Taylor Hays, Director, Medical Compliance Monitoring, University of Miami Health System
Could you tell me a little bit aboutyourself and your roles and responsibilities as the Director of Medical compliance monitoringjob at University of Miami Health System?
As director of compliance program monitoring, my job is to make sure that all the various parts of the compliance program are working cohesively together, efficiently, and effectively. I have an extensive background and have worked in different types of compliance areas that a department needs to review, such as regulatory compliance, privacy compliance, and drug diversion. Joining this role allowed me to take a holistic view of the department and the procedures each team uses to ensure they are effective and efficient. It was my next step in continuing to progress, and I'm also the software guru for our internal compliance software that the University of Miami Health System uses. As a subject matter expert, I work with the different teams assisting them in whatever capacity I can and making sure that all the data we are capturing from our team members is compelling, being tracked, and trended. I also have the responsibility of preparing for the executive Compliance Committee, which meets quarterly, as well as a few other committee meetings for which I help the Chief Compliance Officer create presentations.
In the context of the COVID-19pandemic and its after-effects, whatare some of the underlying technology changes for the stakeholders in the healthcare space?
In my opinion, COVID-19 has only accelerated the changes already happening. I believe there was a lot of room for telemedicine to develop and play a more significant part in the healthcare industry. However, there are substantial obstacles to utilizing telehealth in its most efficient manner, one of which is the requirement that the patient is present at a healthcare institution to communicate with the practitioner.Naturally, those were waived under COVID-19 to enable consumers to communicate with providers from the privacy and comfort of their homes and make it billed as a telehealth visit. I believe that is a fantastic potential, and I have high hopes that it will spread to other regions.
In particular, I think artificial intelligence (AI) software for monitoring electronic medical records (EMR) has grown significantly in popularity. EMRs handle so much labor-intensive work for our departments that it frees up employee bandwidth and enables us to focus on producing more efficient results.The majority of what you discover during an audit is something you learn after the fact, or you find that you were mistaken during the audit. What I’m seeing this other emerging software do differently is that it can provide you with accurate, convenient information that will have a very high accuracy rate when you go back and verify.
How has your organization pivoted according to the industry's newer needs or demands? Are there any new projects you have taken in as an individual or in the company which has accelerated the technology adoption at your organization?
One that immediately comes to mind is consulting agreement reviews and fee-for-service arrangements. The University of Miami Health System is one of the first organizations I have worked with that allows our providers to do outside consulting in compliance with the Safe Harbor that Congress set out for compliance. But one of the significant changes the University of Miami Health System has made is developing new software called UDisclose that enables the quick and thorough review and management of conflicts throughout the institution. For the same, we are now requiring all of our providers to submit their draft consulting agreements through that software, which allows us to streamline it and enables us for more consistent results. We have also made a significant investment in the regulatory team and made two new hires. They are solely responsible for creating a sub-team dedicated explicitly to handling UDisclose systems and examining those consulting agreements. The ability to leverage new tools, commit resources and work together as a team puts us ahead of the curve with these consulting arrangements.
What is the advicethat you would liketo impart to yourpeers who arelooking to venturealong the samelines as yourself?
For an effective compliance program, the essential part is ensuring that responsibilities are clearly defined and that everyone is aware of their contribution to the department as a whole and their specific position. I believe that communication is the most critical factor overall because our department is unique in that a large portion of what we do involves handling personal information. However, every team member must understand that knowledge, how they relate to it, and their place in the bigger picture.
As a compliance specialist, I have currently worked for numerous different organizations. When the health staff notices our credentials and the compliance information on them, they become rather alarmed. However, many hospitals and health care settings are prepared to have this sort of fear of compliance. But we try to partner with each department's staff to ensure that they comply with all the rules and regulations, which kind of equals good patient care. Providing high-quality patient care is crucial, as is ensuring that every member of your staff is not only happy but also aware of their responsibilities and those of their coworkers, as well as how they fit into the more extensive process and trying to encourage compliance. We are responding to reports of HIPAA violations and reviews of consulting agreements. In short, we are responding to whatever the current crisis is. I believe that having a solid compliance program requires going out there, being proactive, and offering education partners with other departments to get the message out there.
What are some of thetransformations ordisruptions that youexpect to take place in theindustry in the coming years?
Many of your readers, I'm confident, would agree with the 21st Century Cures Act's data blocking rules, information release obligations, and other related provisions, which seek to ease regulatory burdens associated with the use of EMS systems and health information technology (IT). Regarding patient requests for data, the Cures Act prohibits providers, developers, and health information networks from engaging in practices that would inhibit patients from receiving their own data or methods that inhibit patient data from flowing where patients would like it to go. But a significant increase in the amount of information that health systems must share with patients without their consent under this new regulation, which takes effect in October. Since we have been working on this and have spoken with other organizations, we can honestly say that many different data points contribute to the defined record set. What belongs in the specified record set and what doesn't are decisions that each health system makes on its own? It's not our favorite thing to realize that there are many gray areas in the healthcare industry. I'm confident that over the next 18 months, the 21st Century Cures Act will give rise to some best practices and guidelines regarding what details will fall under the purview of the specified record set and what details might not necessarily require disclosure in this case.
I believe that consulting agreements will still be a crucial part of those health systems after the 21st Century Cures Act, allowing their providers to enter these kinds of partnerships. The 21st Century Cures Act has increased the amount of information available, which means there is more PHI available, which increases the danger of a breach.
There will be a renewed emphasis on how hospitals and healthcare systems manage their EMRs to ensure that staff and anyone with access to such information is utilizing their access correctly. In my opinion, the 21st Century Cures Act will lead to increased and renewed attention to the HIPAA privacy and security rules.