panel of emergency managers in a variety of healthcare facilities.  FEMA (Federal Emergency Management Agency), and DHS (Department of Homeland  Security both had significant input into the Final Rule, and had issued their own coordinating guidance in early 2014.

But the Final Rule was never published.  It was held up in the White House, until,
on September 8, 2016, it was sent back to CMS, who published it in the Federal
Register immediately.   It became law on November 16, 2016, and the final
compliance date for all healthcare facilities was November 16, 2017.

The CMS Final Rule on Emergency Preparedness dramatically increased the requirements for health care providers participating in Medicare and Medicaid, stating thatthe regulation will increase patients’ safety during emergencies and ensure more coordinated response to natural and man-made disasters.”, from www.cms.gov.

On September 8, 2016 the Federal Register posted the final rule Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.   The regulation goes into effect on November 16, 2016. Health care providers and suppliers affected by this rule must comply and implement all regulations one year after the effective date, on November 16, 2017.

Purpose: To establish national emergency preparedness requirements to ensure adequate planning for both natural and man-made disasters, and coordination with federal, state, tribal, regional and local emergency preparedness systems. The following information will apply upon publication of the final rule:

  • Requirements will apply to all 17 provider and supplier types.
  • Each provider and supplier will have its own set of Emergency Preparedness regulations incorporated into its set of conditions or requirements for certification.
  • Must be in compliance with Emergency Preparedness regulations to participate in the Medicare or Medicaid program.

NEW REQUIREMENTS COVER 17 PROVIDER TYPES

Despite the lack of attention it received when it was released, the Final Rule is extremely wide in scope and requires 17 different types of healthcare facilities to have a variety of actions completed by the November 2017 deadline.

Of the 17 Types of Providers, Hospitals are first on the list, and many of the other facilities required to comply, include healthcare organizations that hospitals may also own, including Hospitals, Religious HealthCare Institutions, Ambulatory Surgical Centers, Hospices, Psychiatric Residential Treatment Facilities, Home Health Agencies, Assisted Living Centers, Comprehensive Outpatient Rehabilitation Facilities, Critical Access Hospitals, Rural Hospitals,  Care for the Elderly (PACE), Transplant Centers, Organ Procurement Organizations, Medical Clinics, Rehabilitation Agencies and Public Health Agencies, including both State and County agencies, as well as Long Term Care Facilities, Intermediate Care Facilities, Federally Qualified
Health Centers, and End-Stage Renal Disease Centers  (Infusion Centers).

Most large hospital systems have many of these different provider types, in addition to their main hospital, including facilities such as infusion centers, intermediate care facilities, psychiatric facilities,  ambulatory  surgery centers adjacent to the main hospital, but also own medical clinics in the adjacent communities.  Each type will have custom requirements.  For example, all residential facilities are required to have 3-5 day supplies of both food and water on hand, enough for staff, patients, visitors and operations for an extended period of time.

Different types of Providers should check to see the exact requirements of their Provider Type, because there are differences based on the Type of Provider Facility.  To receive a summary of the requirements for your Provider Type, write to:  caroline@riskandsecurityllc.com.

The required activities associated with the CMS Emergency Preparedness of the new
Final Rule include four primary categories.

1.  All-Hazards Security Risk Assessments ON EACH SEPARATE FACILITY,
ANNUALLY,  and an Emergency Plan based on the results and
recommendations of the Security Risk Assessment.

2.  Policies and procedures developed to match the Security Risk Assessment and
Emergency Plan, which will include not only the impact of natural disasters,
like floods, tornadoes, storms and hurricane, but man-made events such as
active shooters, local terrorism and workplace violence.

  1. Communications planning to include mass communication systems, that
    would communicate to all patients, staff, visitors, vendors, transportation,
    adjacent community facilities, local law enforcement, and other healthcare
    facilities.
  2. Training and Testing includes required annual
    training
    for every staff member, and conducting 2
    emergency drills, annually.

Hospitals are more prepared than any other kind of healthcare facility to have many of these required controls already in place.   But additional requirements associated with the new CMS FINAL RULE include generators, the ability to maintain constant temperature in the patient facility, and keeping tracking of all individuals in the facility at any point in time.

ECONOMIC SIGNIFICANCE OF THE CMS RULE FOR EMERGENCY PREPAREDNESS – TERMNATION

Besides the specifics of the new CMS Final Rule on Emergency Preparedness,
which can be accessed and downloaded on the CMS web site (www.cms.gov).

The new CMS Final Rue on Emergency Preparedness has been designated as
ECONOMICALLY SIGNIFICANT because lack of compliance can result in termination
of Medicare and Medicaid reimbursements, according to the CMS Conditions of Participation.

The Centers for Medicare and Medicaid (CMS) reimburse hospitals and healthcare providers for services given to the elderly, and low income families and individuals.  These reimbursement programs may account for 30% to 50% of the total revenue for hospitals and healthcare providers.

To qualify for reimbursement dollars, the provider must sign a contract with CMS called CONDITIONS OF PARTICIPATION (COP).  The Conditions of Participation contract can be terminated by CMS at any time for cause.

Every month, hospitals and other providers are terminated by CMS because of a deficiency that was found.  For example, in the month of November, 2016, the State of Florida terminated  the COP contracts for over 28 providers. (see sample below)

CASE STUDIES
CMS reimbursement benefits have also been terminated for hospitals in 2016. One termination was based on the case of the Osawatomie State Hospital in the State of Kansas.  As the letter below illustrates, the hospitals experienced an assault on a nurse so CMS sent a Notice of Termination.  However, the hospital asked for a review, but when regulators went out to the review, the same problem still existed, so the termination stood.

In another incident, in 2015, CMS threatened termination of benefits because a patient took away a law enforcement officer’s gun and used it to commit

According to a CMS report, the patient, Danny Hammond, age 50,  told staff he was going to kill himself and any man who came into his room, as soon as he had the chance, the CMS report said.

Hammond had been airlifted to the hospital earlier after attempting suicide by an intentional overdose, according to the report. He had several warrants out for his  arrest after being charged with kidnapping and assaulting his wife, and the hospital obtained the services of Aitkin County, S.C. officers to monitor Hammond in his hospital room.

At 5:10 a.m., Hammond charged at Aitkin County Deputy Steven Sandberg, took his gun, and fatally shot him. Hammond was subdued with a stun gun and later died.

The CMS Report cites the hospital, “The hospital’s failure to provide direct psychiatric care to the patient … resulted in the patient’s ability to obtain and engage the firearm of a peace officer,” the report said.  The hospital’s CMS Benefits were not terminated after the hospital submitted a corrective action plan.

CONCLUSION

The new CMS Final Rule on Emergency Preparedness will be a major change for
hospitals
and many other types of healthcare providers.  It could have a major, and disastrous economic impact on a hospital or other health care facility.

One of the most important changes for hospitals will be the requirement to do the Security Risk Assessments and matching Emergency Plans for each separate facility, every year, instead of only doing a consolidated risk assessment on all facilities in one report.

Security directors, emergency managers, and emergency room personnel should review these guidelines with hospital and/or healthcare management, because the risk of losing CMS reimbursement could be catastrophic, and the 186-page Rule is complicated.

During November, CMS also conducted a 90-minute call and we have both the audio and the transcript of the call, if you would like them, just send an email to:  caroline@riskandsecurityllc.com.

One element which was stressed during the call, was that there would be NO EXCEPTIONS, and NO EXTENSIONS.

The deadline to complete all the activities associated with the new Final Rule is November 15, 2017.

AUTHORS:

Caroline Ramsey Hamilton, CHS-III, A.T.A.B. ,is a international healthcare and Security Risk Expert.  She has worked with over 500 U.S. Hospitals and other healthcare providers around the world, conducting security risk assessments, gap analysis and compliance assessments. She has worked to develop RISK MODELS for the National Security Agency (NSA), the Department of Defense Technical Working Group (TWSG), the California Judicial Board, the National Institute of Justice and many more.  In addition to being President of Risk &Security LLC, she is also CEO of CMS Risk Solutions.   She can be reached at caroline@riskandsecurityllc.com

Dr. Donald Miller is Interim Director of the Hannibal Regional Hospital Emergency Department, and a Board Certified Fellow, and active Emergency Room Doctor who has worked in emergency management for over 20 years, as Chief Emergency Manager for the United States Coast Guard base in Opa Locka, Florida.

#CMSFinal Rule      #EmergencyPreparedness      #CarolineRamsey-Hamilton

This entry was posted in Caroline Ramsey-Hamilton, Centers for Medicare and Medicaid, CMS, CMS 2017 DEADLINE, CMS Facility Risk Assessments, CMS Final Rule on Emergency Preparedness, CMS Healthcare Providers, Compliance, Emergency Preparedness, Risk Assessment & Compliance by Caroline Ramsey-Hamilton. Bookmark the permalink.

About Caroline Ramsey-Hamilton

Caroline Ramsey-Hamilton is a leading expert in assessing security risk in both information security and facilities security including security risk assessments, active shooter and security risk assessments for hospitals and healthcare organizations, cybersecurity, nuclear security, and also auditing, analyzing and measuring compliance with all major security standards, like DHS, FEMA 426-428, The Joint Commission, HIPAA Security & Privacy Rules, the HIPAA Omnibus Rule, and OSHA 3148 for Preventing Workplace Violence. And including both C-TPAT and CFATS. She is currently working on a universal set of easy security tools that will make it easy to assess risk in a variety of companies, agencies and business. Her company, Risk & Security LLC, works with more than 500 clients around the world using a program that standardizes site surveys and assessments and makes it easier to compare facilities and measure their level of security. She posts breaking security & risk alerts at www.twitter.com/riskalert. She's also an animal lover and tree hugger, and musician who loves dogs, horses, kitties, house rabbits, parrots, and especially beagles! I support www.brewbeagles.org and other animal rescue organizations and work toward a more peaceful and green world.

Leave a Reply