Mutual Interest Fall 2013: Risk Management: Where We Are Now and Where We Are Going

By: Rebecca Tutton, RN JD

I JOINED ARKANSAS MUTUAL in July 2013 with the assignment to build the risk management program for you, the policyholders. As I listened to policyholders and their staffs, it became apparent that the Health Insurance Portability and Affordability Act, known as HIPAA, was paramount on everyone’s agenda and providing resources for HIPAA training and compliance became my first focus.

As I was researching and putting together what was to become the HIPAA Guide, our marketing director took the opportunity to redesign our website. My input was a desire to make the HIPAA Guide easily assessable for our policyholders and staff and I believe we have accomplished this! The website is beautiful! If you click onto the Arkansas Mutual website ,, you will see a Risk Management tab. A simple click on either the risk management tab or the HIPAA site image will take you to the table of contents. A user name and password will then provide you the content. The username is: your email address. The password is: your office zip code. (If we do not have your email on file contact or call 501 716-9190)

The HIPAA Guide currently consists of the Omnibus Final Rule regulations. Each regulation is set out separately with a clear explanation. Any forms or policies associated with the regulations have a link which will take you directly to the associated form or policy. We have a separate category titled, Patient Forms. These are the required forms for patients such as the Notice of Privacy Practice. Another category is the Office/Employee forms which have forms that are required for compliance such as the Business Associate Agreement. Another category is titled Arkansas Statutes. These are statutes specific to Arkansas that the user may want to refer to as they digest HIPAA. HIPAA talks about the “legal representative.” What does this mean? Under the Arkansas Statutes, I have provided the statutes that pertain to legal next of kin and legal representative. Annual training for HIPAA is a requirement. Under the tab Resources are two PowerPoint presentations for staff to use at their convenience for training. There are also useful links for more HIPAA information.

What’s next: We will be videoing the HIPAA presentation on November 23, 2013 at our annual meeting and placing it on the risk management site for practices to use as training. Each training has a test for the user to take that will document their training. Although HIPAA requires an annual training, the regulations do not speak to how this training is performed. We hope by presenting different methods, our policyholders and their staff will have the choice to use whichever one meets their needs at their convenience. In addition, we will be providing an annual webinar and a live presentation. If an office requires a visit on-site for HIPAA training, we will make arrangements for that to happen. We have HIPAA training covered for our policyholders!

Currently, I am working on the second part of HIPAA – the Security Act. Like the Omnibus Final Rule, the Security Act has a number of regulations related to electronic Protected Health Information. As I develop this, it will be placed on our website, and again, our policyholders and staff will have access to the easy to read regulations, forms, policies, etc. related to the Security Act.

This is just the beginning. The next phase of our Risk Management project will be a section devoted to OSHA. In fact, under Risk Management update, I have a notice of the new OSHA changes for 2015 and the link that explains the changes. I will continue to put notices of any updates or changes that will affect our policyholders, their staff and patients under this tab.

Both HIPAA and OSHA are regulatory risk management. Once these are completed, I will begin on what I refer to as Patient Risk Management. This will include such programs as patient safety, office self-assessments, patient satisfaction, Sorry Works, preventing bad outcomes, how to handle difficult patients, terminating patients, how to decrease lawsuits, patient safety etc.

If you have any Risk Management questions, I have 19 years of experience as a Director of Risk Management: 4 years at St. Vincent Hospital and 15 years at UAMS. I am happy to discuss whatever issues you have. I am your resource and I am available. Please let me know what you would like to see as part of the risk management program. This is your program and I am here to make your practice of medicine easier and to help your staff have the convenience of resources.

I am honored to have this position. Thank you.

Rebecca Tutton, R.N., J.D.
Director, Arkansas Mutual Risk Management
Office: 501-716-9190
Cell: 501-213-8055