Your Complete Policy Management Partner
Everything your healthcare organization needs to confidently maintain accreditation compliance.
Robust document control and workflow management software solution
Simplify & automate policy access, review and approval across your organization
Web-based library of more than 18,000 customizable policy documents
Instantly access up-to-date policies, procedures & forms authored by MCN experts
Automated regulatory notification system of daily email or mobile alerts
Keep current with regulatory changes from more than a dozen federal regulatory bodies, including TJC & NIAHO
What Our Customers are Saying
MCN Healthcare has been indispensable to our accreditation compliance efforts. With Policy Manager, Policy Library and StayAlert!, we have peace of mind that our policies will always be up-to-date and easy to locate.
Beverly McKenzie, Compliance Programs Director, IASIS Healthcare
Helpful MCN Healthcare Resources
Cardiovascular Systems is recalling certain lots of the Diamondback 360 Peripheral Orbital Atherectomy Systems, model number DPB-125MICRO145 (Part number 7-10003), because they may contain defective saline sheaths that could fracture during use. If this happens, fragments of the sheath could possibly block blood vessels. There are no reported patient injuries to date.
Affected lot numbers: 100573, 100575, 100674, 100676, 100678, 100680.
Diamondback 360 Peripheral Orbital Atherectomy System is a high-speed cutting tool inserted via a catheter through the skin into a patient's blood vessel. The system is used to reestablish blood flow in narrowed arteries or arterio-venous dialysis shunts.
Ninety-four affected devices were manufactured from 05/08/2014 to 05/09/2014. Forty-eight devices were distributed from 05/16/2014 to 05/20/2014.
On May 27, 2014, Cardiovascular Systems sent an "Urgent Medical Device Recall" letter to their customers. The letter identified the problem and the specific products affected by the recall. The letter advises customers to:
•· Remove affected devices from service.
•· Complete and return a "Customer Acknowledgement Form."
•· Return affected devices to Cardiovascular Systems
For more information, contact Cardiovascular Systems Customer Service at 1-877-274-0901.
In a recent filing with the Securities and Exchange Commission (SEC), Community Health Systems, Inc. (CHS) confirmed that its computer network was the target of an external, criminal cyber attack that the Company believes occurred in April and June, 2014.
According to CHS, the cyber attacker, though to be a group from China, was able to use sophisticated malware to bypass CHS' network security measures and copy and transfer certain data. While stolen data did not include patient credit card, medical or clinical information it is still considered protected under the Health Insurance Portability and Accountability Act ("HIPAA") because it includes patient names, addresses, birth dates, telephone numbers and social security numbers. Approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the CHS are affected by this breach.
CHS has notified federal agencies of the breach and is working closely with federal law enforcement authorities to investigate this incident. The Company, which operates 206 hospitals in 29 states has eradicated the malware from its systems and is notifying all affected patients. CHS will be offering identity theft protection services to individuals affected by this attack.
This incident is an excellent reminder of the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Included with today's notice are example policies regarding breach notification compliance.
It has been a little over a year since the Federal Trade Commission issued revised guidance designed to help businesses comply with the requirements of the Red Flags Rule and yet many hospitals continue to struggle with compliance.
A primary area of confusion continues to be whether or not a hospital is obliged to comply with the Red Flags Rule. Under the rule, a business is considered a creditor if, in the ordinary course of business, it regularly:
- Obtains or uses consumer reports in connection with a credit transaction;
- Furnishes information to consumer reporting agencies in connection with a credit transaction; or
- Advances funds to or on behalf of a person, in certain cases.
The Red Flags Rule does not exempt any specific industry from compliance rather it makes compliance with the rule specific to an organization's conduct. Your organization must comply with the Red flags rule if it regularly and in the ordinary course of doing business:
- Defers payment for goods and services or bill customers, and/or
- Grants or arranges credit, and/or
- Participates in the decision to extend, renew, or set the terms of credit.
However, the above actions alone to not obligate an organization under the Red Flags Rule; an Organization must, in addition to one or more of the above, also,
- Gets or uses consumer reports in connection with a credit transaction and/or,
- Gives information to credit reporting companies in connection with a credit transaction, and/or,
- Advances funds to - or for - someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them).
A fundamental component of the Red Flags Rule is the implementation of an Identity Theft Prevention Program which, at a minimum,
1. Includes reasonable policies and procedures to identify the red flags of identity theft that may occur in day-to-day operations. Red Flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft.
2. Is designed to detect red flags when they are identified.
3. Spells out appropriate actions that an employee will take when a red flag is detected.
4. Detail how the organization will current to reflect new threats.
Included with today's notice is an example policy addressing essential components of an Identify Theft Prevention Program. Hospitals should refer to the Federal Trade Commission's guidebook, Red Flags Rule How-To Guide for Businesses, and also consult with their legal department in order to determine if they are obliged to comply with the Red Flags Rule.
Featured Policy Library Manuals
MCN's NEW Ambulatory Surgical Center/Outpatient Surgery Department Policy and Procedure Manual is cross referenced to TJC standards, AAAHC standards and CMS regulations. Policies and procedures meet AORN and CDC recommendations and guidelines. This comprehensive reference guide has over 290 policies and procedures that are ready to customize to your organization. See also the Administrative Manual for Ambulatory Care Facilities and the Ambulatory Services EOC Manual.Read more »
MCN's Central Service Policy and Procedure Manual provides over 200 proven, up-to-date policies and procedures in a ready-to-customize format. This manual is cross referenced to federal regulations, as well as Joint Commission and NIAHO standards. References used include AAMI Recommended Practices, IAHCSMM Central Service Technical Manual, ASHCSP Training Manual for Health Care Central Service Technicians and AORN Recommended Practices.Read more »
MCN's Post Anesthesia Care Policy and Procedure Manual is a comprehensive resource that covers the latest "hot topic" regulatory and patient safety issues that are relevant to PACU! This manual includes administrative, operational, functional and patient-centered policies and procedures. Policies and procedures are cross-referenced to CMS regulations, Joint Commission standards and NIAHO standards.Read more »