|
Contingency Business Risk Planning Sentinel Events
EHNAC Background
The Electronic Healthcare Network Accreditation Commission (EHNAC) is a federally-recognized, standards development organization and tax-exempt, 501(c)(6) non-profit accrediting body designed to improve transactional quality, operational efficiency and data security in healthcare. EHNAC represents a diverse cross-section of healthcare stakeholders. Electronic health networks, payers, hospitals, physicians, consumer groups, financial services firms, security organizations and vendors are all working together to establish sound accreditation criteria for self-regulation (“Accreditation Criteria”). Accreditation promotes standards, administrative simplification and open competition in the marketplace. Each organization that meets the Accreditation Criteria, i.e., an EHNAC accredited organization, improves business processes, encourages innovation, improves quality of service, ensures HIPAA compliance, and expands market opportunities.
EHNAC Mission Statement
To promote standards-based accreditation within the healthcare data exchange industry.
EHNAC Objectives
EHNAC recognizes that its accredited entities (“Accredited Entities”) and accreditation candidates (“Accreditation Candidates”) operate in a dynamic business environment that includes many business and legal variables ancillary to the fundamental scope of EHNAC’s accreditation process. However, because that environment involves business and legal risks that may impact (1) EHNAC accrediting operations; and (2) accreditation eligibility, EHNAC has developed a collaborative process to (A) enable Accredited Entities and Accreditation Candidates to identify significant business, financial, operational and legal developments that have the potential to compromise or undermine their ability to meet the EHNAC Accreditation Criteria (“Sentinel Events”) and (B) provide EHNAC with written notification of such Sentinel Events.
Business risk evaluation is necessary for EHNAC to accomplish the following objectives in a timely manner:
- Acquire timely knowledge of Sentinel Events (described in Exhibit A) that may affect the accreditation status of an Accredited Entity or Accreditation Candidate.
- Maintain credibility of EHNAC as a nationally recognized accreditation body.
1. What is a Sentinel Event?
A Sentinel Event is any significant development, action or change in the business, financial, operational or legal status of an entity, which occurs, (1) with respect to an Accredited Entity, after accreditation, or, (2) with respect to an Accreditation Candidate, after the application has been submitted to EHNAC. The change in status may be based on any one or more of the Sentinel Events indicated below or described in the Sentinel Events Exhibit A.
2. Notificaton Process: When should EHNAC be notified?
The Executive Director of EHNAC must be notified in writing of the occurrence of any Sentinel Event (described in Exhibit A) that could adversely impact the ability of an Accredited Entity or Accreditation Candidate to fulfill obligations relating to the EHNAC Accreditation Criteria. Written notification in the manner described in Section 3 below must be received by EHNAC no later than three (3) business days from when the Sentinel Event occurs. Failure to provide such notification could result in loss of Accreditation, loss of Candidacy status or such other action as EHNAC may determine to be appropriate.
3. How Should EHNAC be Notified?
As part of the notification process, the Accredited Entity or Accreditation Candidate shall provide the Executive Director of EHNAC with the “known facts,” attached to the written notification, and shall continue to provide EHNAC written notice of additional relevant information as such information becomes “known facts.” The written notice shall be delivered to EHNAC by email sent to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
or by a fax sent to (860) 760-6630.
“Known facts” shall include, but not be limited to, (A) any relevant data, information or circumstances regarding a Sentinel Event which an Accredited Entity or Accreditation Candidate (i) is required by law, by a contract to which it is a party, or by any other legal obligation to report or disclose to a third party, or (ii) has disclosed in a public statement or in any non-confidential manner; (B) reports or information that must be reported to a government agency and (C) all findings of fact in the form of an agency action by a duly authorized regulatory agency or in a judgment by a court of original jurisdiction, notwithstanding any subsequent appeals.
The written notification should include the following information:
A. Name of the individual reporting the Sentinel Event (company name, individual name, title, address, phone number, and email address.
B. Description of the Sentinel Event
C. Date the Sentinel Event occurred.
D. EHNAC Accreditation impact(s) or considerations that could materially and adversely affect the company’s compliance with the Accreditation Criteria; e.g., changes in key executive management in a small company or release of a press announcement in a public company.
E. Other factual information EHNAC should consider.
F. If the Sentinel Event has resulted in non-conformity with the Accreditation Criteria, a proposed plan to restore conformity, i.e., an explanation in reasonable detail of how the company will promptly reestablish conformity with all applicable EHNAC Accreditation Criteria..
G. Appropriate documentation should be submitted along with the disclosures, e.g., press releases, etc.
4. What Constitutes a Sentinel Event?
The following is an illustrative but not exhaustive topical list of Sentinel Events. Refer to the attached Sentinel Event Exhibit “A” for detailed explanations.
- Entering into an agreement of sale to sell or otherwise directly or indirectly divest an Accredited Entity or an Accreditation Candidate.
- Entering into an agreement to purchase or otherwise directly or indirectly acquire an Accredited Entity or Accreditation Candidate.
- Entering into a new agreement to outsource an Essential Function.[1]
- Financial impairment of an Accredited Entity or Accreditation Candidate.
- Insolvency/bankruptcy filing.
- Change in ownership or control> 25%.
- Disruption of service to customers > 8 hours for telecom, or security violation
- A security breach that is reportable as a matter of state or federal law.
- Workforce reduction by > 15%.
- Key management changes.
- Company fine(s) of > $100K for regulatory violations, marketing or advertising practices, antitrust violations, or tax disputes.
- Adding or significantly modifying a physical location in which an Essential Function is provided
- Significant events associated with Essential Functions that are outsourced to third parties including but not limited to their addition or significant modification of physical locations.
[1] Essential Functions are those functions that are necessary to the business of the candidate for accreditation. Those functions include but are not limited to Product Development and Customer Service, Network Administration, and Data Center activity related to the accreditation. Essential functions are further defined as having continuous or inadvertent access to Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).. For a further definition of “Essential Functions see the EHNAC Essential Functions policy on the EHNAC website.
5. What is the EHNAC Review Process?
Within seventy-two (72) hours of EHNAC’s receipt of such written notice, the Executive Director of EHNAC, if he/she deems the Sentinel Event to be of a materially substantive nature, shall convene a meeting of the Ad Hoc Sentinel Event Committee of EHNAC (“Committee”), consisting of three EHNAC Commissioners, to consider the matter. In determining its recommended course of action, the Committee shall consider the seriousness and time-criticality of the Sentinel Event. The Committee shall provide its written recommendation to the full Board of Commissioners within twenty-four (24) hours of the conclusion of its meeting, including, if recommended, the necessity for a special meeting of the Board of Commissioners to take action on any recommendation of the Committee. Other than the publication of any change to the status of an EHNAC Accredited Entity or An EHNAC Accreditation Candidate on the EHNACE Website, all deliberations by EHNAC on the report of a Sentinel Event, including its evaluation and recommendations, shall be kept confidential.
6. What Action May Be Taken by EHNAC?
The Commission shall review the recommendation of the Committee on a timely basis, either at a special meeting of the Commission if the matter is deemed urgent by the Committee’s Report, or no later than the next regularly scheduled meeting of the Commission. Written findings and action taken by the Commission shall be communicated in writing to the affected Accredited Entity or Accreditation Candidate within forty-eight (48) hours of the conclusion of the meeting of the Commission. The written communication also shall include a description of EHNAC appeal procedures.
The following are examples, illustrative but not exhaustive, of actions that may be taken by the Commission:
1. No action.
2. Revocation of accreditation.
3. Request for further documentation. If the additional documentation is not provided, revocation of accreditation.
6. Public Posting
Any change in Accreditation status pertaining to the Accredited Entity or Accreditation Candidate shall be posted on the EHNAC web site.
7. Significant Events Other Than Sentinel Events
If one or more of the following occur(s) within 12 months of the last accreditation, a physical site review must be made to the new or modified facility (ies):
- Accredited Entity enters into a new agreement with an Essential Function outsourcer
- Accredited Entity adds or significantly modifies a physical location in which the Accredited Entity provides an Essential Function
- A significant event occurs associated with Essential Functions that are outsourced to third parties including but not limited to their addition or significant modification of physical locations.
|
|
Downloadable Documents
Sentinel Event
|
