May 1, 2023, the effective date of the revised UConn Health Notice of Privacy Practices (the “Notice”), is approaching!

When and where will the updated Notice be available?

On or slightly before May 1, 2023, expect to see the following:

• Replacement of the Notice in patient-facing locations throughout UConn Health;
• A content update to the linked Notice on UConn Health websites (including Spanish);
• A printable version of the Notice available in Epic; and
• Updated content available through the Design & Document Production Center.

Why did the Notice change?

Updates to the revised Notice address changes in applicable requirements and aim to improve transparency about allowable uses and disclosures of protected health information, including the exchange of information among healthcare providers and with Connecticut’s Health Information Exchange (“Connie”).

What do you need to do?

Stay tuned! The Office of Healthcare Compliance & Privacy (OHCP) will send another communication once the updated Notice is in place. Please feel welcome to contact OHCP with any questions or concerns.

Thanks in advance for your assistance!

The healthcare industry continues to be targeted by numerous scams. Recently, some UConn Health clinics received fake fax orders for medical supplies and equipment. The orders appear to come from a legitimate company, are directed to the patient’s correct provider, and may contain accurate patient identifiers. The scammers often call the clinics before the order is faxed and again to check the status of the order. They will claim that the provider or the patient requested the supplies or equipment, and the caller will request provider signature on the order.

We can combat these scams by asking:

1. Does the call feel right? If not, hang up and report the call.
2. Did the provider or patient request these items? Check with the provider and patient.
3. Is this a known company and regular workflow? If not, hang up and report the call.
4. If this is a known company, do the phone and fax numbers match the numbers we have in our systems? Contact the company through a trusted and known contact method if the call is questionable.

Above all, do not respond to the fax or provide the callers with any information until you have verified the caller’s identity and authority to receive the information.

Any time you have doubts, please feel welcome to contact IT Security itsecurity@uchc.edu, or, if your issue is not addressed, you can reach Interim CISO Dennis at leber@uchc.edu, CIO Rick at rimccarthy@uchc.edu, or AVP Rob at darby@uchc.edu, or the Office of Healthcare Compliance & Privacy at 860-679-7226 or ohcp@uchc.edu for assistance – we are here to help!

The Office of Healthcare Compliance and Privacy is pleased to welcome both Lisa Frigo and Paige Sullivan to our team.

Lisa joins our team as a Compliance Specialist. She has fifteen years of experience in health care including providing direct patient care, managing clinical services, and supporting compliance programs. Lisa has worked in a variety of healthcare settings including academic medical centers, physician practices, community hospitals, and healthcare insurance companies.

In her new role, Lisa will provide guidance, education, and monitoring regarding new or changing Federal and State regulations.

Paige joins our team as a Medical Auditor. Paige is a registered nurse with eight years of experience providing direct patient care – most recently, in UConn Health’s Department of Dermatology. Paige has previous experience with inpatient and pediatric patient care at academic medical centers. She has also worked in military health care.

In her new role, Paige will be auditing and monitoring institutional risk areas for compliance with Federal and State regulatory requirements. In addition, she will be developing provider education and making process improvement recommendations aimed at reducing institutional compliance risk.

Please join us in welcoming both Paige and Lisa and wishing them success in their new roles at UConn Health. We are thrilled that they have joined our team!

The No Surprises Act intends to prevent patients from receiving unexpected bills for out-of-network care in emergency and select non-emergency settings. These requirements:

• Prohibit balance billing (billing a patient for the difference between the total cost of services being charged and the amount the insurance pays) for out-of-network emergency services and out-of-network non-emergency services provided at in-network facilities
• Require health plans to cover emergency services without prior authorization, regardless of whether the provider is in or out-of-network
• Require the health plan to cover the services as if they were in-network when emergency services are rendered by an out-of-network provider
• Require uninsured individuals receive a “good faith estimate” of total expected charges for a service before they receive the service
• Require providers to display public notices regarding the Act’s balance billing restrictions
• Prohibit out-of-network providers to balance bill the patient for non-emergency services rendered at an in-network facility.

The Act does not apply when patients are insured through government programs such as Medicare, Medicaid, or Tricare.

The regulations governing the No Surprises Act were issued over a fourteen-month period via two Interim Rules and one Final Rule. Due to the fragmented rule-making, providers faced significant challenges in interpreting and implementing the Act’s requirements. As a result, the Office of Healthcare Compliance and Privacy would like to thank the UConn Health Clinical Business Services and the Epic Revenue Cycle Departments for their work in implementing the Act’s many requirements.

 

Do not access your own medical records using your work-issued credentials in UConn Health electronic health records (EHR).

UConn Health takes its HIPAA Privacy and Security obligations seriously, including its obligations to track and respond to patient requests for protected health information (PHI).

UConn Health Workforce members who are patients of UConn Health have the same rights of access as patients who are not Workforce members, and UConn Health expects that all patients, employed or not, access their records via MyChart or by completing a Patient Request to Access Medical Records form through the office of Health Information Management (HIM). UConn Health Workforce members are prohibited from accessing their own medical record using work-issued EHR access.

Also remember: HIPAA prohibits accessing the records of co-workers, family members, or others unless necessary to do your job (e.g., direct patient care or patient registration).

Violations of UConn Health policy and/or HIPAA Privacy requirements may result in recommendation of disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, and/or other applicable policies.

 

Patient identity must be verified when scheduling, checking-in, registering, admitting a patient for service, and when responding to patient queries or requests, among other times when using or disclosing patient information. It is vitally important to identify the correct patient for many reasons, including but not limited to patient safety, protection of privacy, and proper billing.

• Per UConn Health policy, at a minimum, verify identity using the patient’s full name and date of birth. Regulation requires the use of as many identifiers as necessary to ensure identification of the correct patient.
• In addition to the UConn Health verification requirements, the Office of Healthcare Compliance and Privacy strongly recommends using at least one additional identifier, such as the last four (4) digits of the patient’s Social Security number (if available) or address.

Remember, patients may have the same or similar names and dates of birth. For example:

• Many names sound the same but are spelled differently (e.g., Katherine/Catherine or Smith/Smyth).
• Twins share a date of birth, may share a last name and may have similar first names! Minor twins, in particular, may also share an address, so using the patient’s Social Security number may be essential to accurate verification.

Also, remember:

• Double-check to ensure the correct medical record is open for the correct patient, every time.
• If you discover that more than one patient has the same name or other identifiers, do not disclose this information to the patient with whom you are speaking! (Do not say, “We have three other patients here with your same name!”)
• Direct requests to change or correct patient identifying information to Patient Access or Data Integrity.

Questions or Concerns:

• If you have questions about the Verification of Individuals Requesting Protected Health Information policy, need guidance, or have a privacy concern, please contact the Office of Healthcare Compliance and Privacy at  privacyoffice@uchc.edu or 860-679-7226.
• If you have questions regarding UConn Health verification requirements or the Core Patient Identifiers and Naming Convention policy, please contact Health Information Management at 860-679-1177.

We are pleased to announce that Elle Box has assumed the role of Assistant Vice President for Healthcare Compliance and Privacy and the Chief Privacy Officer. Prior to joining UConn Health, Elle served as the Chief Compliance Officer and HIPAA Privacy Officer for TMC Health in Tucson, Arizona. Prior to her leadership role with TMC Health, Elle served as Director of Compliance at Merit Laboratory Partners. Elle’s background also includes work as a scientist; before entering the field of compliance, Elle worked for AEGIS Sciences as a forensic immunochemist and certifying scientist in GCMS and LC/MS-MS toxicology. She also holds a Master of Science degree in pharmacology and toxicology from Michigan State University and a Bachelor of Science in clinical laboratory science from the University of Wisconsin – Madison.

Elle’s professional and educational experience, her collaborative style, and her strong leadership skills will serve UConn Health well, and we look forward to working with her. Please join us in welcoming Elle to UConn Health!

On Thursday, June 30, 2022, the Open Payments Program published its 2021 data. In 2021, the program expanded its provider types to include:

• Physician Assistants,
• Nurse Practitioners,
• Clinical Nurse Specialists,
• Certified Registered Nurse Anesthetists,
• Anesthesiologist Assistants,
• and Certified Nurse Midwives,

in addition to:

• Doctors of Medicine or Osteopathic Medicine (excluding Medical Residents),
• Doctors of Dental Medicine or Dental Surgery,
• Doctors of Podiatric Medicine,
• Doctors of Optometry,
• and Chiropractors.

The Open Payments program provides transparency into financial relationships between applicable manufacturers and group purchasing organizations (GPOs) and health care providers (physicians and teaching hospitals). The program makes the data available to the public to shed light on payments and other transfers of value that take place each year.

You can access the data at Open Payments. For compliance and audit purposes, it is important that what was disclosed under your name and what you disclosed to the University are a match.

We encourage you to check the data disclosed under your name against what you disclosed on the 2022 disclosure form and make any corrections needed as soon as possible.

NOTE: when the total of payments reported by Open Payments from a single entity is under $5,000 it is not required to report them in your annual disclosure to the University.

For more information and resources, please visit Open Payments or contact Gus Fernandez-Wolff.