Doctor |

New CMS LTC Staffing Requirements Likely To Increase Workforce Competition, Costs Industry-Wide

May 12, 2024

Nursing homes and other health care facilities competing for staffing with these facilities should begin preparing to cope with expected wage costs and other pressures expected to result from new staffing and other changes to staffing requirements for Meficare and Medicaid participating long-term care favorites released by the Department of Health and Human Services Centers for Medicare & Medicaid Services (“”CMS”) on April 22, 2024.

The Minimum Staffing Standards for Long-Term Care (LTC) Facilities and Medicaid Institutional Payment Transparency Reporting final rule (“Final Rule”) will require long-term care facilities participating in federal programs such as Medicare and Medicaid are to have a licensed registered nurse (“RN”) on site at all times and to meet minimum nurse staffing (“TNS”) requirements imposed under the Final Rule. The Final Rule also will face enhanced facility assessment requirements under the Final Rule.

The mandates of the Final Rule and resulting increases in compensation and competition will impact both participating LTCs and other health care providers competing for staffing.

Total Nurse Staffing

CMS says its new minimum nurse staffing standards “will set a national and broadly applicable baseline that will significantly reduce the risk of unsafe and low-quality care for residents across all LTC facilities.”

Subject to certain limited temporary exceptions, the TNS requirements for long-term care (“LTC”) facilities aim to significantly reduce the risk of residents receiving unsafe and low-quality care within LTC facilities by specifying required minimum nurse staffing.

The Final Rule generally will require LTC facilities to meet a total nurse staffing standard of 3.48 hours per resident day (HPRD), which must include at least 0.55 HPRD of direct registered nurse (RN) care and 2.45 HPRD of direct nurse aide care. LTCs may use any combination of registered nurse (“RN”), licensed practical nurse (“LPN”), licensed vocational nurse (“LBN”), or nurse aide) to account for the additional 0.48 HPRD needed to comply with the total nurse staffing standard.

In addition, the Final Rule will require LTCs to have at least one RN on site 24 hours a day, 7 days a week to provide skilled nursing care.

Some “limited temporary exceptions” may apply to all the requirements for qualifying LTCs in areas with workforce shortages that meet other criteria. While an estimated 25% of nursing homes would be eligible for exceptions, these are “limited, temporary exceptions,” LTC must be in a workforce shortage area and report the amount of their income spent on wage and other information to prove their “good faith” efforts to hire by paying competitive wages.”

While these are minimum staffing standards, CMS expects LTC facilities to use the updated and newly strengthened facility assessment to determine whether their staffing needs to be set above these minimums, based on resident acuity and individual care needs. CMS is committed to continued examination of staffing thresholds, including work to review quality and safety data resulting from initial implementation of these finalized policies, as well as robust public engagement.

Additionally, to increase transparency related to compensation for workers, CMS will also require states to collect and report on the percent of Medicaid payments that are spent on compensation for direct care workers, and support staff, delivering care in nursing facilities and intermediate care facilities, for individuals with intellectual disabilities.

CMS Tightening LTC Assessments

LTC facilities are already required to conduct, document, and review, annually and as necessary, a facility-wide assessment to determine what resources are necessary to care for residents competently during both day-to-day operations and emergencies. ensure that facilities are utilizing the assessment as intended by making thoughtful, person-centered staffing plans, and decisions focused on meeting resident needs, including staffing at levels above the finalized minimums as indicated by resident acuity, the Final Rule raises the assessment requirements as follows:

Facilities must use evidence-based methods when care planning for their residents, including consideration for those residents with behavioral health needs.
Facilities must use the facility assessment to assess the specific needs of each resident in the facility and to adjust as necessary based on any significant changes in the resident population.
Facilities must include the input of the nursing home leadership, including but not limited to, a member of the governing body and the medical director; management, including but not limited to, an administrator and the director of nursing; and direct care staff, including but not limited to, RNs, LPNs/LVNs, and NAs, and representatives of direct care staff as applicable. The LTC facility must also solicit and consider input received from residents, resident representatives, and family members.
Facilities are required to develop a staffing plan to maximize recruitment and retention of staff consistent with what was described in the President’s April Executive Order on Increasing Access to High-Quality Care and Supporting Caregivers.

Temporary Limited Exceptions

LTC facilities may qualify for a temporary hardship exemption from the minimum nurse staffing HPRD standards and the 24/7 RN requirement only if they meet the following criterion for geographic staffing unavailability, financial commitment to staffing, and good faith efforts to hire:

The facility is located in an area where the supply of RN, NA, or total nurse staff is not sufficient to meet area needs as evidenced by the applicable provider-to-population ratio for nursing workforce (RN, NA, or combined licensed nurse and nurse aide), which is a minimum of 20% below the national average, as calculated by CMS using data from the U.S. Bureau of Labor Statistics and the U.S. Census Bureau.
- The facility may receive an exemption from the total nurse staffing requirement of 3.48 HPRD if the combined licensed nurse and nurse aide to population ratio in its area is a minimum of 20% below the national average.
- The facility may receive an exemption from the 0.55 RN HPRD requirement, and an exemption of eight hours a day from the RN on-site 24 hours per day for seven days a week requirement, if the RN to population ratio in its area is a minimum of 20% below the national average.
- The facility may receive an exemption from the 2.45 NA HPRD requirement if the NA to population ratio in its area is a minimum of 20% below the national average.

Eligible LTC facilities that meet the criteria will receive a temporary hardship exemption by completing the following:

The facility provides documentation of good faith efforts to hire and retain staff, such as through job postings, the number and duration of vacancies, job offers made, and competitive wage offerings.
The facility provides documentation of the facility’s financial commitment to staffing, including the amount the facility expends on nurse staffing relative to revenue.

Before being considered, the LTC facility must be surveyed for compliance with the LTC participation requirements. CMS will coordinate with state survey agencies to determine if the facility meets the criteria for a hardship exemption noted above.

Facilities granted an exemption will be required to: 1) post a notice of its exemption status in a prominent and publicly viewable location in each resident facility; 2) provide notice of its exemption status, and the degree to which it is not in compliance with the HPRD requirements, to each current and prospective resident; and 3) send a copy of the notice to a representative of the Office of the State Long-Term Care Ombudsman.

CMS will indicate if a facility has obtained an exemption on the Medicare.gov Care Comparewebsite.

Facilities are not eligible for an exemption if any one of the following is true:

They have failed to submit their data to the Payroll Based Journal System.
They have been identified as a special focus facility (SFF).
They have been identified within the preceding 12 months as having: widespread, or a pattern of, insufficient staffing that resulted in actual harm to a resident; or an incident of insufficient staffing that caused or is likely to cause serious harm or death to a resident.

Facilities that meet the hardship exemption criteria are eligible from the time at which the exemption is granted until the next standard recertification survey, unless the facility meets any of the above-mentioned criteria for not being eligible for the exemption during that time. The hardship exemption may be extended on each standard recertification survey, after the initial period, if the facility continues to meet the exemption criteria.

Implementation Deadlines

The Final Rule has staggered implementation timeframe for its minimum nurse staffing standards and 24/7 RN requirement based on geographic location as well as possible exemptions for qualifying facilities for some parts of these requirements based on workforce unavailability and other factors.

CMS is implementing the minimum nurse staffing requirements to occur in three phases over a three-year period for all non-rural facilities. The following deadlines apply for non-rural facilities:

Phase 1 — Within 90 days of the final rule publication, facilities must meet the facility assessment requirements.
Phase 2 — Within two years of the final rule publication, facilities must meet the 3.48 HPRD total nurse staffing requirement and the 24/7 RN requirement.
Phase 3 — Within three years of the final rule publication, facilities must meet the 0.55 RN and 2.45 NA HPRD requirements.

The Final Rule sets later deadlines for rural facilities in acknowledgment of the unique challenges that rural LTC facilities may face in staffing as follows:

Phase 1 — Within 90 days of the final rule publication, facilities must meet the facility assessment requirements.
Phase 2 — Within three years of the final rule publication, facilities must meet the 3.48 HPRD total nurse staffing requirement and the 24/7 RN requirement.
Phase 3 — Within five years of the final rule publication, facilities must meet the 0.55 RN and 2.45 NA HPRD requirements.

Qualification as a rural facility is determined by the Office of Management and Budget.

CMS Nursing Home Staffing Campaign

CMS continues efforts to encourage the availability to increase the number of nurses in nursing homes. As part of these efforts, CMS plans to promote awareness of the many career pathways in the nursing field that are available to help recruit all types of individuals, from NAs to LPNs/LVNs and RNs. It also plans to offer financial incentives like tuition assistance for nurses to work in the nursing home environment in qualifying facilities or state oversight roles and to make it easier for individuals to become nurse aides by streamlining the process for enrolling in training programs and finding placement in a nursing home.

Additionally, CMS plans to partner with states to bolster nurse recruitment.

CMS says more announcements are expected later this year and it anticipates beginning distribution of financial incentives in 2025.

Begin Preparing Now

All nursing homes and other health care facilities competing for staffing should begin preparing for these changes immediately. Obviously, LTC is participating in Medicare, Medicaid or other covered programs will face the most immediate and direct impact from these rules. Facility should begin documented efforts to meet the staffing requirements and where applicable, evidence and other materials needed to prepare for required surveys and to establish, other criteria necessary to qualify for exemption if needed.

It is not just the facilities directly covered by the rules that the new staffing requirements will impact.

While the new requirements technically apply only to LTCs participating in Medicare, Medicaid or other CMS regulated programs, their applicability likely will impact non-participating programs as well. the new minimum requirements will affect standards of care for negligence and other purposes.

Likewise, increases in compensation and other terms and conditions of employment at covered facilities will affect other types of providers. Non-participating nursing homes, home health, hospice, rehabilitation, hospitals, rehabilitation, facilities, assisted living facilities and other providers should expect greater scrutiny of their staffing and greater pressure to pay better wages and improve other work conditions and benefits in response to greater competition for workers.

Facilities that have used noncompetition agreements or other restraints on post employment eligibility to work are cautioned that these types of restraints could run afoul of the federal trade commissions new Non-Competition Clause Final Rule slated to take affect in September, 2024 if the current judicial stay against it is lifted by that time.

Likewise, long-term care another healthcare employers planning to increase wages, or other terms of employment are cautioned to use care to comply with any applicable duties to bargain or other requirements if subject to union organization or contracts.

Given the complicated maze of employment, benefits, and healthcare regulations that facilities working to deal with these new requirements must negotiate, healthcare providers working with these and other recruitment rules are encouraged to consult with qualified legal counsel with experience in both the healthcare and employment issues involved.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters, contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of workforce, risk management, compliance, regulatory and government affairs and other work with health care, employee benefit, managed care and other insurance, education, workforce and other performance and data dependent organizations, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with government and private health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services, education and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications, her experience includes extensive involvement throughout her career advising and representing health care and life sciences and other clients about preventing, investigating and defending HHS CMS, OIG, CIICO, OCR; , DOL WHD, EEOC, EBSA, OSHA; DOJ, OFCCP; NLRB; DOE; ICE; state attorney general licensing, Department of Health, Aging, Disability, Insurance, and other federal and state, JCHO and other accreditation and quality, peer review, employment and other workforce, contract and other investigations, audits, and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state laws.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Leave a Comment » | Academic medicine, Accreditation, Ambulatory care, compensation, Conditions of Participation, Doctor, Emergency Care, Employee Benefits, Employer, Employment law, ERISA, FLSA, FTC, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, Health Plan, Health Plans, healthcare, HHS, Home Health, Hospice, Hospital, hospitals, Immigration, Indian Health, Labor Law, Medicaid, Medicaid Advantage, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, nursing home, OIG, Patients, Peer Review, Reimbursement, Rural Health Care, Skilled Nursing Facility | Tagged: Health Care, Health Care Provider, nursing home, Skilled Nursing | Permalink
Posted by Cynthia Marcotte Stamer

OCR Nails Second HIPAA Covered For Allowing Ransomware Breach

February 23, 2024

Health care providers, health plans, health care clearinghouses and their business associates (covered entities) that fail to appropriately safeguard their protected health information and systems against randomware and other malware threats as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) should expect to pay hefty amounts to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) if an attack occurs. That is the clear message sent by OCR’s February 22, 2022 announcement of its second ransomware settlement since October, 2023.

Duty To Guard Against Malware

OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which sets forth the requirements that HIPAA covered entities (most health care providers, health plans, and health care clearinghouses) and their business associates must follow to protect the privacy and security of protected health information.

Ransomware and hacking are the primary cyber-threats in health care. A type of malware (malicious software) designed to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid, OCR has seen large breaches affecting more than 500 individuals reported to OCR involving hacking increase 256% and those from ransomware increase 264% increase over the past five years,

In 2023, hacking accounted for 79% of the large breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022.

In light of the growing threat, OCR is prioritizing enforcement, education and compliance outreach to HIPAA covered entities.

OCR’s February 22, 2024 announcement of its second ever and second settlement of a malware related enforcement action in less than five months demonstrates OCR’s readiness to hold covered entities accountable for failing to fulfill this responsibility.

Green Ridge Ransomeware Breach

OCR’s February 22, 2022 announcement of its second ever ransomware related resolution agreement and corrective action plan reaffirms OCR’s readiness to hold covered entities accountable for failing to guard against ransomware and other cyber risks.

Green Ridge Behavioral Health, LLC, (Green Ridge), a Maryland-based practice that provides psychiatric evaluations, medication management, and psychotherapy. This marks the second settlement that OCR has reached with a HIPAA regulated entity for potential violations identified during an investigation following a ransomware attack.

The settlement resolves an investigation following a ransomware attack that affected the protected health information of more than 14,000 individuals.

OCR learned of the breach after Green Ridge filed a breach report with OCR in February 2019 that stated that its network server had been infected with ransomware resulting in the encryption of company files and the electronic health records of all patients.

In keeping with its policy of investigating all breaches affecting more that 500 individuals (large breaches), OCR opened an investigation in April, 2019.

OCR’s investigation of the breach found evidence of potential violations of the HIPAA Privacy and Security Rules leading up to and at the time of the breach. Other findings included that Green Ridge Behavioral Health failed to:

Have in place an accurate and through analysis to determine the potential risks and vulnerabilities to electronic protected health information;
Implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level; and
Have sufficient monitoring of its health information systems’ activity to protect against a cyber-attack.

Under the terms of the settlement, Green Ridge agreed to pay $40,000 and implement a corrective action plan that will be monitored by OCR for three years to avoid exposure to potentially much greater HIPAA monetary penalties.

The plan also requires Green Ridge to take many actions to resolve potential HIPAA violations and to protect electronic protected health information, including:

Conducting a comprehensive and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information;
Designing a Risk Management Plan to address and mitigate security risks and vulnerabilities found in the Risk Analysis;
Reviewing, and as necessary, developing, or revising its written policies and procedures to comply with the HIPAA Rules;
Providing workforce training on HIPAA policies and procedures;
Conducting an audit of all third-party arrangements to ensure appropriate business associate agreements are in place, where applicable; and
Reporting to OCR when workforce members fail to comply with HIPAA.

First Malware Settlement

Prior to this week’s announcement of the Green Ridge resolution agreement, OCR already had announced its first ever malware related resolution agreement on October 31, 2023.

That $100,000 settlement resolved a potentially much greater HIPAA liability business associate Doctors’ Management Services (DMS) could have faced for alleged HIPAA violations OCR found investigating a large breach report DMS filed on April 22, 2019.

The DMS breach report disclosed that a ransomware attack affected DMS’ network server with GandCrab ransomware beginning with an initial unauthorized access to the network that occurred on April 1, 2017; however, DMS did not detect the intrusion until December 24, 2018, Once the DNS system was accessed, ransomware was used to encrypt their files. The attack affected the electronic protected health information of 206,695 individuals

OCR’s investigation of the DNS breach found evidence of potential failures by DMS to have in place an analysis to determine the potential risks and vulnerabilities to electronic protected health information across the organization. Other findings included insufficient monitoring of its health information systems’ activity to protect against a cyber-attack, and a lack of policies and procedures in place to implement the requirements of the HIPAA Security Rule to protect the confidentiality, integrity, and availability of electronic protected health information.

Under the terms of the DMS settlement agreement paid $100,000 to OCR and agreed to implement a corrective action plan that requires:

DMS to submit to OCR monitoring for three years to ensure compliance with HIPAA
Review and update its Risk Analysis to identify the potential risks and vulnerabilities to Doctor’s Management Services data to protect the confidentiality, integrity, and availability of electronic protected health information.
Update its enterprise-wide Risk Management Plan (strategy to protect the confidentiality, integrity, and availability of ePHI) to address and mitigate any security risks and vulnerabilities found in the updated Risk Analysis.
Review and revise, if necessary, its written policies and procedures to comply with the Privacy and Security Rules.
Provide workforce training on HIPAA policies and procedures.

Warning To All Covered Entities

Along with announcing the two recent resolution agreements, OCR also is warning all covered entities to tighten their malware and ransomware safeguards.

OCR’s announcement of the Green Ridge resolution agreement, for instance, quotes OCR Director Melanie Fontes Rainer as stating, “Health care providers need to understand the seriousness of these attacks and must have practices in place to ensure patients’ protected health information is not subjected to cyber-attacks such as ransomware.”

To assist covered entities to meet this responsibility, OCR has developed Fact Sheet guidance that recommends covered entities to take at least the following steps to guard against breaches from ransomware and other malware attacks:

Review all vendor and contractor relationships to ensure business associate agreements are in place as appropriate and address breach/security incident obligations.
Risk analysis and risk management should be integrated into business processes; conducted regularly and when new technologies and business operations are planned.
Ensure audit controls are in place to record and examine information system activity.
Implement regular review of information system activity.
Utilize multi-factor authentication to ensure only authorized users are accessing ePHI.
Encrypt ePHI to guard against unauthorized access to ePHI.
Incorporate lessons learned from incidents into the overall security management process.
Provide training specific to organization and job responsibilities and on regular basis; reinforce workforce members’ critical role in protecting privacy and security.
two recent resolutions agreements and other guidance and enforcement actions make clear that all covered entities should ensure their ability to demonstrate their completion of these and other actions a risk analysis shows are needed to defend against a ransomware or other malware threats. This guidance also alerts covered entities to stay vigilant and update risk assessments and safeguards in response as to evolving threats.

Covered entities should not assume the relatively modest settlement amounts collected in the two new ransomware settlements compared to exponentially greater resolution settlements like the $4.75 million settlement payment New York based Montefiore Medical Center made last year reflect greater tolerance for ransomware related threats versus internal or external hacking. To the contrary, the Montefiore Medical Center resolution makes clear the randomware threat is one of a multitude of internal and external threats covered entities must defend their protected health information against to comply with HIPAA.

Moreover, covered entities and their leaders also should take steps to understand and fully address all other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by HIPAA. For example, health care providers, health plans and their fiduciaries, brokers, administrators and insurers also may bear responsibilities under the Employee Retirement Income Security Act fiduciary responsibility rules, the Fair and Accurate Credit Transactions Act, federal and state electronic crimes, privacy data security, artificial intelligence, workforce, tax, and other laws.

Publicly traded organizations and their leaders also may face responsibilities and liability under new Securities and Exchange Commission regulations, clawback rules and other laws arising from the occurrence or bungled response to a breach.

Likewise, got businesses sponsoring or administering employment-based health plans, Employee Benefit Security Administration considers managing cybersecurity risks a part of the fiduciary obligations of fiduciaries of employment-based health plans. Meanwhile, health care providers, insurance organizations and brokers, third party administrators, government contractors, attorneys and other advisors and others also may be subject to medical confidentiality and other data privacy and security obligations under federal and state electronic crimes, identity theft, ethics, professional licensure, contractual, common law privacy and other statutory and common laws. Since HIPAA and many of these other laws involve potential criminal as well as civil liability, organizations and leaders in covered entities generally should ensure their HIPAA and other cybersecurity compliance efforts are included in and administered according to their Federal Sentencing Guidelines Compliance program.

While it commonly is necessary or advisable to involve consulting or other technical support in the conduct of these activities, HIPAA entities should keep in mind the likelihood that their analysis and review is likely to uncover and prompt discussion of potentially legally or politically sensitive information. For this reason, HIPAA entities and their leaders generally will want to engage experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.

In planning for an implementing these procedures, Covered Entities also are reminded that the effectiveness of these efforts requires that the Covered Entities incorporate appropriate processes and policies for monitoring and investigating compliance with the policies and procedures implemented to comply with HIPAA. Conducting this monitoring and investigation by necessity is likely to involve surveillance, investigation and cooperation of employees, contractors, vendors and others for which Fair Credit Reporting Act background check notification and consent and other procedures are necessary or advisable.

Finally, HIPAA entities should keep in mind that HIPAA and other cybersecurity compliance and risk management is an ongoing process requiring constant awareness and diligence. Consequently, HIPAA entities should both monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.

For More Informational

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Leave a Comment » | business associate, data breach, data security, Doctor, Electronic Health Records, Electronic Medical Records, Employer, Federal Health Center, Federal Sentencing Guidelines, Fiduciary Responsibility, Genetic Information, GINA, Health Care, Health Care Finance, Health Care Provider, Health Insurance, Health IT, Health Plan, Health Plans, healthcare, HHS, HIPAA, HIPAA Cyber Crime, HITECH Act, Home Health, home health, Hospice, Hospital, hospitals, long-term care, Medical Privacy, Medical Records, NIST, nursing home, occupational health, OCR, Pharmacy, Physician, primary care, Self-Insured Group health Plans, Telemedicine | Tagged: Breach Notification, Data Breach, Data Security, Federal Sentencing Guidelines, Health Care, Health Care Compliance, Health Care Provider, Health Plans, Health Policy, HHS, HIPAA, Hospital, Hospitals, Medical Privacy, OCR, pharmacy, PHI, Physician, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Accommodating Patient Preferences No Defense To Prohibited Employment Discrimination

July 31, 2023

A new federal Equal Employment Opportunity Commission (“EEOC”) lawsuit reminds health industry and other employers that patient or other customer preferences do not justify or excuse an employer’s discrimination against employees in violation of the Civil Rights Act or other federal employment discrimination laws.

Brooklyn-based home health company ACARE HHC Inc., doing business as Four Seasons Licensed Home Health Care Agency (“Four Seasons”) faces a race discrimination suit for allegedly removing home health aides from their work assignments due to their race and national origin to accommodate client preferences.

According to a lawsuit (EEOC v. ACARE HHC d/b/a Four Seasons Licensed Home Health Care, 23-cv-5760), filed by the EEOC in the U.S. District Court for Eastern District of New York on July 31, 2023, Four Seasons violated the Title VII of the Civil Rights Act of 1964 (“Civil Rights Act”) by routinely acceding to racial preferences of patients in making home health aide assignments. The EEOC claims Four Seasons routinely removed Black and Hispanic home health aides based on clients’ race and national origin-based requests. Four Seasons would transfer aides to a new assignment or, if no other assignment was available, the aides lost their employment completely. The EEOC charges this alleged conduct violates the Civil Rights Act, which among other things prohibits employers from discriminating against employees on the basis of race and national origin. The EEOC seeks compensatory damages and punitive damages for the affected employees, and injunctive relief to remedy and prevent future discrimination based on employees’ race and national origin.

The lawsuit, warns employers against resigning or assigning workers to accommodate racial or other prohibited discriminatory preferences of customers, or business partners. “Making work assignment decisions based on an employee’s race or national origin is against the law, including when these decisions are grounded in preferences of the employer’s clients,” said Jeffrey Burstein, regional attorney for the EEOC’s New York District Office.

The lawsuit is one of a plethora of enforcement Civil Rights and other federal discrimination law actions by EEOC, the Department of Health and Human Services Office of Civil Rights, and other federal agencies under the Biden Administration’s prioritization of expansion and enforcement of discrimination and other discrimination and equal opportunity laws.

In light of these efforts, employers should take immediate steps to update policies, postings, training, and practices to ensure their ability to defend their compliance with race and other federal nondiscrimination laws.

For More Information

About the Author

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Leave a Comment » | Abortion, Academic medicine, air ambulance, Child Care, Childcare, Childrens Health Insurance Program, Civil Rights, Conditions of Participation, Corporate Compliance, Direct Primary Care, Discrimination, DME, Doctor, drug treatment, early childhood education, Emergency Care, Employer, exchange plans, Federal Health Center, Health Care, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Insurance, Health Plan, HHS, Home Health, home health, Hospice, Hospital, Hospital, hospitals, Indian Health, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Life Sciences, long-term care, Medicare Prescription Drug Program, Mental Health, Nonprofits, nursing home, OCR, OIG, Physician, Prescription Drugs, Provider contracting, Rehabilitation Act, Reproductive Rights, Section 1557, Sexual Abuse, Sexual Assault, Sexual Harassment | Permalink
Posted by Cynthia Marcotte Stamer

HHS Recommits To LGBTQ Nondiscrimination Protections In Newly Proposed Rules; Religious Exemption Likely Limited By Pending HHS Changes In Religious Freedom Protections

July 11, 2023

Health care providers, health insurance issuers, health care professional associations, state and local government entities and other organizations and providers participating or receiving funds from the Department of Health and Human Services (“HHS”) funded programs should evaluate their likely responsibilities and exposures for preventing discrimination on the basis of sexual orientation and gender under the Notice of Proposed Rule Making (“NPRM”) to the Health and Human Services Grants Regulation (the “Proposed HHS Grants Rule”) the HHS Office for Civil Rights (“OCR”) and the Assistant Secretary for Financial Resources (“ASFR”) released to the public today (July 11, 2023) and scheduled for joint publication the Federal Register on July 13, 2023.

Proposed HHS Grants Rule Overview

The NPRM builds on HHS’ efforts to ensure access to health and human services for Lesbian, Gay, Bisexual, Transgender, Queer, and Intersex (“LGBTQI”) individuals in furtherance of President Biden’s Executive Orders on Preventing and Combating Discrimination on the Basis of Gender Identity and Sexual Orientation and Advancing Equality for Lesbian, Gay, Bisexual, Transgender, Queer, and Intersex Individuals by reaffirming the prohibition against discrimination on the basis of sexual orientation and gender identity in federal statutes administered by HHS while defining procedures through which HHS would permit organization with religious objections to seek an exemption from or modification of the otherwise applicable requirements.

The Proposed HHS Grants Rule clarifies and reaffirms HHS’ prohibition against LGBTQI discrimination by stating, “In statutes that HHS administers which prohibit discrimination on the basis of sex, the Department interprets those provisions to include a prohibition against discrimination on the basis of sexual orientation and gender identity, consistent with the Supreme Court’s decision in Bostock v. Clayton County, 140 S. Ct. 1731 (2020), and other federal court precedent applying Bostock’s reasoning that sex discrimination includes discrimination based on sexual orientation and gender identity.”

The Proposed HHS Grants Rule represents the latest effort of HHS to finalize and implement prohibition against LGBTQI individuals in HHS first undertaken in 2016. Since HHS originally adding the prohibition against LGBTQI discrimination to its HHS Grants Rule, HHS faced various court challenges to its LGBTQI nondiscrimination provisions. These challenges included lawsuits challenging HHS’ interpretation of the sex discrimination prohibitions of Title VII of the Civil Rights Act of 1964, 42 U.S.C. 2000e-2(a)(1) (“Title VII”) as prohibiting discrimination based on sexual orientation and identity, First Amendment religious freedom challenges and challenges based on alleged violations of the Administrative Procedures Act.

In the intervening years, HHS originally granted various waivers, then subsequently adopted a blanket non-enforcement policy to address First Amendment religious freedom concerns about the LGBTQI discrimination prohibition and attempted to resolve Administrative Procedures Act challenges in subsequently published versions of the rules. Meanwhile, the U.S. Supreme Court resolved objections to HHS’ expansive interpretation of Title VII as extending to LGBTQI when it affirmed Title VII’s prohibition against discrimination on the basis of sex includes discrimination based on sexual orientation and gender identity in Bostock v. Clayton County, 140 S. Ct. 1731 (2020).

As currently proposed, the HHS Grants Rule has a sweeping reach. In the Proposed HHS Grant Rule, HHS reaffirms that discrimination against LGBTQI individuals is prohibited in virtually all HHS-funded and administered programs while revising the existing HHS Grants Rule to address when and how a provider with faith-based objections to the rules can seek exemption or other religious accommodations from HHS.

As currently proposed the Proposed HHS Grants Rule would treat LGBTQI discrimination as prohibited discrimination on the basis of sex in most HHS regulated or funded programs. The LGBTQI discrimination prohibition would apply to authorizations for domestic resettlement of and assistance to refugees; assistance in transition from homelessness; Children with Serious Emotional Disturbances; Title VII Health Workforce Programs; Nursing Workforce Development; Preventive Health Services Block Grant; Substance Abuse Treatment and Prevention Block Grant; Community Mental Health Services Block Grant; Maternal and Child Health Block Grant; Disaster relief; Low-Income Home Energy Assistance Program; Head Start; Community Services Block Grant Program; and Family Violence Prevention and Services programs.

HHS’ announcement of its plans to reaffirm its LGBTQI equal protection requirements in the HHS Grants Rule likely will prompt new attention and scrutiny from organizations and individuals with faith-based objections to its mandates, particularly given HHS’ release of the rule comes less than two weeks after the Supreme Court’s June 30, 2023 landmark ruling in 303 Creative LLC . v. Elenis, 600 U. S. ____ (2023), upholding the right of a website designer, who believes same-sex marriage contravenes her faith, to exemption from enforcement of a state law that prohibited a public business from communicating to patrons that service would be refused based on sexual orientation.

The Proposed HHS Grants Rule includes provisions requiring HHS to accommodate the religious rights of organizations or individuals with faith-based objections protected by the Religious Freedom Restoration Act (“RFRA”) or the First Amendment when administering and enforcing its provisions without specifically detailing the procedures for raising such objections or the standards HHS will apply to decide whether to approve a request for religious exemption or accommodation.

In this respect, the Proposed HHS Grants Rule provides that a recipient at any time may notify the HHS awarding agency, ASFR, or the Office for Civil Rights (OCR) of the recipient’s view that it is exempt from, or requires modified application of, certain provisions of the Rule due to the RFRA, the First Amendment or another religious freedom law. The Proposed HHS Grants Rule also directs that once the awarding agency receives notice of religious objection from a particular recipient, “any relevant ongoing compliance activity regarding the recipient shall be held in abeyance” until the applicable agencies in legal consultation with the HHS Office of the General Counsel determine whether the recipient is exempt from the application of certain provisions or entitled to modified application of the rules based on a federal religious freedom law.

While the Proposed HHS Grants Rule does not detail the procedures for requesting religious accommodation or the standards HHS will use to decide whether to approve requests, HHS does address those standards and procedures in other guidance, the current provision of which are highlighted on the HHS Conscience and Religious Freedom Webpage. It bears noting, however, that along with the Proposed HHS Grants Rule, HHS also currently is considering a separate proposal to narrow the availability of religious and conscience objections to its rules it announced in a January 5, 2023 Notice of Proposed Rule Making titled “Safeguarding the Rights of Conscience as Protected by Federal Statutes” (“Proposed Religion Rule”). While the official comment period for the Proposed Religion Rule closed on March 6, 2023, its provisions, if adopted as proposed, could materially affect the interpretation and enforcement of the HHS Grants Rule. Accordingly, organizations and other parties concerned about the likely interpretation and enforcement of the HHS Grants Rule with respect to parties claiming religious freedom objections should consider the likely implications of the Proposed Religion Rule in their evaluation of the HHS Grants Rule.

In response to the HHS Grants Rule, all health care providers, health plans and others expected to be impacted by the Proposed HHS Grants Rule should both begin preparing to adjust their existing policies and practices in anticipation of the finalization of the Proposed HHS Grants Rule as well as submit relevant concerns and other feedback on the Proposed Rule by the September 11, 2023 comment deadline established in the NPRM. Providers and other stakeholders with potential faith-based concerns about any of the requirements of the Proposed HHS Grants Rule should take particular note of the Rule’s proposed provisions regarding religious accommodation, taking into account the Proposed Religion Rule purposes of this planning as well as their timely submission of any comments by the applicable September 11, 2023 comment deadline.

For More Information

About the Author

A Fellow in the American College of Employee Benefit Counsel, Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on health and managed care and employer benefits legal, public policy and operational concerns in the healthcare, employer benefits, and insurance and financial services industries. She speaks and publishes extensively on HIPAA and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Sibley Hospital & Johns Hopkins Health System Pay $5 Million To Settle Stark Violations

April 19, 2023

Sibley Hospital (“Sibley”) and its parent company, Johns Hopkins Health System (“Johns Hopkins”) will pay the United States $5 million to resolve Physician Self-Referral Law, (commonly known as the “Stark Law”) allegations arising from claims that Sibley submitted to the Medicare Program, the Justice Department announced today.

The Stark Law prohibits a hospital from billing Medicare for certain services referred by physicians with whom the hospital has a financial relationship, unless that relationship satisfies one of the law’s statutory or regulatory exceptions. It is intended to ensure that medical decision-making is not influenced by improper financial incentives and instead is based on the best interests of the patient.

The new settlement resolves allegations that, from 2008 through 2011, Sibley violated the Stark Law by billing Medicare for services referred by ten cardiologists to whom Sibley was paying compensation that exceeded the fair market value of the services provided. These allegations arose out of conduct that Sibley and Johns Hopkins self-disclosed to the United States.

“Improper financial arrangements between hospitals and physicians can influence the type and amount of health care that is provided,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “The department is committed to holding accountable those who violate prohibitions designed to protect the integrity of physician decision-making.”

The high dollar settlement reminds other health care providers to ensure their own relationships with other health care providers comply with Stark, anti-kickback and other federal and state health care fraud laws.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, billing, Child Care, Childcare, Childrens Health Insurance Program, Conditions of Participation, Corporate Compliance, DME, Doctor, E-Prescribing, false claims act, Grants, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, home health, Hospital, Laws, Life Sciences, Medicaid, Medicare, Medicare Advantage, OIG, pharmaceutical, Prescription Drugs | Permalink
Posted by Cynthia Marcotte Stamer

4/21 Deadline For Comments On Proposed HIPAA Administrative Simplification Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification To Referral Certification and Authorization Transaction Standard

April 19, 2023

April 21 is the deadline to comment on the Centers for Medicare & Medicaid Services (CMS) National Standards Group (NSG) proposed rule that, if finalized, would adopt standards for “health care attachments” transactions, a standard for electronic signatures to be used in conjunction with health care attachments transactions, and a modification to the standard for the referral certification and authorization transaction (X12 278) published last December.

The April 21, 2023 deadline reflects a 30-day extension from the original deadline date of March 21, 2023. Comments must be received no later than 5 p.m. on April 21.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Prepare To Handle Justice Department Marijuana Pardon Certificates From Applicant

March 5, 2023

Healthcare and other businesses that disqualify applicants from employment based on past Marijuanna convictions need to prepare to respond to applicants presenting certificates of pardon of their prior federal conviction of simple Marijuanna conviction received under President Biden’s October 6, 2023 Presidential Proclamation on Marijuana Possession.

Biden Marijuanna Pardons

The Proclamation provided a blanket pardon for all prior federal and D.C. (but not state) offenses of simple possession of marijuana.

Those who were pardoned on October 6, 2022, are eligible for a certificate of pardon. Consistent with the proclamation, to be eligible for a certificate, an applicant must have been charged or convicted of simple possession of marijuana in either a federal court or D.C. Superior Court, and the applicant must have been lawfully within the United States at the time of the offense. Similarly, an individual must have been a U.S. citizen or lawful permanent resident on October 6, 2022. Those convicted of state marijuana offenses do not qualify for the pardon.

On March 3, 2023, the Justice Department announced the application process for issuing certificates of the pardons to pardoned individuals. This process allows pardoned individuals to get prof of their pardons to present to employers and others. Consequently health care and other businesses should prepare to respond to applicants presenting these certificates.

When he made the pardon proclamation, President Biden directed the Justice Department to develop a process for individuals to receive their certificate of pardon. On March 3, 2023, the Justice Department issued an application for eligible individuals to receive certificate of proof that they were pardoned under the Oct. 6, 2022, proclamation by President Biden.

The online application available on the Office of the Pardon Attorney’s website: Application for Certificate of Pardon allows eligible persons to submit documentation to the Office of the Pardon Attorney and receive a certificate indicating the person was pardoned on October 6, 2022, for simple possession of marijuana.

President Biden said when making his proclamation he intended the pardons to “help relieve the consequences arising from these convictions.” The President’s pardon, effective Oct. 6, 2022, may assist pardoned persons by removing civil or legal disabilities such as restrictions on the right to vote, to hold office or to sit on a jury that are imposed because of the pardoned conviction. Proofs of pardon also may help those pardoned to obtain licenses, bonding or employment.

Potential Employer Challenges

The pardons are likely to create concerns for health care and other employers who currently disqualify applicants from eligibility for employment based on drug related criminal conditions where the employer remains subject to statutory, regulatory, contractual or other requirements prohibiting employment of workers with prior or current history of drug offenses or use.

As a starting point, employers should carefully review their own existing policies as well as any statutory, regulatory contractual requirements applicable to their workforce to assess the implications of the pardons on the employment eligibility of a pardoned worker. Ambiguities are likely to arise under many policies, particularly where a hugyirunof drug use or possession is disqualifying without a requirement of a conviction.

Employers contemplating continuing to disqualify pardoned applicants for safety or other reasons probably should seek the advice of legal counsel. Some pardoned applicants might argue an employer’s reliance on a pardoned criminal drug conviction constitutes prohibited discrimination based on a history of prior drug dependence that violates the Americans With Disabilities Act or other discrimination laws. Statements made by President Biden and others within the Administration suggest the Equal Employmrnt Opportunity omission might support these or similar arguments in furtherance of promotion if President Biden’s policy of facilitating opportunities for employment for individuals recovering from substance abuse.

Employers also may struggle with equity questions raised by the pardoning of federal convicts but not those with state convictions.

Employers should monitor Equal Employment Opportunities Commission and other guidance and seek advice of experienced legal counsel to develop and administer hiring policies to mitigate potential exposures.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer’s work throughout her 35 year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As an ongoing component of this work, she regularly advises, represents and defends businesses on Guideline Program and other compliance, risk management and other internal and external controls in a wide range of areas and has published and spoken extensively on these concerns.

Ms. Stamer also is widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on workforce, compensation, and other operations, risk management, compliance and regulatory and public affairs concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving, and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Leave a Comment » | Civil Rights, Controlled Substances, Corporate Compliance, Credentialing, Doctor, drug treatment, Employer, Employment law, Health Care, Marijuanna, Medical Licensure, Physician Licensing | Permalink
Posted by Cynthia Marcotte Stamer

Banner Health Pays $1.25 Million To Settle Cybersecurity Breach Impacting Nearly 3 Million Individuals

February 3, 2023

Phoenix-based nonprofit health system Banner Health and its affiliates (“Banner Health”) paid $1.25 million and agreed to take corrective actions to resolve its exposure to potentially much greater Health Insurance Portability and Accountability Act (HIPAA) Security Rule civil monetary penalty exposure for a 2016 cyber hacking breach that compromised the personal health information of 2.81 million consumers. OCR used its February 2 announcement of the Banner Health settlement to warn health care providers, health plans, health care clearinghouses (“covered entities”) and business associates covered by HIPAA to guard their own systems containing protected health information against breach by cyber hacking.

Banner Health Settlement

Banner Health is one of the largest non-profit health systems in the country, with over 50,000 employees and operating in six states. Banner Health is the largest employer in Arizona and one of the largest in northern Colorado.

In November 2016, OCR initiated an investigation of Banner Health following the receipt of a breach report stating that a threat actor had gained unauthorized access to electronic protected health information, potentially affecting millions. The hacker accessed protected health information that included patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medications, diagnoses and conditions, and health insurance information.

OCR’s investigation found evidence of long-term, pervasive noncompliance with the HIPAA Security Rule across Banner Health’s organization, a serious concern given the size of this covered entity. Organizations must be proactive in their efforts to regularly monitor system activity for hacking incidents and have measures in place to sufficiently safeguard patient information from risk across their entire network.

The potential violations OCR identified specifically included:

A lack of an analysis to determine risks and vulnerabilities of electronic protected health information across the organization;
Insufficient monitoring of its health information systems’ activity to protect against a cyber-attack;
Failure to implement an authentication process to safeguard its electronic protected health information; and
Failure to have security measures in place to protect electronic protected health information from unauthorized access when it was being transmitted electronically.

Under the Resolution Agreement and Corrective Action Plan negotiated to resolve these potential violations, Banner Health paid $1,250,000 to OCR. Banner Health also agreed to implement a corrective action plan, which identifies steps Banner Health will take to resolve these potential violations of the HIPAA Security Rule and protect the security of electronic patient health information that will be monitored for two years by OCR to ensure compliance with the HIPAA Security Rule. Under the corrective action plan, Banner has agreed to take the following steps:

Conduct an accurate and thorough risk analysis to determine risks and vulnerabilities to electronic patient/system data across the organization
Develop and implement a risk management plan to address identified risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI
Develop, implement, and distribute policies and procedures for a risk analysis and risk management plan, the regular review of activity within their information systems, an authentication process to provide safeguards to data and records, and security measures to protect electronic protected health information from unauthorized access when it is being transmitted electronically, and
Report to HHS within thirty (30) days when workforce members fail to comply with the HIPAA Security Rule.

OCR Warns Other HIPAA-Covered Entities

In the health care sector, hacking is now the greatest threat to the privacy and security of protected health information. OCR’s announcement of the settlement reports 74 percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents.

The announcement also notes OCR offers an array of resources to help health care organizations bolster their cybersecurity posture and comply with the HIPAA Rules,

The settlement and OCR’s announcement warn other covered entities and business associates to use these and other necessary resources to protect their systems with protected health information from cyber hacking and other breaches.

In conjunction with reminding other covered entities of these resources, the settlement announcement quotes OCR Director Melanie Fontes Rainer as a warning, “Hackers continue to threaten the privacy and security of patient information held by health care organizations, including our nation’s hospitals, … It is imperative that hospitals and other covered entities and business associates be vigilant in taking robust steps to protect their systems, data, and records, and this begins with understanding their risks, and taking action to prevent, respond to and combat such cyber-attacks. … Cyber security is on all of us, and we must take steps to protect our health care systems from these attacks.”

OCR’s enforcement record confirms these are not idyl threats. Breaches of the Security or Breach Notification Rules often result in significant civil monetary penalty assessments or negotiated settlements to mitigate civil liability exposures arising out of such breaches. See e.g., Clinical Laboratory Pays $25,000 To Settle Potential HIPAA Security Rule Violations (May 25, 2021); Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People (January 15, 2021); Aetna Pays $1,000,000 to Settle Three HIPAA Breaches(October 28, 2020); Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People (September 25, 2020); HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual – (September 23, 2020); Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach (July 27, 2020); Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements (July 23, 2020).

Alerts issued by OCR regarding heightened security risks in recent months and a growing tide of highly publicized breaches send a strong warning to other covered entities and their business associates to reconfirm the adequacy of their own HIPAA privacy, security, breach notification and other procedures and protections by among other things:

Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected
violations or other indicia of potential security concerns.
Tracking and reviewing on a systemized, well-documented basis actual and near-miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
Establishing and providing well-documented monitoring of compliance that includes board-level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
Establishing and providing well-documented timely investigation and redress of reported
violations or other compliance concerns.
Establishing contingency plans for responding in the event of a breach.
Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.

Because of susceptibilities in systems, software and other vendors of business associates, suppliers and other third parties, covered entities and their business associates should use care to assess and manage business associate and other vendor-associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.

Beyond these HIPAA exposures, breaches and other HIPAA noncompliance carries other liability risks. Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders. For instance, the Department of Health & Human Services has warned health care providers participating in Medicare or other federal programs and Medicare Advantage health plans that HIPAA compliance is a program term of participation.

Health care providers and health insurers can face liability under state data privacy and breach, negligence or other statutory or common laws. In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards.

Health plans also face a myriad of other exposures from failing to use appropriate cyber safeguards. Plan fiduciaries of employment-based health plans covered by the Employee Retirement Income Security Act (“ERISA”) risk liability under ERISA’s fiduciary responsibility rules. The Department of Labor Employee Benefit Security Administration (“EBSA”) now audits the adequacy of the cybersecurity and other HIPAA compliance of health plans and their third-party administrators and other business associates as part of EBSA’s oversight and enforcement of ERISA. Department of Labor Assistant Secretary for EBSA Lisa Gomez confirmed audit and enforcement of cybersecurity obligations is a key priority in EBSA’s current work plan in her February 4, 2023 comments to the American Bar Association.

Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other public companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations.

Furthermore, appropriate cyber security practices also may be advisable elements for organizations to include in their Federal Sentencing Guideline Compliance Programs to mitigate potential organization liability risks under federal electronic crime and related laws.

In the face of these risks and warnings, all covered entities and their business associates should reassess and confirm the adequacy of their and their business associates’ cyber security defenses and breach response preparations.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Leave a Comment » | Cyber crime, data breach, data security, DME, Doctor, Employer, ERISA, Federal Sentencing Guidelines, Health Care Finance, Health Care Provider, Health Insurance, Health IT, Health Plan, Health Plans, HHS, HIPAA, HIPAA Cyber Crime, HITECH Act, home health, Hospice, Hospital, hospitals, Licensing, Meaningful Use, Medicaid, Medicaid Advantage, Medical Licensure, Medical Malpractice, Medical Privacy, Medical Records, Medicare, Medicare Advantage, OCR, Peer Review, Physician Licensing, retaliation, Technology, Telemedicine, Whistleblower | Tagged: ARRA, Breach Notification, CMS, Compliance, Corporate Compliance, Data Breach, Data Security, Doctor, DOJ, EHR, Electronic Health Records, Employer, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Compliance, Health Care Fraud, Health Care Provider, Health Care Reimbursement, Health Insurance, Health IT, Health Plan, Health Plans, HHS, HIPAA, HIPAA Privacy, HITECH Act, Hospital, Hospitals, licensure, Medicaid, Medical Privacy, Medicare, OCR, Office of Civil Rights, OIG, PHI, Physician, Physicians, Privacy, Protected Health Information | Permalink
Posted by Cynthia Marcotte Stamer

Lab Nailed For HIPAA Right Of Access Violation; Other Covered Entities Warned

January 3, 2023

A medical laboratory is the latest health care provider nailed under the U.S. Department of Health and Human Services Office for Civil Rights (OCR) Right of Access Initiative for violating the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access requirements.

OCR announced the 43rd access rule settlement with Life Hope Labs, LLC (“Life Hope Labs”), a full-service diagnostic laboratory in Sandy Springs, Georgia Tuesday.

In August 2021, a complaint was filed with OCR alleging that Life Hope Labs would not provide a personal representative with a copy of her deceased father’s medical records. The personal representative first requested access to her father’s records on July 7, 2021, but did not receive them until February 16, 2022, over seven months later. OCR’s investigation determined that Life Hope Labs’ failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision.

The access rule requires that patients be able to access their health information in a timely manner.

In its Resolution Agreement, Life Hope Labs agreed to pay $16,500 to resolve this investigation. In addition to the monetary settlement, Life Hope Labs also agreed to implement a corrective action plan that includes two years of monitoring by OCR.

In announcing its filing of the settlement, OCR warned other labs and health care providers to ensure their right of access compliance.

“Access to medical records, including lab results, empowers patients to better manage their health, communicate with their treatment teams, and adhere to their treatment plans. The HIPAA Privacy Rule gives individuals and personal representatives a right to timely access their medical records from all covered entities, including laboratories,” said OCR Director Melanie Fontes Rainer in OCR’s announcement of the settlement. “Laboratories covered by HIPAA must follow the law and ensure that they are responding timely to records access requests.”

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Leave a Comment » | ambulance, DME, Doctor, drug treatment, Electronic Health Records, Emergency Care, EMTALA, English as A Second Language, Health Care, Health Care, Health IT, Health Plan, Health Plans, HIPAA, home health, Hospice, Hospital, Hospital, hospitals, Indian Health, medical devices, Pharmaceudical, Pharmacy, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Chiropractor, Modern Vascular Office-Based Labs and Modern Vascular Corporate Entities Face False Claims Act Prosecution

December 19, 2022

Three consolidated False Claims Act (“FCA”) lawsuits against chiropractor Yury Gampel (“Gampel”), 15 Modern Vascular office-based labs owned primarily by Gampel located across the United States, and five Modern Vascular-affiliated companies owned by Gampel alert other chiropractic, physician and other medical providers using office-based labs send a clear warning to other health care providers and suppliers for services covered or billed to Medicare, Medicaid, TRICARE or other federal health care programs about the necessity to ensure their arrangements don’t involve illegal financial relationships or transactions.

False Claims Act Liability Arising From Participation In Or Filing Claims Involving Improper Inducements

The Justice Department suit against the defendants alleges the defendants both arose from the defendants participation in arrangements involving the offering and payment of illegal remuneration in violation of the federal Anti-Kickback Statute (“AKS”) and that the claims for benefits made to Medicare and other federal programs for care provided involving the arrangement violated the FCA.

The AKS generally prohibits any person or entity from soliciting, receiving, offering, or paying any direct or indirect prohibited remuneration as an inducement or reward for referring, recommending, ordering, or arranging for the purchase of any item or service for which payment may be made in whole or in part by a federal health care program. Parties violating the AKS commit a felony punishable with a fine of up to $100,000, imprisonment for up to 10 years or both.

In addition to any criminal liability arising under the AKS, filing claims derived or involving transactions prohibited by the AKS also can trigger liability for violation of the FCA. The FCA makes it unlawful for any person to submit, directly or indirectly, false or fraudulent claims for payment to the Government by among other things:

Knowingly presenting, or causing to be presented, a false or fraudulent claim for payment or approval in violation of 31 U.S.C. § 3729(a)(1)(A) (the “presentment provision”); or
Knowingly making, using, or causing to be made or used, a false record or statement material to a false or fraudulent claim in violation of 31 U.S.C. § 3729(a)(1)(B).

The FCA defines the term “knowingly” under the FCA very broadly. As defined, “knowingly” means that a person, with respect to information, (i) has actual knowledge of the information, (ii) acts in deliberate ignorance of the truth or falsity of the information, or (iii) acts in reckless disregard of the truth or falsity of the information. 31 U.S.C. § 3729(b). No proof of specific intent to defraud is required to show that a person acted knowingly under the FCA.

Violations of the FCA subject the defendant to mandatory civil penalties per FCA violation, plus three times the amount of damages that the Government sustains as a result of the defendant’s actions. 31 U.S.C. § 3729(a). Under 42 U.S.C. § 1320a-7(b)(7), health care providers submitting claims to Medicare or other federal health care programs also can face exclusion from participation in federal health care programs for FCA violations.

Health care providers filing claims for Medicare or other federal health plans can violate the FCA by knowingly presenting or causing to be presented claims for items or services that the person knew or should have known were not medically necessary, or were false or fraudulent. 42 U.S.C. §§ 1320a-7a(a)(1).

Moreover, health care providers under the Medicare statute have an affirmative duty to familiarize themselves with the statutes, regulations, and guidelines regarding coverage for the Medicare services. As a condition of program participation, Medicare regulations require providers and suppliers to certify that:

The provider or supplier meets, and will continue to meet, the requirements of the Medicare statute and regulations, 42 C.F.R. § 424.516(a)(1), including that any claims and underlying transactions made in a claim for Medicare comply with the Federal anti-kickback statute and the Stark law), and on the supplier’s compliance with all otherwise applicable conditions of participation in Medicare; and
The provider or supplier will not knowingly to present or cause to be presented a false or fraudulent claim for payment by Medicare, or to submit claims with deliberate ignorance or reckless disregard of their truth or falsity.

Additional certifications of continued compliance with these requirements also are required when claims are filed. Accordingly, since health care providers and suppliers are responsible for taking appropriate steps to familiarize themselves with the rules and regulations applicable to their claim and the transactions underlying it and certify in connection with the filing of the claim that the claim and its underlying transactions comply with the law, health care providers filing claims involving prohibited financial incentives or other transactions prohibited by law risk FCA liability.

Gampel, Modern Vascular FCA Complaint

Derived from the Justice Department’s assumption and consolidation of various qui tam lawsuits separately brought by various physicians, the United States filed its complaint in three consolidated lawsuits pending in the United States District Court for the District of Arizona under the qui tam, or whistleblower, provisions of the False Claims Act, 31 U.S.C. §§ 3729-3733 (“FCA”) which allow a private citizen to sue on behalf of the government and share in any recovery. The United States is also entitled to intervene in the lawsuits, as it did in these cases.

The resulting consolidated three consolidated Justice Department lawsuits seek to recover treble damages and civil penalties, and under common law and equitable theories of recovery from defendants for their billing of Medicare, TRICARE and other federal health care programs for claims resulting from transactions involving prohibited remuneration offered and provided in violation of the AKS under Gampel’s alleged schemes Nobility Management LLC; Modern Vascular LLC; Modern Vascular of South Florida LLC; Modern Vascular Management LLC; Modern Vascular Management – East LLC; Modern Vascular Management – West LLC; Modern Vascular Institute LLC; Modern Vascular of Mesa LLC; Modern Vascular of Glendale LLC; Modern Vascular of Sun City LLC; Modern Vascular of Tucson LLC; San Antonio Vascular Specialists Corp. dba Modern Vascular; Fort Worth Vascular Specialists Corp. dba Modern Vascular; Modern Vascular of Denver LLC; Modern Vascular – Navajo LLC; Modern Vascular of Fairfax LLC; Modern Vascular of Houston LLC; Modern Vascular of Indianapolis LLC; Modern Vascular of Southaven LLC; Modern Vascular of St. Louis LLC; and Modern Vascular of Kansas LLC.

The Justice Department complaint alleges Defendant Yury Gampel, a chiropractor, is the founder and former Chief Executive Officer (“CEO”) of a franchise of office-based labs (“OBL”) located in Arizona, New Mexico, Colorado, Texas, Indiana, Kansas, Mississippi, Missouri, Tennessee, and Virginia operating under the name Modern Vascular (collectively, the “Modern Vascular OBLs”). The Modern Vascular OBLs – each its own separate legal entity – focus on the treatment of peripheral arterial disease (“PAD”), particularly through an aggressive use of vascular intervention procedures, such as angioplasty and atherectomy. The complaint claims Gampel and the Modern Vascular defendants designed and promoted the franchises that incorporated a package of management and other services provided by various Modern Vascular defendant companies.

Defendant Nobility Management, LLC, provides management services to the Modern Vascular OBLs. Defendants Modern Vascular Management, LLC; Modern Vascular Management – East, LLC; and Modern Vascular Management – West, LLC, offer
IT and management support to Modern Vascular OBLs. Defendants Modern Vascular, LLC, and Modern Vascular of South Florida, LLC, are corporations controlled by Gampel that have various ownership interests in Modern Vascular OBLs. Through Modern Vascular, LLC, and Modern Vascular of South Florida, LLC, and in his own capacity, Gampel is the majority owner of the Modern Vascular OBLs. (These entities that own and manage the Modern Vascular OBLs are referred to collectively below as “Modern Vascular Corporate.”)

The complaint alleges that Gampel and Modern Vascular Corporate designed and implemented a fraud scheme at Modern Vascular OBLs at the expense of patients and federal payors from at least January 1, 2018 through June 30, 2022. Among other things, the complaint charges Gampel and the Modern Vascular defendants offered physicians the opportunity to invest in Modern Vascular office-based labs to induce them to refer their Medicare and TRICARE patients to Modern Vascular for the treatment of peripheral arterial disease. More specifically, Gampel and Modern Vascular Corporate opened Modern Vascular OBLs in new markets where referring physicians and vascular surgeons had established relationships. Prior to opening an OBL in a particular location, Gampel sought out up to 20 local physicians – usually podiatrists and pain management physicians – who traditionally referred to vascular surgeons and offered each up to a two percent ownership interest in the OBL in order to induce the physicians to refer to the OBL. Gampel and Modern Vascular Corporate selected these particular physicians (hereinafter “physician investors”) to offer ownership investment because Gampel and Modern Vascular Corporate identified them as potential high-referral sources. Once they invested in an OBL, Gampel and Modern Vascular Corporate further required the physician-investors to make referrals to Modern Vascular OBLs as a condition for remaining as a physician-investor. The complaint also alleges that Gampel pressured vascular surgeons and interventional radiologists employed at the Modern Vascular office-based labs to increase the number of invasive surgical procedures performed by tracking procedures and setting aggressive weekly and monthly goals for such procedures. In particular, Gampel and Modern Vascular Corporate provided remuneration to physician investors in Modern Vascular OBLs to induce those investors to refer patients to the Modern Vascular OBL.

The Justice Department charges that using this scheme, Defendants between January 1, 2018 and June 30, 2022 submitted, and caused to be submitted, tens of millions of dollars in false or fraudulent claims to Medicare, TRICARE and other federal health care programs by offering and providing illegal remuneration to health care providers to induce referrals to the Modern Vascular OBLs in violation of the Anti-Kickback Statute (“AKS”), 42 U.S.C. § 1320a-7b. To induce referrals, Gampel and Modern Vascular Corporate provided remuneration to physician-investors in the form of equity ownership interests in an OBL, which also included distributions, the prospect of future distributions, and/or the prospect of a cash-out of the equity ownership amounts when
the Modern Vascular OBLs were sold. During the relevant time period, the Justice Department also claims Modern Vascular
OBLs received over $50 million from Medicare Part B alone for claims submitted for patients referred by physician-investors in violation of the FCA.

Warning To Other Heath Care Providers & Suppliers

In announcing its filing of the Gambrel FCA lawsuit, the Justice Department warned other federal health program providers and suppliers and their business partners, investors, employees and agents from violating the AKS, FCA or both in the provision of or billing of health care services or supplies. “As part of our mission to protect the American people, the FBI remains committed to safeguarding patients who rely on our healthcare systems,” said Deputy Assistant Director Aaron Tapp of the FBI’s Criminal Investigative Division. “The FBI and our law enforcement partners will continue to investigate those who abuse our healthcare systems, place patients at risk, and waste taxpayer dollars.”

This warning, along with the ever-lengthening list of federal criminal and civil prosecutions, convictions and settlements by the Justice Department, the Department of Health & Human Services Office of Inspector General and other agencies provide a strong warning to health care providers, suppliers and others involved in creating or administering transactions and other arrangements for the delivery and billing for health are to be billed to Medicare, Medicaid, TRICARE and other health care arrangements covered by the AKS, the FCA or other federal or state health care fraud laws to take well documented care to ensure the care delivery arrangement does not involve transactions prohibited under the AKS or other federal or state health care fraud transactions and the care billed qualifies for reimbursement before submitting the claim. Parties who know or suspect that they may have participated in an arrangement prohibited under these laws or submitted prohibited claims should contact experienced legal counsel within the scope of attorney-client privilege for assistance in reviewing those concerns and exploring options for correction or mitigation.

For More Information

If your organization would like to learn more about the concerns discussed in this update or seeks assistance auditing, updating, administering or defending its human resources, compensation, benefits, corporate ethics and compliance practices, or other performance related concerns, contact management attorney and consultant Cynthia Marcotte Stamer.

An attorney Board Certified in Labor & Employment Law by Texas Board of Legal Specialization, Ms. Stamer is recognized for work helping organizations management people, operations and risk as a Fellow in the American College of Employee Benefit Counsel, a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Labor and Employment Law and Health Care Law; a “Best Lawyers” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law.”

For 35 years, Ms. Stamer’s work has focused on advising and assisting businesses and business leaders with these and other employment and other staffing, employee benefit, compensation, risk, performance and compliance management and other operational solutions and concerns. Her experience includes helping management both manage performance and manage legal risk and compliance. While helping businesses define and manage the conduct and performance of their employees, contractors and vendors, she also assists employers and others about compliance with federal and state equal employment opportunity, compensation, health and other employee benefit, workplace safety, leave, and other labor and employment laws, advises and defends businesses against labor and employment, employee benefit, compensation, fraud and other regulatory compliance and other related audits, investigations and litigation, charges, audits, claims and investigations by the IRS, Department of Labor, Department of Justice, SEC, Federal Trade Commission, HUD, HHS, DOD, Departments of Insurance, and other federal and state regulators. Ms. Stamer also speaks, coaches management and publishes extensively on these and other related matters. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see hereor contact Ms. Stamer directly.

Other Helpful Resources & Information

If you found this article of interest, you also may be interested in reviewing other Breaking News, articles and other resources available including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, unsubscribe by updating your profile here.

NOTICE: Terms. These materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice, a substitute for legal advice, an offer or commitment to provide legal advice or an admission. The information and statements in these materials may not address all relevant issues or apply to any situation or circumstances. The author reserves the right to qualify or retract any of these statements at any time. and does not necessarily address all relevant issues. Because the law evolves and in ways that subsequent developments could impact the currency and completeness of this discussion. The author disclaims and has no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2022 Cynthia Marcotte Stamer. Nonexclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, billing, compensation, Conditions of Participation, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, Health IT, Home Health, Hospice, Hospital, Hospital, Indian Health, Inpatient Rehabilitation Facility, Laboratory tests, Laws, long-term care, Medicaid, Medicaid Advantage, Medicare, Mergers and Acquisitions, nursing home, Outpatient, pain management, Pharmaceudical, Physician, Physician Licensing, Prescription Drugs, Reimbursement | Tagged: Anti-Kickback, Health Care Fraud, Health Care Reimbursement, Medicaid, Medicare, Office-based labs | Permalink
Posted by Cynthia Marcotte Stamer

CDC Eases Opiate Prescription Guidelines

November 3, 2022

The Centers for Disease Control released updated opiate prescription guidance today, loosening restrictions on prescription of the pain management narcotics under certain conditions.

Ironically the new guidance loosening opiate prescription guidelines comes on the heels of the announcement yesterday of sellements of opiate litigation against CVS and Walgreens brought by multiple states’ seeking to recover states’ costs arising from citizens ‘ addicted to opiates.

CDC’s revised opiate guidance is intended to give providers more flexibility to prescribe under various situations in response to criticism that the original more narrow guidelines harmed patients legitimately needing the pain management treatment.

Guideline changes are likely to implicate prescribing practices as well as some prescription drug coverages, as well as electronic recordkeeping and prescribing systems.

Slay tuned for more details about the new guidelines and other health care and life sciences relevant developments.

More Information

About the Author

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Leave a Comment » | DEA, Direct Primary Care, Doctor, drug treatment, Health Care, home health, Hospital, Medical Malpractice, pain management, Pharmaceudical, Pharmacy, Physician Licensing, physician licensure, Prescription Drugs | Permalink
Posted by Cynthia Marcotte Stamer

Criminal IV Tampering Charges Against Anesthesiologist Highlight Exposures Providers And Their Facilities Can Face From Team Members Retaliatory or Other Misdeeds

September 15, 2022

The arrest and criminal charges against Dallas anesthesiologist Raynaldo Rivera Ortiz Jr. (“Dr. Ortiz”) announced September 15, 2022 highlight the advisability of health care facilities and providers to use care to use appropriate monitoring and other safeguards to protect patients and other critical operations against potential retaliatory misconduct during professional peer review or other investigation or discipline of health care professionals or other members of their workforces.

Dr. Ortiz was arrested in Plano, Texas on Wednesday, September 14, 2022 and is scheduled to make his initial court appearance on Friday, September 16, 2022 on federal felony criminal charges that he caused the death of a patient and surgical emergencies of other patients by intentionally tampering with a consumer product and intentional drug alteration.

According to the by Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, and U.S. Attorney for the Northern District of Texas Chad E. Meacham, Dr. Ortiz was arrested and charged via criminal complaint with tampering with a consumer product causing death and intentional drug adulteration.

According the criminal complaint, on June 21, 2022, a 55-year-old female coworker of Dr. Ortiz, experienced a medical emergency and died immediately after treating herself for dehydration using an IV bag of saline taken from a Baylor Scott & White operated surgical center. An autopsy report revealed that she died from a lethal dose of bupivacaine, a nerve blocking agent that is rarely abused but is often used during the administration of anesthesia.

Two months later, on August 24, 2022, an 18-year-old male patient experienced a cardiac emergency during a routine sinus surgery. The teen was intubated and transferred to a local ICU. Chemical analysis of the fluid from a saline bag used during his surgery revealed the presence of bupivacaine, epinephrine (a stimulant), and lidocaine, drugs that could have caused the patient’s sudden symptoms.

According to the complaint, surgical center personnel concluded that the incidents involving both patients suggested a pattern of intentional adulteration of IV bags used at the surgical center.

The surgical center personnel also identified 10 additional unexpected cardiac emergencies that occurred during otherwise unremarkable surgeries between May and August 2022, which the criminal complaint alleges is an exceptionally high rate of complications over such a short period of time. According to the criminal complaint, medical personnel in each of those additional 10 cases only were able to stabilize the patient through use of emergency measures. Most of the incidents occurred during longer surgeries that used more than one IV bag, including one or more bags retrieved mid-surgery from a stainless steel bag warmer.

Surveillance video from the center’s operating room hallway allegedly also shows Dr. Ortiz placing IV bags into the stainless-steel bag warmer shortly before other doctors’ patients experienced cardiac emergencies. The complaint alleges that in one instance captured in the surveillance video, agents observed Dr. Ortiz walk quickly from an operating room to the bag warmer, place a single IV bag inside, visually scan the empty hallway, and quickly walk away. Just over an hour later, according to the complaint, a 56-year-old woman suffered a cardiac emergency during a scheduled cosmetic surgery after a bag from the warmer was used during her procedure. The complaint also states that in another instance, agents observed Dr. Ortiz exit his operating room carrying an IV bag concealed in what appeared to be a paper folder, swap the bag with another bag from the warmer, and walk away. Roughly half an hour later, a 54-year-old woman suffered a cardiac emergency during a scheduled cosmetic surgery after a bag from the warmer was used during her procedure.

According to the complaint, none of the cardiac incidents occurred during Dr. Ortiz’s surgeries, and that the series of emergencies began just two days after Dr. Oritz was notified of a disciplinary inquiry stemming from an incident during which he allegedly “deviated from the standard of care” during an anesthesia procedure when a patient experienced a medical emergency. The complaint alleges that all of the incidents occurred around the time Dr. Ortiz performed services at the facility, and no incidents occurred while Dr. Ortiz was on vacation.

The complaint further alleges that Dr. Ortiz, who had a history of disciplinary actions against him, expressed concern to other physicians over the disciplinary action at the facility and complained the center was trying to “crucify” him. A nurse who worked on one of Dr. Ortiz’s surgeries allegedly told law enforcement that Dr. Ortiz refused to use an IV bag she retrieved from the warmer, physically waving the bag off.

“Our complaint alleges this defendant surreptitiously injected heart-stopping drugs into patient IV bags, decimating the Hippocratic oath,” said U.S. Attorney Chad E. Meacham in the Department of Justice announcement of the charges. The criminal charges stemmed from these findings.

The Justice Department announcement reminds readers that a criminal complaint is merely an allegation of criminal conduct, not evidence. Dr. Ortiz is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law. If convicted, however, Dr. Ortiz faces a maximum penalty of life in prison.

Both Dr. Ortiz and the surgical facility are exposed to potential liability as a result of the alleged charges. Aside from the pending criminal charges, Dr. Ortiz also almost certainly could face potential peer review and licensing board disciplinary investigation, as well as civil lawsuits.

In addition to these liability exposures for Dr. Ortiz, the surgical facility and other providers also could face civil or potentially even criminal liability.

It seems almost inevitable that the facility and potentially some other providers might be drawn into civil lawsuits brought by affected patients and their families allegedly injured or place at risk by the alleged actions by Dr. Ortiz, as well as licensing and/or accreditation investigation arising from the alleged events.

Because Dr. Ortez’s alleged Actions constitute federal felonies, the Federal Sentencing Guidelines sentencing and organizational liability rules apply. The Sentencing Guidelines will apply to determine the sentence imposed if Dr. Ortez ultimately is convicted. In addition, the Sentencing Guidelines organizational liability provisions also raise a risk of criminal charges against the facility or other parties with knowledge or other imputed responsibility. Under the organizational guidelines, organizations can have imputedliability for the criminal acts committed by the members of their workforce. However whether criminal charges will be pursued against the organization and the level of culpability and resulting liability is determined based upon both whether the organization took appropriate steps to prevent the misconduct before it happened and the extent to which the organization acted promptly in its investigation and redress of the conduct. The apparent actions of the surgical center and its leader ship to investigate, report, and cooperate in the investigation with federal officials are likely to mitigate if not resolve their criminal exposure.

Organizations and their leaders should treat the charges against Dr. Ortiz as a reminder, at minimum carefully to credential and monitor team members including doctors or other non-employer actors working in or with their facilities, to establish appropriate safeguards to prevent and identify quickly mistakes or intentional conduct, to monitor and enforce those safeguards, and to take appropriate prompt action to investigate concerns and redress and if necessary report misconduct with the advice of counsel.

When dealing with position performance and discipline concerns, facilities typically must carefully negotiate applicable contractual and workforce issues as well as the procedural and due process requirements of applicable medical staff bylaws and federal and state peer review and discipline statutes and regulations and medical staff discipline rules.

When a medical staff member protected by peer review or other procedural safeguards commits behaviors that raise a material and continuing threat to the health and safety of patients or the public, summary suspension may be necessary. When considering or taking an action to summarily suspend a healthcare provider, however, facilities and their medical staff leaders should document both the grounds for the patient safety concerns and need for immediate action and scrupulously follow the summary suspension procedures.

Along with seeking to prevent and mitigate these legal risks, Facilities and other providers also need to consider white reporting obligations they may bear under applicable statutes, regulations and contracts.

While managing these legal risks, facilities and other involved parties also need to anticipate media and public concern about the occurrences. Facilities and their leaders should anticipate and be prepared to work in conjunction with qualified legal counsel and experienced qualified public relations experts to decide when, what, and how to communicate with the public in the media about these types of events to avoid is there a bold minefield of traps created by privacy laws, evidentiary and other legal risk management concerns, and the management of relationships with other members of the medical staff and workforce, business partners, insurance, and the public.

More Information

About the Author

Ms. Stamer’s work throughout her 35 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has worked extensively on workforce and medical staff credentialing, management, investigation, peer review and discipline, and reporting and remediation of criminal or other activity to regulatory officials.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Leave a Comment » | Academic medicine, Ambulatory care, Anethesiology, Conditions of Participation, Corporate Compliance, Credentialing, Doctor, Employer, Employment law, FDA, Federal Sentencing Guidelines, Fiduciary Responsibility, Health Care, Health Care Provider, Health Care Quality, Home Health, home health, Hospice, Hospital, hospitals, nursing home, OIG, Physician, Physician Licensing, physician licensure, Prescription Drugs, quality repoting, retaliation, Skilled Nursing Facility, Whistleblower | Tagged: ortiz | Permalink
Posted by Cynthia Marcotte Stamer

Act Promptly To Comment On ONC’s Proposed Electronic Clinical Quality Measure Draft Changes

September 14, 2022

Health care providers, health plans and insurers and other stakeholders concerned about the Department of Health and Human Services Office of the National Coordinator for Healthcare Information (“ONC”) electronic clinical quality measures (“eCQMs”) have the opportunity to review and comment on draft changes to the eCQM specifications and supporting resources under consideration by ONC as part of ONC’s 2022 Change Review Process (CRP) for the ONC Project Tracking System. Interested stakeholders must monitor the posting of issues and act quickly to share their feedback, however, as stakeholders have only two weeks to comment after a ONC posts a new proposed eCQm change.

eCQMs As Measure of Health Care Quality

Electronic clinical quality measures or “eCQMs” are tools that ONC develops with stakeholder input to help Medicare and Medicaid measure and track the quality of health care services that eligible hospitals and critical access hospitals (CAHs) provide, as generated by a provider’s electronic health record (EHR). CMS Measuring and reporting eCQMs helps to ensure that our health care system is delivering effective, safe, efficient, patient-centered, equitable, and timely care. CMS’ eCQMs measure many aspects of patient care, including:

Patient and Family Engagement
Patient Safety
Care Coordination
Population/Public Health
Efficient Use of Healthcare Resources
Clinical Process/Effectiveness

To successfully participate in the Medicare and Medicaid Promoting Interoperability Programs, the Centers for Medicare and Medicaid Services (“CMS”) requires eligible providers, eligible hospitals, critical access hospitals and dual-eligible hospitals electronically to report on eCQMs determined by CMS that require the use of data from the provider’s certified electronic health record (“EHR”) technology (CEHRT) or other health information technology systems to measure and report quality measures in a standardized manner. For calendar year (CY) 2022, Medicare Promoting Interoperability Program participants are required to report on three self-selected eCQMs and the Safe Use of Opioids – Concurrent Prescribing eCQM from the set of nine available for at least three self-selected quarters of CY 2022 data. To report eCQMs successfully, health care providers must use an EHR and adhere to the requirements identified by the CMS quality program. Failing to meet these eCQM reporting requirements can prevent the provider from meeting meaningful use requirements and trigger reductions in reimbursements for care.

Health care quality, credentialing, accreditation, and other provider, health plan and other organizations also use the eCQMs data alone or with other quality measures and tools to set standards and assess and enforce quality goals and performances.

As the proposed changes on a relevant eCQM could materially impact the reporting responsibilities of the reporting providers, the quality and meaning of a proposed data measure, or both, impacted stakeholders should monitor the system for possible changes impacting the eCQMs used or applicable to their organizations and its activities and if appropriate, comment promptly.

2022 eCQMs Updates

Each year, CMS makes updates to the eCQMs approved for CMS programs to reflect changes in:

Evidence-based Medicine
Code Sets
Measure Logic

Conducted annually as part of OCN’s eCQM Issue Tracker project, the CRP provides eCQM users the opportunity to review and comment on draft changes to the eCQM specifications and supporting resources under consideration by the measure stewards. The goal of the CRP is for eCQM implementers to comment on the potential impact of draft changes to eCQMs so CMS and measure stewards can make improvements to meet CMS’s intent of minimizing provider and vendor burden in the collection, capture, calculation, and reporting of eCQMs.

Stakeholders with an account on the ONC Project Tracking System can monitor, review and comment on proposed eCQM changes through the eCQM Issue Tracker project during the two week period following the date the issue is posted in the eCQM Issue Tracker. To participate in the CRP, users must have an ONC Project Tracking System account. New users can create an account via the ONC Project Tracking System website.

The following table reflects the eCQM issues open on the eCQM Issue Tracker as of September 14, 2022 and their scheduled comment closing dates

Issues Open for Public Comment As of 9/14/2022

CMS eCQM Identifier and Measure Title	CRP Issue Title	Issue Number and Link	Issue Type	Goal of Review	Public Comment Open Date	Public Comment Close Date
Multiple measures	Incorporate ‘Diagnosis’ datatype to capture Hospice Care	CQM-5561	Logic; Value Set	Obtain clinical and technical feedback	09/07/2022	09/21/2022
CMS128: Anti-depressant Medication Management; CMS136: Follow-Up Care for Children Prescribed ADHD Medication (ADD); CMS156: Use of High-Risk Medications in Older Adults	Update Cumulative Medication Duration function to calculate maximum daily frequency	CQM-5562	Logic	Obtain technical feedback	09/07/2022	09/21/2022
Multiple measures	Expand codes using ‘Diagnosis’ datatype to capture Palliative Care	CQM-5563	Logic; Value Set	Obtain clinical and technical feedback	09/07/2022	09/21/2022
Multiple measures	Require 2 indications of frailty to meet exclusion	CQM-5564	Header; Logic; Measure Intent Clarification	Obtain clinical feedback	09/07/2022	09/21/2022
CMS127: Pneumococcal Vaccination Status for Older Adults	Expand numerator to allow for pneumococcal vaccination since 19 years of age	CQM-5565	Header; Logic; Measure Intent Clarification	Obtain clinical feedback	09/07/2022	09/21/2022

eCQM Issue Tracker Open Issues As Of September 14, 2022

As proposed eCQM changes are posted for public comment as CRP issues. ONC informs eCQM accountholders of the proposed change or eCQM issue by posting for review in the ONC Project Tracking System. Accountholders only have two weeks after ONC posts a proposed eCQM to comment on the posted issue. Stakeholders interested in commenting on a particular issue must submit their comment in accordance with the directions within this two week period.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Protect Remote Desktop Protocols From Malware Threat

July 1, 2022

As Americans prepare to celebrate the July 4th holiday, CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are warning of a cyber threat for Remote Desktop users. Health care, health plan, healthcare clearing houses, their business associates and other security sensitive organizations using remote access technology should perform and document their risk assessment and any corrective actions taken as part of their continuing Health Insurance Portability and Accountability Act (“HIPAA”), Fair and Accurate Credit Transactioms Act (FACTA”), government contracting, securities law, and other data security compliance.

The joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, published July 1 alerts of the risk of MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks.

CISA, FBI, Treasury and FinCEN are encouraging network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

Prioritize remediating known exploited vulnerabilities.
Train users to recognize and report phishing attempts.
Enable and enforce multifactor authentication.

When assessing Remote Desktop protocol risks, covered entities, business associates and other security concerned organizations also should examine their exposures to other vulnerabilities.

A key resource for monitoring some of these vulnerabilities is the CISA Known Exploited Vulnerabilities Catalog, which lists exposures based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk federal enterprises. CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

The Department of Health & Human Services Office of Civil Rights (‘“OCR”) guidance and enforcement makes clear covered entities and business associates must monitor and take appropriate actions to update their security in response to emerging cyber security threats.

Along with monitoring and responding to this and other security threats, covered entities also should add reviewing and updating their HI-AA practices in response to new guidance OCR issued this week in response to the Supreme Court Dobbs vs. Jackson Women’s Health Organization abortion ruling. The HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care guidance generally addresses when the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule restricts or allows individuals’ private medical information (known as “protected health information” or “PHI”) relating to abortion and other sexual and reproductive health care. For more details, see here.

Beyond HIPAA, malware and other data or system security breaches and susceptibilities can create liability risks under tax, securities, government contracting, FACTA and a wide range of federal and state laws. For instance, with cybersecurity threats and compliance concerns growing, the SEC is prioritizing cybersecurity regulation, investigation and enforcement against public companies and other market participants for lack cybersecurity governance, safeguards or disclosures. See e.g., SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations. Along announcing its commitment to hold market involved and impacting regulated entities accountable for failing to maintain and enforce appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, training and awareness, investor disclosures and other practices.

Healthcare providers and other covered entities, their business associates and others with data security responsibilities or sensitivities should respond promptly and carefully document their risk analysis and response in response to these emerging concerns.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Leave a Comment » | Academic medicine, ambulance, ASC, Conditions of Participation, Cyber crime, data security, Doctor, Electronic Health Records, Emergency Care, Employer, ERISA, FDA, Federal Health Center, Federal Sentencing Guidelines, Fiduciary Responsibility, FTC, Health Care, Health care coding, Health Care Provider, Health Care Quality, Health Insurance, Health Insurance Exchange, Health IT, Health Plan, Health Plans, healthcare, HIPAA, HIPAA Cyber Crime, HITECH Act, Home Health, home health, Hospital, Medicaid Advantage, Medicare Advantage, NIST, nursing home, OCR, Privacy, Rural Health Care | Tagged: Cyber Security, Data Breach, Data Security, Health Care, HIPAA, Malware | Permalink
Posted by Cynthia Marcotte Stamer

6 Texas Physicians Face Federal Health Care Fraud Charges For Alleged Improper Kickbacks & Lab Testing Claims

May 29, 2022

The Department of Justice sent another strong warning to physicians and other health care provides not to violate the False Claims Act by making improper patient referrals in violation of the Anti-Kickback Statute and the Stark Law, billing federal health care programs for medically unnecessary laboratory testing or other services or both when charged six Texas physicians with federal health care fraud this week. The prosecution of the physicians for laboratory tests arranged and billed through management services organizations also reminds physicians and other providers that reliance upon management services or other third-party service providers generally does not protect a physician participating in prohibited laboratory or other testing, durable medical equipment, facility, physical therapy or other health care billing or referral arrangements from liability.

Charges Against Texas Physicians

This week, the Justice Department added the following six physicians as defendants to criminal charges filed in a False Claims Act complaint filed in January 2022 against former True Health Diagnostics LLC (THD) CEO Christopher Grottenthaler, former Boston Heart Diagnostics Corporation (BHD) CEO Susan Hertzberg, former LRH CEO Jeffrey Madison, and others:

Doyce Cartrett, Jr., M.D., of Silsbee, Texas, allegedly received over $320,000 from LRH and two management services organizations or “MSOs,” Ascend MSO of TX LLC (Ascend) and Eridanus MG LLC (Eridanus), in return for his referrals.
Elizabeth Seymour, M.D., of Corinth, Texas, allegedly received over $280,000 from two MSOs, Ascend and Eridanus, in return for her referrals.
Emanuel Paul “E.P.” Descant, II, M.D., of Spring, Texas, allegedly received over $125,000 from two MSOs, North Houston MSO and Tomball Medical Management Inc., in return for his referrals.
Frederick Brown, M.D., of Missouri City, Texas, allegedly received over $190,000 from two MSOs, Ascend and Indus MG LLC (Indus), in return for his referrals.
Heriberto Salinas, M.D., of Cleburne, Texas, allegedly received over $75,000 from two MSOs, Ascend and Herculis MG LLC (Herculis), in return for his referrals.
Hong Davis, M.D., of Lewisville, Texas, allegedly received over $70,000 from two MSOs, Ascend and Herculis, in return for her referrals.

The complaint in United States, et al. ex rel. STF, LLC v. True Health Diagnostics, LLC, et al., No. 4:16-cv-547 (E.D. Tex.) charges that small Texas hospitals including Rockdale Hospital dba Little River Healthcare (LRH), THD, BHD, the six physicians and others conspired to pay physicians to induce referrals to the hospitals for laboratory testing performed by THD or BHD. The charges stem from allegations made under the qui tam or whistleblower provisions of the False Claims Act by STF LLC by Felice Gersh, M.D. and Chris Riedel. The United States intervened in the qui tam action in December 2021.

The complaint alleges the charged hospitals paid a portion of their laboratory profits to recruiters, who in turn kicked back those funds to the referring physicians through MSOs allegedly set up by the recruiters to make payments to referring physicians. The Justice Department charges the alleged kickbacks were disguised as investment returns but actually were based on, and offered in exchange for, the physicians’ referrals. The complaint alleges that laboratory tests resulting from this referral scheme were billed to various federal health care programs, and that the claims not only were tainted by improper inducements but, in many cases, also involved tests that were not reasonable and necessary.

The Justice Department reports that before adding charges against the six physicians to the complaint this week, the Justice Department recovered more than $31 million relating to conduct involving BHD, THD and LRH, including False Claims Act settlements with 29 physicians, two health care executives and a laboratory company.

Health Care Fraud Liability Under False Claims Act, Anti-Kickback Statute, Stark Law

The Anti-Kickback Statute prohibits offering, paying, soliciting or receiving remuneration to induce referrals of items or services covered by Medicare, Medicaid and other federally-funded programs. The Stark Law forbids a hospital or laboratory from billing Medicare for certain services referred by physicians that have a financial relationship with the hospital or laboratory. The Anti-Kickback Statute and the Stark Law seek to ensure that medical providers’ judgments are not compromised by improper financial incentives and are instead based on the best interests of their patients.

The False Claims Act prohibits health care providers from billing federal health care programs for services resulting from referrals prohibited by the Anti-Kickback Statute or the Stark law.

Under the False Claims Act, a private party can file an action on behalf of the United States and receive a portion of the recovery. The False Claims Act also allows the Justice Department to intervene in such lawsuits and add claims and defendants, as happened in this litigation. The qui tam case is captioned United States, et al. ex rel. STF, LLC v. True Health Diagnostics, LLC, et al., No. 4:16-cv-547 (E.D. Tex.). If a defendant is found liable for violating the act, the United States may recover three times the amount of its losses plus applicable penalties.

The United States’ pursuit of this lawsuit illustrates the government’s emphasis on combating health care fraud generally with a special emphasis on physicians. For instance, U.S. Attorney Brit Featherston is quoted as saying, “Schemes that funnel health care referrals do not work without the participation of physicians. … They are not merely passive players in these elaborate schemes, but an integral part, without which the scheme could not exist. Our office is committed to rooting out health care fraud by pursuing all players involved the scheme, from the laboratories and their leaders to the marketers and the physicians who make it all possible. Naming these physicians in the complaint is evidence of that commitment.”

Given this clear warning, physicians and other prescribers, as well as recruiting, billing and management services organizations, laboratories and others involved in recruiting and marketing, providing or billing for laboratory or other services to double check the appropriateness of their referral and other practices keeping in mind that the Anti-Kickback Statute and Stark Law prohibitions against direct and indirect compensation can reach to a wide range of subtle value and benefits in addition to the obvious payment of cash or gifts delivered in a multitude of ways. The prosecution of these physicians for referrals made and compensation delivered under management services contracts also clearly warns physicians and other providers against expecting their reliance upon billing, management services or other staff or management service providers to shield them from liability if an improper referral or payment happens.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Leave a Comment » | Anti-KickBack, billing, Centers For Disease Control, Conditions of Participation, DME, Doctor, Durable Medical Equipment, E-Prescribing, false claims act, Federal Sentencing Guidelines, Health Care, Health care coding, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, healthcare, HHS, Home Health, home health, Hospice, Hospital, Hospital, hospitals, Laboratory tests, Licensing, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Medicare Prescription Drug Program, Money Laundering, nursing home, OIG, Opiates, Pharmaceudical, Physician, Physician Licensing, Reimbursement, Stark, Substance Abuse | Tagged: Federal Sentencing Guidelines, Opiate, pain management, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Federal Convictions Of Physicians Highlight Need For Care In Opiate & Other Pain Management Prescribing & Billing

March 4, 2022

Physicians and other health care prescribers must remain hyper vigilant when prescribing, documenting, billing and managing opiate and other pain management prescriptions and patients. That’s the clear message sent by the ever-growing wave of federal prosecutions and convictions like the March 2, 2022 federal conviction of Tennessee physician Mark Murphy and his wife, Jennifer Murphy and his wife for unlawfully distributing opioids, providing unnecessary services and defrauding insurers from their now-shuttered North Alabama Pain Services clinics (“NAPS”) and March 1, 2022 sentencing of former physician Patrick Titus to 20 years in prison for his conviction of unlawful distribution of opioid drug outside the usual scope of professional practice and not for legitimate medical purposes as part of the his internal medicine practice.

Tennessee Doctor & Wife Convicted of Pain Management Related Unlawful Opioid Distribution, Health Care Fraud & Other Criminal Charges

The March 2 federal jury conviction of Dr. and Ms. Murphy stemmed from their ownership and operation of their now-defunct pain management clinics resulted from evidence gathered through a joint investigation by the Federal Bureau of Investigation, the Department of Health & Human Services Office of Inspector General, the Internal Revenue Service, and the Drug Enforcement Agency.

During the resulting jury trial, federal prosecutors presented evidence that during the five-year period leading up to the clinic closing its Alabama locations in 2017, Dr. Murphy and Ms. Murphy, who was the office manager, caused over $50 million in fraudulent or unnecessary medical services to be charged to Medicare, TRICARE, Blue Cross Blue Shield of Alabama and others. Evidence at trial showed that NAPS provided pre-signed prescriptions to thousands of patients a month, including prescriptions written outside the usual course of professional practice without a legitimate medical purpose. Federal prosecutors also introduced evidence that the Murphys also solicited and received unlawful payments for referring fraudulent or unnecessary services to patients.

Based on the evidence, the jury found both Dr. and Ms. Murphy guilty on numerous criminal charges including:

Conspiracy to unlawfully distribute and unlawful distribution of controlled substances;
Conspiracy to commit and commission of health care fraud;
Conspiracy to defraud the United States; and
Receiving illegal kickbacks in violation of the Anti-Kickback Statute.

Ms. Murphy also was convicted of tax-related charges for underreporting clinic income.

Currently scheduled for sentencing in June, the Murphys each face a maximum of 20 years in prison for the drug charges and a maximum of 10 years in prison for the health care fraud charges. Both defendants also face a maximum of five years in prison for charges stemming from violations of the Anti-Kickback Statute, and Ms. Murphy faces up to three years in prison for the tax charges.

Former Delaware Doctor Sentenced to 20 Years in Prison for Unlawful Opioid Distribution

The Murphy’s jury conviction came one day after the sentencing of former to 20 years in prison for his July 2021 federal jury conviction on 13 counts of unlawfully distributing and dispensing controlled substances and one count of maintaining a drug-involved premises.

Federal prosecutors presented evidence in court documents and trial that Dr. Titus unlawfully distributed or dispensed opioid drugs including fentanyl, morphine, methadone, OxyContin and oxycodone outside the usual scope of professional practice and not for legitimate medical purposes as part of the his internal medicine practice. The Justice Department charged Dr. Titus frequently prescribed these dangerous controlled substances in high dosages, sometimes in combination with each other or in other dangerous combinations, mostly in exchange for cash. Evidence at trial showed he distributed over 1 million opioid pills without providing any meaningful medical care and to patients he knew were suffering from substance use disorder and/or who demonstrated clear signs that the prescribed drugs were being abused, diverted or sold on the street.

Health Care Fraud Task Force Targeting Opioid Distribution, Billing, & Related Misconduct

Both the Murphy and Titus prosecutions and convictions are two of a growing series of convictions resulted from investigations into opioid and other pain management prescribing conducted as part of efforts targeting physicians and other health care providers involved in prohibited the federal Health Care Fraud Strike Force Program. See e.g., Medical Director Convicted in $110 Million Addiction Treatment Fraud Scheme.

The Federal agencies made a point of warning to other physicians not to overprescribe, bill or engage in other prohibited dealings involving opioids or other controlled substances when announcing the Titus sentencing.

“As we continue the fight against the opioid crisis, this case serves as an important reminder that health care professionals have a duty to prescribe medication responsibly to ensure the well-being of individuals under their care. Failing to do so can endanger patients and undermines critical, ongoing public health measures,” said Special Agent in Charge Maureen Dixon of the U.S. Department of Health and Human Services, Office of the Inspector General (HHS-OIG). “HHS-OIG will continue to work with our law enforcement partners to hold bad actors accountable.”

“This sentence is a reminder that the Department of Justice will hold accountable those doctors who are illegitimately prescribing opioids and fueling the country’s opioid crisis,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “Doctors who commit these unlawful acts exploit their roles as stewards of their patients’ care for their own profit.”

“DEA-registered medical practitioners have an important role in our communities to treat patients compassionately and responsibly,” said DEA Administrator Anne Milgram. “Today’s sentencing makes clear that medical professionals who recklessly prescribe opioids and endanger the safety and health of patients will be held accountable.”

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Leave a Comment » | billing, Centers For Disease Control, Conditions of Participation, Controlled Substances, Corporate Compliance, DEA, Doctor, drug treatment, E-Prescribing, Evidence Based Medicine, false claims act, FDA, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, Health Plan, Health Plans, healthcare, hemp, HHS, Home Health, home health, Hospice, Hospital, Hospital, hospitals, Licensing, managed care, marijuana, Medical Licensure, Medical Malpractice, Medical Records, Medicare, Medicare Advantage, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, Monopoly, OIG, Opiates, pain management, Physician, Physician Licensing, Prescription Drugs, Reimbursement, Substance Abuse | Tagged: Federal Sentencing Guidelines, Opiate, pain management, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Biden-Harris Administration to Expand Vaccination Requirements for Health Care and Many Other Employers

September 9, 2021

All Medicare and Medicaid certified health care facilities, and a broad range of other employers must prepare to meet impending new federal COVID-19 vaccine mandates announced by the Biden-Harris Administration today.

According to today’s announcements all healthcare facilities participating in Medicare or Medicaid or employing 100 or more employees will be required to ensure all staff are vaccinated against COVID-19.

The Biden-Harris Administration says the new health industry COVID-19 vaccine mandates will be implemented through emergency regulations to be issued in October.

According to today’s announcement, the Centers for Medicare & Medicaid Service (“CMS”) in collaboration with the Centers for Disease Control (“CDC”) is developing an Interim Final Rule with Comment Period that will be issued in October that will extend vaccine mandates originally announced last month for all Medicare and Medicaid participating nursing home workers to include hospitals, dialysis facilities, ambulatory surgical settings, and home health agencies, among others, as a condition for participating in the Medicare and Medicaid programs. See CMS/CDC Mandating COVID Vaccination For All Nursing Home Staff.

The announcement of the vaccine mandates for healthcare workers coincides with the Biden-Harris Administration’s announcement of sweeping new vaccine mandates for all government workers, government contractors and employers employing more than 100 employees.

The two mandates will force most health care facilities to impose mask mandates for all staff in order to meet the requirement all staff be vaccinated.

CMS and CDC say the decision was based on the continued and growing spread of the virus in health care settings, especially in parts of the U.S. with higher incidence of COVID-19. They claim the action will protect patients of the 50,000 providers and over 17 million health care workers in Medicare and Medicaid certified facilities.

According to the CDC, nursing homes with an overall staff vaccination rate of 75% or lower experience higher rates of preventable COVID infection. In CMS’s review of available data, the agency is seeing lower staff vaccination rates among hospital and End Stage Renal Disease (ESRD) facilities. To combat this issue, CMS is using its authority to establish vaccine requirements for all providers and suppliers that participate in the Medicare and Medicaid programs. Vaccinations have proven to reduce the risk of severe illness and death from COVID-19 and are effective against the Delta variant.

In it’s announcement of the impending vaccination requirements, CDC urged health care facilities to prepare now to meet the new mandate in October. CMS expects certified Medicare and Medicaid facilities to act in the best interest of patients and staff by complying with new COVID-19 vaccination requirements.

CDC also urged any health care workers employed in these facilities who are not currently vaccinated are urged to begin the process immediately and facilities to use all available resources to support employee vaccinations, including employee education and clinics, as they work to meet new federal requirements.

While legal challenges to the mandate requirements are likely, most facilities that have not already adopted vaccine mandates are expected to adopt these mandates rather than risk losing eligibility for Medicare and Medicaid reimbursement and other sanctions.

Beyondprogram disqualification and attendant financial pressures, announcement of the new vaccine mandates adds vaccination to the list of safety safeguards that healthcare facilities as employers can expect to be required to enforce as part of the occupational safety rules of the Occupational Safety and Health Administration (”OSHA”).

OSHA already is sanctioning employers for violating COVID-19 related OSHA requirements. For instance, OSHA nailed Lakewood Resource and Referral Center Inc., dba Center for Education Medicine and Dentistry (CHEMED) with heavy fines for allegedly violating applicable COVID-19 safety guidelines in January, 2021.

In a July 23, 2021 citation letter, OSH proposes to fine CHEMED $273,064.00 for willfully violating OSHA by not providing a medical evaluation to determine each employee’s ability to use a N95 respirator, before the employee was fit tested or required to use the respirator in the workplace to protect against SARS-CoV-2 virus while testing suspected COVID-19 individuals.

In addition to the proposed fine, the citation also orders CHEMED to take a series of corrective actions and to post notices in the workplace informing workers of the violation.

Along with the CHEMED citation, OSH also cited a staffing agency contracted to provide nursing staffing to CHEMED, Homecare Therapies for also failing to conduct medical evaluations and fit tests. It received two violations and a proposed fine of $13,653.

In the face of these potential consequences, most covered health care facilities and other employers impacted by the mandate are likely to implement mandates unless and until these requirements are struct down by the courts or withdrawn.

Assuming the Administration follows appropriate procedures to adopt the rules, most legal commentators do not expect the legal challenges opposing the mandate orders to be successful in the courts particularly after the Supreme Court refused to overturn or hear arguments for overturning a unanimous decision of a three-judge panel of the United States Court of Appeals for the Seventh Circuit in Klassen v. Trustees of Indiana University that refused to enjoin a vaccine mandate imposed by Indiana University as a condition of student or staff in person participation in classes or other activities.

While most healthcare and other covered businesses are not expected to challenge the rules, compliance us likely to trigger backlash from some unvaccinated workers strongly opposed to becoming vaccinated. Employers may find that some employees will resign their employment or take other tactics to avoid becoming vaccinated. Even those who elect to become vaccinated to retain their employment are likely to express opposition and dissatisfaction that could create liability exposures for the employers if it becomes a basis for retaliation claim.

Employers in Texas and certain other states that have adopted rules restricting or prohibiting vaccine, mask or other mandates also may face challenges based on the state rules.

In light of these and other uncertainties and challenges, Healthcare and Other or Employers generally should seek legal advice and assistance from legal counsel experienced with the relevant health care, labor and employment, privacy and other concerns.

More Information

This article is republished by permission of the author, Cynthia Marcotte Stamer. To review the original work, see here.

Solutions Law Press, Inc. invites you to receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.

Most widely recognized for her work with health care, life sciences, insurance and data and technology organizations, she also has worked extensively with health plan and insurance, employee benefits, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders.

Ms. Stamer has extensive experience advising, representing, defending, and training domestic and international public and private business, charitable, community and governmental organizations and their leaders, employers, employee benefit plans, their fiduciaries and service providers, insurers, and others has published and spoken extensively on these concerns. As part of these involvements, she has worked, published and spoken extensively on these and other human resources, employee benefits, compensation, worker classification and other workforce and other services; insurance; health care; workers’ compensation and occupational disease; business reengineering, disaster and distress; and many other performance, risk management, compliance, public policy and regulatory affairs, and other operational concerns.

A former lead advisor to the Government of Bolivia on its pension project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member, past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com, on Facebook, on LinkedIn or Twitter or e-mail here.

About Solutions Law Press, Inc.™

Leave a Comment » | Accreditation, ambulance, Ambulatory care, Anethesiology, Biological Warfare, CDC, Centers For Disease Control, Child Care, Conditions of Participation, Coronavirus, Corporate Compliance, Covid, Direct Primary Care, Disease Management, DME, Doctor, early childhood education, Emergency Care, Employer, Employment law, Health Care, Health Care Provider, Health Care Quality, health care reimbursement, Health Plan, healthcare, HHS, Home Health, home health, Hospice, Hospital, hospitals, Indian Health, Laboratory tests, Life Sciences, Medicaid, Medicaid Advantage, Medical Licensure, Medicare, Medicare Advantage, Medicare Fee Schedule, Mental Heatlh, nursing home, occupational health, OSHA, Pandemic, Peer Review, Physician, Reimbursement, Union, vaccination | Tagged: ARRA, Corporate Compliance, Covid, DOJ, Health Care, Health Care Fraud, Health Care Provider, HEAT, Hospital, Medicaid, Medicare, Medicare Fraud Task Force, OCR, Pharma, pharmacist, pharmacy, Physician, Physicians, Privacy, Reimbursement, vaccine, vaccine mandate | Permalink
Posted by Cynthia Marcotte Stamer

Comment Now On CMS Electronic Clinical Quality Measures Review Process

September 9, 2021

Now is the time health care providers and others users can give the Centers for Medicare & Medicaid Services (CMS) feedback on its electronic clinical quality measures (eCQMs) using CMS’ 2021 Change Review Process (CRP).

Many physician and other healthcare providers complain misdirected or unrealistic eCQMS unfairly make them choose between quality care and reimbursement Aziz readings impact level of reimbursement Medicare and Medicaid provide to providers under Medicare‘s quality reporting and reimbursement system. Because of the impact on reimbursement and the claim of quality assurance, these readings also often have consequences well beyond reimbursement. In fact they can be used to trigger fraud and other quality investigations by government payers, private payers and facilities using these measures in their compliance and efficiency.

The goal of the CRP is for eCQM implementers to comment on the potential impact of draft changes to eCQMs so CMS and measure stewards can make improvements to meet CMS’s intent of minimizing provider and vendor burden in the collection, capture, calculation, and reporting.

The CRP provides eCQM users the opportunity to review and comment on draft changes to the eCQM specifications and supporting resources under consideration by the measure steward.

This latest installment of the CRP for eligible professional/eligible clinician and eligible hospital/critical access hospital issues will be conducted using the web-based public comment tools on the Office of the National Coordinator for Health Information Technology (ONC) Project Tracking System eCQM Issue Tracker during fall 2021.

A reminder that an ONC Project Tracking System account is required to post a question or comment. New users can create an account via the ONC Project Tracking System website.

CRP updates regarding issues available for public comment will be posted on the ONC Project Tracking System eCQM Issue Trackersummary page.

To subscribe to weekly CRP digest emails containing updates on CRP activities, please email CRP@mathematica-mpr.com.

To find out more about eCQMs, visit the Electronic Clinical Quality Improvement (eCQI) Resource Center. To report questions and comments regarding eCQMs, visit the eCQM Issue Tracker. To submit technical questions and issues related to the development and implementation of the Clinical Quality Language (CQL) standard, visit the CQL Issue Tracker.

More Information

This article is republished by permission of the author, Cynthia Marcotte Stamer. To review the original work, see here.

About the Author

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Accreditation, Clinical pathway, Conditions of Participation, Corporate Compliance, Credentialing, Doctor, Electronic Medical Records, Evidence Based Medicine, Health Care, health care reimbursement, home health, Hospital, hospitals, managed care, Meaningful Use, Medicaid, Medicaid Advantage, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Medicare Fee Schedule, ONC, Outcomes Data, Peer Review, quality reporting, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

CMS/CDC Mandating COVID Vaccination For All Nursing Home Staff

August 18, 2021

The Centers for Medicare & Medicaid Services (CMS), in collaboration with the Centers for Disease Control and Prevention (CDC), announced today plans to mandate COVID-19 vaccination for all Medicare and Medicaid-participating nursing home staff.

The joint announcement released today states the agencies are developing an emergency regulation requiring staff vaccinations within the nation’s more than 15,000 Medicare and Medicaid-participating nursing homes.

The agencies view the new requirement as a key component of protecting the health and safety of nursing home residents and staff.

Today’s action is in keeping with CMS’s authority to establish requirements to ensure the health and safety of individuals receiving care from all providers and suppliers participating in the Medicare and Medicaid programs. About 62% of nursing home staff are currently vaccinated as of August 8 nationally, and vaccination among staff at the state level ranges from a high of 88% to a low of 44%. The emergence of the Delta variant in the United States has driven a rise in cases among nursing home residents from a low of 319 cases on June 27, to 2,696 cases on August 8, with many of the recent outbreaks occurring in facilities located in areas of the United States with the lowest staff vaccination rates.

In May, the Agency issued new regulations that require Long-Term Care (LTC) facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICFs/IID) to educate residents, clients, and staff about COVID-19 vaccination and, when available, offer a COVID-19 vaccine to these individuals. These regulations also mandate that LTC facilities report weekly COVID-19 vaccination data for residents and staff to the CDC’s National Healthcare Safety Network (NHSN).

Today’s announcement states the agencies will continue to analyze vaccination data for residents and staff from the CDC’s National Healthcare Safety Network (NHSN) data as an additional method of compliance monitoring and in keeping with current practice, as well as deploy the Quality Improvement Organizations (QIOs)—operated under the Medicare Quality Improvement Program—to educate and engage nursing homes with low rates of vaccinations.

Meanwhile, the announcement strongly encourages nursing home residents and staff members to get vaccinated as the Agency undergoes the necessary steps in the rule-making process over the course of the next several weeks. CMS expects nursing home operators to act in the best interest of residents and their staff by complying with these new rules, which the Agency expects to issue in September.

According to today’s announcement, CMS also expects nursing home operators to use all available resources to support employees in getting vaccinated, including employee education and vaccination clinics, as they work to meet this staff vaccination requirement.

More Information

This article is republished by permission of the author, Cynthia Marcotte Stamer. To review the original work, see here.

About the Author

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Centers For Disease Control, Conditions of Participation, Covid, Doctor, Employer, Employment, Employment law, Federal Health Center, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, health care reimbursement, Health Policy, healthcare, HHS, Hospice, Hospital, hospitals, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, long-term care, Medicaid, Medicaid Advantage, Medicare, Medicare Advantage, Mental Health, nursing home, OSHA, Physician, Public Policy, quality reporting, Reimbursement, Skilled Nursing Facility, substance abuse treatment, Whistleblower | Tagged: Health Care, Hospital, Covid, Long-term care, Medicare, nursing home, Physician, vaccination | Permalink
Posted by Cynthia Marcotte Stamer

California Medical Privacy Rules Eased. New 7/1/2021 rules allow greater flexibility on disclosures of breach and give agency more fine flexibility. https://www.cdph.ca.gov/Programs/OLS/CDPH%20Document%20Library/DPH-11-009-Final-Reg-Text-ADA.pdf?TSPD_101_R0=087ed344cfab2000e6180d5b948228963ad32da0f65608ac719d6195a6f27133d24ce863d99f043c0837b3f91e1430004ffeef0033a9cb5c891c837f86137a340f296f3e726ff679e108e054e92eb347c0a393522a8d745468b6d859b3ba0e76

August 3, 2021

California Medical Privacy Rules Eased. New 7/1/2021 rules allow greater flexibility on disclosures of breach and give agency more fine flexibility. https://www.cdph.ca.gov/Programs/OLS/CDPH%20Document%20Library/DPH-11-009-Final-Reg-Text-ADA.pdf?TSPD_101_R0=087ed344cfab2000e6180d5b948228963ad32da0f65608ac719d6195a6f27133d24ce863d99f043c0837b3f91e1430004ffeef0033a9cb5c891c837f86137a340f296f3e726ff679e108e054e92eb347c0a393522a8d745468b6d859b3ba0e76

Leave a Comment » | Academic medicine, ambulance, Corporate Compliance, Cyber crime, data breach, data security, Doctor, Electronic Health Records, Electronic Medical Records, Emergency Care, Employer, Genetic Information, GINA, Health Care, Health Care Provider, Health IT, Health Plan, Health Plans, healthcare, HIPAA, HIPAA Cyber Crime, Hospice, Hospital, hospitals, Life Sciences, managed care, Medical Privacy, Medical Records, NIST, nursing home, occupational health, OCR, ONC, Pharmacy, Physician, Physician Licensing, Privacy | Tagged: California, Data Breach, Health Care, Medical Privacy, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Dentists Face OSHA Retaliation Suit For Retaliating Against Workers Asking About COVID Safety

July 16, 2021

A new U.S. Department of Labor Occupational Safety and Health Administration (“OSHA”) lawsuit against two North Texas dentists warns health industry and other employers to tread carefully when dealing with employees about COVID-19 or other safety concerns.

The charges arises from the dental practice’s failure to reinstate a dental hygienist and a dental assistant who expressed concerns about the coronavirus safety measures the practice would implement when it reopened in Spring 2020. The lawsuit filed in the U.S. District Court for the Northern District of Texas, Fort Worth Division, names Roger H. Bohannan, DDS Inc. and owners Roger Bohannan and David Bohannan.

In March and April 2020, OSHA says Roger Bohannan and David Bohannan, owners of Roger H. Bohannan DDS Inc. furloughed their employees after the state of Texas prohibited specific dental procedures at the height of the pandemic. While furloughed, the two employees asked what safety measures would be in place once patients and employees returned. After receiving a call to return to work, the employer did not reinstate the hygienist after the employee cited guidance from the Centers for Disease Control and OSHA.

The dental assistant was contacted for rehiring but the employer rescinded the offer after the assistant inquired about what safety measures were in place for their protection.

An OSHA investigation found Bohannan Dentistry discriminated against the employees for exercising their rights under section 11(c) of the Occupational Safety and Health Act and for engaging in the protected activity of making a good faith health and safety complaint. The two employees were not rehired while all of the other staff members at the North Richland Hills practice were reinstated when the furlough ended.

OSHA charges that Bohannan Dentistry violated employees’ rights by terminating them for reporting concerns about unsafe working conditions.

The complaint asks the court to order the dental practice to:

Pay the complainant damages, plus interest, for all past and future lost wages and benefits resulting from the termination; reimbursement for costs and expenses; compensatory damages, including for compensation for emotional pain and distress and exemplary or punitive damages in an amount to be determined at trial.
Post a notice for employees stating that the defendants will not in any manner discriminate against any employee for engaging in activities protected by Section 11(c) of the OSH Act.

The lawsuit highlights the OSHA retaliation exposure employers could face if found to retaliate against employees for expressing concern about COVID or other safety. This is just one on the many minefields employers face dealing with employees in relation to COVID-19 safety concerns, leave, vaccination, remote work, return to work, benefits and other concerns. Health care and other employers are urged to work closely with experienced employment counsel to decide and administer their policies and responses.

More Information

If you are interested in a more information about the concerns discussed in this article or other concerns or developments, see here.

If you would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information or counsel about the these or other legal, management or public policy developments, Ms. Stamer’s work, experience, involvements, other publications, or programs, contact Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297, follow her on Facebook, LinkedIn or Twitter or see Cynthia Marcotte Stamer, P.C. Website.

About the Author

Ms. Stamer has extensive experience advising, representing, defending and training domestic and international public and private health care and life sciences, charitable, community and governmental, and other business organizations and their leaders, employee benefit plans, their fiduciaries and service providers, insurers, and others. A widely published author and popular speaker, Ms. Stamer also has published and spoken extensively on wage and other and other health care, human resources, employee benefits and other workforce and services; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress; and many other compliance, governance, risk management, operational and public and regulatory affairs concerns.

A former lead advisor to the Government of Bolivia on its pension project, Ms. Stamer also has worked internationally and domestically as an advisor to health, managed care, insurance, and other business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. ©2021 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, CDC, Centers For Disease Control, Coronavirus, Corporate Compliance, COVID-19, Disability Discrimination, Discrimination, Disease Management, Doctor, Employee Benefits, Employer, Employment, Employment law, Health Care, Health Care Finance, home health, Hospital, OSHA, Pandemic, Physician, Uncategorized | Tagged: Covid, Dentist, Doctor, Health Care, OSHA, return to work, Safety | Permalink
Posted by Cynthia Marcotte Stamer

CMS Updates COVID-19 Accelerated and Advance Payments FAQs

July 8, 2021

Providers that received COVID-19 accelerated and advance payments should read the Centers for Medicare and Medicaid Services (“CMS”) updated FAQs (PDF) about repayment of COVID-19 accelerated and advance payments to learn how recoupment works and how it affects the provider’s Medicare claims payment amounts.

The new FAQ updates the Repayment of COVID-19 Accelerated and Advance Payments Began on March 30, 2021 (PDF) guidance.

For more information and to follow future updates, see the COVID-19 Accelerated and Advance Payments webpage or contact the author of this update.

More Information

If you are interested in a more detailed description of this or other developments discussed in this article, see here.

About the Author

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Leave a Comment » | Academic medicine, American Rescue Plan Act of 2021, Anti-KickBack, billing, Centers For Disease Control, compensation, Conditions of Participation, Coronavirus, Corporate Compliance, COVID-19, Doctor, E-Prescribing, Emergency Care, Health Care, Health care coding, Health Care Finance, Health Care Fraud, Health Care Provider, Health Insurance, Health Plan, Health Plans, healthcare, HHS, Home Health, home health, Hospital, hospitals, Indian Health, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, OIG, Pandemic, Physician, public health, Reimbursement, Uncategorized | Tagged: COVID-19, Health Care, Health Care Fraud, Medicare, Physician, recoupment, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

Biden-Harris Plan To Beat COVID-19 Includes Plan To Expand Medicare, Other Health Care Plans

January 21, 2021

Newly sworn in President Joe Biden chose to make an executive order outlining the core principles for his Administration’s policy for fighting COVID-19 the first signed in his new administration.

The text of the COVID-19: The Biden-Harris plan to beat COVID-19 reads as follows:

The American people deserve an urgent, robust, and professional response to the growing public health and economic crisis caused by the coronavirus (COVID-19) outbreak. President Biden believes that the federal government must act swiftly and aggressively to help protect and support our families, small businesses, first responders, and caregivers essential to help us face this challenge, those who are most vulnerable to health and economic impacts, and our broader communities – not to blame others or bail out corporations.

The Biden-Harris administration will always:

Listen to science
Ensure public health decisions are informed by public health professionals
Promote trust, transparency, common purpose, and accountability in our government
President Biden and Vice President Harris have a seven-point plan to beat COVID-19.

Ensure all Americans have access to regular, reliable, and free testing.

Double the number of drive-through testing sites.
Invest in next-generation testing, including at home tests and instant tests, so we can scale up our testing capacity by orders of magnitude.
Stand up a Pandemic Testing Board like Roosevelt’s War Production Board. It’s how we produced tanks, planes, uniforms, and supplies in record time, and it’s how we will produce and distribute tens of millions of tests.
Establish a U.S. Public Health Jobs Corps to mobilize at least 100,000 Americans across the country with support from trusted local organizations in communities most at risk to perform culturally competent approaches to contact tracing and protecting at-risk populations.
Fix personal protective equipment (PPE) problems for good.

President Biden is taking responsibility and giving states, cities, tribes, and territories the critical supplies they need.

Fully use the Defense Production Act to ramp up production of masks, face shields, and other PPE so that the national supply of personal protective equipment exceeds demand and our stores and stockpiles — especially in hard-hit areas that serve disproportionately vulnerable populations — are fully replenished.
Build immediately toward a future, flexible American-sourced and manufactured capability to ensure we are not dependent on other countries in a crisis.
Provide clear, consistent, evidence-based guidance for how communities should navigate the pandemic – and the resources for schools, small businesses, and families to make it through.

Social distancing is not a light switch. It is a dial. President Biden will direct the CDC to provide specific evidence-based guidance for how to turn the dial up or down relative to the level of risk and degree of viral spread in a community, including when to open or close certain businesses, bars, restaurants, and other spaces; when to open or close schools, and what steps they need to take to make classrooms and facilities safe; appropriate restrictions on size of gatherings; when to issue stay-at-home restrictions.
Establish a renewable fund for state and local governments to help prevent budget shortfalls, which may cause states to face steep cuts to teachers and first responders.
Call on Congress to pass an emergency package to ensure schools have the additional resources they need to adapt effectively to COVID-19.
Provide a “restart package” that helps small businesses cover the costs of operating safely, including things like plexiglass and PPE.
“THIS ISN’T ABOUT POLITICS. IT’S ABOUT SAVING LIVES.”

PRESIDENT BIDEN, SEPTEMBER 16, 2020
Plan for the effective, equitable distribution of treatments and vaccines — because development isn’t enough if they aren’t effectively distributed.

Invest $25 billion in a vaccine manufacturing and distribution plan that will guarantee it gets to every American, cost-free.
Ensure that politics plays no role in determining the safety and efficacy of any vaccine. The following 3 principles will guide the Biden-Harris administration: Put scientists in charge of all decisions on safety and efficacy; publicly release clinical data for any vaccine the FDA approves; and authorize career staff to write a written report for public review and permit them to appear before Congress and speak publicly uncensored.
Ensure everyone — not just the wealthy and well-connected — in America receives the protection and care they deserve, and consumers are not price gouged as new drugs and therapies come to market.
Protect older Americans and others at high risk.

President Biden understands that older Americans and others at high-risk are most vulnerable to COVID-19.

Establish a COVID-19 Racial and Ethnic Disparities Task Force, as proposed by Vice President Harris, to provide recommendations and oversight on disparities in the public health and economic response. At the end of this health crisis, it will transition to a permanent Infectious Disease Racial Disparities Task Force.
Create the Nationwide Pandemic Dashboard that Americans can check in real-time to help them gauge whether local transmission is actively occurring in their zip codes. This information is critical to helping all individuals, but especially older Americans and others at high risk, understand what level of precaution to take.
Rebuild and expand defenses to predict, prevent, and mitigate pandemic threats, including those coming from China.

Immediately restore the White House National Security Council Directorate for Global Health Security and Biodefense, originally established by the Obama-Biden administration.
Immediately restore our relationship with the World Health Organization, which — while not perfect — is essential to coordinating a global response during a pandemic.
Re-launch and strengthen U.S. Agency for International Development’s pathogen-tracking program called PREDICT.
Expand the number of CDC’s deployed disease detectives so we have eyes and ears on the ground, including rebuilding the office in Beijing.
Implement mask mandates nationwide by working with governors and mayors and by asking the American people to do what they do best: step up in a time of crisis.

Experts agree that tens of thousands of lives can be saved if Americans wear masks. President Biden will continue to call on:

Every American to wear a mask when they are around people outside their household.
Every Governor to make that mandatory in their state.
Local authorities to also make it mandatory to buttress their state orders.
Once we succeed in getting beyond this pandemic, we must ensure that the millions of Americans who suffer long-term side effects from COVID don’t face higher premiums or denial of health insurance because of this new pre-existing condition. The Biden-Harris Administration will work to ensure that the protections for those with pre-existing conditions that were won with Obamacare are protected. And, they will work to lower health care costs and expand access to quality, affordable health care through a Medicare-like public option.

As the new Administration and Congress get down to work, health industry organizations as well as all other U.S. organizations and communities, their leaders, and individual employees and citizens should carefully follow, and share their input to the Administration, members of Congress, and other federal, state and local officials on the actions and proposals taken to implement this and other policy that impact their interests. The need for careful attention and scrutiny is particularly important for health, managed care and insurance and management organizations as President Biden made clear throughout his campaign his intent to pursue legislative and regulatory reforms that would reverse actions of the previous administration as well as implement addition reforms to expand coverage and regulation of health care, workforce and other critical policies.

More Information

About the Author

An attorney board certified in labor and employment law by the Texas Board of Legal Specialization and Fellow in the American College of Employee Benefit Counsel, Ms. Stamer has worked as an on demand, special project, consulting, general counsel or other basis with health care providers, health insurers, employer and other management organizations, health and other employee benefit plans, their sponsors, insurers, administrators, providers and others and others has published and spoken extensively on these concerns.

A former lead advisor to the Government of Bolivia on its pension project, Ms. Stamer also has worked internationally and domestically as an advisor and advocate for employer and other plan sponsors, fiduciaries, administrators, insurers, technology and other service providers, managed care organizations, direct primary care and other health care providers and others on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Leave a Comment » | CDC, Centers For Disease Control, Consumer Driven Health Care, Coronavirus, Corporate Compliance, COVID-19, Cultural diversity, Direct Primary Care, Disability Discrimination, DME, Doctor, Emergency Care, Employee Benefits, Employer, Employment, Employment law, ERISA, Evidence Based Medicine, Fast Track Approval, FDA, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, health care reimbursement, Health Insurance, Health Plan, Health Plans, healthcare, HHS, home health, Hospice, Hospital, hospitals, Labor Law, Laws, managed care, Medicare, Medicare Advantage, Medicare Prescription Drug Program, Pandemic, Pharmaceudical, Physician, Reimbursement, Uncategorized | Tagged: Biden Administration, COVID-19, Health Care | Permalink
Posted by Cynthia Marcotte Stamer

Comment & Begin Preparation For Compliance With Proposed HIPAA Privacy Rule Changes

December 21, 2020

Health care providers, health plans and health insurers, health care clearinghouses (“Covered Entities”) and their business associates should budget and begin compliance plans, even as they comment on proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule announced by the Department of Health & Human Services Office of Civil Rights (“OCR”) in its December 10, 2020 Notice of Proposed Rulemaking (“Proposed Rule). While the official Federal Register publication date has yet to be announced, OCR already is accepting comments pending the official publication. To assure consideration, comments must be received by OCR no later than 60 days from that official Federal Register publication date.

More than 300 pages in length, the proposed HIPAA Privacy Rule changes include changes OCR intends to strengthen individuals’ rights to access their own electronic and other health information; improve information sharing for care coordination and case management for individuals; facilitate greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhance flexibilities for disclosures in the Opioid and COVID-19 public health emergencies or other emergency or threatening circumstances; and reduce administrative burdens on HIPAA covered health care providers and health plans. Highlights of some of the more significant proposed changes that the Proposed Rule will make if adopted as proposed include:

Individual Access Rights Expanded

The Proposed Rule includes a number of changes that if adopted as proposed, will increase significantly the burdens upon Covered Entities of complying with the individual access requirements of the Privacy Rule. Among other things, these include the following:

Responding To Access Requests. The Proposed Rule calls for:
Reducing the maximum period that Covered Entities have to respond to requests to “as soon as practicable,” but in no case later than 15 calendar days after receipt of the request” instead of current 30 calendar days;
Clarifying the current requirement for Covered Entities to provide PHI in the form and format requested by the individual if “readily producible” in that form and format by providing that “readily producible” includes secure, standards-based APIs using applications chosen by the individuals, such as a “personal health application” and protect individual’s rights to take notes, videos, and photographs, or use other personal resources to view or capture PHI in person;
Requiring Covered Entities to allow individuals access to inspect or obtain copies of their own PHI Free of charge when inspecting in person or accessing PHI on the internet, but continue to permit certain fees for labor, supplies, and postage for certain other means of access in accordance with Privacy Rules parameters. In acquiescence to the District Court’s January, 2020 holding that the prohibition against Covered Entities charging for third party copies in the current regulations exceeded its statutory authority in Ciox Health, LLC v. Azar, however the Proposed Rule would allow Covered Entities to charge limited fees to an individual directing transmission of an electronic copy of PHI to a third party under specified circumstances. The Proposed Rule also would require Covered Entities to provide advance notice of estimated fee schedules on their websites (if they have one) for common types of requests for copies of PHI and, upon request, provide individualized estimates of fees for copies and an itemized list of actual costs for requests for copies.
Right to Direct Copies to Third Parties. The Proposed Rule will require Covered Entities to transmit electronic PHI in an electronic health record to another Covered Entity as part of the individual’s access right. In addition, also in response to the Coix Health, LLC ruling, the Proposed Rule will limit the current right of an individual to direct a copy of PHI to a third party to an electronic copy and will specify that third party direction request need not be in writing as long as it is “clear, conspicuous, and specific.”
Verification. The Proposed Rule also would prohibit a Covered Entity from imposing “unreasonable” identity verification measures on an individual, including notarization of requests, requiring the individual to provide proof of identity in person when remove verification would be practicable, or requiring the individual to complete a full HIPAA authorization form for an access request.

Encouraging Care Coordination and Case Management Activities

The Proposed Rule also would make a number of changes that OCR believes will remove the barriers created in the current Privacy Rule to Covered Entities, whether a health care provider or health plan, engaging in individual-level care coordination and case management activities. Some of the key elements of these changes include the following:

Clarification of Rules For Individual-Level Care Coordination. The Proposed Rule would revise existing rules regarding sharing of information for individual-level care coordination to apply to Covered Entities involved in such coordination activities, whether or not the participating Covered Entity is participating in the actual care or treatment of the individual by:
- Revising the definition of “health care operations” in the current version of the Privacy Rule to clarify that the Privacy Rule allows sharing of PHI for individual-level care coordination among Covered Entities whether or not the participating Covered Entity is one involved in treatment or non-treatment involved Covered Entities such as health plans;
- Revises the current minimum necessary restriction on the disclosure of PHI for purposes of individual-level care coordination to treat all Covered Entities engaging in individual-based care coordination and case management activities the same, regardless of whether performing the activities under the “treatment” or “health care operations” functions as defined by HIPAA. Currently non-treatment involved Covered Entities participating in care coordination and case management can only receive and share the minimum necessary PHI as their lack of involvement in treatment disqualifies them for reliance upon the treatment exception to the Privacy Rule’s general requirement to limit disclosures to the minimum necessary.
- The Proposed Rule also would allow Covered Entities to disclose PHI to community-based organizations, home and community-based services (HCBS) providers, social services agencies, and other similar third parties providing health-related services for individual-level care coordination and case management without obtaining a valid authorization from the individual.

Required Updates To Notices of Privacy Practices

The Proposed Rule also would change the Privacy Rule Notice of Privacy Practices (“NPP”) requirements in a manner that would require most Covered Entities to update their NPPs and associated privacy policies. In the Proposed Rule, OCR proposes:

Replacing the requirement that certain Covered Entities that have a direct treatment relationship with an individual obtain, and retain copies of, written acknowledgements from that individual confirming their receipt of the NPP with a right for the individual to discuss the NPP with a designee of the Covered Entity.
- Modification of the required NPP content to include an additional description and instruction as to how individuals can exercise their access rights and a new, more detailed and instructive, required header meeting new specifications about the information the NPP provides to individuals with respect to their rights, how to exercise them, and the availability of the Covered Entity’s designated contact person.

Disclosures to Family Members and Other Caretakers in Certain Situations

Continuing a trend that OCR has followed over the past several years in its other guidance, the Proposed Rule also would modify the Privacy Rule under specified conditions to facilitate if not encourage health care providers more broadly to disclose PHI to family members or other caretakers of individuals with substance use disorders (SUD) or serious mental illness (SMI) and in emergency situations with less concern about exposing themselves to liability under HIPAA. The key elements of these changes are accomplished as follows:

The Proposed Rule would replace the current language that allows Covered Entities to make certain uses and disclosures of PHI based on their “exercise of professional judgment” with language allowing disclosure based on a Covered Entity’s “good faith belief” that the use or disclosure is in the best interests of the individual and add a presumption of good faith by the health care provider for this purpose.
- The Proposed Rule would enable Covered Entities to disclose PHI to avert a threat to the health or safety of a person or the public when a harm is “serious and reasonably foreseeable,” instead of the current stricter requirement that the Covered Entity see a “serious and imminent” threat to health or safety.

Clarification Regarding Disclosures to TRS Providers

The Proposed Rule also would amend the current Privacy Rules to remove telephone relay service providers (“TRS providers”) from the definition of “business associates” and expressly to allow disclosures to TRS communications assistants for persons who are deaf, hard of hearing, deaf-blind, or who have a speech disability.

Act Now

HIPAA Covered Entities, business associates and other concerned or impacted persons immediately should begin evaluating the Proposed Rule as soon as possible. As the current comment will end 60 days after the impending publication of the Proposed Rule in the Federal Register, concerned persons desiring a change to any provision of the Proposed Rule should prepare and submit appropriate comments to OCR in a timely fashion within the comment period. In addition, all Covered Entities and their business associates should review the rule in preparation for its provisions taking effect with a particular eye toward understanding the actions necessary to comply with the modified rules and to budget the financial and operational resources likely to be required to accomplish that compliance.

More Information

About the Author

Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Leave a Comment » | 21st century cures act, Academic medicine, ambulance, ASC, Childrens Health Insurance Program, Coronavirus, Corporate Compliance, COVID-19, data breach, data security, Direct Primary Care, Disease Management, DME, Doctor, drug treatment, Electronic Medical Records, Emergency Care, Employee Benefits, Employer, FDA, Federal Health Center, Genetic Information, GINA, Health Care, Health Care Provider, Health Insurance, Health IT, Health Plan, Health Plans, healthcare, HIPAA, HITECH Act, Home Health, home health, Hospice, Hospital, Hospital, hospitals, Human Subjects Research, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Life Sciences, long-term care, managed care, medical devices, Medical Privacy, Medical Records, Medicare, Mental Health, Mental Heatlh, nursing home, occupational health, OCR, Pandemic, participating provider, Pharmaceudical, Pharmacy, Physician, Privacy, Psychiatric, public health, Rural Health Care, Skilled Nursing Facility, transplant, Uncategorized, Veterans Health Administration, Wellness | Permalink
Posted by Cynthia Marcotte Stamer

Pennsylvania OCR Settlement Warns Others Against Disability Or Other Civil Rights Discrimination In COVID-19 Resource Allocation & Other Response

April 30, 2020

OCR Says “No” To Allocating Respirators & Other Scarce COVID-19 Care Based On Pre-Existing Medical Conditions

This week’s Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) announcement of that the Pennsylvania Department of Health (PDH) has agreed to using a list of preexisting health care conditions to decide patient priority for access to respirators and other scarce resources during the COVID-19 health care emergency flags potential civil rights discrimination violations by the multitude of other State, local, tribal, and territorial public health policymakers, healthcare systems leadership, and other public emergency decision-makers and other public or private HHS funds recipients (collectively “COVID responders”) whose pandemic emergency response plans call for the use pre-existing health conditions or other civil rights act protected status of patients to ration scarce medical resources like ventilators or other scarce resources.

Coupled with other recent guidance warning COVID responders against discrimination and to provide all legally required accommodations for individuals with pre-existing conditions or disorders constituting disabilities, English as a second language, religion, age or other protected status under Section 504 of the Rehabilitation Act of 1973 (“Section 504”), Title II of the Americans with Disabilities Act (the “ADA”), Section 1557 of the Patient Protection and Affordable Care Act (“Section 1557”) and other federal civil rights laws, health care providers, public health authorities and other COVID-19 responders should act immediately to review and take any action needed to correct civil rights law deficiencies in their own COVID-19 emergency policies or operations.

PDH Enforcement Shows Agencies’ Serious About COVID-19 Civil Rights Enforcement

OCR’s April 28, 2020, OCR announcement of PDH’s agreement to revise its Interim Pennsylvania Crisis Standards of Care for Pandemic Guidelines (CSC Guidelines) to revolve an April 3, 2020 civil rights complaint that PDH’s COVID-19 pandemic response plan illegally discriminated against patients with disabilities by denying or lowing the care priority of patients with certain listed preexisting health conditions shows that OCR and other federal agencies are carrying through on promises to take quick enforcement action against COVID-19 responders that violate federal discrimination and other civil rights laws when dealing with the COVID-19 public health emergency in the March 14, 2020 Crisis Standards of Care and Civil Rights Laws guidance (“CSC Guidelines”) and in OCR’s March 28, 2020 Civil Rights, HIPAA, and the Coronavirus Disease 2019 Bulletin (the “Bulletin”).

The CSC Guidelines jointly issued by the Health Care Resilience Taskforce (composed of HHS, FEMA, and the Army Corps of Engineers) warned public health, health care providers and other pandemic decisionmakers against adopting or applying policies in for managing ventilators or other constricted resources during the COVID-19 or other emergencies that negatively impact vulnerable populations (e.g., older adults and persons with disabilities). After reminding state, local, tribal, and territorial policymakers, healthcare systems leadership, and other decision-makers that civil rights laws are not suspended or waived in times of disaster, the CSC Guidelines cautioned “Federal civil rights laws and regulations apply, and have not been suspended, during the COVID19 national health emergency. Federal fund recipients must comply with those requirements.”

OCR reaffirmed the CSC Guidelines warnings in its March 28, 2020 Bulletin reminding health care providers and other HHS fund recipients the laudable goal of providing care quickly and efficiently during the COVID-19 health care emergency still must comply with federal civil rights prohibitions against disability discrimination in HHS funded programs under Section 1557, Section 504, and other civil rights laws, stating:

“persons with disabilities should not be denied medical care on the basis of stereotypes, assessments of quality of life, or judgments about a person’s relative “worth” based on the presence or absence of disabilities or age. Decisions by covered entities concerning whether an individual is a candidate for treatment should be based on an individualized assessment of the patient based on the best available objective medical evidence.”

The PDH disability discrimination investigation and resolution announced April 28^th resulted from OCR’s investigation of a civil rights complaint filed less than a week after OCR released the Bulletin by Disability Rights Pennsylvania and other disability rights groups. Like many other regional and facility pandemic response plans, the CSC Guidelines listed specific impairments or disabilities that would lead to greater deprioritization of patients for care during a pandemic emergency. The April 3 complaint against PDH charged that Pennsylvania’s CSC Guidelines violated Section 504, Title II, and Section 1557 by unlawfully authorizing the denial of treatment to individuals with disabilities when prioritizing access to critical care and ventilators. The complaint also alleged that the guidelines did not require an individualized assessment, but instead used “preexisting conditions that are disabilities” to determine a priority score.

OCR PDH COVID-19 Civil Rights Investigation & Settlement

Consistent with the warning provided in the Bulletin, OCR moved with rare speed to investigate the complaint and notify PDH of its civil rights concerns. To resolve potential OCR civil rights charges, OCR announced April 28, 2020 that PDH agreed to accept technical assistance from OCR and make the following revisions to its CDC guidelines:

Remove criteria that automatically deprioritized persons on the basis of particular disabilities,
Require individualized assessments based on the best available, relevant, and objective medical evidence to support triaging decisions, and
Ensure at no one is denied care based on stereotypes, assessments of quality of life, or judgments about a person’s “worth” based on the presence or absence of disabilities.

Based on these “responsive actions and the revisions” to its guidelines in response to OCR’s concern, the OCR announcement states that OCR is closing its complaint investigation as satisfactorily resolved without a finding of liability while noting that this does not preclude future OCR enforcement in cases of potential discriminatory implementation of Pennsylvania’s policies by any covered health care provider.

Other Public Health, Health Care & Other COVID Responders Should Confirm COVID-19 Civil Rights Response Compliance

The PDH announcement provides a strong warning to health care providers, public health authorities and other COVID-19 responders to act quickly to evaluate and make any necessary adjustments to redress any questionable disability or other civil rights concerns in their own COVID-19 or other emergency response plans or practices.

Even before the COVID-19 health care emergency, disability and other civil rights law enforcment already was a high priority for OCR and other federal agencies. See e.g., Civil Rights Settlement Highlights Health Industry Discrimination Risks As OCR Prepares To Broaden Requirements; OCR’s Proposed Sex & Other Discrimination Rules Spell Headaches & New Risks For Health Care Providers, Insurers & Others; Check Defensibility Of Policies & Practices Given New HHS/DOJ Joint Disability Law Technical Assistance; Important Lessons For Health Care Providers From Michigan State Settlement Of OCR Larry Nassar Sexual Abuse Investigation; Cognitive Disability Exclusion from Heart Transplant List Placement Prohibited.

The PDH announcement clearly alerts other health care providers and COVID-19 responders that OCR does not plan to slacken civil rights discrimination investigation or enforcement against health care providers or others because of the COVID-19 health care emergency. Rather, the PDH investigaiton and resolution make clear that COVID-19 responders need to use particular care take the well-documented steps necessary to ensure they can defend their ongoing compliance with disability discrimination and other federal civil rights laws throughout the COVID-19 health care emergency.

In this respect, OCR’s PDH announcement makes a point of clearly warning other public health, health care providers and other recipients of HHS funding across the nation against using preexisting conditions or other prohibited stereotypes or classifications of patients without individual assessments to triage and prioritize access to care or other resources for purposes of their COVID-19 or other pandemic planning or response. To emphasize the importance of continued compliance with these civil rights laws, the Bulletin quotes OCR Director Roger Severino, as stating: “Triage decisions must be based on objective and individualized evidence, not discriminatory assumptions about the prognoses of persons with disabilities” and “we must ensure that triage decisions are free from discrimination both in their creation and their application, and we will remain vigilant in achieving that goal.”

These warnings and OCR’s quick enforcement action make clear that OCR’s commitment to hold health care providers, state and local public health, and other COVID-19 responders accountable for ensuring their COVID-19 pandemic plans and operations don’t impermissibly discriminate against individuals with or needing accommodations for disabilities, limited English skills, religious beliefs, age or other status protected by HHS’ civil rights rules. Meanwhile, OCR’s reported willingness to accept PHD’s prompt corrective action without imposing financial sanctions also signals the probable willingness of OCR to show similar leniency to other health care providers or COVID-19 responders that for acting promptly to self-identify and redress potentially questionable past COVID-19 restricted resource allocation practices in response to the PDH announcement and other COVID-19 civil rights compliance guidance.

Given the often multimillion dollar penalties and other heavy sanctions that OCR already regularly imposes against a long and ever-growing list of state and other health care, child care, elder care, insurance and other entities for violating its civil rights nondiscrimination and accommodation requirements and the often significant judgements awarded to private litigant victims, state and local public health, health care providers and other COVID providers generally will want to review and tighten as advisable their existing practices to reduce the risk of being incuring penalties or judgments, being sanctioned, excluded or a combination of these consequences for violation of these nondiscrimination and other civil rights requirements by among other things:

Auditing the adequacy of their pandemic response and other plans, policies, practices and actions for allocating scarce resources and care during the COVID-19 health emergency and in other scarce resource situations;
Developing a strategy and procedures for receiving, investigating and responding with appropriate documentation to complaints or other indicators of potential civil rights violations or risks;
Taking prompt, documented action to reform and strengthen civil rights policies, practices and controls, training, investigations and other compliance and risk management;
Explore potential strategies, if any, to mitigate potential liability exposure to OCR or private litigant investigations or enforcement from past, ongoing or future policies or actions; and
Other actions to maintain and demonstrate their organization-wide culture of compliance with applicable civil rights laws.

Since organization and their leaders likely will be required to uncover and discuss legally and politically sensitive information in the course of these activities, public health, health care and other COVID responders are encouraged to consider engaging qualified legal counsel with relevant experience to advise and guide them in conducting, maintaining and using attorney-client privilege and other procedures to safeguard sensitive analysis, discussions and work product from avoidable discovery and other processes to promote the legal effectiveness and defensibility of their actions.

More Information & Resources

We hope this update is helpful. If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. In addition to this update, the author of this article also is extensively published and frequent speaker on pandemic and other infectious disease, and other health industry crisis preparedness and response, and many other regulatory compliance, risk management and operations, public policy and other concerns. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. also invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Cynthia Marcotte Stamer is a practicing attorney, management and regulatory affairs consultant, author and lecturer, who has worked extensively on pandemic and other crisis planning, preparedness and response and other business change, risk, compliance and operation management throughout her 30 plus year career.

Her experience includes extensive work domestically and internationally with hospitals, health care systems, clinics, skilled nursing and other long term care, rehabilitation and other health care facilities; physicians, medical staff and other health care providers and organizations; accreditation, peer review and quality committees and organizations; health care management and technology and other health and managed care industry clients; self-insured and insured health and other employee benefit plans, their sponsors, fiduciaries, administrators, insurers and service providers and other payers; employers; billing, utilization management, quality, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization and the author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans and a multitude of other publications and workshops on health and other disaster and other crisis preparedness, risk management and response, as well as a multitude of other health care, workforce and other management and regulatory affairs publications and presentations, Ms. Stamer also shares her thought leadership through her extensive and diverse involvement in a broad range of other professional and civic organizations. Examples of these involvements include her service as the current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former JCEB Council Representative; past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group; former ABA RPTE Employee Benefits & Other Compensation Group Chair and Past Chair and current Co-Chair of its Welfare Benefits Committee; former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas; former technical advisor to the National Physicians Council on Health Care Policy; former member of the Stem Cell Advisory Committee; and in a multitude of other professional, trade, civic and community service organizations . For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides consulting, publications and other information, education, coaching, training, tools and other resources on leadership, governance, health care, human resources, employee benefits, insurance, public policy and regulatory affairs, data security and privacy and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive license to republish granted to SOlSolutions Law Press, Inc.™ All other rights reserved.

Leave a Comment » | 21st century cures act, ADA, air ambulance, Biological Wafar3e, Civil Rights, Consumer Driven Health Care, Coronavirus, Corporate Compliance, COVID-19, Cultural diversity, Diabetes, Disability Discrimination, Disease Management, DME, Doctor, drug treatment, ebola, Emergency Care, English as A Second Language, Health Care Provider, Health Care Quality, healthcare, HHS, Home Health, Hospice, Hospital, hospitals, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Life Sciences, long-term care, managed care, medical devices, Pandemic, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

COVID-19 Telehealth Relief; CMS ESRD, General Practitioner Telehealth Toolkits Released

March 24, 2020

The U.S Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced Health Insurance Portability & Accountability Act Privacy Rule 2019 Novel Coronavirus (COVID-19) emergency enforcement relief for certain covered health care providers and their business associates participating in the operation of mobile, drive-through, or walk-up COVID-19 specimen collection and testing sites that only provide COVID-19 specimen collection or testing services to the public (Community-Based Testing Sites, or CBTS). The Notification of Enforcement Discretion ON CBTS During The COVID-19 Nationwide Public Health Emergency (“Notice”) expands upon the series of HIPAA enforcement relief and other flexibility OCR has granted to health care providers and other HIPAA-covered entities and business associates when dealing with the COVID-19 National Health Emergency declared by President Trump on March 13, 2020.

While welcome relief for those health care providers and business associates that qualify for this relief, it is critical that all health care providers, health plans, health care clearinghouses and their business associates do not overlook the importance of ensuring their HIPAA obligations are fulfilled amid the frenzy of coping with the ongoing COVID-19 crisis. Like OCR’s previously announced March 30, 2020 Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Telehealth Relief”) and the COVID-19 related flexibilities granted by OCR in its February 2020 Office for Civil Rights, U.S. Department of Health and Human Services BULLETIN: HIPAA Privacy and Novel Coronavirus (“OCR COVID-19 HIPAA Bulletin”), the CBTS Notice provides valuable flexibility and relief for HIPAA covered entities and business associates that qualify for the granted relief. While welcoming this relief, all covered entities and business associates need to keep in mind that the shifting of care locations, systems, affiliations and other arrangements to deal with the COVID-19 national health emergency generally are accompanied by changes in the collection, use, access, disclosure, storage and transmission of protected health information generally and electronic protected health information and its associated devices and systems. Except to the extent protected by COVID-19 or other specific disaster relief from OCR, covered entities and business associates need to use care to conduct appropriately documented risk assessments and take other necessary steps to maintain HIPAA compliance in these operations and systems throughout the emergency. See also COVID-19 Telehealth Relief; CMS ESRD, General Practitioner Telehealth Toolkits Released; OCR Grants HIPAA Telemedic ine Relief During COVID-19 Crisis.

April 9 HIPAA Enforcement Relief For Certain COVID-19 Testing Related Activities

According to Director Roger Severino, the limited enforcement relief in the Notice is intended “to encourage the growth of mobile testing sites so more people can get tested quickly and safely.” Under the April 9, 2020 Notice, OCR will not impose penalties for violations of HIPAA regulatory requirements committed by covered entities or business associates in connection with their good faith participation in the operation of COVID-19 testing sites during the COVID-19 nationwide public health emergency. The enforcement relief provided by the s retroactive to violations committed on or after March 13, 2020 even though just announced on April 9.

The enforcement relief applies to all HIPAA covered health care providers and their business associates when such entities are, in good faith, participating in the operation of a CBTS. According to the Notice, operation of a CBTS includes all activities that support the collection of specimens from individuals for COVID-19 testing. Covered entities and business associates intending to rely upon the enforcement relief need to understand its limited scope. The relief only applies to health care providers or their business associates when participating in CBTS related activities. It does not apply to non-CBTS related activities of health care providers or their business associates including the handling of PHI outside of the operation of a CBTS or to health plans, health care clearinghouses, or their business associates performing health plan and clearinghouse functions. To the extent that an entity performs both plan and provider functions, the Notice says the relief only applies to the entity in its role as a covered health care provider and only to the extent that it participates in a CBTS. Covered entities and business associates not covered by the CBTS relief provided by the Notice generally remain subject to all otherwise applicable HIPAA requirements except as otherwise provided in the Telehealth Relief or other COVID-19 related flexibilities granted by OCR in the OCR COVID-19 HIPAA Bulletin or other previously issued HIPAA guidance for dealing with public emergencies,

While committing that OCR will not take HIPAA enforcement action against covered entities or business associates for violating HIPAA’s regulatory requirements during the COVID-19 emergency, the Notice nevertheless encourages covered entities and business associates participating in the good faith operation of a CBTS to implement reasonable safeguards to protect the privacy and security of individuals’ PHI including:

Using and disclosing only the minimum PHI necessary except when disclosing PHI for treatment.
Setting up canopies or similar opaque barriers at a CBTS to provide some privacy to individuals during the collection of samples.
Controlling foot and car traffic to create adequate distancing at the point of service to minimize the ability of persons to see or overhear screening interactions at a CBTS. (A six foot distance would serve this purpose as well as supporting recommended social distancing measures to minimize the risk of spreading COVID-19.)
Establishing a “buffer zone” to prevent members of the media or public from observing or filming individuals who approach a CBTS, and posting signs prohibiting filming.
Using secure technology at a CBTS to record and transmit electronic PHI.
Posting a Notice of Privacy Practices (NPP), or information about how to find the NPP online, if applicable, in a place that is readily viewable by individuals who approach a CBTS.

While OCR says the Notice’s enforcement relief for CBTS related activity is not conditional upon adherence to these recommendations, CBTS involved covered entities and business associations should keep in mind that the OCR relief does not necessarily affect their otherwise applicable requirements, if any, to comply to these and other health or medical privacy, data security, confidentiality or other similar requirements applicable under otherwise applicable state statutory or common laws, regulations, accreditation or credentialing, contractual or other legally relevant requirements or standards.

Today, the Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) released two comprehensive toolkits on telehealth:

The Telehealth Toolkit for General Practitioners available here;
The End-Stage Renal Disease Providers Toolkit available here .

The Toolkits’ release follows up on last week’s Centers for Medicare & Medicare Services (“CMS”) loosening of requirements for Medicare coverage of telehealth services and privacy and data security requirements so that beneficiaries can receive a wider range of services from their doctors without having to travel to a healthcare facility on a temporary and emergency basis under the 1135 waiver authority and Coronavirus Preparedness and Response Supplemental Appropriations Act.

COVID-19 Emergency TeleHealth Waivers & Rules

Under this temporary new waiver, Medicare can pay for office, hospital, and other visits furnished via telehealth across the country and including in patient’s places of residence starting March 6, 2020. The waiver applies to a range of providers, such as doctors, nurse practitioners, clinical psychologists, and licensed clinical social workers, will be able to offer telehealth to their patients.

New TeleHealth Toolkits

Each of the telehealth toolkits released today contains electronic links to reliable sources of information on telehealth and telemedicine, which will reduce the amount of time providers spend searching for answers and increase their time with patients. HHS intends these links to help providers choose learn about the general concept of telehealth, choose telemedicine vendors, initiate a telemedicine program, monitor patients remotely, and develop documentation tools. Additionally, the information contained within each toolkit also outlines temporary virtual services that could be used to treat patients during this specific period of time.

COVID-19 Temporary Limited Scope HIPAA Privacy Telehealth Relief

The HHS COVID-19 emergency teleheath waivers follow up on the HHS Office for Civil Rights (OCR) March 20, 2020 Notification of Enforcement Discretion on Telehealth Remote Communications (the “Notice”) announcing temporary, limited scope enforcement relief from some, but not all of the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules for health care providers using “non-public facing” communication technologies to provide telemedicine services during the COVID-19 health care emergency

Intended to allow health care providers greater latitude under HIPAA to communicate with patients and provide telehealth services through remote communications technologies during the COVID-19 national emergency, the Notice allows covered health care providers wishing to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency the option to any availabe “non-public facing” remote communication product to communicate with patients if the platform by verifying the platform is HIPAA compliant and securing the necessary business associate agreement (“BAA”) with the communication provider.

Specifically the Notice announces OCR is exercising its enforcement discretion not to impose penalties for noncompliance with the HIPAA Rules in connection with the good faith provision of telehealth using non-public facing audio or video communication products during the COVID-19 nationwide public health emergency in accordance with the requirements set forth in the Notice. The non-enforcement policy applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19. During the COVID-19 emergency, this relief for non-public facing remote communications allows a health care providers the flexibility when it determines appropriate in his or her professional judgement to request to examine a patient using a video chat application connecting the provider’s or patient’s phone or desktop computer in order to assess a greater number of patients while limiting the risk of infection of other persons who would be exposed from an in-person consultation.

The relief does not apply to “public facing” remote communications however, Facebook Live, Twitch, TikTok, and similar video communication applications are considered “public facing.” The OCR bulletin states health care providers should not use any of these or other public facing remote communications to provide telehealth services under the Bulletin.

The Notice also alerts health care providers providing telemedicine services under the Notice need to ensure they have in place appropriate business associate agreements {“BAAs”) with each technology vendors used to conduct these communications and that the vendor is otherwise HIPAA compliant. The Notice lists the following as some vendors that have represented to OCR that they provide HIPAA-compliant video communication products and that they will enter into a HIPAA BAA include:

Skype for Business
Updox
VSee
Zoom for Healthcare
me
Google G Suite Hangouts Meet

Providers should note that the Notice also states that OCR does not endorse, recommend or certify any of these vendors or the adequacy of their BAAs. Consequently, providers intending to use any of thes platforms should conduct their own documented due diligence to confirm that the necessary HIPAA requirements are met. Providers also should keep in mind that the OCR Notice does not modify any otherwise applicable federal or state law, contractual or ethical requirements that may apply to their use of these telemedicine platforms. As many provider’s HIPAA notices may have included statements inconsistent with the use of these technologies, the provider should consider providing notification of the change of its practices that includes disclosures about potentially lower privacy protections. Because the relief is limited in scope and duration, providers relying on the relief also will need to closely monitor developments and adjust practices as necessary when the emergency waivers expire or are modified.

Covered Entities & Business Associates Should Conduct Documented Risk Assessment To Verify Compliance Taking Into Account COVID-19 Operational Changes & Relief

Health care providers, health plans, health care clearinghouses and their business associates hoping to rely upon the relief in the CBTS Notice, the Telehealth Relief, the OCR COVID-19 HIPAA Bulletin or other previously issued HIPAA guidance for dealing with public emergencies, need to verify their qualification and compliance with that guidance. In the meantime, all HIPAA covered entities and business associates also should be cognizant of the advisability of also conducting timely, documented risk assessments and taking other necessary steps to ensure that they can demonstrate that their ongoing operations, taking into account any COVID-19 specific changes in operations, systems, locations, business associates or other HIPAA relevant arrangements or operations, comply with all remaining relevant requirements of HIPAA or other relevant federal or state statutory, regulatory, common law, ethical, contractual or other requirements. This is particularly important with respect to modification locations, equipment, or other COVID-19 related changes may impact or disrupt usual operations or involve the use, access, disclosure, retention or transmission of protected health information or other sensitive data outside of processes, systems or location previously subject to a risk assessment to confirm and document adequate compliance with HIPAA or other relevant requirements. To the extent that any deficiencies may have occurred, timely action should be taken to conduct an appropriate documented investigation and risk assessment, and provide any necessary breach notification or other corrective action necessary to correct or mitigate those events. Because of the potential sensitivity of these activities, health care providers, health plans, health care clearinghouses and their business associations should consider contacting experienced legal counsel to arrange for those activities to be structured to preserve the possibility of using attorney-client privilege or other legal privileges to help defend sensitive communications or evaluations against discovery in the event of a future litigation or administrative investigation.

More Information & Resources

We hope this update is helpful. If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. To learn more about Ms. Stamer, her services, experience, publications or involvements; to review or request other developments, publications, resources and tools; or to register for future updates, see www.cynthiastamer.com, see www.cynthiastamer.com; connect on LinkedIn or Facebook; or contact us via e-mail or via telephone at (214) 452 -8297

About The Author

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.

Leave a Comment » | Academic medicine, Centers For Disease Control, Childrens Health Insurance Program, Conditions of Participation, Coronavirus, COVID-19, Disease Management, Doctor, E-Prescribing, Electronic Health Records, Electronic Medical Records, Emergency Care, Employer, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Health Insurance, Health IT, Health Plan, HIPAA, Home Health, home health, Hospice, Hospital, hospitals, Indian Health, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Meaningful Use, Medicaid, Medical Licensure, Medical Malpractice, Medical Privacy, Medical Records, Medicare, Medicare Advantage, Mental Health, Pandemic, Pharmaceudical, Pharmacy, Physician, Prescription Drugs, Prohibited Transaction, Reimbursement, Rural Health Care, Uncategorized, Veterans Health, Veterans Health Care | Permalink
Posted by Cynthia Marcotte Stamer

Gastroenterology Practices Pays $100K For HIPAA Noncompliance

March 3, 2020

The $100,000 settlement payment the medical practice of Steven A. Porter, M.D., has agreed to pay $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services to settle a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule Serves as a warning to other physicians and healthcare providers that they too could pay big bucks for failing to comply with HIPAA. The resolution agreement and corrective action plan may be found here.

Dr. Porter’s medical practice provides gastroenterological services to over 3,000 patients per year in Ogden, Utah.

OCR began investigating Dr. Porter’s medical practice after it filed a breach report with OCR related to a dispute with a business associate. OCR’s investigation determined that Dr. Porter had never conducted a risk analysis at the time of the breach report, and despite significant technical assistance throughout the investigation, had failed to complete an accurate and thorough risk analysis after the breach and failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

Many physician and other small healthcare providers underestimate their responsibilities or their exposure for noncompliance. Many have never conducted the necessary risk analysis or initially adopted the requisite policies and procedures to comply. Furthermore, practices relying upon outsourced management or compliance services for their HIPAA compliance need to ensure that they have appropriate business associates agreements with those and all other service providers. While OCR typically takes into account efforts to obtain services as evidence of a culture of compliance, when breaches happen in the practice or at the business associate, A physician or other healthcare provider can expect OCR to investigate their compliance and potentially their culpability for the breach. physicians and other healthcare providers also should not assume that their engagement of a service HIPAA to comply with or provide HIPAA compliant services equates to making that service provider accountable for the quality in adequacy of the services.Typically service providers and consultants limit their liability contractually and otherwise when providing these services, often do not have adequate compliance themselves, or both. Licensing agreements and other services contracts typically include various provisions excusing or limiting the service provider from liability for deficiencies in compliance resulting from inadequacies in their procedures, operational noncompliance or both. In some instances, business associates may include provisions in their business associate agreement or other related agreements that actually obligate the healthcare provider to defend and indemnify the service provider for breaches and other liabilities arising out of HIPAA noncompliance. Since the cost of investigating and defending an alleged complaint can be very expensive even if no penalties are sought by OCR, most physicians and other healthcare providers should explore the availability of insurance coverage to help protect against these expenses.

“All health care providers, large and small, need to take their HIPAA obligations seriously,” said OCR Director Roger Severino. “The failure to implement basic HIPAA requirements, such as an accurate and thorough risk analysis and risk management plan, continues to be an unacceptable and disturbing trend within the health care industry.”

In addition to the monetary settlement, Dr. Porter will undertake a corrective action plan that includes two years of monitoring.

Physicians and other healthcare providers need to keep in mind that OCR penalties are not the only risk of HIPAA violations. Noncompliance with these requirements also commonly gives rise to licensing board, peer review, and other professional, employment or contractual consequences as well as negative publicity.

The resolution agreement demonstrates OCR requires physicians shouldn’t expect OCR to look the other way when they violate HIPAA. Given the potential professional and monetary liability risk that result from complaints and violations, physicians and other healthcare Should consult with qualified legal counsel for assistance with assessing the adequacy of their current clients within the scope of attorney-client privilege. Additionally, in the event of a complaint or threaten complaint, physicians and other healthcare providers should take appropriate steps to conduct a documentary investigation. As discussions and activities conducted in association with such investigations can involve sensitive communications and information, it also is advisable to consult with legal counsel at the beginning of an issue to determine whether the investigation or other activities should be conducted within the scope of attorney-client privilege so as to minimize exposure of sensitive communications as admissions or another discoverable evidence for administrative or litigation proceedings.

More Information

About the Author

This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EHR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Leave a Comment » | ambulance, ASC, data security, Direct Primary Care, Doctor, drug treatment, Durable Medical Equipment, E-Prescribing, Electronic Health Records, Electronic Medical Records, Emergency Care, FACTA, Federal Health Center, Genetic Information, GINA, Health Care Fraud, Health Care Provider, Health IT, HHS, HIPAA, HIPAA Cyber Crime, HITECH Act, Home Health, home health, Hospice, Hospital, hospitals, Licensing, long-term care, Medical Privacy, Medical Records, OCR, participating provider, Pharmacy, Physician, Physician Licensing, Privacy, Substance Abuse, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

ONC Adds Reducing Provider EHR Burdens & Promoting Electronic Health Data Use In Research To Health IT Priorities

February 25, 2020

Reducing health care providers burdens from using electronic health records (“EHRs”) and promoting the better uses of electronic medical data in medical research are the focus of two new health information technology (“health IT”) policy documents released this week by the Department of Health & Human Services (“HHS”) Office of the National Coordinator for Health Information Technology (“ONC”). Health care providers, health researchers, health plans, health care clearinghouses and other health data collectors or users, as well as health IT providers and other interested persons will want to evaluate carefully these new ONC releases for insights about policy and other efforts ONC is promoting to shape the use of health IT and data.

Reducing Health IT and EHR Burdens On Providers

On February 21, 2020, ONC moved forward on its efforts to implement “a comprehensive strategy to reduce the regulatory and administrative burden related to the use of health IT, including EHRs” by publishing its “Strategy on Reducing Regulatory and Administrative Burdens Relating to the Use of Health IT and EHRs” (the “EHR Report”) targets burdens tied to regulatory and administrative requirements that HHS can directly impact through the rulemaking process. A collaborative effort between ONC and the Centers for Medicare & Medicaid Services (CMS), the report’s strategies was developed in response to a Congressional mandate in the 21^st Century Cures Act, which directed HHS to develop a plan of action to reduce regulatory and administrative burden relating to the use of health IT and EHRs and finalizes the draft version of this strategy ONC released in November 2018. Based on stakeholder input, the final HER Report outlines three overarching goals designed to reduce clinician burden:

Reduce the effort and time required to record health information in EHRs for clinicians;
Reduce the effort and time required to meet regulatory reporting requirements for clinicians, hospitals, and healthcare organizations; and
Improve the functionality and ease of use of EHRs.

ONC says reducing unnecessary regulatory burden will alleviate time spent on administrative tasks. For example, during listening sessions with clinicians, we heard criticism that the documentation guidelines for Evaluation and Management (E/M) visits were a source of EHR-related burden and overly complicated. They told us these requirements result in “pajama time,” where physicians spend hours after clinic sessions and on weekends entering data to satisfy billing and quality reporting requirements. Poor usability features within EHRs can further exacerbate this issue, as clinicians find it difficult to navigate long records within the EHR interface. Based on this feedback, the report covers four key areas:

Clinical documentation
Health IT usability (or ease of use of health IT tools and systems)
Federal health IT and EHR reporting requirements
Public health reporting (including coordination with prescription drug reporting programs and electronic prescribing of controlled substances).

In addition to responding to the direction included in the EHR Report, health care and health IT providers also will want to continue to monitor and communicate with ONC. While moving forward on the implementation of the objectives identified in the EHR Report, ONC says it plans to continue to reach out and engage the clinician community and other key stakeholder communities and to monitor emerging and ongoing burdens related to the use of EHRs, such as burdens related to EHR inbox management and other efforts to enable further automation in health care, with a focus on prior authorization, quality reporting, and other aspects of our current system that can reduce time spent using health IT.

Leveraging Health IT For Research

On February 24, 2020, ONC followed up by releasing its National Health IT Priorities for Research: A Policy and Development Agenda. The Agenda articulates its latest vision of a health information technology infrastructure that supports alignment between the clinical and research ecosystems in research.

The Agenda identifies two overarching goals along with nine associated priority areas ONC believes stakeholders can take to achieve the respective visions more quickly and effectively:

Read the Agenda here.

More Information

The Agenda is the latest in a series of priorities, agendas and other initiatives adopted by ONC since its establishment in furtherance of its legislative mandate under the Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009 to improve the health and well-being of individuals and communities through the use of technology and health information.

Health care providers, plans, technology vendors and providers and other stakeholders impacted by ONC and other electronic medical record or health IT systems should take into account the likely implications of these and other ONC pronouncements on their programs and practices when planning and updating them.

About the Author

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Comments Off on ONC Adds Reducing Provider EHR Burdens & Promoting Electronic Health Data Use In Research To Health IT Priorities | Academic medicine, ambulance, Conditions of Participation, Consumer Driven Health Care, Corporate Compliance, Disease Management, DME, Doctor, drug treatment, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Evidence Based Medicine, FDA, Health Care, Health care coding, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, health care reimbursement, Health Insurance, Health IT, Health Plan, Health Plans, Health Policy, healthcare, HHS, HITECH Act, Home Health, home health, Hospice, Hospital, hospitals, Human Subjects Research, Meaningful Use, Medicare Advantage, Medicare Prescription Drug Program, Mental Health, NIOSH, occupational health, OCR, ONC, Outcomes Data, pain management, Pharmacy, Physician, Prescription Drugs, Prospective Payment, public health, Public Policy, quality reporting, Reimbursement, research, Technology, Telemedicine, Uncategorized, Veterans Health, Veterans Health Care, Wellness | Permalink
Posted by Cynthia Marcotte Stamer

New Texas Law Requiring Anti-Retaliation Policies For Nonprofit Healthcare Org’s Takes Effect 1/1

December 27, 2019

Nonprofit health organizations must develop anti-retaliation policies for doctors and submit biennial reports to the Texas Medical Board in response to a House Bill 1532 mandate that takes effect January 1, 2020.

Passed by the Texas Legislature on September 1, 2019, the Bill also amends the Medical Practice Act to require the Texas Medical Board to accept and process complaints against a certified nonprofit health organization in the same manner it would handle complaints against a health professional.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

1 Comment | Corporate Compliance, Doctor, Employer, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, healthcare, Home Health, Hospice, Hospital, hospitals, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, managed care, Nonprofits, participating provider, Peer Review, Physician, Physician Licensing, Provider contracting, retaliation, Uncategorized, Whistleblower | Permalink
Posted by Cynthia Marcotte Stamer

Omnicare & CVS Accused Of Health Care Fraud In Long Term Care Pharmacies

December 17, 2019

The Department of Justice today sued the nation’s largest long term care pharmacy provider, Omnicare, and its parent company, CVS Healthcare Corporation seeking seeks damages and civil penalties under the False Claims Act for fraudulently billing federal healthcare programs for hundreds of thousands of non-controlled prescription drugs DOJ says Omnicare illegally dispensed to elderly and disabled individuals in assisted living facilities, group homes, independent living communities, and other non-skilled residential long-term care facilities (“LTC facilities”).

In the civil health care fraud complaint the DOJ filed a New York Federal District Court, the Omnicare illegally dispensed and billed the federal government and patients for antipsychotics, anticonvulsants, and antidepressants to elderly and disabled residents in LTC facilities without proper prescriptions. DOJ’s lawsuit alleges that instead of obtaining new prescriptions from patients’ doctors after the old ones had expired or run out of refills, Omnicare just assigned a new number to the old prescription and kept on dispensing drugs for months, and sometimes years, after the prescriptions expired. DOJ’s complaint alleges that Omnicare internally referred to these renumbered expired prescriptions as “rollover” prescriptions. The DOJ complaint also charges that Omnicare also submitted, or caused to be submitted false claims for payment for medications dispensed based on invalid prescriptions it internally referred to as “rollover” prescriptions” to Medicare, Medicaid, and TRICARE in violation of the False Claims Act.

Omnicare is the country’s largest provider of pharmacy services to LTC facilities. It currently operates approximately 160 pharmacies in 47 states across the United States, which dispense tens of millions of prescription drugs to LTC facilities that serve elderly and disabled individuals. CVS acquired Omnicare in May 2015, and shortly thereafter assumed an active role in overseeing Omnicare’s operations, including pharmacy dispensing practices and systems.

According to the DOJ complaint failed today, from 2010 until 2018, Omnicare and CVS allowed Omnicare pharmacies to dispense non-controlled prescription drugs to tens of thousands of elderly and disabled individuals living in LTC facilities based on prescriptions that had expired, were out of refills, or were otherwise invalid. Omnicare repeatedly disregarded prescription refill limitations and expiration dates that required doctor visits to reevaluate whether the drug should be renewed. Instead of requesting new prescriptions when old ones expired, Omnicare allowed prescriptions to “roll over.” At Omnicare, “rolling over” a prescription meant that when a prescription expired, Omnicare’s computer systems would assign the old prescription a new number and the pharmacy would continue to dispense the drug indefinitely without the need for a prescription renewal. Depending on the computer system used, Omnicare also sometimes assigned a fake number of authorized refills to a prescription – usually 99 allowable refills for Medicare patients – to allow for continuous refilling. DOJ claims that Omnicare pharmacies “rolled over” prescriptions for elderly and disabled individuals living in more than 3,000 residential long-term care facilities, including assisted living facilities operated by the largest long-term care providers in the country, such as Brookdale Senior Living, Atria Senior Living, Sunrise Senior Living Services, and Five Star Senior Living. DOJ also claims Omnicare managers exerted pressure on overwhelmed pharmacy staff to fill prescriptions quickly so that Omnicare could submit claims and collect payments.

According to the DOJ, Senior management at Omnicare and CVS knew of the practices. The DOJ complaint charges among other things that the Omnicare’s Compliance Department succinctly acknowledged the problem in an internal April 2015 email in which one Regional Compliance Officer stated: “An issue that I am running into more and more in multiple states concerns the ability of our systems to allow prescriptions to continue to roll after a year to a new prescription number without any documentation or pharmacist intervention.” A compliance officer then forwarded the email to the head of Omnicare’s Third Party Audit group, who responded that she had a “potential solution (programmed last year) but no one is rolling it out now.”

DOJ says Omnicare’s practice of illegally dispensing drugs to elderly and disabled individuals living in LTC facilities exposed these vulnerable individuals to a significant risk of harm. In contrast to traditional skilled nursing homes, where residents have access to 24-hour medical care supervised by doctors, assisted living and other non-skilled residential facilities offer more limited medical care, or none at all. In particular, these LTC facilities generally do not have doctors on staff to oversee and monitor residents’ drug therapy.

Many of the prescription drugs dispensed by Omnicare without valid prescriptions treat serious, chronic conditions, such as dementia, depression, and heart disease. They include antipsychotics, anticonvulsants, cardiovascular medications, anti-depressants, and other drugs that can have dangerous side effects and need to be closely monitored by doctors, particularly when taken in combination with other drugs by elderly patients. By repeatedly dispensing potent drugs without current and valid prescriptions, Omnicare jeopardized the health and safety of tens of thousands of individuals who continued to take the same drugs for months, and sometimes years, without consulting their doctors to determine whether the medications were still clinically appropriate.

A large percentage of the long-term care residents served by Omnicare are beneficiaries of federal healthcare programs. By dispensing drugs without valid prescriptions, Omnicare presented, or caused to be presented, hundreds of thousands of false claims to Medicare, Medicaid, and TRICARE. These claims were ineligible for payment. In addition, Omnicare knowingly transmitted false information to these federal healthcare programs that made it appear that drug dispensations were supported by current, valid prescriptions from physicians when in fact they were not.

The DOJ lawsuit resulted from the DOJ’s intervention in whistleblower lawsuits filed by former employees.

In today’s announcement of the lawsuit, Manhattan U.S. Attorney Geoffrey S. Berman said: “As alleged, Omnicare put at risk the health of tens of thousands of elderly and disabled individuals living in assisted living and other residential long-term care facilities by dispensing drugs for months, and sometimes years, without obtaining current, valid prescriptions from doctors. A pharmacy’s fundamental obligation is to ensure that drugs are dispensed only under the supervision of treating doctors who monitor patients’ drug therapies. Omnicare blatantly ignored this obligation in favor of pushing drugs out the door as quickly as possible to make more money. This Office will continue to hold accountable those who put at risk people’s health and safety just to turn a profit.”

Meanwhile, HHS-OIG Special Agent in Charge Scott J. Lampert said: “Failing to consult doctors as to whether prescriptions should be refilled places patients’ health and medical care at serious risk. These automatic rollover refills could have significant consequences for vulnerable people in long term-care facilities. We will continue working with law enforcement partners to protect people depending on these taxpayer-funded government health programs.”

More information is expected to be forthcoming.

For More Information

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve fraud, substandard quality, safety, unprofessional conduct, sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Leave a Comment » | Conditions of Participation, Controlled Substances, Corporate Compliance, DEA, Doctor, drug treatment, E-Prescribing, false claims act, FDA, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, Health Insurance, Health Plan, Health Plans, healthcare, HHS, Hospice, long-term care, Medicare Prescription Drug Program, OIG, Patient Empowerment, Pharmaceudical, Pharmacy, Prescription Drugs, Reimbursement, Uncategorized, Veterans Health, Veterans Health Administration, Veterans Health Care | Tagged: controlled substance, cvs, DEA, drugs, false claims act, Health Care, Health Care Fraud, Health Care Provider, HEAT, Medicaid, omnicare, pharmacist, pharmacy | Permalink
Posted by Cynthia Marcotte Stamer

Jackson Health System Nailed With $2.15 Million Plus Penalty For Violating HIPAA

October 23, 2019

Jackson Health System (JHS) has paid a heavy price for violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules between 2013 and 2016.

The $2,154,000 civil monetary penalty the Miami, Florida-based nonprofit academic medical system paid to the Department of Health & Human Services Office for Civil Rights (OCR) to settle OCR charges it violated the HIPAA Security & Breach Notifications= Rules makes clear the urgent need for other health care providers, health plans, healthcare clearinghouses and their business associates to verify the adequacy of their organizations with HIPAA’s privacy, security and breach notification rules currently and on an ongoing basis.

The $2.1 million plus payment was required to satisfy a civil monetary penalty assessment OCR imposed in a Notice of Proposed Determination and Notice of Final Determination made public by OCR on October 23, 2019 in response to findings from a series of investigations of HIPAA breach and compliance concerns raised between 2013 and 2016 raised by various HIPAA-mandated breach reports and media reports that raised concerns about improper access disclosure and use of patient PHI between 2013 and 2016. When JHS did not challenge the findings or determination became final. OCR reports JHS has paid the specified $2.154,000 civil monetary penalties.

JHS HIPAA Violations Found By OCR

JHS operates six major hospitals, a network of urgent care centers, multiple primary care and specialty care centers, long-term care nursing facilities, and corrections health services clinics, provides health services to approximately 650,000 patients annually, and employs about 12,000 individuals. The OCR investigation stemmed from a series of breach and media reports spanning several years and revealed a host of long standing violations of long-standing HIPAA requirements and a failure to accurately disclose or correct those or other violations of a nature that likely continue to exist in many health care systems and other covered entities.

On August 22, 2013, JHS submitted a breach report to OCR stating that its Health Information Management Department lost paper records containing the protected health information (PHI) of 756 patients in January 2013. JHS’s internal investigation determined that an additional three boxes of patient records also were lost in December 2012; however, JHS did not report the additional loss or the increased number of individuals affected to 1,436, until June 7, 2016.

In July 2015, OCR initiated an investigation following a media report that disclosed the PHI of a JHS patient. A reporter had shared a photograph of a JHS operating room screen containing the patient’s medical information on social media. JHS subsequently determined that two employees had accessed this patient’s electronic medical record without a job-related purpose.

On February 19, 2016, JHS submitted a breach report to OCR reporting that an employee had been selling patient PHI. The employee had accessed inappropriately over 24,000 patients’ records since 2011.

According to OCR Director Roger Severino, “OCR’s investigation revealed a HIPAA compliance program that had been in disarray for a number of years. …This hospital system’s compliance program failed to detect and stop an employee who stole and sold thousands of patient records; lost patient files without notifying OCR as required by law; and failed to properly secure PHI that was leaked to the media.”

These and other findings led to the OCR determination in the Notice of Proposed Determination and Notice of Final Determination that JHS failed to provide timely and accurate breach notification to the Secretary of HHS, conduct enterprise-wide risk analyses, manage identified risks to a reasonable and appropriate level, regularly review information system activity records, and restrict authorization of its workforce members’ access to patient ePHI to the minimum necessary to accomplish their job duties. OCR assessed the $2.1 million civil monetary penalty based on these determinations.

Lessons For Other Health Providers & HIPAA Covered Entities Likely Similarly Exposed

The JHS civil monetary penalty is the latest in a growing series of OCR enforcement and regulatory actions that drive home the perils HIPAA-covered health care, health plan, healthcare clearinghouse and business associates risk by failing to responsibly and effectively manage their HIPAA compliance. A review of the available JHS record reveals that like all too many HIPAA-covered entities, JHS never adequately implemented appropriate measures to operationally comply with many of the original HIPAA requirements and perpetuated those deficiencies despite the series of breaches. Sadly, many other health care systems and other HIPAA-covered entities are subject to the same practices. Failing to address these compliance issues makes these non-compliant entities susceptible to the same type of enforcement and other liabilities that JHS now has experienced.

OCR enforcement data documents a steady rise in OCR investigation and enforcement activity. OCR set all-time records for HIPAA Enforcement in 2018. Heavy enforcement activity has continued in 2019. Before its October 23, 2019 announcement of the JHS civil monetary penalties, OCR already had announced:

A $10,000 resolution agreement with a dental practice for improperly disclosing patient PHI on social media at the beginning of October;
Its first HIPAA right of access resolution agreement against a health care provider for violating HIPAA’s right of access rules on September 9, 2019 as part of its recently announced HIPAA access rule enforcement initiative;
A $100,000 resolution payment from an Indiana Medical Records Service resulting from a breach of electronic protected health information at a business associate;
The collection of a $3 million resolution payment collected from a Tennessee diagnostic medical imaging services company to settle HIPAA civil monetary penalty exposures arising from a breach that exposed the protected health information of more than 300,000 patients; and
A multitude of other audits and enforcement activities resolved through corrective action without collection of any resolution payment or civil monetary penalties.

Given these and other previously announced enforcement initiatives and actions, all HIPAA covered entities and their business associates are urged to maintain hyper-vigilance about their own HIPAA compliance with long standing as well as emerging HIPAA requirements taking into account old, recent, and emerging guidance and enforcement activities of OCR. Given the almost certain discovery or discussion of known or uncovered compliance concerns and other sensitive information, covered entities are cautioned that these activities generally should be undertaken under the guidance of an experienced attorney within the scope of attorney client privilege.

For More Information

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press Health Care Risk Management & Operations Group and registering for updates on our Solutions Law Press Website.

About the Author

As a primary focus of this work, Ms. Stamer has worked extensively with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers, health industry advocacy and other service providers and groups and other health industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is noted for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Leave a Comment » | Academic medicine, Conditions of Participation, continuing medical education (CME), Corporate Compliance, Cultural diversity, Discrimination, Doctor, Employer, Employment law, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Provider, Health Care Quality, Home Health, Hospital, hospitals, Immigration, Inpatient Rehabilitation, Labor Law, Laws, Life Sciences, Medical Privacy, Patient Empowerment, Peer Review, Psychiatric, Section 1557, Sexual Abuse, Sexual Assault, Sexual Harassment, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

IRS Proposes Easing Disclosure Requirements For Certain Tax-Exempt Entities

October 9, 2019

December 10, 2019 is the deadline for charitable and other tax-exempt organizations to comment on proposed regulations the Internal Revenue Service (“IRS”) intends to use to implement clarify the reporting requirements generally applicable to tax-exempt organizations as they apply to returns filed after September 6, 2019.

The proposed regulations officially published by the IRS in the September 10, 2019 Federal Register implement changes in response to various statutory amendments and certain grants of reporting relief announced by the Treasury Department and the IRS in prior guidance to help many tax-exempt organizations generally find the reporting requirements in one place. Among other provisions, the proposed regulations incorporate the existing exception from having to file an annual return for certain organizations that normally have gross receipts of $50,000 or less, which is found in Revenue Procedure 2011-15.

In addition, the proposed regulations also reissue relief for certain tax-exempt entities from requirements to report contributor names and addresses on annual returns filed by certain tax-exempt organizations. Originally announced last year in Revenue Procedure 2018-38, the relief was invalidated by a district court ruling that the Treasury Department and the IRS failed to follow required notice and comment procedures. Under the proposed regulations, filing requirements for Section 501(c)(3) organizations and Section 527 political organizations remain unchanged, and all organizations are required to keep the contributor information and make it available to the IRS upon request.

Additionally, the IRS issued Notice 2019-47 (PDF) providing penalty relief for certain exempt organizations that, consistent with the 2018 guidance from the IRS, do not report the names and addresses of contributors on annual returns for tax years ending on or after December 31, 2018, but on or before July 30, 2019.

Need more information or help evaluating or responding to this or developments? Contact the author licensed attorney experienced in FDA and other health care and other regulatory affairs matters.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications including extensive experience advising and representing health care systems and providers about sexual abuse, assault, harassment, discrimination and other personal and professional misconduct policies, training and other prevention and investigation, peer review and other discipline, mitigation and charges defense, as well extensively published and conducted workshops on “Sex, Drugs & Rock ‘N Role: Preventing and Addressing Personal Misconduct In Healthcare,” “What To Do When Your Employee’s Life Becomes Your Business,” and other educational training and publications for health industry clients and others on these concerns.

In these and other legal, management, governmental affairs work and speaking and publications, Ms. Stamer When working with these and other clients, Ms. Stamer merges a talent for creative problem solving with her detailed legal and operational knowledge and experience to help her clients develop and use legally defensible, pragmatic, client-centric law, performance and risk management tools and processes to manage people, performance, quality, compliance, risk and other operational needs on a real-time, “on demand” basis as well as outsourced general, operations, regulatory affairs or other special counsel capacity on an interim, special project, or ongoing basis. Her clients have included domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients.

Her involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, discipline and defend sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Academic medicine, Conditions of Participation, continuing medical education (CME), Corporate Compliance, Cultural diversity, Discrimination, Doctor, Employer, Employment law, Federal Health Center, Federal Sentencing Guidelines, Form 990, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, hospitals, Immigration, Inpatient Rehabilitation, Labor Law, Laws, Life Sciences, Medical Privacy, Patient Empowerment, Peer Review, Psychiatric, Rural Health Care, Section 1557, Sexual Abuse, Sexual Assault, Sexual Harassment, Tax, Tax-Exemption, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Important Lessons For Health Care Providers From Michigan State Settlement Of OCR Larry Nassar Sexual Abuse Investigation

August 12, 2019

Health care providers should review and tighten their policies and practices for conducting therapies or other procedures on children and other procedures on any patient involving the exposure of the breasts, genitalia or rectum where a patient is fully or partially disrobed as well as sexual assault, abuse and harassment policies and procedures in light of a resolution agreement between the Board of Trustees of Michigan State University (“MSU”) d/b/a Michigan State University and MSU HealthTeam (“MSU HealthTeam”) and MSU Health Care, Inc. (“MSU Health Care”) announced by the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) arising from a civil rights compliance review OCR initiated after federal and state criminal investigations found that an osteopathic physician Larry Nassar sexually abused gymnasts and others while employed as an associate professor by MSU.

OCR opened a compliance review of MSU to determine if its doctors’ offices and clinics violated Title IX of the Education Amendments of 1972 (“Title IX”) and Section 1557 of the Patient Protection and Affordable Care Act (“Section 1557”) after federal and state criminal investigations found Nassar sexually abused hundreds of women and girls under his care over decades while an associate professor at MSU.

Considered alone or in conjunction with the growing awareness and concern fueled by the #me too movement, widespread publicity about the sexual misconduct of Nassar alleged Bill Cosby, billionaire Jeffrey Einstein, who died in prison while awaiting trial last Saturday and others, and OCR’s reaffirmation of its commitment to vigorously enforce civil rights laws in connection with its May 24, 2019 proposal of changes to its Section 1557 implementing regulations, the Resolution Agreement sends a strong signal to health care organizations and individual physician and other health care providers of the advisability of proactively preventing and managing their exposure to potential sexual abuse, assault and harassment complaints brought by patients, caregivers, employees and others.

The OCR investigation that led to the Resolution Agreement arose from a compliance review OCR started after Nassar was sentenced to 40 to 125 years in prison on February 5, 2018, after entering a guilty plea to seven counts of felony criminal sexual conduct in the first degree in Eaton County, Michigan. He also has been convicted to various other federal and state sexual offenses. Additionally, the former dean of MSU’s College of Osteopathic Medicine, William Strampel, was convicted of felony misconduct stemming from a charge that he used his public office to sexually harass students and a separate charge of willfully neglecting to monitor Nassar after an earlier investigation.

Title IX and Section 1557 are two of a multitude of federal laws prohibiting sex discrimination enforced by OCR, Title IX prohibits discrimination on the basis of sex in federally assisted education programs or activities while Section 1557 prohibits discrimination on the basis of sex, race, color, national origin, age and disability in certain health programs or activities.

The Resolution Agreement resolves potential additional enforcement action by OCR against MSU arising from the investigation commenced in response to the Nassar convictions as well as enforcement actions OCR had initiated against the MSU Entities for failing to comply with an earlier OCR resolution agreement.

In return for OCR’s agreement to close its investigation, the Resolution Agreement requires the MSU Entities to implement specific procedures for conducting examinations and procedures involving children as well as procedures and therapies conduct on patients of any age and gender s where the patient is disrobed, in full or in part, and there is exposure of the breasts, genitalia or rectum (“sensitive examinations”) as well as strengthen its other policies, notices and practices impacting the prevention, investigation and redress of sexual abuse, sexual assault, sexual harassment and other sex discrimination against patients, staff, employees and others.

Notably, to help safeguard patients from future sexual assault or abuse, the Resolution Agreement requires the MSU Entities to adopt, communicate to patients and staff and enforce specific policies patient privacy, chaperones and informed consent and patient privacy including

Requiring that staff always follow Universal Precautions with conducting “sensitive examinations,” which the Resolution Agreement defines as “procedures or therapies where the Patient is disrobed, in full or in part, and there is exposure of the breasts, genitalia or rectum);
Require that staff provide the patient with: an explanation of the required examination, procedure or therapy before beginning the procedure and secure informed consent from the patient or if the patient lacks decision making capacity, the consent of the patient’s guardian before conducting any sensitive examination;
Always honor the Patient’s request to have a parent, relative or friend present as a support person present during any sensitive examination;
Requiring a chaperone for all sensitive examinations;
For sensitive examinations of patients of 10 years of age or greater that the chaperone be an authorized member of the health care team and in other cases allow patients and/or their parent or other support person, as well as providers to request a chaperone at any time;
Require that physical examinations of an infant, toddler or child always be performed in the presence of a patient or guardian unless the parent or guardian or, if the parent is unavailable or in situations involving suspected abuse, mental health or other instances where the parental presence would interfere with the examination, another member of the health care team;
Require the use of a chaperone for sensitive examinations be documented in the patient record or where a patient declines or refuses a chaperone for an examination where one is required, require that the provider document the offer and its declination in the record and have the patient or guardian sign a waiver;
Always honor a patient’s request to have a chaperone present even when the patient also has a support person present when conducting a sensitive examination; and
Allow the patient’s wishes and comfort to determine the sex of the chaperone and accommodate, to the extent practicable, a patient’s request for a same sex chaperone

Moreover, the Resolution Agreement also dictates that the MSU Entities ensure that staff always provide patients undergoing sensitive examinations with an appropriate gown, privacy for undressing and dressing, and sensitive draping to maximize physical privacy.

In addition to these specified required procedures for the actual conduct of sensitive medical examinations, the Resolution Agreement also requires that the MSU Entities significantly strengthen their policies, notifications, procedures, and training regarding sexual assault, sexual abuse, sexual harassment and sex discrimination including to:

Revise their existing non-discrimination notices and sexual misconduct policies to clarify Title IX’s and Section 1557’s prohibitions against sex discrimination, including sex discrimination, sexual harassment, sexual abuse and sexual assault, against men and women;
In the revised non-discrimination notices and sexual misconduct policies clearly communicate that patient, staff or individuals who believe they are victims of sexual harassment, abuse, assault or other sexual harassment are “encouraged” to report their concerns to the designated MSU Entities’ Title IX and Section 1557 compliance team, the MSU police and OCR and explains the procedures for making those reports;
Conspicuously post and distribute the revised nondiscrimination and sexual misconduct policy notices which clearly communicate the clarified non-discrimination and sexual harassment policies;
Improve their processes for notifying students, staff, patients and others about reporting and for investigating and resolving Title IX and Section 1557 complaints (including for MSU-students, non-MSU-student patients, faculty and staff) including specific requirements concerning reporting to and coordination between MSU Entities’ compliance staff and law enforcement;
Designate a responsible official to coordinate the acceptance, investigation and resolution of Title IX and Section 1557 complaints;
Conduct all-staff training, planning and coordination between MSU Entities’ compliance and investigation teams and law enforcement, and provide bi-annual reports to OCR during the three year term of the agreement;
Require that all grievances or complaints alleging sexual assault, sexual abuse, sexual harassment or other sex discrimination filed by any patient, staff or other individual related to the MSU Health Team, be reviewed and investigated by, or under the supervision of, a dedicated independent health care investigator approved by OCR, who MSU may only terminate for cause with OCR’s consent.

While neither exhaustive nor binding on any other health care providers, the conditions (CR imposed against MSU under the Resolution Agreement are concrete steps other health care organizations and providers, academic institutions and other organizations and individuals at risk of claims directly or vicariously should consider using as part of their efforts to prevent and defend themselves against potential exposures to sexual misconduct charges.

With the #metoo movement and other widespread media coverage of the Nassar, Jeffery Epstein, Bill Cosby and other sex scandals fueling growing awareness and discussion about sexual abuse, assault and harassment, physicians and other individual health care providers as well as the health care systems, clinics and other health industry organizations, educational institutions and businesses generally face heightened risks of accusations by patients, caregivers, employees, and others of sexual misconduct. Whether founded in fact, hypersensitivity, or independent agenda, recent history proves the potentially financially costly civil judgments or settlements, as well as career if not freedom ending consequences health care providers and institutions if unable to defend these claims. In addition to the criminal sentences imposed upon Nassar and, for instance, MSU previous entered into a civil settlement with more than 300 alleged victims of 332 women and girls who alleged they were Nassar sexual assault victims. See MSU reaches $500M settlement with Nassar victims. This huge civil liability and the fact that MSU accepteed it rather than risk a potential jury verdict reflects the significance of the this liability risk.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications including extensive experience advising and representing health care systems and providers about sexual abuse, assault, harassment, discrimination and other personal and professional misconduct policies, training and other prevention and investigation, peer review and other discipline, mitigation and charges defense, as well extensively published and conducted workshops on “Sex, Drugs & Rock ‘N Role: Preventing and Addressing Personal Misconduct In Healthcare,” “What To Do When Your Employee’s Life Becomes Your Business,” and other educational training and publications for health industry clients and others on these concerns.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

New Pharma Transparency Rules Mean More Work For Providers

May 9, 2019

Physicians, pharmacists and pharmacies, prescription benefit management companies and other health industry participants should begin preparing for new questions and other responsibilities likely to arise from the Department of, Health and Human Services(“HHS”) Medicare and Medicaid Programs; Regulation to Require Drug Pricing Transparency Final Rule (the “Rule”) announced on Wednesday, May 8 and scheduled for official publication in the May 10, 2019 Federal Register.

Under the Rule, the Centers for Medicare & Medicaid Services (“CMS”) will require direct-to-consumer television advertisements for prescription pharmaceuticals covered by Medicare or Medicaid to include the list price – the Wholesale Acquisition Cost – if that price is equal to or greater than $35 for a month’s supply or the usual course of therapy. Basically this means the required price information will be added to the disclosures pharmaceutical manufacturers provide during their television advertisements.

Part of President Trump’s American Patients First blueprint, the 102 page Rule seeks to increase transparency for patients and bring down overall drug costs both for patients and for the Medicare and Medicaid programs with the prices updated quarterly.

According to CMS, the 10 most commonly advertised drugs have list prices ranging from $488 to $16,938 per month or usual course of therapy. CMS believes patients should know what a drug costs as they discuss their options with their doctor.

While pharmaceutical drug manufactures generally must obtain approval from the FDA Office of Prescription Drug Promotion (ODPD) for advertising, OPDP does not review price information in prescription drug advertisements. Consequently, HHS says ODPD will not require a manufacturer that simply adds price information to a direct-to-consumer advertisement as required by § 403.1202 of the Rule unless the price information explicitly or implicitly incorporates safety or efficacy information about the drug, or makes express or implied claims about the safety or efficacy of the drug.

In addition to the Rule, HHS continues to review a number of other rules and proposals it hopes to further advance the American Patients First blueprint initiative to improve drug price transparency and inform consumer decision making by fixing opaque systems, changing incentives that drive costs or other undesirable behaviors by pharmaceutical companies, prescription benefit management (“PBM”) companies, health insurers and plans, providers and patients.

While physicians and other health care providers, health plans and their employer sponsors and other health industry organizations have urged greater transparency and other reforms to impact skyrocketing pharmaceutical costs and other concerns, health care providers and health plans need to prepare for a wave of new questions from patients and their caregivers that the new information on pricing likely will fuel and the resulting scrutiny of their own activities and processes relation to the selection of prescription drugs. Physicians and other health care providers should anticipate that more patients and caregivers will question provider prescription of higher cost drugs and ask providers to justify their choices. Providers not only should be prepared to explain their own choices and also to chart their advice to help defend potential challenges. Meanwhile hospitals and other health care entities, health plans, health insurers, PBMs and other health industry players using internal pharmaceutical cost management programs also can anticipate those practices also will come under added scrutiny. In anticipating this added scrutiny, health and health plan players should resist the temptation of assuming that the availability of the additional price information will facilitate discussions with patients or their caregivers about prescription drugs, their selection and comparability for treatment choices and other related concerns. Rather, health care providers and plans alike should anticipate that the added discussions the new price transparency rules are intended to fuel will result in more questioning and require greater care in responding to and justifying their recommendations to patients and plan members. Prayers and providers alike need to anticipate these demands and make the necessary arrangements to prepare for these discussions, by budgeting and setting aside the required time, preparing defensible explanations for the recommendations, and creating the necessary documentation to defend these activities.

If you have questions or would like more information about the new Rule or other developments impacting your health plan design or administration, please contact the author directly. You also are invited to stay abreast of these and other health care developments by participating in our Solutions Law Press, Inc. Linkedin SLP Health Care Risk Management & Operations Group or COPE: Coalition On Patient Empowerment Group or Project COPE: Coalition on Patient Empowerment Facebook Page.

About the Author

Ms. Stamer’s legal, management, governmental affairs work and speaking and publications have focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients as well as a diverse array of other business and government entities. Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with operational compliance and risk management; strategic planning; product and services development and innovation; workforce and operations management: crisis preparedness and response; public and regulatory affairs and host of other concerns.

As part of this work, Ms. Stamer continuously advises clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. She helps clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

As part of this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

Author of leading works on a multitude of these and other concerns, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, and Board Certified by the Texas Board of Legal Specialization in Labor and Employment Law, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Academic medicine, Conditions of Participation, Consumer Driven Health Care, continuing medical education (CME), Corporate Compliance, DEA, Direct Primary Care, Doctor, drug treatment, E-Prescribing, Employer, Evidence Based Medicine, FDA, Health Care, Health Care Provider, Health Care Quality, Health Care Reform, health care reimbursement, Health Insurance, Health Plan, Health Plans, healthcare, home health, Hospice, Hospital, hospitals, Indian Health, Medicaid, Medicaid Advantage, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Medicare Fee Schedule, Pharmaceudical, Pharmacy, Physician, Physician Licensing, Prescription Drugs, Public Policy, Reimbursement, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

VA Offers Free Online Provider Training on Chronic Multisymptom Illness & Other Veteran Care Topics

May 1, 2019

Health care providers treating veterans should check out the free training on “Chronic multisymptom illness,” and other topics offered by the War Related Illness and Injury Study Center (WRIISC).

A national program and foundational service of Post Deployment Health Services (PDHS) within the Veterans Health Administration, WRIISC offers the “ON Demand” training for health care providers at no cost to community providers.

The trainings are designed to equip community affiliates with the knowledge needed to address Veterans unique health concerns and provide recommendations for Veteran care and management via one of the most widely used national learning management platforms, the Training Finder Real-Time Affiliate-Integrated Network (TRAIN) website. Continuing education credit for VA and community providers is offered and accredited by the following disciplines: ACCME, ACCME-NP, ANCC, APA, ASWB, NYSED and NBCC.

WRIISC just announced its release of the latest online training module on “Chronic multisymptom illness,” which it says offers healthcare professionals an opportunity to gain insight into chronic multi-symptom illness including the incidence in civilian and military populations, defining characteristics and the latest resources and management strategies to consider for care. See On TRAIN: ID: 1084440 – WRIISC Mod 4: Chronic Multi-symptom Illness (CMI)

On TMS: ID: 38029 – WRIISC Mod 4: Chronic Multi-symptom Illness.

Other previously also released Modules available via accessing the platforms include:

Module 1: Assessing Deployment Related Environmental Exposures

Module 2: Airborne Hazards

Module 3: Gulf War Illness

WRIISC says curriculums are designed to ensure that both VA and community providers learn of, and increase their expertise in, issues which are unique to Veteran care. Subsequent E-Learning education Modules in the series will focus on Depleted Uranium, Embedded Fragments and non-deployment exposures.

To access the training on TMS log into TMS and click on “browse the catalog” in the left hand corner of the page. Then, search for “WRIISC”.

Visit http://www.WarRelatedIllness.va.gov/education/ to learn more about WRIISC Education.

About the Author

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

As core components of this work, Ms. Stamer helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Her clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Biological Warfare, continuing medical education (CME), Disease Management, Doctor, Health Care, Health Care Provider, home health, Hospital, Physician, Uncategorized, Veterans Health, Veterans Health Care | Permalink
Posted by Cynthia Marcotte Stamer

Beef Up Patient Education & Management Tools With Diabetes Alert Day Resources

March 26, 2019

Physicians and other health care providers concerned about helping patients and others prevent and deal with Type 2 Diabetes should use today’s annual Diabetes Awareness Day observances and resources to beef up their Diabetes screening and management efforts and toolkits.

With 1 in 3 adult Americans at risk for Type 2 diabetes, the Centers for Disease Control (“CDC”) and other public and private organizations partnering in The National Diabetes Prevention Program are urging all physicians and other health care providers to partner in their efforts to prevent, delay and manage Type 2 diabetes.

Celebrated every year on the fourth Tuesday in March, Diabetes Alert Day promotes awareness of the prevalence and risks of undiagnosed or unmanaged Type 2 Diabetes to Americans, American taxpayers, health benefit programs and their communities.

More than 30 million people in the United States have diabetes and an additional 84 million adults—over a third—have prediabetes, and 90% of them don’t know they have it.
Diabetes is the 7th leading cause of death in the United States (and may be underreported).
Type 2 diabetes accounts for about 90% to 95% of all diagnosed cases of diabetes; type 1 diabetes accounts for about 5%.
In the last 20 years, the number of adults diagnosed with diabetes has more than tripled as the American population has aged and become more overweight or obese
Undiagnosed or unmanaged Type 2 diabetes threatens serious and disabling medical risks for afflicted individuals that also are financially costly for patients and their families, their health plans, taxpayers and communities.

While Type 2 Diabetes and its costs often can be prevented or minimized through appropriate diagnosis and treatment, Type 2 diabetes symptoms often develop over several years and go on for a long time without being noticed. Health care providers generally recognize the need to screen patients for Type 2 Diabetes as well as educating patients to recognize the factors for Type 2 Diabetes and to contact their physician promptly when experiencing these symptoms, but often have limited time and resources to help educate patients and their families.

To start with, the CDC and its partners are encouraging all health care providers to urge their patients to take the online Type 2 Diabetes Risk, screen and educate patients and promote use of CDC-recognized lifestyle change programs to individuals suffering or at risk for Type 2 diabetes.

To help health care providers participate more effectively in the fight to prevent, detect and manage Type 2 Diabetes, the CDC and its partners provide a number of Diabetes screening and management resources for physicians and other health care providers. These resources include a variety of patient education and screening tools, resources on Medicare and other coverage for diabetes screening and management, a list of

Physicians and other health care providers should check out the resources available from the CDC and take advantage of some of these resources to beef up their Type 2 and other Diabetes patient education, prevention, screening and management efforts, a directory of CDC-recognized lifestyle change programs and more

Learn more about Type 2 Diabetes cost modeling, screening, prevention and other health care resources Project Cope: Coalition for Patient Empowerment Newsletter and share your own resources and ideas on diabetes and management and other health care best practices, challenges, policies and concerns by participating in our Linkedin SLP Health Care Risk Management & Operations Group or COPE: Coalition On Patient Empowerment Group or Project COPE: Coalition on Patient Empowerment Facebook Page

About the Author

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | ambulance, Centers For Disease Control, Childrens Health Insurance Program, Clinical pathway, Conditions of Participation, Consumer Driven Health Care, Corporate Compliance, Diabetes, Disease Management, Doctor, drug treatment, Emergency Care, Employee Benefits, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Health Care Reform, health care reimbursement, Health Insurance, Health Plan, Health Plans, Health Policy, healthcare, home health, Hospital, hospitals, Human Subjects Research, Joint Commission, Life Sciences, managed care, Medicare Fee Schedule, participating provider, Patient Empowerment, Pharmacy, Physician, Provider contracting, public health, Reimbursement, surprise billing, Uncategorized | Tagged: Diabetes, Disease Management, Health Care, Patient Empowerment, Physicians, Wellness | Permalink
Posted by Cynthia Marcotte Stamer

Cognitive Disability Exclusion from Heart Transplant List Placement Prohibited

February 13, 2019

Exclusion of a cognitively impaired patient from its heart transplant list landed University of North Carolina Healthcare System (“UNC Healthcare”) in hot water with the Department of Health and Human Services Office of Civil Rights (OCR). The OCR enforcement action highlights the need for health care organizations to re-evaluate long-standing practices for limiting or denying access to transplants, research or other restricted treatment based on cognitive, mental or other impairments of the patient.

OCR announced February 12 that it resolved a complaint against UNC Health Care alleging that it unlawfully denied an individual the opportunity to be placed on the United Network for Organ Sharing (UNOS) list on the basis of their disability. UNC Health Care is a public academic medical center comprised of North Carolina Memorial Hospital, North Carolina Children’s Hospital, North Carolina Neurosciences Hospital, and North Carolina Women’s Hospital.

Federal law generally prohibits health care providers from discriminating against patients based on disability. Section 504 of the Rehabilitation Act of 1973, 29 U.S.C. § 794 (“Section 504”) prohibits discrimination on the basis of disability by recipients of Federal financial assistance.

In addition, the Americans with Disabilities Act of 1990, 42 U.S.C. § 12101 et seq. (“ADA”), prohibits discrimination on the basis of disability by both public and private entities, whether or not they receive Federal financial assistance. Providers covered by Section 504 and/or the ADA may not deny benefits or services to qualified individuals with disabilities or provide lesser benefits than they provide to others. In general, an individual with a disability is “qualified” if that person meets the essential eligibility requirements for receipt of services or participation in the program or activity with or without reasonable modification to rules, policies or practices. The purpose of these laws is to ensure that covered programs are as accessible to persons with disabilities as they are to nondisabled individuals.

In September 2018, OCR received a complaint alleging that an individual with an intellectual disability was in need of a heart transplant, but a doctor on staff at UNC Health Care determined that they were not a good candidate for heart transplant because of their developmental learning disabilities and because they do not live independently. The complainant asserted that without the transplant, they would eventually die.

OCR used the Early Complaint Resolution (ECR) process to achieve a successful resolution of this matter. ECR is a facilitated negotiation between the parties to an OCR complaint with the goal of achieving a resolution that quickly provides a remedy to the individual that has been allegedly discriminated against as well as securing additional measures that can be implemented to reduce the likelihood of future incidents of alleged discrimination.

In January 2019, UNC Health Care agreed that the individual’s medical records will be amended to clarify that they are eligible to be considered for placement on the UNOS transplant list. OCR will provide technical assistance to UNC Health Care in the development of their transplant eligibility policy.

The UNC Healthcare enforcement and resolution is the latest in a lengthy and growing list of disability discrimination enforcement actions OCR has taken against health care providers and plans. Cognitive disorders and mental disabilities are frequently the basis of these actions. Additionally health care providers and health plans also can incur liability from private lawsuits for prohibited discrimination. In the light of growing awareness and enforcement of these disability discrimination prohibitions, health care providers should review and correct procedures to mitigate risks.

About the Author

Scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues.

Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; managed care organizations, insurers, self-insured health plans and other payers and their management; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about contracting, credentialing and quality assurance, compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Author of works on Payer and Provider Contracting and many other managed care concerns, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

©2019. Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Leave a Comment » | Academic medicine, ADA, ASC, Conditions of Participation, Cultural diversity, Disability Discrimination, Discrimination, DME, Doctor, Employer, Health Care, Health Care Provider, Health Care Quality, HHS, Home Health, home health, Hospice, Hospital, hospitals, Mental Health, OCR, Pharmaceudical, Pharmacy, Physician, research, transplant, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Year-End $3 Million HIPAA Settlement Pushes 2018 OCR HIPAA Recoveries Over $28 Million; Act Promptly To Strengthen Compliance & Share Ideas For Simplification

February 7, 2019

Health care providers, health plans, health care clearinghouse and their business associates (“Covered Entities”) should reconfirm the adequacy of their organization’s Health Insurance Portability and Accountability Act (“HIPAA”) compliance in light the U.S Department of Health and Human Services Office of Civil Rights (“OCR”) February 7, 2019 announcement that OCR reached a 2018 year-end $3 Million Resolution Agreement with California-based Cottage Health that pushed OCR’s already record-setting 2018 enforcement HIPAA recoveries to more than $28.7 million in a year already distinguished by OCR’s record-setting $16 million resolution payment collection from Anthem.

Along with acting to ensure their own organization’s ability to defend their HIPAA compliance, Covered Entities and their leaders also should take advantage of the opportunity to provide input to OCR on opportunities for simplifying and improving OCR’s HIPAA regulations and enforcement by submitting relevant comments by February 12, 2019 in response to a Request for Information published by OCR in December that invites public input.

Learn more de

2018 Cottage Health Resolution Agreement

According to OCR’s February 7, 2019 announcement, Cottage Health agreed in OCR’s final settlement of 2017 to pay OCR $3 million and to adopt a substantial corrective action plan to settle charges of HIPAA violations resulting from OCR’s investigations into two HIPAA Breach notifications Cottage Health filed regarding breaches of unsecured electronic protected health information (ePHI) affecting over 62,500 individuals.

A December 2, 2013 breach notification that the removal of electronic security protections by a Cottage Health contractor rendered ePHI such as patient names, addresses, dates of birth, diagnoses/conditions, lab results and other treatment information of 33,349 individuals on a Cottage Health server accessible for download without a username or password from the internet to anyone outside Cottage Health. In an update to its original report filed on July 2, 2014, Cottage Health increased the number of individuals affected by this breach to 50,917. OCR’s investigation determined that security configuration settings of the Windows operating system permitted access to files containing ePHI without requiring a username and password. As a result, patient names, addresses, dates of birth, diagnoses, conditions, lab results and other treatment information were available to anyone with access to Cottage Health’s server.
A December 1, 2015, that the misconfiguration of a server following an IT response to a troubleshooting ticket, exposed unsecured ePHI including patient names, addresses, dates of birth, social security numbers, diagnoses, conditions, and other treatment information of 11,608 individuals over the internet.

Based upon its investigation into the two breach reports, OCR concluded Cottage Health violated HIPAA by failing to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the ePHI; failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level; failed to perform periodic technical and non-technical evaluations in response to environmental or operational changes affecting the security of ePHI; and failed to obtain a written business associate agreement with a contractor that maintained ePHI on its behalf.

To resolve its exposure to potentially must greater civil monetary sanctions that OCR might seek for such potential violations under HIPAA’s civil monetary sanction rules, Cottage Health entered into December, 2018 Resolution Agreement to pay the $3 million settlement and undertake what OCR characterizes as “a robust corrective action plan to comply with the HIPAA Rules.” Among other things, the corrective action plan requires Cottage Health to:

Conduct an enterprise-wide risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by Cottage Health (“Risk Analysis”) that OCR views as satisfactory to meet the requirements of 45 CFR 164.308(a)(1)(ii)(A);
Develop and implement a risk management plan to address and mitigate any security risks and vulnerabilities identified in the Risk Analysis acceptable to OCR;
Implement a process for regularly evaluating environmental and operational changes that affect the security of Cottage Health’s ePHI;
Develop, maintain, and revise, as necessary, written policies and procedures to comply with the Federal standards that govern the privacy and security of individually identifiable health information under 45 C.F.R. Part 160 and Subparts A, C, and E of Part 164 (the “Privacy Rule” and “Security Rule”).
Distribute to and conduct training on the HIPAA policies and procedures from all existing and new members of the Cottage Health workforce with access to PHI. Additionally, Cottage Health require all workforce members that have access to PHI to certify their receipt of, understanding and commitment to comply with the HIPAA Policies before allowing access to PHI and must deny access to PHI to any workforce member that has not provided the required certification.
Submit to ongoing notification and reporting requirements to keep OCR informed about its compliance efforts.

2018 Record Setting HIPAA Enforcement Year

The final Resolution Agreement negotiated by OCR in 2018, the $3 million Cottage Health Resolution Agreement signed on December 11, 2018 added to an already record-setting year of HIPAA enforcement recoveries by OCR. In addition to recovering the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc. OCR’s recovery of the following HIPAA settlements and fines totaling nearly $28.7 million surpassed its previous 2016 record of $23.5 million by 22 percent.

Date	Name	Amount
Jan. 2018	Filefax, Inc (settlement)	$ 100,000
Jan. 2018	Fresenius Medical Care North America (settlement)	$ 3,500,000
June 2018	MD Anderson (judgment)	$ 4,348,000
Aug. 2018	Boston Medical Center (settlement)	$ 100,000
Sep. 2018	Brigham and Women’s Hospital (settlement)	$ 384,000
Sep. 2018	Massachusetts General Hospital (settlement)	$ 515,000
Sep. 2018	Advanced Care Hospitalists (settlement)	$ 500,000
Oct. 2018	Allergy Associates of Hartford (settlement)	$ 125,000
Oct. 2018	Anthem, Inc (settlement)	$ 16,000,000
Nov. 2018	Pagosa Springs (settlement)	$ 111,400
Dec. 2018	Cottage Health (settlement)	$ 3,000,000
Total (settlements and judgment)		$ 28,683,400

Aside from the previously discussed Cottage Health Resolution Agreement OCR announced on February 7, 2019, these OCR 2018 enforcement recoveries included:

FileFax Resolution Agreement. In January 2018, OCR settled for $100,000 with Filefax, Inc., a medical records maintenance, storage, and delivery services provider. OCR’s investigation found that Filefax impermissibly disclosed protected health information (PHI) by leaving the PHI in an unlocked truck in the Filefax parking lot, or by granting permission to an unauthorized person to remove the PHI from Filefax, and leaving the PHI unsecured outside the Filefax facility.
Fresenius Medical Care North America Resolution Agreement. In January 2018, OCR also settled for $3.5 million with Fresenius Medical Care North America (FMCNA), a provider of products and services for people with chronic kidney failure. FMCNA filed five breach reports for separate incidents occurring between February 23, 2012 and July 18, 2012, implicating the electronic protected health information (ePHI) of five FMCNA owned covered entities. OCR’s investigation revealed that FMCNA failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI. Additional potential violations included failure to implement policies and procedures and failure to implement a mechanism to encrypt and decrypt ePHI, when it was reasonable and appropriate to do so under the circumstances.
MD Anderson ALJ Ruling. In June 2018, an HHS Administrative Law Judge ruled in favor of OCR and required The University of Texas MD Anderson Cancer Center (MD Anderson), a Texas cancer center, to pay $4.3 million in civil money penalties for HIPAA violations. OCR investigated MD Anderson following three separate data breach reports in 2012 and 2013 involving the theft of an unencrypted laptop from the residence of an MD Anderson employee and the loss of two unencrypted universal serial bus (USB) thumb drives containing the unencrypted ePHI of over 33,500 individuals. OCR’s investigation found that MD Anderson had written encryption policies going back to 2006 and that MD Anderson’s own risk analyses had found that the lack of device-level encryption posed a high risk to the security of ePHI. Despite the encryption policies and high risk findings, MD Anderson did not begin to adopt an enterprise-wide solution to encrypt ePHI until 2011, and even then it failed to encrypt its inventory of electronic devices containing ePHI between March 24, 2011 and January 25, 2013. This matter is under appeal with the HHS Departmental Appeals Board.
MMC/BWH/MGH Resolution Agreements. In September 2018, OCR announced that it has reached separate settlements totaling $999,000, with Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH) for compromising the privacy of patients’ PHI by inviting film crews on premises to film an ABC television network documentary series, without first obtaining authorization from patients.
ACH Resolution Agreement. In September 2018, OCR also settled with Advanced Care Hospitalists (ACH), a contractor physician group, for $500,000. ACH filed a breach report confirming that ACH patient information was viewable on a medical billing services’ website. OCR’s investigation revealed that ACH never had a business associate agreement with the individual providing medical billing services to ACH, and failed to adopt any policy requiring business associate agreements until April 2014. Although ACH had been in operation since 2005, it had not conducted a risk analysis or implemented security measures or any other written HIPAA policies or procedures before 2014.
Allergy Associates Resolution Agreement. In October 2018, OCR settled with Allergy Associates, a health care practice that specializes in treating individuals with allergies, for $125,000. In February 2015, a patient of Allergy Associates contacted a local television station to speak about a dispute that had occurred between the patient and an Allergy Associates’ doctor. OCR’s investigation found that the reporter subsequently contacted the doctor for comment and the doctor impermissibly disclosed the patient’s PHI to the reporter.
Anthem Resolution Agreement. In October 2018, Anthem, Inc. also paid $16 million to OCR and agreed to take substantial corrective action to settle potential violations of the HIPAA Rules after a series of cyberattacks led to the largest U.S. health data breach in history. Anthem filed a breach report after discovering cyber-attackers had gained access to their IT system via an undetected continuous and targeted cyberattack for the apparent purpose of extracting data, otherwise known as an advanced persistent threat attack. After filing their breach report, Anthem discovered cyber-attackers had infiltrated their system through spear phishing emails sent to an Anthem subsidiary after at least one employee responded to the malicious email and opened the door to further attacks. OCR’s investigation revealed that between December 2, 2014 and January 27, 2015, the cyber-attackers stole the ePHI of almost 79 million individuals, including names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information.
Pegosa Springs Medical Center. In November 2018, Pagosa Springs Medical Center (PSMC), a critical access hospital, paid $111,400 to OCR to resolve potential violations concerning a former PSMC employee that continued to have remote access to PSMC’s web-based scheduling calendar, which contained patients’ ePHI, after separation of employment. OCR’s investigation revealed that PSMC impermissibly disclosed the ePHI of 557 individuals to its former employee and to the web-based scheduling calendar vendor without a business associate agreement in place.

These 2018 Resolution Agreements reaffirm the growing risks that Covered Entities and their business associates run by failing to take adequate steps to prevent and respond to breaches of ePHI and otherwise to maintain their compliance with HIPAA. Covered entities and business associates and their leaders should recognize and respond to these growing risks by reevaluating and strengthening their HIPAA compliance and risk management efforts to minimize the likelihood of violations and enhance their ability to mitigate potential liability that can result from breaches of HIPAA by responding efficiently and effectively.

Other Regulatory & Enforcement Developments

In addition to reaffirming their ongoing compliance with the longstanding requirements of HIPAA and other related federal and state laws, Covered Entities also should use care to carefully monitor and respond to new regulatory and other developments that might create new responsibilities or new opportunities to simplify their HIPAA compliance. In this respect, Covered Entities should take note of the 2018 and ongoing efforts by OCR to develop and publish new rules and other guidance intended to help health care providers and other Covered Entities, patients and caregivers and others understand their rights and responsibilities when dealing with protected health information in relation to patients afflicted with substance abuse and mental illness. Undertaken as part of the Trump Administration’s broader effort to combat opiate and other substance abuse within the United States, OCR in October published a package of guidance on How HIPAA Allows Doctors To Respond To The Opioid Crisis. Covered Entities and others concerned with the management of patients afflicted with substance abuse and mental illness should evaluate this guidance to understand and tailor their practices to respond to OCR’s perspectives of how HIPAA impacts the use, access and disclosure of protected health information as part of these efforts.

Covered Entities and others concerned about HIPAA compliance and interpretation also should carefully monitor and provide appropriate and timely input on developing HIPAA guidance that could impact their operations. In this regard, Covered Entities with ideas about opportunities for improving existing HIPAA guidance are encouraged to submit comments to OCR by February 12, 2019 in response to its Request for Information on improving care coordination and reducing the regulatory burdens of the HIPAA Rules published on December 12, 2018. In that RFI, OCR invites input from the public on how the HIPAA Privacy Rule, could be modified to:

Encourage information-sharing for treatment and care coordination;
Facilitate parental involvement in care;
Address the opioid crisis and serious mental illness;
Account for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act;
Change the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices; and/or
Otherwise simplify or improve the existing HIPAA rules.

As a part of these efforts, Covered Entities and other concerned parties also should anticipate that OCR will be focusing heavily in the upcoming year on the potential HIPAA privacy and security implications of efforts by its sister agency, the Office of the National Coordinator for Health Information Technology (“ONC”), to promote greater interoperability of electronic medical records discussed in ONC’s recent 2018 Report to Congress: Annual Update on the Adoption of a Nationwide System for the Electronic Use and Exchange of Health Information (“Report”).

Under the 21st Century Cures Act, Congress gave ONC authority to enhance innovation, scientific discovery, and expand the access and use of health information through provisions related to:

The development and use of upgraded health IT capabilities;
Transparent expectations for data sharing, including through open application programming interfaces (APIs); and
Improvement of the health IT end-user experience, including by reducing administrative burden.

These priorities seek to increase nationwide interoperability of health information and reduce clinician burden. The Report says increases in the adoption of health IT means most Americans receiving health care services now have their health data recorded electronically. However, this information is not always accessible across systems and by all end users—such as patients, health care providers, and payers—in the market in productive ways. While the Report states ONC intends to move forward to promote efforts to help ensure that electronic health information can be shared safely and securely where appropriate to improve the health and care of all Americans, these activities inherently will raise many HIPAA concerns and challenges. Covered Entities and others concerned with these activities will want to carefully monitor the concurrent activities of OCR and ONC as these efforts progress, both to help tailor their planning and compliance efforts to respond to the anticipated demand for greater interoperability as required by ONC and to help shape these rules by providing timely input as appropriate in response to these developments.

About the Author

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | 21st century cures act, Academic medicine, ADA, ASC, Consumer Driven Health Care, Controlled Substances, Corporate Compliance, Cyber crime, data breach, Direct Primary Care, Disease Management, DME, Doctor, drug treatment, Durable Medical Equipment, E-Prescribing, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, ERISA, Evidence Based Medicine, FACTA, FDA, Federal Health Center, Genetic Information, GINA, Health Care, Health care coding, Health Care Finance, Health Care Provider, Health Care Quality, health care reimbursement, Health Insurance, Health Insurance Exchange, Health IT, Health Plan, Health Plans, healthcare, HHS, HIPAA, HIPAA Cyber Crime, HITECH Act, Home Health, home health, Hospice, Hospital, hospitals, Human Subjects Research, Indian Health, Inpatient Rehabilitation, Joint Commission, Laws, legal epidemiology, managed care, Meaningful Use, Medicaid, medical devices, Medical Licensure, Medical Privacy, Medical Records, Medicare, Medicare Advantage, Medicare Fee Schedule, Mental Health, Mental Heatlh, NIOSH, NIST, OCR, Opiates, Outpatient, participating provider, Physician, Prescription Drugs, Privacy, Prospective Payment, Provider contracting, public health, Public Policy, quality reporting, quality repoting, Reimbursement, research, Skilled Nursing Facility, Substance Abuse, Technology, Telemedicine, Veterans Health, Veterans Health Care, Wellness | Tagged: Health Care, Health IT, Medicare, ONC, Physician | Permalink
Posted by Cynthia Marcotte Stamer

ONC Report Signals New Interoperability Demands Coming

January 8, 2019

Interoperability will be a key priority for the Office of the National Coordinator for Health Information Technology (“ONC”) going forward.

That’s the message in the just released 2018 Report to Congress: Annual Update on the Adoption of a Nationwide System for the Electronic Use and Exchange of Health Information (“Report”).

The plan to promote interoperability raises new business and compliance planning opportunities for health care providers, health insurers and other payers, health data and information technology (IT) providers and others.

The Report describes barriers, actions taken, and recommendations as well as ONC’s path forward to implement the 21st Century Cures Act.

Under the 21st Century Cures Act, Congress gave HHS authority to enhance innovation, scientific discovery, and expand the access and use of health information through provisions related to:

The development and use of upgraded health IT capabilities;
Transparent expectations for data sharing, including through open application programming interfaces (APIs); and
Improvement of the health IT end user experience, including by reducing administrative burden.

These priorities seek to increase nationwide interoperability of health information and reduce clinician burden..

Current Status

The Report says increases in the adoption of health IT means most Americans receiving health care services now have their health data recorded electronically. However, this information is not always accessible across systems and by all end users—such as patients, health care providers, and payers—in the market in productive ways. For example:

Despite the individual right to access health information about themselves established by the HIPAA Privacy Rule, patients often lack access to their own health information, which hinders their ability to manage their health and shop for medical care at lower prices;

Health care providers often lack access to patient data at the point of care, particularly when multiple health care providers maintain different pieces of data, own different systems, or use health IT solutions purchased from different developers; and

Payers often lack access to clinical data on groups of covered individuals to assess the value of services provided to their customers.

The Report says these limitations create several problems, including:

Patients should be able to easily and securely access their medical data through their smartphones. Currently, patients electronically access their health information through patient portals that prevent them from easily pulling from multiple sources or health care providers. Patient access to their electronic health information also requires repeated use of logins and manual data updates.

For health care providers and payers, interoperable access and exchange of health records is focused on accessing one record at a time.
Payers cannot effectively represent their members if they lack computational visibility into which health care providers offer the highest quality care at the lowest cost. Without the capability to access multiple records across a population of patients, health care providers and payers will not benefit from the value of using modern computing solutions—such as machine learning and artificial intelligence—to inform care decisions and identify trends.
Payers and employer group health plans which purchase health care have little information on health outcomes. Often, health care providers and payers negotiate contracts based on the health care provider’s reputation rather than on the quality of care that health care provider offers to patients. Health care providers should instead compete based on the entire scope of the quality and value of care they provide, not on how exclusively they can craft their networks. Outcome data will allow payers to apply machine learning and artificial intelligence to have better insight into the value of the care they purchase.

Current Barriers

According to the Report, HHS heard from stakeholders over the past year that barriers to interoperable access to health information remain, including technical, financial, trust, and business practice barriers. These barriers impede the movement of health information to where it is needed across the care continuum. In addition, burden arising from quality reporting, documentation, administrative, and billing requirements that prescribe how health IT systems are designed also hamper the innovative usability of health IT.

Current and Upcoming Actions

The Report states HHS has many efforts to help ensure that electronic health information can be shared safely and securely where appropriate to improve the health and care of all Americans.

ONC also reports Federal agencies, states, and industry have taken steps to address technical, trust, and financial challenges to interoperable health information access, exchange, and use for patients, health care providers, and payers (including insurers). HHS aims to build on these successes through the ONC Health IT Certification Program, HHS rulemaking, health IT innovation projects, and health IT coordination.

In accordance with the Cures Act, HHS is actively leading and coordinating a number of key programs and projects. These include continued work to deter and penalize poor business practices and that HHS conducted multiple outreach efforts to engage the clinical community and health IT stakeholders to better understand these barriers, challenges, and health care provider burden.

Recommendations

The Report makes the following overarching recommendations for future actions HHS plans to support through its policies and that the health IT community as a whole can take to accelerate progress:

Focus on improving interoperability and upgrading technical capabilities of health IT, so patients can securely access, aggregate, and move their health information using their smartphones (or other devices) and health care providers can easily send, receive, and analyze patient data.

Increase transparency in data sharing practices and strengthen technical capabilities of health IT so payers can access population-level clinical data to promote economic transparency and operational efficiency to lower the cost of care and administrative costs.

Prioritize improving health IT and reducing documentation burden, time inefficiencies, and hassle for health care providers, so they can focus on their patients rather than their computers.

The Report also says interoperable access underpins HHS’s efforts to pursue a health care system where data are available when and where needed.

ONC intends to particularly focus on promoting open APIs. Open APIs are technology that allow one software program to access the services provided by another software program and can improve access and exchange of health information. ONC says APIs can:

Support patients’ ability to have more access to information electronically through, for example, smartphones and mobile applications. HHS applauds the emergence of patient-facing applications that allow patients to access, aggregate, and act on their health information; and

Allow payers to receive necessary and appropriate information on a group of members without having to access one record at a time.
Increase institutional accountability, support value- based care models, and lead to competitive medical care pricing that benefits patients.

The Report claims patients, health care providers, and payers with appropriate access to health information can use modern computing solutions to generate value from the data. Improved interoperability can strengthen market competition, result in greater quality, safety, and value for the healthcare system, and enable patients, health care providers, and payers to experience the benefits of health IT.

Prepare For Enhanced Operability Requirements

ONC’s plan to achieve greater interoperability presents new business and compliance planning opportunities and challenges for health care providers, health insurers and other payers, health data and information technology (IT) providers and others. Among other things, participants in the healthcare system and their suppliers will need to prepare to comply with new expectations and mandates for interoperability. Meeting these demands will require financial expenditures as well as present technological challenges.The increased availability and access to electronica medical records and information resulting from these changes also a can be expected to drive new challenges and demands. Among other things, businesses relying on control of health information or records to influence or control patience, reimbursement, or other business value need to reevaluate and adjust their business models accordingly.

Improve accessibility and interoperability also is likely to create new expectations and demands by patients, payers, other providers and perhaps most significantly for providers and payers, regulators. Participants in the system will need to understand these applications and prepare to both defend their business performance as well as their compliance taking into account these new demands.

Amid all of this, of course, providers, pears, and their business associates can anticipate continued if not enhanced demands for enhanced data security and privacy protections and accompanying enforcement of these standards.

As ONC move forward on its plans to enhance interoperability, all concerned stakeholders will want to monitor developments and provide thoughtful and timely input. The time to get started is now. ONC and it’s sister agency, the Office of Civil Rights currently are inviting public comments about how to achieve these and other health IT and privacy improvements. Those interested in providing input should make sure their comments are submitted by the applicable deadlines next month.

Read the full Report here and share your input by the specified deadlines.

About the Author

Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

2/11/19 Deadline To Comment On Reducing HIPAA Regulatory Burden

December 13, 2018

February 12, 2019 is the deadline for health care providers, health plans, health care clearinghouses, their business associates, health care consumers, employer and other plan sponsors and fiduciaries, and other concerned persons to provide input on reducing the regulatory burdens of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules in response to the December 12, 2018 invitation of the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR).

OCR issued the invitation for public comment in a December 12, 2019 Request for Information (RFI). The RIF seeks input from the public on how OCR’s HIPAA Privacy and other Rules could be modified to further the HHS Secretary’s goal of promoting coordinated, value-based healthcare. This RFI is a part of the Regulatory Sprint to Coordinated Care, an initiative led by HHS Deputy Secretary Eric Hargan.

HHS developed the HIPAA Rules to protect individuals’ health information privacy and security interests, while permitting information sharing needed for important purposes. However, in recent years, OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based health care. The RFI requests information on any provisions of the HIPAA Rules that may present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information (PHI) and/or patients’ ability to exercise their rights with respect to their PHI.

OCR’s December 12, 2018 press release concerning the RFI indicates that OCR is looking for candid feedback about how the existing HIPAA regulations are working in the real world and how OCR can improve them to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.

In addition to requesting broad input on the HIPAA Rules, the RFI also seeks comments on specific areas of the HIPAA Privacy Rule, including:

Encouraging information-sharing for treatment and care coordination
Facilitating parental involvement in care
Addressing the opioid crisis and serious mental illness
Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act
Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices

Public comments on the RFI are due by February 11, 2019.

The RFI follows up on OCR’s announcement of another series of high dollar resolution agreements against covered entities and business associates for alleged breaches of HIPAA’s Privacy or Security Rules, as well as publication of various new guidance intended to help patients, their families, covered entities, business associates and others understand when HIPAA restricts or allows the release of protected health information by covered entities and business associates in mass shooting or other disaster situations, when dealing with patients with substance abuse or mental health conditions and in various other scenarios. Covered entities, their business associates as well as employer and other health plan sponsors, fiduciaries and others involved with protected health information transactions and disclosures should review this new guidance and evaluate its implications on their actions and practices in addition to sharing input with OCR about opportunities to improve existing HIPAA Rules.

About the Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has been continuously involved the design, regulation, administration and defense of managed care and other health care and health benefit arrangements, contracts, systems, and processes throughout her career. In addition to her extensive provider and payer contracting work, Ms. Stamer also is recognized for her knowledge, experience and leadership on health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

As a key part of this work, Ms. Stamer throughout her career regularly has worked with health care providers and payers, employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce managed care and other contracts, benefit plans and insurance arrangements, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors, supplier, and patient and member relations and requirements; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Leave a Comment » | Academic medicine, ADA, Ambulatory care, Anethesiology, Centers For Disease Control, Child Care, Childrens Health Insurance Program, Civil Rights, Clinical pathway, Conditions of Participation, Consumer Driven Health Care, Corporate Compliance, Cultural diversity, Cyber crime, data breach, DEA, Direct Primary Care, Disability Discrimination, Discrimination, Disease Management, DME, Doctor, drug treatment, Durable Medical Equipment, E-Prescribing, Electronic Health Records, Electronic Medical Records, Employer, FACTA, FDA, Fiduciary Responsibility, GINA, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Health Insurance, Health IT, Health Plan, Health Plans, healthcare, HIPAA, HIPAA Cyber Crime, HITECH Act, Home Health, home health, Hospice, Hospital, hospitals, Indian Health, managed care, Meaningful Use, medical devices, Medical Licensure, Medical Malpractice, Medical Privacy, Medical Records, Medicare, Mental Health, OCR, pain management, participating provider, Pharmaceudical, Pharmacy, Physician, Physician Licensing, Provider contracting, Reimbursement, Uncategorized, Wellness | Permalink
Posted by Cynthia Marcotte Stamer

Allergy Practice $125,000 Settlement Reminds Health Care Providers, Other HIPAA Entities Of Press-Related HIPAA Risk

November 27, 2018

Physician practices and other health care providers, health plans and insurers, health care clearinghouses (“Covered Entities”) and their business associates should learn from the costly schooling the Allergy Associates of Hartford, P.C. (“Allergy Associates”) is paying to settle charges that its physician violated the Privacy Rules of the Health Insurance Portability and Accountability Act (“HIPAA”) by commenting to a reporter on a patient complaint under a Resolution Agreement and Corrective Action Plan (“Resolution Agreement”) announced by the Department of Health & Human Services (HHS) Office of Civil Rights (“OCR”) yesterday (November 26, 2018). The latest in a series of OCR HIPAA settlements arising from health care providers improperly discussing or disclosing protected health information (PHI) with the press or other media, the Resolution Agreement reminds health care providers and other HIPAA-Covered Entities and their business associates not to discuss or disclose PHI with the media or others without first obtaining a HIPAA compliant authorization even to respond to accusations made by the patient or others.

Allergy Associates HIPAA Complaint Charge & Resolution

On November 26, 2018, OCR announced that Allergy Associates, a three doctor health care practice that specializes in treating individuals with allergies at four locations across Connecticut, has agreed to pay OCR $125,000 and take corrective action under the Resolution Agreement to resolve charges that the comments a physician made to a reporter on a patient dispute with the practice in 2015 violated HIPAA.

According to OCR, the disclosure of patient information that prompted OCR’s HIPAA charges resulted from a physician associated with the practice commenting to a local television station reporter doing on a story about a disabled patient’s complaint to the station that Allergy Associates turned her away from a scheduled appointment because of her use of a service animal. After the patient contacted the television statement to complain about being turned away by the practice when accompanied by her service animal, the Resolution Agreement indicates that the station contacted the doctor for comment about the dispute between the Allergy Associates’ doctor and the patient. Although OCR reports its investigation revealed that Allergy Associates’ Privacy Officer instructed the doctor to either not respond to the media or respond with “no comment,” the doctor nevertheless accepted the television station reporter’s invitation to comment and discussed the dispute with the reporter.

The physician’s comments to the reporter were brought to the attention of OCR when OCR received a copy of an October 6, 2015, HHS civil rights complaint filed on behalf of the patient with the Department of Justice, Connecticut, U.S. Attorney’s Office (DOJ) by the Connecticut Office of Protection and Advocacy for Persons with Disabilities (OPA). In response to this complaint, OCR initiated a joint investigation with DOJ into the civil rights allegations against Allergy Associates. The complaint also alleged that Allergy Associates impermissibly disclosed the patient’s PHI in violation of HIPAA.

OCR found the physician’s discussion of the patient’s complaint without first obtaining a HIPAA-complaint authorization from the patient both violated HIPAA and demonstrated a reckless disregard for the patient’s HIPAA privacy rights. Additionally, Resolution Agreement also states that OCR’s investigation revealed that Allergy Associates did not take any disciplinary or other corrective action against the doctor after learning of his impermissible disclosure to the media.

To resolve the HIPAA charges, Allergy Associates agrees in the Resolution Agreement and Corrective Action Plan to pay $125,000 as well as to undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.

Other Providers Also Paid High Price To OCR For Sharing PHI With Media

Of course, OCR enforcement action against and Resolution Agreement with Allergy Associates is just one of several reported OCR actions against health care providers for improperly disclosing or allowing the press or other media access to PHI without patient authorization.

For instance, a Resolution Agreement announced by OCR on June 14, 2013 required Shasta Regional Medical Center (SRMC) to pay OCR $275,000 and implement a series of corrective actions for using and disclosing to the media PHI of a patient while trying to perform public relations damage control against accusations reported in the media that SRMC had engaged in fraud or other misconduct when dealing with the patient. That Resolution Agreement resulted from OCR investigating a January 4, 2012 Los Angeles Times article report that two SRMC senior leaders had met with media to discuss medical services provided to a patient. OCR’s investigation indicated that SRMC failed to safeguard the patient’s PHI from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce. Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.

The sanctions were even greater in the May 10, 2017 Resolution Agreement and Corrective Action Plan OCR announced with the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS) for issuing a press release with the name and other PHI about a patient arrested and charged with presenting an allegedly fraudulent identification card to MHHS office staff to fraudulently obtain care without first obtaining a HIPAA-compliant authorization from the patient. MHHS paid OCR a $2.4 million resolution payment to resolve HIPAA charges OCR brought against MHHS as well as agreed to implement a detailed corrective action plan. See $2.4M HIPAA Settlement Warns Providers About Media Disclosures Of PHI.

The costs of resolution have been even higher when OCR has addressed disclosures to media made by health care providers or other Covered Entities that allowed their desire for media publicity and coverage of their organizations ahead of patient privacy. For instance, OCR collected a $2.2 million resolution payment from New York Presbyterian Hospital (NYP) for allowing unauthorized filming and photographing of patients in its facility by a television film crew and other staff filming for the television program “NY Med” in the hospital. See $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use.

Furthermore, earlier this year OCR collected a total of $999,0000 from Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH)(collectively, the “Hospitals”) for putting publicity before patient privacy by allowing ABC News documentary film crews to film patients and access other patient information for a news documentary without obtaining prior patient authorization under three settlement agreements with the Hospitals announced by OCR in September, 2018. The payments were made under three separate settlement agreements between OCR and each respective Hospital made public by OCR in connection with the September 20, 2018 announcement stemming from the Hospital’s allowing ABC film crews to film in patient treatment and other areas for the ABC medical documentary “Save My Life: Boston Trauma” series. See $999K Price Hospitals Pay To Settle HIPAA Privacy Charges From Allowing ABC To Film Patients Without Authorization.

OCR’s concern about and intolerance for improper disclosures of PHI to the media by health care providers and other Covered Entities is further demonstrated by OCR’s publication of its 2016 Frequently Asked Question (Media FAQ) addressing Covered Entities’ responsibilities when dealing with the media coincident with OCR’s announcement of its Resolution Agreement with NYP in 2016. The Allergy Associates’ Resolution Agreement further reinforces OCR’s continuing commitment to hold health care providers and other Covered Entities and their business associates accountable for complying with HIPAA when dealing with the press and other media. In the fact of this commitment, health care providers and other Covered Entities must take the necessary steps to implement the appropriate policies, training and controls to ensure that they and their staff and representatives comply with these directives when dealing with press and other media.

Resolution Agreement Also Highlights Need For Sensitivity When Dealing With Disabled Patients With Service Animals

Beyond the HIPAA charges and settlement discussed in the Resolution Agreement, health care providers and other Covered Entities also should heed the factual circumstances that prompted the television interview of the Allergy Associates’ physician that prompted the OCR HIPAA enforcement action as a precautionary warning to ensure that their policies, procedures and staff training for dealing with disabled patients supported by service animals are defensible legally and in the court of public opinion.

The Allergy Associates Resolution Agreement states that OCR’s HIPAA investigation was conducted in response to and in tandem with a Department of Justice (“Justice Department”) Office of Civil Rights investigation of a complaint that Allergy Associates violated the patient’s civil rights by improperly refusing to allow the patient’s service animal to accompany the patient during the patient’s appointment. The patient’s complaint about the practice that the television reporter asked for and obtained the comments from the Allergy Associates’ physician that OCR found violated HIPAA related to Allergy Associates refusing to allow the patient to be accompanied by her service animal during her appointment with Allergy Associates.

While research as of the date of the publication of this article did not uncover any published record of any Justice Department prosecution or settlement or other official notification concerning the Justice Department civil rights investigation against Allergy Associates, the Justice Department Office of Civil Rights as well as the HHS OCR Civil Rights Division have in the past pursued enforcement action against health care providers and others for improperly restricting or denying access to care or facilities by disabled persons based on their accompaniment by service animals.

Title III of the Americans With Disabilities Act (“ADA”) generally prohibits places of public accommodations, including the professional office of a health care provider, from discriminating against any individual on the basis of disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages, or accommodations of any place of public accommodation, by any person who owns, leases (or leases to), or operates a place of public accommodation, including health care services. 42 U.S.C. § 12182(a); 28 C.F.R. § 36.201. The ADA also requires that such entities make reasonable modifications in policies, practices, or procedures to permit the use of service animals by people with disabilities. 42 U.S.C. § 12182(b)(2)(A)(ii); 28 C.F.R. § 36.302(c). Health care providers also generally are prohibited from discriminating against and required to provide accommodation to individuals with disabilities under the Rehabilitation Act and the Medicare statutes.

The Justice Department, HHS and courts have interpreted these disability prohibition and accommodation laws as making it illegal for a health care provider or its agent to fail to make reasonable accommodations for a person with a service animal unless the health care provider proves (1) the accommodations would fundamentally alter the nature of the facility or service it provides; or (2) based upon an individual assessment, the hospital determines that the service animal poses a substantial and direct threat to health or safety which cannot be mitigated by reasonable accommodations. See, e.g., Tamara v. El Comino Hospital, 964 F.Supp.2d 1077 (N.D.Ca. 2013).

While other types of discriminatory actions by health care providers found to be in violation of these rules often trigger substantial damage awards, administrative penalties, disqualification or restriction of Medicare and other federal program participation for violation of Conditions of Participation, to date the reported agency and judicial enforcement actions brought against health care providers for improperly refusing to allow service animals to accompany patients when accessing facilities or receiving care generally have ordered injunctive or other corrective action but have not imposed substantial damage or administrative penalties upon the culpable provider. Health care providers should avoid the temptation to underestimate the potential seriousness or liability that their organization is likely to incur based on the current lack of substantial financial damage awards or administrative sanctions, however. The 11th Circuit’s ruling in Sheely v. MRI Radiology Network, P.A., 505 F.3d 1173 (11^th Cir. 2007), that noneconomic compensatory damages were available as a remedy for the emotional distressed caused by the violation under the Rehabilitation Act and that the voluntary correction of its policies during the pendency of the litigation did not render moot Sheely’s claim for monetary relief clearly opens the door for a jury to award substantial damages against a health care provider when the jury perceives the circumstances warrant. Furthermore, health care providers need to keep in mind the typically financial and operational burdens of defending litigation or a Justice Department or HHS OCR Civil Rights investigation and costs of implementation and compliance with administrative or injunctive orders to take corrective action as well as the negative public relations attend these types of complaints, their investigation and resolution. Moreover, health care providers participating in Medicare, Medicaid or other federal health care programs also need to take into account the possibility that an alleged violation of these nondiscrimination rules also can serve as a basis for investigation of compliance with applicable Conditions of Participation for program participation and reimbursement. Considering these risks, physician and other health care providers should heed the reminder of their obligations to offer and provide proper accommodation to allow appropriate access to disabled individuals with disabilities requiring service animal support and take steps to review and update their policies, practices and staff training to minimize the risk of potential charges of violation of these requirements.

Health Care Providers, Other Covered Entities Encouraged To Act To Manage HIPAA & Disability Accommodation Risks

The Allergy Associates and other HIPAA Resolution Agreements arising from improper sharing of PHI with the press or other media make clear the need for health care providers and other Covered Entities to exercise great care when dealing with the press and other media.

Clearly, health care providers and other Covered Entities should heed the warning by conducting a risk assessment of their organization’s susceptibility to potential improper disclosures to media or others and reviewing and implementing necessary written policies, procedures and training to prevent the improper disclosure of patient PHI to media or others unless the Covered Entity either secures prior HIPAA-compliant authorization from the patient or can prove the disclosure falls squarely under an exception to the Privacy Rule’s prohibition against disclosure of PHI without authorization except as allowed by the Privacy Rule.

Based on experiences reported in the Allergy Associates and other Resolution Agreements and OCR guidance concerning media disclosures, Covered Entities also generally will want to ensure that their policies, procedures and training extend to all potential sources of communications that could involve patient information and make clear that the Privacy Rule restrictions must be followed even if the circumstances involve allegations of misconduct, special performance by healthcare providers or others that it would benefit the organization or certain individuals to have known to the public, or other circumstances likely to be of interest to the media or other parties.

As part of this process, health care providers and other Covered Entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate management, supervision, training and direction is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations. Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

In conducting this analysis and risk assessment, it also is important that Covered Entities include, but also look beyond the four corners of their Privacy Policies to ensure that their review and risk assessment identifies and assesses and addresses compliance risks on an entity wide basis. This entity-wide assessment should include both communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer.

For this reason, Covered Entities also generally will not only to adopt and implement specific policies, processes and training in these other departments to prohibit and prevent inappropriate disclosures of PHI in the course of those departments operations. As part of these processes, Covered Entities generally will want to implement a pre-established process for reviewing media or other communications for potential PHI content which includes a requirement for prior review of any proposed public relations and other internal or external communications containing patient PHI or other information by the privacy officer, legal counsel or another suitably qualified party.

Because of the high risk that the preparation or review of media or other public communications reports will involve the use and disclosure of PHI, Covered Entities also generally should verify that all outside media or public relations, legal, or other outside service providers participating in the investigation, response or preparation or review of communications to the media or others both are covered by signed business associate agreements that fulfill the Privacy Rule and other requirements of HIPAA as well as possess detailed knowledge and understanding of the Privacy and Security Rules suitable to participate in and help safeguard the Covered Entity against violations of these and other Privacy Rules. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements.

About the Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has been continuously involved the design, regulation, administration and defense of managed care and other health care and health benefit arrangements, contracts, systems, and processes throughout her career. In addition to her extensive provider and payer contracting work, Ms. Stamer also is recognized for her knowledge, experience and leadership on health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Apply for 2019 CDC Externships in Public Health Law By 1/31/19

November 21, 2018

Now is the time to apply for selection to participate in the Center for Disease Control (CDC) Public Health Law Program (PHLP).

The PHLP offers externships in public health law, tribal public health law, and public health administration and communications. The externships consist of 9–14 weeks of professional work experience with PHLP in Atlanta, Georgia. With rolling start and completion dates during the academic year, unpaid externships must qualify for academic credit as authorized by law and public health schools. Applications for summer 2019 positions are due by January 31, 2019.

About the Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Academic medicine, Anethesiology, billing, Border Health, CDC, Centers For Disease Control, Consumer Driven Health Care, Controlled Substances, Corporate Compliance, DEA, Doctor, drug treatment, E-Prescribing, FDA, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Health Care Reform, Health Plan, Health Plans, healthcare, HHS, Hospice, Hospital, hospitals, Human Subjects Research, Laws, Medicaid, Medical Malpractice, Medical Records, Medicare, Medicare Advantage, Medicare Prescription Drug Program, Mental Health, Mental Heatlh, Opiates, pain management, Patient Empowerment, Pharmacy, Physician, Prescription Drugs, Psychiatric, public health, Public Policy, Reimbursement, Second Amendment, Substance Abuse, substance abuse treatment, Uncategorized, Wellness | Permalink
Posted by Cynthia Marcotte Stamer

Trump Signs Sweeping Opiate Prescription & Treatment Reform Bill Into Law

October 24, 2018

Today (October 24, 2018), President Trump signed into law bill he and Congress hope will combat the opioid crisis, H.R. 6, the Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment (SUPPORT) for Patients and Communities Act.

The bipartisan law takes aim at the U.S. Opiate Addiction Epidemic by combining over 70 bills from the House and Senate to combat the opioid crisis, including:

H.R. 5773, Preventing Addiction for Susceptible Seniors (PASS) Act, which ombines several member bills that aim to prevent opioid overuse by increasing program integrity efforts and resources for beneficiaries to help ensure that they are properly adhering to their prescribed pain medications.

H.R. 5775, Providing Reliable Options for Patients and Educational Resources (PROPER) Act, which combines several member bills that aim to increase educational resources for Medicare beneficiaries. These resources ensure beneficiaries are aware of the adverse effects of prolonged opioid use and their coverage options for the treatment of pain. The PROPER ACT also eliminates pain-related questions from required patient satisfaction surveys in hospitals.

H.R. 5774, Combating Opioid Abuse for Care in Hospitals (COACH) Act, which combines several member bills that aim to educate providers and beneficiaries to reduce opioid use, and promotes the development and adoption of quality measure related to opioid use and opioid use disorder treatments.

H.R. 6110, Dr. Todd Graham Pain Management, Treatment, and Recovery Act, which combines several member bills that aim to eliminate Medicare payment incentives to prescribe opioids instead of non-opioid pain management treatments and expand access to non-opioid alternatives and substance use disorder treatment, including in underserved and rural areas.

H.R. 5723, Expanding Oversight of Opioid Prescribing and Payment Act, which examines incentives under Medicare hospital payments for prescribing of opioids relative to non-opioid alternatives and the ability to track and monitor opioid use through Medicare claims.

H.R. 5676, Stop Excessive Narcotics in our Retirement (SENIOR) Communities Protection Act, which extends the authority of Medicare Prescription Drug Plans to suspend payments pending an investigation of a credible allegation of fraud against the provider or supplier in the same manner already available under Medicare fee-for-service today.

H.R. 5788, Synthetics Trafficking and Overdose Prevention Act of 2018 (STOP Act of 2018), which requires the United States Postal Service to obtain advance electronic data on international mail shipments, which will allow U.S. Customs and Border Protection to target high-risk shipments – including those containing synthetic opioids – for inspection and seizure at the border.

The above bills included measures from many of the following pieces of legislation:

H.R. 5675, To amend title XVIII of the Social Security Act to require prescription drug plan sponsors under the Medicare program to establish drug management programs for at-risk beneficiaries.

H.R 4841, Standardizing Electronic Prior Authorization for Safe Prescribing.

H.R. 5676, Stop Excessive Narcotics in our Retirement (SENIOR) Communities Protection Act.

H.R.5684, Protecting Seniors from Opioid Abuse Act.

H.R. 5699, Hospital Opioid Solutions Toolkit (HOST) Act.

H.R . T 5686, Medicare Clear Health Options in Care for Enrollees (CHOICE) Act.

H.R. 5715, Strengthening Partnerships to Prevent Opioid Abuse Act.

H.R. 5716, Commit to Opioid Medical Prescriber Accountability and Safety for Seniors (COMPASS) Act.

H.R. 5723, Expanding Oversight of Opioid Prescribing and Payment Act.

H.R. 5718, Perioperative Reduction of Opioids (PRO) Act.

H.R. 5714, Education for Disposal of Unused (EDU) Opioids Act.

H.R. 5719, Reduce Overprescribing Opioids in Treatment (ROOT) Act.

H.R. 5725, Benefit Evaluation of Safe Treatment (BEST) Act.

H.R. 5722, Dr. Todd Graham Pain Management Improvement Act of 2018.

H.R. 5779, Promoting Quality of Care in Pain Management Act.

H.R. 5777, Centralized Opioid Guidance (COG) Act of 2018.

H.R. 5790, A bill to amend title XI of the Social Security Act to provide for clinical psychologist services models to be tested by the Center for Medicare and Medicaid Innovation, and for other purposes.

H.R. 5769, Expanding Access to Treatment Act of 2018.

H.R. 5080, A bill based on the Comprehensive Opioid Management and Bundled Addiction Treatment (COMBAT) Act of 2018.

H.R. 5778, Promoting Outpatient Access to Non-Opioid Treatments Act.

The sweeping legislation will significantly impact the responsibilities of providers prescribing opiates as well as impact the legal and illegal access of patients to these medications, treatment for opiate dependency, and reimbursement for opiate and other related care.

About the Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Academic medicine, Anethesiology, billing, Centers For Disease Control, Controlled Substances, Corporate Compliance, DEA, Doctor, drug treatment, E-Prescribing, FDA, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Health Care Reform, Health Plan, Health Plans, HHS, Hospice, Hospital, hospitals, Laws, Medicaid, Medical Malpractice, Medical Records, Medicare, Medicare Advantage, Medicare Prescription Drug Program, Mental Health, Mental Heatlh, Opiates, pain management, Pharmacy, Physician, Prescription Drugs, Psychiatric, Reimbursement, Substance Abuse, substance abuse treatment, Uncategorized, Wellness | Permalink
Posted by Cynthia Marcotte Stamer

Record $16M HIPAA Sanction Shows Need For Current Enterprise Risk Assessment; ONC/OCR Share New Tool To Help HIPAA Covered Entities Comply

October 17, 2018

Following on the heels of Monday’s announcement that Anthem, Inc. is paying a record setting $16 million to resolve charges its violations of the enterprise risk assessment and other requirements of the Health Insurance Portability & Accountability Act (HIPAA) Security Rule allowed cybercriminals to breach the electronic protected health information (ePHI) of more than 79 million patients, physicians and other health care providers, health plans and health insurers, health care clearinghouses (covered entities) and their service providers acting as their business associates (business associates) (hereafter collectively “HIPAA Entities”) should reconfirm their own and their business associates’ compliance with the HIPAA Security Rule’s enterprise risk assessment and other ePHI security requirements.

When conducting these assessments, HIPAA Entities generally will want to ensure that their new enterprise risk assessment documents their consideration of the newly updated Security Risk Assessment (SRA) Tool jointly announced yesterday (October 16, 2018) by the Department of Health & Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and OCR, lessons shared in OCR’s $16 million Anthem, Inc. resolution agreement, $5.55 million resolution agreement with Memorial Healthcare System and other OCR HIPAA resolution agreements, civil monetary penalty assessments and other Security Rule guidance, as well as other emergent internal and external data suggesting potential susceptibilities of their own systems and data to breach or loss.

HIPAA Entities are reminded that HIPAA requires that all HIPAA covered entities and business associates to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by their organization. Any HIPAA Entity that hasn’t already conducted a recent, appropriately documented enterprise wide risk analysis or updated their analysis in response to changes in equipment, vendors or emerging threats and developments should do so as soon as possible.

HIPAA’s requirement that HIPAA entities conduct and maintain an appropriately comprehensive and timely updated enterprise-wide risk analysis of potential security threats to ePHI both an affirmative requirement of the HIPAA Security Rule and an indispensable process to help healthcare organizations understand their security posture to prevent, detect, respond to and mitigate potential legal, operational and reputational costs that commonly result when ePHI or other sensitive information is breached or destroyed.

The importance of HIPAA entities having and being able to produce in the event of a breach or OCR audit an up-to-date, comprehensively enterprise risk assessment and response plan cannot be overstated. Beyond OCR’s publication of extensive regulatory guidance and educational outreach discussing the responsibility to conduct and maintain documentation of appropriate enterprise risk assessments, virtually every announced HIPAA Security Rule civil monetary penalty assessment and other enforcement action identifies violation of the HIPAA Security Rule’s enterprise risk assessment requirements among the material transgressions committed and required to be corrected by HIPAA entities like Anthem, Inc. subjected to Security Rule enforcement.

The updated SRA Tool jointly released by OCR and ONC on October 16, 2018 further reinforces the importance of complying with the enterprise wide risk assessment requirement while simultaneously encouraging and facilitating compliance by small to medium sized health care practices. Particularly designed with an eye to helping health care providers that work as solo practitioners or in groups with 10 or less health care providers and their business associates identify risks and vulnerabilities to ePHI, OCR says the updated SRA Tool “provides enhanced functionality to document how such organizations can implement or plan to implement appropriate security measures to protect ePHI” and incorporates new features to make the tool “more user friendly.” New features OCR hopes will make the SRA tool more user friendly include:

Enhanced User Interface
Modular workflow with question branching logic
Custom Assessment Logic
Progress Tracker
Improved Threats & Vulnerabilities Rating
Detailed Reports
Business Associate and Asset Tracking
Overall improvement of the user experience

HIPAA Entities should take note, however, that as of its October 16, 2018 released date, the updated version of the SRA Tool currently is only available in Windows format. OCR has indicated that the OCR and ONC have not yet updated the OS iPad version of the previously published version of the SRA Tool. While the previous OS iPad version remains available at the Apple App Store exit disclaimer icon (search under “HHS SRA Tool”), HIPAA Entities that presently use or plan to use the OS iPad tool should consider comparing the prior tool against the updated Windows SRA Tool to verify the continued suitability of its continued use and any adjustments in understanding or application that might be warranted by these differences. Additionally, HIPAA Entities also should review the revised User Guide available on the SRA Tool’s website before starting the assessment.

While the SRA Tool provides valuable guidance to help HIPAA Entities to conduct their own enterprise wide risk assessment, HIPAA Entities should keep in mind that the responsibility to assess their enterprise wide risk and to update their security safeguards to respond to these risks is a continuous one. While using the SRA Tool is an excellent starting point for beginning this assessment, HIPAA Entities need to realize that OCR expects HIPAA Entities to tailor their assessments to identify and respond to the full range of risks and exposures to their ePHI and associated systems and to constantly reevaluate and adjust these assessments in response to emerging system and ePHI threats identified in the course of their operations as well as external developments suggesting previously unidentified or inadequately appreciated threats. Moreover, in addition to conducting the risk assessment, OCR regulatory guidance and guidance drawn from OCR’s civil monetary settlements resolution agreements and other enforcement and audit activities also make clear that in addition to conducting the enterprise wide risk analysis, HIPAA entities also need to be prepared to produce documentation that their organizations took appropriate and timely action to address the risks identified in the risk assessment in accordance with the HIPAA Security Rule.

In addition to mitigate their exposure to potentially substantial HIPAA civil monetary penalties for violating the HIPAA Security Rule, HIPAA Entities also should keep in mind the potential role that their conduct and maintenance of appropriately comprehensive enterprise wide security risk assessments can play in helping to mitigate other legal, financial, operational and reputational risks that commonly also arise along with the HIPAA exposures associated with a breach of HIPAA. In addition to HIPAA’s Security Rules for ePHI, HIPAA Entities typically also are subject to a hodgepodge of non-HIPAA statutory, regulatory and/or contractual obligations to safeguard patient, employee, business partners and other individual, financial, health, tax, peer review and credentialing, trade secrets and other confidential information against improper use, access, destruction or disclosure. Examples of such obligations include the privacy and data security rules of the Fair and Accurate Credit Transaction Act (FACTA), the Internal Revenue Code and other tax laws, federal and state consumer debt and information, electronic crime, data security and identity theft statutes; federal and state trade secret and intellectual property laws; and others, for which violations often equal or substantially exceed the civil monetary penalty liability that commonly arise under the HIPAA Security Rule. The experience of Anthem, Inc. illustrates this point. While the $16 million resolution payment that OCR announced Anthem, Inc. is paying to resolve its HIPAA civil monetary penalty exposures for allowing the breach of the ePHI of 79 million individuals, this payment reflects only a very small portion of the overall liability that Anthem, Inc. incurred from data breach that lead to this resolution payment. Anthem, Inc. also separately already reportedly also has paid more than $115 million to settle other statutory and contractual liabilities arising from the breach separate as well as substantial investigatory and defense costs in addition to the HIPAA liabilities settled under the resolution agreement announced Monday. Other HIPAA Entities subjected to HIPAA civil monetary penalties or paying resolution payments to OCR also typically also have incurred substantial non-HIPAA sanctions and settlements, as well as other defense, investigation, operational and reputational losses as a result of their breaches. HIPAA Entities should strive to ensure that their HIPAA enterprise wide risk assessment and compliance efforts are properly coordinated and administered to manage these overall risks and responsibilities in addition to their HIPAA-specific responsibilities and liabilities.

Because enterprise wide risk assessments and discussions of their structuring, scope and findings are likely to produce legally sensitive evidence, HIPAA Entities are encouraged to seek the advice of qualified and suitably experienced legal counsel about the advisability of conducting all or certain aspects of an enterprise wide risk analysis and their documentation of their risk evaluation and response to take advantage of possible attorney-client privilege, work-product or other evidentiary rules before or throughout the risk assessment and response process and deliberations.

About The Author

A practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C, Cynthia Marcotte Stamer’s more than 30 years’ of leading edge work as an practicing attorney, author, lecturer and industry and policy thought leader have resulted in her recognition as a “Top” attorney in employee benefits, labor and employment and health care law.

Board certified in labor and employment law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, Scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits (JCEB) Annual Agency Meeting with the Office of Civil Rights and a former JCEB Council Representative; former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group; and past Chair, former Welfare Benefit Committee Co-Chair and current Fiduciary Responsibility Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, former Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on HIPAA and other health care, managed care and insurance, and other employee benefit, human resources, and related antitrust, corporate, privacy and data security, tax and other internal controls, regulatory affairs and public policy concerns.

Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international health, insurance and financial security, and other businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

In this respect, Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, regulatory compliance and operational and performance management. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.

As a key part of this work, Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help health industry, insurance and financial services and other employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compliance and internal controls, risk management, human resources and other workforce performance, discipline, compensation, employee benefits and related programs, products and arrangements.

In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others. Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation, Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

Ms. Stamer also is deeply involved in helping to influence the health care, workforce, insurance and financial services, employee benefit, privacy and data security and other federal, state and local laws, regulations and enforcement actions. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas. She also works as a policy advisor and advocate to health, insurance and financial services, employee benefits and other business, professional and civic organizations.

Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

Ms. Stamer also has a lifelong history of involvement with and service with a diverse range of professional, community and charitable organizations and causes including as founder and Executive Director of the Coalition for Responsible Health Care Policy and its PROJECT COPE: Coalition for Patient Empowerment; technical advisor to the National Physicians’ Council for Health Care Policy; a founding Board Member and President of the Alliance for Healthcare Excellence and its Patient Empowerment and Health Care Heroes Projects; a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; a member of the Dallas United Way Long Range Planning Committee; as well as leadership involvement in the ABA Joint Committee on Employee Benefits Council, the North Texas Healthcare Compliance Professionals Association; the ABA RPTE Employee Benefits & Other Compensation Committee, the ABA Health Law Section, the ABA International Section Life Sciences Committee, and the ABA TIPS Employee Benefit Committee; TEGE Coordinator of the Gulf Coast TEGE Council TE Division; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association; Dallas, Regional and State BACPAC Chair of the Texas Association of Business; SHRM Regional Chair and National Advisory Board Chair; WEB Network of Benefits Professionals National and Dallas Boards; as a contributing author and the Advisory Board member of the BNA EBCD CD, InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications and as chair or planning faculty of a multitude of symposia.. For additional information about Ms. Stamer, see www.cynthiastamer.com, or contact Ms. Stamer via email here or via telephone to (214) 452.8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:

Leave a Comment » | Ambulatory care, Anethesiology, Cyber crime, data breach, Doctor, Electronic Medical Records, Employer, ERISA, FACTA, Fiduciary Responsibility, Health Care, Health care coding, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Qulity, health care reimbursement, Health Insurance, Health Insurance Exchange, Health IT, Health Plan, healthcare, HHS, HIPAA, HIPAA Cyber Crime, HITECH Act, Home Health, home health, Hospital, Indian Health, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Congress Set To Pass Opiate Addition Crisis Bill

September 26, 2018

Legislation targeting opiate addition crisis in the United States is heading to President Trump for signature.

Yesterday (September 25, 2018), House and Senate leaders reached an agreement on the reconciliation of differences in versions of legislation passed in the House and Senate targeting opiate and other drug addition crisis.

The Opiate Crisis

Opiate addition increasingly is recognized as one of the leading and most costly social and financial challenges in the U.S.

The misuse of and addiction to opioids—including prescription pain relievers, heroin, and synthetic opioids such as fentanyl—is considered a serious national crisis that affects public health as well as social and economic welfare.

according to the National Institutes of Health (NIH), more than 115 people in the United States die after overdosing on opioids every day.

The Centers for Disease Control and Prevention estimates that the total “economic burden” of prescription opioid misuse alone in the United States is $78.5 billion a year, including the costs of healthcare, lost productivity, addiction treatment, and criminal justice involvement.

Concern about the addiction crisis prompted President Trump to make addressing the opiate epidemic a key Administration priority and reform efforts generally enjoy widespread bipartisan support with Congress.

The Bill

In June, the House passed H.R. 6, the SUPPORT for Patients and Communities Act by a vote of 396-14. On September 17th, the Senate passed the Opioid Crisis Response Act of 2018 by a vote of 99-1.

The bipartisan, bicameral agreement allows the final legislation negotiated through the reconciliation process, the “Substance Use–Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act” more commonly referred to as the ‘‘SUPPORT for Patients and Communities Act’’ to move swiftly through both chambers of congress and to the president’s desk.

Among other things, the Bill:

Expands opiate addition treatment coverage, requires added utilization management and oversight for coverage of opiate prescriptions and makes other changes to opiate-related Medicare and federal rules, including adding requirements for automatic escalation to external review under a Medicare part D drug management program for at-risk beneficiaries and suspension of payments by Medicare prescription drug plans and MA–PD plans pending investigations of credible allegations of fraud,
Requiring expanded coverage and Clains reporting about by healthcare payers including requiring reporting by group health plans of prescription drug coverage information for purposes of identifying primary payer situations under the Medicare program,

Modifies provisions regarding electronic prescriptions and post-surgical pain management,
Requires prescription drug plan sponsors to establish drug management programs for at-risk beneficiaries,
Establishes and expands programs to support increased detection and monitoring of fentanyl and other synthetic opioids,
Increases the maximum number of patients that health care practitioners may initially treat with medication-assisted treatment (i.e., under a buprenorphine waiver),
Clarifies FDA regulation of non-addictive pain products.
Requires the FDA to develop and implement guidelines for opiate prescribing and new safety-enhancing packaging,
Targets illegal distribution with new notification, nondistribution, and controlled substances recall rules, expanding controls on illegal importation, and strengthening FDA and CBP coordination and capacity
Creating or expanding a plethora of social, treatment, oversight and other programs and services.

Read the full text of the legislation here. For more information about the Bill or its effects, contact the author.

About the Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Leave a Comment » | Anethesiology, billing, Border Health, Centers For Disease Control, Consumer Driven Health Care, Controlled Substances, Doctor, drug treatment, E-Prescribing, Electronic Health Records, Employee Benefits, Employer, ERISA, Evidence Based Medicine, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, health care reimbursement, Health IT, Health Plan, Health Plans, home health, Hospital, managed care, Medicaid, Medical Malpractice, Medical Records, Medicare, Medicare Advantage, Medicare Prescription Drug Program, Mental Heatlh, Opiates, Outpatient, pain management, Pharmacy, Physician, Physician Licensing, Prescription Drugs, Reimbursement, Substance Abuse, substance abuse treatment, Uncategorized, Veterans Health Administration | Permalink
Posted by Cynthia Marcotte Stamer

Texas Physicians Should Review New TMB Rules

May 11, 2018

Constant changes in medical board and other rules make it important that physicians and other health care providers stay up to date with new developments. The Texas Medical Board, for instance, published a slew of new rules in March 2018 that impact Texas physicians and medical practice including many which provide relief from previously more burdensome maintenance of certification and other requirements.. Texas physicians should review these new rules for possible implications on their responsibilities or other aspects of their practice.

The following is a summary of the new Texas Medical Board Rules published in March, 2018, the full text of which may be found in the Texas Administrative Code here.

MOC REFORM

The amendments to §163.11, concerning Active Practice of Medicine, were adopted in accordance with Senate Bill 1148, adopted by the 85th Legislature, which prohibits the Board from requiring maintenance of certification by an applicant to be eligible for a medical license.

The amendments to §166.3, concerning Retired Physician Exception, and §166.6, concerning Exemption From Registration Fee for Retired Physician Providing Voluntary Charity Care, were adopted in accordance with Senate Bill 1148, adopted by the 85th Legislature, which prohibits the Board from requiring maintenance of certification by an applicant to be eligible for initial or renewal registration permit for a medical license.

The amendments to §172.12, concerning Out-of-State Telemedicine License, were adopted in accordance with Senate Bill 1148, adopted by the 85th Legislature, which prohibits the Board from requiring maintenance of certification by an applicant to be eligible for a medical license.

FEES AND PENALTIES

The amendments to §175.1, concerning Application and Administrative Fees, corrects language in paragraph (1)(H)(i) so that fees related to physician-in-training permits are lowered to $200. Further language is added outlining application and administrative fees for processing licenses for medical physicists, medical radiologic technologists, non-certified technicians, perfusionists, and respiratory care practitioners.

The amendments to §175.2, concerning Registration and Renewal Fees, adds language outlining renewal fees for continuing licenses, permits, and certificates for medical physicists, medical radiologic technologists, non-certified technicians, perfusionists, and respiratory care practitioners.

The amendments to §175.3, concerning Penalties, moves language providing an exemption for individuals serving as military members to new paragraph (11). The amendments further add language outlining penalty amounts for late renewals of licenses for perfusionists, respiratory care practitioners, medical physicists, and medical radiologic technologists.

The amendment to §175.5, concerning Payment of Fees or Penalties, amends language clarifying the rule’s allowance for fee refunds applies to applicants who timely withdraw applications, in addition to other requirements. Further language is added clarifying that refunds of fees may be granted to licensees who retire or request cancellation of their licenses within 90 days of paying a renewal fee.

BUSINESS ORGANIZATIONS AND AGREEMENTS

The amendments to §177.18 (Subchapter E), concerning Purpose and Scope, and §177.20, concerning Call Coverage Minimum Requirements, and repeal of §177.19, concerning Definitions, provide a more flexible framework for call coverage agreements between physicians practicing in Texas so as to provide continuity of care to patients during a regular treating physician’s absence, while ensuring the covering physician’s accountability for meeting the standard of care and documenting the care provided during the call coverage period. The amendments eliminate the two-model approach under §177.20(b), allow all call coverage agreements to be contracted orally or in writing, and eliminate the requirement that certain agreements require real-time access to a patient’s medical records at the time of the call coverage period.

PROCEDURAL RULES

The amendments to §187.21(a), concerning Board and District Review Committee Members Participation, and §187.44(3), concerning Probationer Show Compliance Proceedings, correct the title of the reference to §187.18 of this chapter, which was recently changed to “ISC Scheduling, Process, and Procedures.”

The amendment to §187.76(c)(3), concerning Notice of Intention to Impose Administrative Penalty; Response, removes the undefined term “informal meeting” and replaces it with “ISC,” which is defined in §187.2 of this chapter (relating to Definitions). The amendment to §187.79, concerning Personal Appearance at an Informal Meeting, changes the title to “Personal Appearance at an ISC,” as “Informal Meeting” is not a defined term and “ISC” is a defined term and is the correct reference within the rule. The amendment in subsection (a) corrects the reference to “informal meeting” and replaces it with “ISC.” The amendment in subsection (b) also corrects the reference to “informal meeting” and replaces it with “ISC” and corrects the title of the reference to §187.18 of this chapter, which was recently changed to “ISC Scheduling, Process, and Procedures.” The amendment to §187.80(c), concerning Imposition of Administrative Penalty, removes the undefined term “informal meeting” and replaces it with “ISC,” which is defined in §187.2.

COMPLIANCE PROGRAM

The amendments to §189.11, concerning Process for Approval of Physicians, Other Professionals, Group Practices and Institutional Settings, eliminates the words “or remedial plan” from the provision describing the mechanism under which the Board may require a licensee to practice with an approved physician or other professional to serve as a proctor, monitor, or supervisor or in an approved group practice or institutional setting, as §164.0015 of the Texas Occupations Code states that Remedial Plans may not contain provisions that limit or restrict a licensee’s practice.

ACUPUNCTURE

The amendments to §183.4, concerning Licensure, add new language under subsection (a)(5) that allows an applicant for licensure to appear before the licensure committee of the Board to request reconsideration of the applicant’s ineligibility based on their failure to pass the NCCAOM examination within five attempts. Such amendment allows the Board discretion to reconsider such ineligibility determination. The proposed amendments delete obsolete language from subsection (a)(7). The proposed amendments to subsection (a)(9) provide an alternate mechanism to cure active practice issues faced by some licensure applicants. The remainder of the changes are corrections to punctuation and grammar.

The amendments to §183.19, concerning Acupuncture Advertising, remove language requiring that an acupuncturist include their license number on print advertising. The amendments to §183.20, concerning Continuing Acupuncture Education, add language to subsection (b)(1) to clarify the criteria for the courses from which the requisite CAE hours are taken. The proposed amendment adds new subsection (b)(2) to specify the number of CAE hours and specific topics which must be taken each year. New subsection (b)(3) is added to clarify the number of CAE hours from courses approved under each category delineated under subsection (b)(1). Spelling corrections were made in subsections (h) and (o).

RESPIRATORY CARE

The amendment to §186.2, concerning Definitions, adds new language under paragraph (41) that defines “voluntary charity care.”

The amendments to §186.4, concerning Procedural Rules and Qualifications for Certificate Applicants, add language to subsection (a)(2) to specify that application fees are set forth in 22 T.A.C. §175.1. The amendments also add language to subsection (g) to detail alternative certification procedures for military service members and military veterans, in addition to military spouses.

The amendments to §186.6, concerning Biennial Renewal of Certificate, add language to subsections (a), (d), and (j)(1) to reference specific rules in Chapter 175 that list certain fees.

The amendments to §186.7, concerning Temporary Permit, add language to subsection (a)(1) to detail that temporary permits issued under this subsection pertain to applicants who have signed an Agreed Order or Remedial Plan and are awaiting board approval. The amendments also add language to subsection (a)(3) to reference fees listed in 22 T.A.C. §175.1. Additionally, the amendments add language to subsection (c) to make clear that requirements listed in this subsection apply only to those applicants who have active practice issues. The amendments to §186.8, concerning Inactive Certificate, add language to subsection (a) to clarify that inactive certificates must be renewed each year.

The amendments to §186.10, concerning Continuing Education Requirements, add language to subsection (a) to state that at least two hours of the required 24 hours must be in the topic of ethics. Additionally, the amendments add subsection (b)(2) (C) to give non-traditional continuing education credit to those who teach or instruct a course in an accredited respiratory care educational program. The amendments also add language to subsection (b)(3) to clarify that credit may be awarded for credentialing or re-credentialing examinations listed in this subsection. The National Asthma Education Certification Board (NAECB) Certified Asthma Educator (AE-C) and neonatal resuscitation program (NRP) examinations are also added to this subsection. Language is also added to subsection (b)(3)(J) to explain how often credit may be awarded when the same examination is taken for initial credentialing purposes and recredentialing purposes.

The amendments to §186.13, concerning Identification Requirements, adds subsection (b) to require respiratory care practitioners holding a temporary permit to hold themselves out as temporary care practitioners or TRCPs.

The amendments to §186.17, concerning Grounds for Denial of Certification and for Disciplinary Action, adds language in paragraph (4) to make clear that disciplinary action or denial of certification based on criminal history is done in accordance with Chapter 53 of the Texas Occupations Code.

The amendments to §186.28, concerning Retired Certificate, adds language in subparagraph (2)(A) to reference the new definition of voluntary charity care adopted in 22 T.A.C. §186.2 (41).

MEDICAL RADIOLOGIC TECHNOLOGY

The amendment to §194.3, concerning Meetings and Committees, deletes subsection (f) and language providing that the board may at a regular or special meeting remove the secretary from office upon a majority vote, with other amendments re-lettering the remaining subsections. Language related to licensure and disciplinary committee functions is revised to clarify that the committees do not draft rules, but rather review draft language prepared by staff. Amendments further add a new paragraph (4) to subsection (f), setting forth new rules related to the creation of a new Education Committee. The proposed committee’s functions include recommending rules to the full board regarding education and training requirements certification as a radiologic technologist or registration as a non-certified technician (NCT), continuing education requirements for renewal of a Texas MRT certificate or NCT registration, and standards for the approval or rescinding approval of radiologic technologist certificate education program curricular and instructors.

The amendments to §194.5, concerning Applicability of Chapter; Exemptions, delete language referring to §194.14 of this title (relating to Alternate Training Requirements for Podiatric Medical Assistants), reflecting the repeal of §194.14.

The amendments to §194.6, concerning Procedural Rules and Minimum Eligibility Requirements for Applicants for a Certificate or Placement on the Board’s Non-Certified Technician General Registry, amend language so that an applicant is not deemed per se ineligible for a certificate or registration, based upon action taken against another license issued by a licensing authority in this or another state that is subject to probation or other disciplinary action not involving revocation or suspension. The board will continue to have the authority to deny a certificate or placement on the general registry based upon all such action, regardless if it is an action not involving revocation or suspension, but the amendments will allow the board more discretion in certain cases. The amendments further delete language under subsection (c)(8) and move it to a new paragraph (2), maintaining the board’s discretion to consider the nature of any final disciplinary action, other than suspension or revocation, when determining whether to issue the certificate or other authorization.

Amendments to subsection (f)(3) and subsection (i), with language referring to §194.14 of this title, are deleted, to reflect the repeal of §194.14. Amendments to subsection (j) adding clarifying language to make it clearer that non-certified technicians must comply with the active practice requirements under the rules in order to show eligibility for placement on the general registry.

Amendment to subsection (l) makes corrections to typographical errors.

The repeal of §194.14, concerning Alternate Training Requirements for Podiatric Medical Assistants, was adopted to comport with S.B. 674, which amended Texas Occupations Code, Chapter 601, and eliminated dual registration for non-certified technicians by certain state licensing boards, including the Podiatry Board. The MRT Board will maintain a single set of minimum training requirements in order to obtain eligibility for placement on a general registry for non-certified technicians (NCT).

The amendment to §194.16, concerning Hardship Exemptions, amends language in order to comport with S.B. 674, which amended Texas Occupations Code, §601.203, so that in order to show that an applicant faces a hardship in hiring a certificate holder or NCT due to an inability to attract and retain medical radiologic technologists, the applicant must also show evidence that the location for which the hardship exemption is sought must be located in a county with a population of less than 50,000.

Amendments further delete subsection (b)(4)(B) (vi), so that the use of only a hand-held fluoroscope with a maximum operating capability of 65 kilovolts and 1 milliampere, or similar type of x-ray unit for upper extremities only, with the radiation produced by the radiographic equipment representing a minimal threat to the patient and the operator of the equipment, no longer qualifies for a hardship exemption. The basis for the repeal is that the use of such equipment should be performed by individuals who have completed minimum training and obtained registration as a NCT or certification as a MRT or LMRT.

The amendment to §194.17, concerning Dangerous or Hazardous Procedures, removes language referring to §194.14 of this title, reflecting the repeal of §194.14.

Physicians and others that may be impacted by TMB rules should check with the TMB monthly for possible changes that could impact their rules of practice.

About the Author

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Doctor, drug treatment, Electronic Medical Records, Licensing, Medical Licensure, Physician Licensing, Prescription Drugs, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

TMB Urging Texas Drs., PAs To Register For Prescription Monitoring Program

May 11, 2018

The Texas Medical Board (TMB) is encouraging physicians and physician assistants to register with the Texas Prescription Monitoring Program (PMP) whether or not prescribing controlled substances in Texas.

Technically, physicians and physician assistants that do not prescribe controlled substances in Texas required to complete the PMP registration. However, TMB encourages PMP registration even for physicians and physician assistants who are not prescribing.

The primary reason to register is to allow licensees to periodically review the system to ensure that no prescriptions are being inaccurately or fraudulently attributed to the licensee. The PMP can be used to verify a practitioner’s own records and prescribing history as well as inquiring about patients. In addition, the program may be used to generate and disseminate information regarding prescription trends.

TMB is alerting physicians that as required by HB 2561, TMB provides licensee contact information to the Texas State Board of Pharmacy, the agency which administers the Texas Prescription Monitoring Program (PMP), for the purposes of pre-registering prescribers for the program.

The Texas State Board of Pharmacy has begun using this information to contact licensees by e-mail with a link to register with PMP. TMB says physicians will receive an email notification from the Texas State Board of Pharmacy if the physician does not have a PMP account registered to the email address of record with TMB. In some cases, the e-mail that a physician used to register for a PMP account may not match the e-mail on file with TMB. In this case, TMB says a physician with a PMP account under another email address need not complete an additional PMP registration.

As with all e-mail requests for information or registeration, physicians and physicians assistants should use care when responding to these and other e-mails to confirm that the inquiry or other correspondence is not a spoofed, phishing or other malicious e-mail seeking to improperly access data or gain other undesirable system access by using the appearance of coming from a legitimate source.

For more information about PMP, visit here. For registration FAQs see here.

About the Author

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Physicians Pay $700,000 to Settle False Claims Act Violation Charges Arising from Financial Relationship with Drug Testing Lab

May 8, 2018

Three physicians are paying a total of $700,000 to settle Justice Department (DOJ) charges stemming from financial relationships with a drug testing lab. The settlement highlights the continuing need for providers to exercise care to avoid entering into financial arrangements with laboratories that DOJ, the Department of Health & Human Services Office of Inspector General (OIG) considers improper under federal health care fraud laws.

Dr. Robert Fetchero, D.O., Dr. Sridhar Pinnamaneni, M.D., and Dr. Thelma Green-Mack, M.D., separately agreed to settle allegations that they each received improper payments for referrals from Greensburg, Pennsylvania drug testing lab Universal Oral Fluid Laboratories, and caused false claims to be submitted to Medicare for drug testing services, United States Attorney Scott W. Brady announced yesterday.

The settlements announced resolve allegations that the settling physicians referred Medicare patients to Universal Oral Fluid Laboratories (“UOFL”) for drug testing services while engaged in a financial relationship with the lab. Specifically, UOFL paid the settling physicians to refer their patients to the lab for drug tests; UOFL then submitted claims to Medicare for the drug testing services from 2011 to 2014.

The settlements follow the earlier guilty plea on related charges of UOFL’s former medical director, Dr. John H. Johnson.

UOFL was owned and operated by William Hughes. The United States alleged that the financial arrangement between the settling physicians and UOFL violated the physician self-referral law, commonly known as the “Stark Law,” and the Anti-Kickback Statute, giving rise to liability under the False Claims Act. Pursuant to separately executed settlement agreements, Dr. Fetchero agreed to pay $200,000; Dr. Pinnamaneni agreed to pay $370,000; and Dr. Green-Mack agreed to pay $130,000.

The Stark Law forbids physicians from making referrals for certain designated health services payable by Medicare to an entity with which he or she (or an immediate family member) has a financial relationship, unless an exception applies. The Anti-Kickback Statute prohibits offering, paying, soliciting, or receiving remuneration to induce referrals of services covered by federal health care programs, such as Medicare. Violations of the Stark Law or Anti-Kickback Statute may give rise to civil liability for treble damages and penalties under the False Claims Act.

The settlements and underlying charges the resolve illustrate the risks that physicians and other providers run for participating in financial arrangements not structured to clearly meet applicable federal anti-kickback and STARK rules.

About the Author

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

May 8, 2018

Check Out CMS 2018 Qualified Clinical Data Registry

February 23, 2018

Physicians and other practitioners should check out the measure specifications for the approved 2018 Qualified Clinical Data Registry (QCDR) measures posted by the Centers for Medicare & Medicaid Services (CMS) yesterday (February 22, 2018).

Rather than being grouped by QCDR, this file allows users to group measures by specialty and topic to see what QCDR measures are most applicable to their practice and/or specialty.

CMS also says, the posting of this specification file will act as a reference tool for existing and potential new QCDR vendors who may be interested in developing their own QCDR measures, and should help them to avoid developing and submitting measures that are duplicative of existing QCDR measures.

About The Author

Repeatedly recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, a Fellow in the American College of Employee Benefit Council, the American Bar Foundation and the Texas Bar Foundation and board certified in labor and employment law by the Texas Board of Legal Specialization, Cynthia Marcotte Stamer is a practicing attorney, management consultant, author, public policy advocate and lecturer widely known for health and managed care, employee benefits, insurance and financial services, data and technology and other management work, public policy leadership and advocacy, coaching, teachings, and publications. Nationally recognized for her work, experience, leadership and publications on HIPAA and other medical privacy and data use and security, FACTA, GLB, trade secrets and other privacy and data security concerns, Ms. Stamer has worked extensively with health care providers, health plans, insurers and financial services, and other clients and the government on cybersecurity, technology and processes and other issues involved in the use and management of medical, insurance and other financial, workforce, trade secrets and other sensitive data and information throughout her career. Scribe or co-scribe of the ABA Joint Committee on Employee Benefits Agency meeting with OCR since 2011 and author of a multitude of highly regarded publications on HIPAA and other health care, insurance, financial and other privacy and data security, Ms. Stamer is widely known for her extensive and leading edge experience, advising, representing, training and coaching health care providers, health plans, healthcare clearinghouses, business associates, their information technology and other solutions providers and vendors, and others on HIPAA and other privacy, data security and cybersecurity design, documentation, administration, audit and oversight, business associate and other data and technology contracting, breach investigation and response, and other related concerns including extensive involvement representing clients in dealings with OCR and other Health & Human Services, Federal Trade Commission, Department of Labor, Department of Treasury, state health, insurance and attorneys’ general, Congress and state legislators and other federal officials.

Ms. Stamer also has an extensive contributes her leadership and insights with other professionals, industry leaders and lawmakers. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here. For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here including:

Fresenius Medical Care Pays $3.5 Million HIPAA Settlement

CDC Director Fitzgerald Resigns

Development of Potentially Preventable Hospitalization Measures for Home Health Agencies Panelist Nominations Due 9/22

MAC Operations Continue During Shutdown

HHS Proposes “Conscience Rule” Expanding Abortion And Other Religious Choice

New Medicaid Guidance Gives States More Flexibility On Abortion

New Trump Executive Order Directs More Veterans Health Care Choice, Mental Health Care

Bankrupt Oncology Provider’s $2.3M Settlement Payment & Other HIPAA Breach Consequences Shows Why To Prioritize HIPAA Compliance In 2018

Bill Allowing FDA Emergency Use Authorizations To Protect Military From Biological Warfare Threats Sent to President

OIG Tells Texas Stop Paying Medicaid MCOs For Dead Patients

Michigan Doctor Pleads Guilty To Billing Medicare For Illegally Prescribed Drugs

Anesthesiology Practice Nailed For Improperly Billing For Moderate Sedation

Florida Doctor Sentenced For Multi-Million Dollar Drug & Alcohol Addiction Treatment Health Care Fraud, Money Laundering & Forced Prostitution Scheme

CMS Announces New Medicare Provider Ombudsman

Comment By 1/8 on Guidance for Industry on Expedited Programs for Serious Conditions– Drugs and Biologics

Time To Tighten Business Travel Policies

DOL Spending Reports Required As Taxpayer Tool Need Improvement

Check & Protect Health & Other Electronic Systems & Data Against New Security Threat

Success 2018

April 1 New Deadline To Update Benefit Plan Disability Determination Claims & Appeals Procedures; Hear More on 1/26

Arizona Proposal To Ban Sexual Harassment Confidentiality Agreements Sign Of Growing Employer Risks

$23M Penalty Small Part of 21st Century’s Data Breach Fallout; Offers Data Breach Lessons For Other Businesses

Take Care of Your Good People

Read Tax Cuts and Jobs Act Conference Report For Tax Reform From Source

Check How IRS 2018 Retirement & Saving Plan Limits and Amounts Cost Of Living Adjustments Impact Your HR & Retirement Plan Administration & Planning

Confirm Your Benefit Plans Ready For New Disability Determination Rules on 1/1/18

Individual Accountability For Performance Matters

Give NLRB Your Input On Union Representation Election Regulations

IRS Prepares To Nail Employers Under Obamacare Mandate While Giving Some Individual Mandate Relief

HHS Picks Hargan As Acting HHS Secretary

OCR Gives Health Care Providers, Other Covered Entities Post-Las Vegas Shooting HIPAA Medical Privacy Guidance On Disclosures To Family, Media & Others For Notification & Other Purposes

RAISE Act Immigration Visa, Visa Holder Public Benefit Limits Create Potential Health Industry Concerns

SCOTUS Bars State Law Restrictions On Health, Other Arbitration Agreement Enforceability

Health Care, Health Plan & Other Health IT Systems Warned of E-Mail Cyber Attack

$2.4M HIPAA Settlement Warns Providers About Media Disclosures Of P HI

CardioNet $2.5M HIPAA Resolution Agreement Schools HIPAA Entities To Clean Up Their Acts

Medical Clinic HIPAA Resolution Agreement Shows Need For Current Business Associate Agreements

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Leave a Comment » | Academic medicine, Accreditation, Affordable Care Act, Ambulatory care, Anethesiology, billing, Conditions of Participation, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Medical Records, Evidence Based Medicine, false claims act, Health Care, Health care coding, Health Care Fraud, Health Care Provider, Health Care Quality, health care reimbursement, Health Plan, Health Plans, healthcare, HHS, Home Health, home health, Hospice, Hospital, hospitals, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, managed care, Meaningful Use, Medicare Advantage, Medicare Fee Schedule, Outcomes Data, Physician, quality reporting, quality repoting, Reimbursement, Rural Health Care, Skilled Nursing Facility, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

HIPAA Lessons Every Health Plan, Health Care Provider & Business Associate Should Learn From Bankrupt FileFax’s HIPAA Settlement

February 16, 2018

Health care providers, health plans and insurers, health care clearinghouses (Covered Entities) and their business associates within the meaning of the Health Insurance Portability & Accountability Act (HIPAA) should heed the warnings contained in the new Resolution Agreement (FileFax Resolution Agreement) with former HIPAA business associate FileFax, Inc. announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) about their own need to ensure that they and their business associates comply with HIPAA’s business associate and other Privacy, Security, Breach Notification rules as well as the advisability of tightening up their risk management and oversight of business associates that handle protected health information (PHI).

Significant for business associates as what appears to be the first announced resolution agreement with a business associate directly charged by OCR with violating HIPAA and the second resolution agreement pursued and reached with a HIPAA-regulated entity in bankruptcy, the FileFax, Inc. Resolution Agreement OCR announced February 13, 2018 also contains critical lessons for Covered Entities about their dealings with their own business associates when read in conjunction with the April, 2017 resolution agreement the Center for Children’s Digestive Health (CCDH) agreed to resolve OCR charges CCDC, as a Covered Entity, violated HIPAA by allowing FileFax, Inc. to act as its business associate without adequately complying with HIPAA’s business associate requirements.

With widespread media coverage over large scale breaches of health care and other sensitive information placing further pressure upon OCR and other governmental agencies to act to protect Americans’ privacy and data fueling even greater demands for OCR and other agencies to take meaningful action to enforce HIPAA and other privacy and data security requirements, health plans, health care providers, health care clearinghouses (Covered Entities) and their business associates can expect OCR and other agencies to continue to turn up the heat on investigation and enforcement of HIPAA compliance.

In the face of these developments, Covered Entities, their business associates and those responsible for their leadership and operations need to recognize and take the necessary steps both effectively to manage their own HIPAA compliance and risk management as well as to anticipate and make provision to deal with the likelihood that they may face HIPAA responsibilities, exposures and other fallout from their own or another business partner’s breach of PHI or other sensitive data or other HIPAA violations, bankruptcy or other business distress, or other compliance or business event.

HIPAA Privacy, Security & Breach Notification Rule Responsibilities & Risks

The Privacy Rule requires that Covered Entities and their vendors that qualify as “business associates” under HIPAA comply with detailed requirements concerning the protection, use, access, destruction and disclosure of PHI. As part of these requirements, Covered Entities and their business associates must adopt, administer and enforce detailed policies and practices, assess, monitor and maintain the security of electronic protected health information (ePHI) and other protected health information, provide notices of privacy practices and breaches of “unsecured” ePHI, afford individuals that are the subject of protected health information certain rights and comply with other requirements as specified by the Privacy, Security and Breach Notification Rules. In addition, Covered Entities and business associates also must enter into a written and signed business associate agreement that contains the elements specified in Privacy Rule § 164.504(e) before the business associate creates, uses, accesses or discloses PHI of the Covered Entity. Furthermore, the Privacy Rule includes extensive documentation and keeping requirements require that Covered Entities and BAs maintain copies of these BAAs for a minimum of six years and to provide that documentation to OCR upon demand.

Violations of the Privacy Rule can carry stiff civil monetary penalties or even criminal penalties. Pursuant to amendments to HIPAA enacted as part of the HITECH Act, civil penalties typically do not apply to violations punished under the criminal penalty rules of HIPAA set forth in Social Security Act , 42 U.S.C § 1320d-6 (Section 1177).

Resolution Agreements the just announced FileFax Resolution Agreement allow Covered Entities and business associates to resolve potentially substantially larger civil monetary penalty liabilities that OCR can impose under the civil enforcement provisions of HIPAA for HIPAA violations through a negotiated settlement process. As amended by the HITECH Act, the civil enforcement provisions of HIPAA empower OCR to impose Civil Monetary Penalties on both Covered Entities and BAs for violations of any of the requirements of the Privacy or Security Rules. The penalty ranges for civil violations depends upon the circumstances associated with the violations and are subject to upward adjustment for inflation. As most recently adjusted here effective September 6, 2016, the following currently are the progressively increasing Civil Monetary Penalty tiers:

A minimum penalty of $100 and a maximum penalty of $50,000 per violation, for violations which the CE or BA “did not know, and by exercising reasonable diligence would not have known” about using “the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances;”
A minimum penalty of $1,000 and a maximum penalty of $50,000 per violation, for violations for “reasonable cause” which do not rise to the level of “willful neglect” where “reasonable cause” means the “circumstances that would make it unreasonable for the Covered Entity, despite the exercise of ordinary business care and prudence, to comply with the violated Privacy Rule requirement;”
A minimum penalty of $10,000 and a maximum penalty of $50,000 per violation, for violations attributed to “willful neglect,” defined as “the conscious, intentional failure or reckless indifference to the obligation to comply” with the requirement or prohibition; and
A minimum penalty of $50,000 and a maximum penalty of $1.5 million per violation, for violations attributed to “willful neglect” not remedied within 30 days of the date that the Covered Entity or BA knew or should have known of the violation.

For continuing violations such as failing to implement a required BAA, OCR can treat each day of noncompliance as a separate violation. However, sanctions under each of these tiers generally are subject to a maximum penalty of $1,500,000 for violations of identical requirements or prohibitions during a calendar year. For violations such as the failure to implement and maintain a required BAA where more than one Covered Entity bears responsibility for the violation, OCR an impose Civil Monetary Penalties against each culpable party. OCR considers a variety of mitigating and aggravating facts and circumstances when arriving at the amount of the penalty within each of these applicable tiers to impose.

In addition to these potential civil liability exposures, Covered Entities, their business associates and other individuals or organizations that wrongfully use, access or disclose electronic or other protected health information also can face civil liability under various circumstances. The criminal enforcement provisions of HIPAA authorize the Justice Department to prosecute a person who knowingly in violation of the Privacy Rule (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, punishable by the following criminal sanctions and penalties:

A fine of up to $50,000, imprisoned not more than 1 year, or both;
If the offense is committed under false pretenses, a fine of up to $100,000, imprisonment of not more than 5 years, or both; and
If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of up to $250,000, imprisoned not more than 10 years, or both.

Because HIPAA Privacy Rule criminal violations are Class A Misdemeanors or felonies, Covered Entities and business associates should include HIPAA compliance in their Federal Sentencing Guideline Compliance Programs and practices and need to be concerned both about criminal exposure for their own direct violations, as well as imputed organizational liability for violations committed by their employees or agents under the Federal Sentencing Guidelines, particularly where their failure to implement or administer these required compliance policies and practices or failure to properly investigate or redress potential violations enables, perpetuates or covers up the criminal breach.

FileFax, Inc. Breach & Resolution Agreement

While Congress amended the Civil Monetary Penalty provisions of HIPAA enforced by OCR to make many of the requirements and Civil Monetary Penalty sanctions of HIPAA directly enforceable by OCR against business associates as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, the FileFax Resolution Agreement appears to be the first HIPAA resolution agreement with a business associate announced by OCR.

Indeed, OCR’s enforcement action that resulted in the FileFax Resolution Agreement would never have occurred had FileFax, Inc. not become involved in handling medical records containing PHI in the capacity of a business associate for Covered Entities.

Before filing for bankruptcy in 2016, FileFax, Inc. advertised it provided HIPAA-compliant storage, maintenance, and delivery of medical records for HIPAA Covered Entities including Illinois based health care provider CCDC, which entered into a resolution agreement with OCR in April, 2017 to resolve OCR charges that it violated HIPAA by allowing FileFax, Inc. to handle PHI without fulfilling HIPAA’s business associate agreement requirements.

Like the CCDC Resolution Agreement, the FileFax, Inc. Resolution Agreement resulted from an investigation of FileFax, Inc. that OCR began in response to a February 10, 2015 anonymous complaint filed with OCR about FileFax, Inc. about deficiencies in its delivery of these HIPAA services in its capacity as a business associate to Covered Entities. The complaint to OCR alleged that FileFax, Inc. violated these requirements because an individual transported medical records obtained from FileFax, Inc. to a shredding and recycling facility to sell on February 6 and 9, 2015.

OCR’s investigation of the complaint against FileFax, Inc. confirmed that an individual had left medical records of approximately 2,150 patients at the shredding and recycling facility, and that these medical records contained patients’ PHI. OCR’s investigation additionally found that between January 28, 2015, and February 14, 2015, FileFax, Inc. impermissibly disclosed the PHI of 2,150 individuals by leaving the PHI in an unlocked truck in the FileFax, Inc. parking lot, or by granting permission to an unauthorized person to remove the PHI from FileFax, Inc. and leaving the PHI unsecured outside the FileFax, Inc. facility.

After OCR commenced its investigation of the complaint, FileFax, Inc. was placed into bankruptcy and a receiver was appointed to liquidate FileFax, Inc.’s assets for distribution to creditors and others in 2016. Despite the bankruptcy, OCR continued to pursue enforcement against FileFax, Inc. for the HIPAA violations it found through its investigation. On February 13, 2018, OCR announced that that the receiver on behalf of FileFax, Inc. had agreed in the FileFax Resolution Agreement to pay a $100,000 monetary settlement out of the bankruptcy estate and to arrange to properly store and dispose of remaining medical records found at FileFax, Inc.’s facility in compliance with HIPAA to resolve OCR’s HIPAA charges against FileFax, Inc.

OCR Previously Sanctioned Covered Entity For Involvement With FileFax, Inc.

Beyond affirming the exposure business associates to OCR civil monetary penalties or other enforcement for violating HIPAA, the FileFax Resolution Agreement in conjunction with OCR’s previously announced April 20, 2017 resolution agreement (CCDC Resolution Agreement) with CCDC also demonstrates the need for Covered Entities to recognize that their organizations are likely to face HIPAA investigations or enforcement from HIPAA violations by or OCR audits or investigations of the conduct of their business associates.

In fact, this is exactly what happened to CCDC. A small, Illinois based Covered Entity, CCDC used FileFax, Inc. to store and dispose of medical records. As a consequence of the FileFax, Inc. investigation, OCR conducted a compliance review of CCDC. OCR reports that its compliance review revealed that while CCDC had disclosed to and allowed FileFax, Inc. to store records containing PHI for CCDC since in 2003, neither party could produce a signed business associate agreement (BAA) prior to October 12, 2015. As a consequence, OCR charged CCDC with violating HIPAA by disclosing PHI to FileFax, Inc. in violation of HIPAA’s business associate requirements.

To resolve its exposure to potentially much greater civil monetary penalties associated with this charge, CCDC agreed under the CCDC Resolution Agreement to pay OCR a $31,000 resolution payment and take a variety of corrective actions. Beyond requiring CCDC to implement and maintain written business associate agreements before allowing business associates to possess or access PHI, the corrective action plan imposed as part of the CCDC Resolution Agreement also expressly requires CCDC to promptly investigate information of a possible violation of its HIPAA policies and procedures by a “workforce member,” which the Privacy Rule defines to include a business associate, and if the investigation reveals a violation, to report the violation and corrective action taken to OCR.

OCR Enforces HIPAA Against Covered Entities & Business Associates In Bankruptcy

OCR’s announcement of the FileFax Resolution Agreement also is significant in its reaffirmation of OCR to its commitment to HIPAA enforcement, even if the HIPAA-violating Covered Entity or business associate goes bankruptcy.

OCR’s enforcement action against FileFax, Inc. despite its bankruptcy and its successful negotiation of the FileFax Resolution Agreement within the bankruptcy should alert Covered Entities and business associates that OCR does not consider the bankruptcy of a Covered Entity or business associate as an obstacle to OCR enforcement against Covered Entities or business associates that violate HIPAA. The seriousness of OCR’s commitment to enforcement, even in the face of bankruptcy is driven home by its announcement of the FileFax Resolution Agreement on the heels of its December, 2017 announcement of its first OCR HIPAA resolution agreement secured with the formal approval of a bankruptcy court, a resolution agreement (21CO Resolution Agreement) against bankrupt health care provider, 21CO.

Secured with bankruptcy court approval, the 21CO Resolution Agreement resolved potentially much larger civil monetary penalties that the Fort Myers, Florida based provider of cancer care services and radiation oncology could have faced for alleged HIPAA breaches OCR charged it committed in connection with its failure to adequately act to prevent and respond to hacking and misappropriation of records containing sensitive electronic protected health information (ePHI) of up to 2,213597 individuals.

The OCR charges against 21CO arose from an OCR investigation commenced after the Federal Bureau of Investigation (FBI) notified 21CO on November 13, 2015 and a second time on December 13, 2015 than unauthorized third party illegally obtained 21CO sensitive patient information and produced 21CO patient files purchased by a FBI informant. As part of its internal investigation, 21CO hired a third party forensic auditing firm in November 2015. 21CO determined that the attacker may have accessed 21CO’s network SQL database as early as October 3, 2015, through Remote Desktop Protocol from an Exchange Server within 21CO’s network. 21CO determined that it is possible that 2,213,597 individuals may have been affected by the impermissible access to their names, social security numbers, physicians’ names, diagnoses, treatment and insurance information.

Although it knew of the breaches in November and December, 2015, 21CO waited more than three months after the FBI notified it of the breaches before it sent HIPAA or other breach notifications about the data breach to patients or notified investors in March, 2016. Its March 4, 2016 Securities and Exchange Commission 8-K on Data Security Incident (Breach 8-K) states 21CO delayed notification at the request of the FBI to avoid interfering in the criminal investigation of the breach.

When announcing the breach, 21CO provided all individuals affected by the breach with a free one-year subscription to the Experian ProtectMyID fraud protection service. At that time, 21CO said it had no evidence that any patient information actually had been misused. However some victims of the breach subsequently have claimed being victimized by a variety of scams since the breach in news reports and lawsuits about the breach.

At the time of the breach and its March 4, 2016 announcement of the breach, 21CO already was working to resolve other compliance issues. On December 16, 2015, 21CO announced that a 21CO subsidiary had agreed to pay $19.75 million to the United States and $528,000 in attorneys’ fees and costs and comply with a corporate integrity agreement related to a qui tam action in which it was accused of making false claims to Medicare and other federal health programs. See 21CO 8-K Re: Entry into a Material Definitive Agreement (December 22, 2015). Among other things, the corporate integrity agreement required by that settlement required 21CO to appoint a compliance officer and take other steps to maintain compliance with federal health care laws. In addition, five days after releasing the March 4, 2017 Breach 8-K, 21CO notified investors that its subsidiary, 21st Century Oncology, Inc. (“21C”), had agreed to pay $37.4 million to settle health care fraud law charges relating to billing and other protocols of certain staff in the utilization of state-of-the-art radiation dose calculation system used by radiation oncologists called GAMMA. See 21CO 8-K Re: GAMMA Settlement March 9, 2016 ; See also United States Settles False Claims Act Allegations Against 21st Century Oncology for $34.7 Million.

Based on OCR’s subsequent investigation into these breaches, OCR found:

21CO impermissibly disclosed certain PHI of 2,213,597 of its patients in violation of 45 C.F.R. § 164.502(a);
21CO failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic protected health information (ePHI) held by 21CO in violation of 45 C.F.R. § 164.308(a)(1)(ii)(A);
21CO failed to implement certain security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 45 C.F.R. § 164.306(A) in violation of 45 C.F.R. § 164.308(a)(1)(ii)(B);
21CO failed to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports as required by 45 C.F.R. §164.308(a)(1)(ii)(D);
21CO disclosed protected health information to a third party vendors, acting as its business associates, without obtaining satisfactory assurances in the form of a written business associate agreement in violation of HIPAA’s business associate rule requirements under 45 C.F.R. §§ 164.502(e) and 164.308(b)(3).

In return for OCR’s agreement not to further pursue charges or penalties relating to the breach investigation, the Resolution Agreement entered into with the approval of the Bankruptcy Court requires that 21CO pay OCR a $2.3 million Resolution Amount and implement to OCR’s satisfaction a corrective action plan that among other things requires that 21CO complete a detailed series of corrective actions to the satisfaction of OCR.

In addition to the OCR investigation that lead to the 21CO Resolution Agreement announced by OCR on December 28, 2017, 21CO experienced other fallout following its March 4, 2016 public disclosure of the breach. Not surprisingly, the breach notification led to a multitude of class-action civil lawsuits by breach victims and shareholders. See, e.g., 16 Data Breach Class Action Lawsuits Filed Against 21st Century Oncology Consolidated; 21st Century Oncology data breach prompts multiple lawsuits. Reports of spoofing and other misleading contacts made to 21CO patients following the breach prompted the Federal Trade Commission (FTC) to issue a specific notice alerting victims about potential false breach notifications and other misleading contacts. See April 4, 2016 FTC Announcement Re: 21st Century Oncology breach exposes patients’ info.

These and other developments also had significant consequences on 21CO’s financial status and leadership. By March 31, 2015, 21CO notified the SEC and investors that it needed added time to complete its financial statements. Subsequent SEC filings document its restatement of financial statements, the departure of board members and other leaders, default on credit terms, and ultimately its filing for Chapter 11 bankruptcy protection in the United States Bankruptcy Court for the Southern District of New York on May 25, 2017.

Because 21CO sought bankruptcy court protection from the fallout of its HIPAA breaches and other compliance and business issues, the 21CO Resolution Agreement required bankruptcy court approval. Funds for payment of the required $2.3 million resolution payment and other charges associated with the investigation apparently are being provided in part from breach liability insurance coverage provided under a policy issued by Beazley Insurance, as the Bankruptcy Court order directs Beazley Breach Response Policy No. W140E2150301 to make immediate payment to the OCR of the resolution amount and the payment of fees incurred by 21CO in connection with regulatory defense issues.

HIPAA & Data Breach Enforcement & Other Risks Growing

Covered Entities, their business associates, their leaders, investors and members of their workforce need to recognize that the FileFax, CCDC, 21CO and other resolution agreements are part of a growing trend, rather than isolated incidents of enforcement and that their exposure to investigation and enforcement is likely to continue to rise in the face of growing public and Congressional concern about privacy and data security.

While civil monetary penalty enforcement remains much more common than criminal prosecution, Covered Entities, their business associates and members of their workforce must understand that HIPAA enforcement and resulting liability is growing and that this trend is likely to continue if not increase.

While Department of Justice federal criminal prosecutions and convictions under HIPAA remain relatively rare, they occur and are growing. See e.g., Former Hospital Employee Sentenced for HIPAA Violations (Texas man sentenced to 18 months in federal prison for obtaining protected health information with the intent to use it for personal gain); Three Life Sentences Imposed On Man Following Convictions For Drug Trafficking, Kidnapping, Using Firearms and HIPAA Violations (drug king pin gets multiple 10 year consecutive prison terms for unauthorized access to private health information in violation of HIPAA; his health care worker friend sentenced for accessing electronic medical files and reporting information to him); Former Therapist Charged In HIPAA Case; Hefty Prison Sentence in ID Theft Case (former assisted living facility worker gets 37 months in prison after pleading guilty to wrongful disclosure of HIPAA protected information and other charges); Hefty Prison Sentence in ID Theft Case (former medical supply company owner sentenced to 12 years for HIPAA violations and fraud). While the harshest sentences tend to be associated with health care fraud or other criminal conduct, lighter criminal sentences are imposed against defendants in other cases as well. See e.g., Sentencing In S.C. Medicaid Breach Case (former South Carolina state employee sentenced to three years’ probation, plus community service, for sending personal information about more than 228,000 Medicaid recipients to his personal e-mail account.); HIPAA Violation Leads To Prison Term (former UCLA Healthcare System surgeon gets four months in prison after admitting he illegally read private electronic medical records of celebrities and others.)

While criminal enforcement of HIPAA remains relatively rare and OCR to date only actually has assessed HIPAA civil monetary penalties against certain Covered Entities for violating HIPAA in a couple isolated instances, the growing list of multi-million dollar resolution payments against Covered Entities and with the FileFax Resolution Agreement announcement, now also business associates for violating HIPAA make clear that HIPAA enforcement is both meaningful and growing. See e.g., Learn From Children’s New $3.2M+ HIPAA CMP For “Knowing” Violation of HIPAA Security Rules ($3.2 million Children’s Medical Center HIPAA Civil Monetary Penalty); 1st HIPAA Privacy Civil Penalty of $4.3 Million Signals CMS Serious About HIPAA Enforcement; $400K HIPAA Settlement Shows Need To Conduct Timely & Appropriate Risk Assessments; $5.5M Memorial HIPAA Resolution Agreement Shows Need To Audit. For more examples, also see here.

The experiences of FileFax, Inc., CCDC, 21CO and these other OCR HIPAA Resolution Agreements provide strong evidence that that health plans and other Covered Entities and their business associates can anticipate that OCR will continue to zealously investigate HIPAA breaches and other HIPAA violations. Aside from OCR’s recurrent affirmations of its commitment to HIPAA enforcement, Covered Entities, their business associates and their leaders must recognize that public and Congressional privacy and data security concerns fueled by the ever growing stream of massive data breaches at Alteryx, eBay, Paypal owner TIO Networks, Uber, Equifax and a long list of other previously trusted prominent businesses are creating additional pressure upon OCR and other agencies to pursue even stronger and more aggressive HIPAA oversight and enforcement. Amid this growing concern, OCR, the FTC and other federal and state agencies with regulatory or enforcement authority over HIPAA or other data security and privacy concerns face increasing scrutiny and pressure to take meaningful action to regulate and enforce HIPAA and other laws intended to protect sensitive data even as private litigants enjoy increasing success in obtaining civil judgments from damages resulting from breaches of their PHI or other sensitive personal information using an expanding arsenal of legal theories of recovery. In the face of these growing concerns about privacy and data security, OCR can be expected to continue, if not increase its HIPAA compliance enforcement and oversight by OCR.

Furthermore, the experiences of FileFax, Inc., 21CO, CCDC and other Covered Entities and business associates that already have become the subject of OCR investigation or enforcement also reflect that HIPAA resolution payments or penalties paid to OCR and other costs and expenses associated with the defense and resolution of OCR’s investigations and enforcement actions typically only a portion of the financial and other business consequences that Covered Entities or business associates might expect to incur as a consequence of a breach of PHI or other substantial HIPAA violation or charge.

Beyond their potential HIPAA enforcement exposures following a HIPAA covered data breach or other violation, health care or other Covered Entities and members of their workforce experiencing breaches of ePHI or other PHI often also face FTC or other government investigations and enforcement relating their data breaches under the Fair and Accurate Credit Transactions Act (FACTA) and other federal or state identity theft, data privacy and security, electronic crimes and other laws. They or members of their workforce may face licensing board, credentialing, accreditation, contractual or other investigations or sanctions. Victims, business partners, investors and others often bring civil litigation to address losses or other injures associated with the breach or other misconduct. In addition, losses and disruptions in patients, plan member, vendor, investor, employee, management and other business relationships, and other business disruptions also are common.

Where the breach of other HIPAA violation involves a health plan, health plans, their fiduciaries and sponsors also need to give due consideration to the implications and exposures that might arise under the fiduciary responsibility rules of the Employee Retirement Income Security Act (ERISA). Beyond the direct exposure of their health plan to HIPAA and other compliance liabilities, health plan fiduciaries generally will want to consider whether their fiduciary responsibility under ERISA requires that prudent or other steps be taken to safeguard health plan information and maintain and administer their health plan in accordance with HIPAA and other laws. As a consequence, fiduciaries generally will want to ensure that they take and document prudent steps to evaluate, monitor and address HIPAA and other privacy and data security safeguards to minimize not only the liability exposures of their health plans, but also to help mitigate their own potential personal liability exposures that could arise or be asserted in response to a HIPAA breach or other HIPAA violation involving their health plans.

In the face of these growing risks and liabilities, Covered Entities and their business leaders face a strong imperative to clean up and maintain their HIPAA compliance and other data security to minimize their exposure to similar consequences. In addition to reaffirming the need for Covered Entities and their business associates to take the necessary steps to maintain and effectively demonstrate the adequacy of their own HIPAA compliance, the CCDC and FileFax Resolution Agreements alert Covered Entities and business associates of the advisability of greater oversight and risk management of their dealings and relationships with the other Covered Entities and business associates with access to or involvement with their PHI or other critical functions.

In light of these rises, leaders, investors, insurers, lenders and others involved with Covered Entities and their business associates should take steps to verify that the Covered Entities and their business associates not only maintain compliance with HIPAA and its business associate and other privacy, data security and breach notification and response requirements, but also maintain appropriate practices, insurance and other safeguards to prevent, respond to and mitigate exposures in the event of a breach of protected health information or other sensitive data. The bankruptcies and other financial and business fallout of HIPAA or other data breaches experienced by FileFax, Inc. 21CO and other HIPAA-covered and non-HIPAA regulated entities also makes clear that Covered Entities and business associates should anticipate that their own fallout from a breach or other HIPAA event and resulting responsibilities and consequences could be impacted by their own or a business associate’s financial distress or bankruptcy. Beyond the risk that their own or another entity’s breach, compliance issues, or other financial or business issues could trigger breach investigation, notice or other responsibilities for their own organizations, Covered Entities, business associates and their leaders also should evaluate and revise their HIPAA risk assessments and security plans to address foreseeable threats to the availability, access, retention and security of PHI and associated records and systems.

The Bankruptcy Court’s order to 21CO’s cyber liability insurer to pay the resolution payment required under the 21CO Resolution Agreement and other costs of investigation and defense also strongly suggests that the purchase of insurance and other arrangements for funding costs of defense or settlement should be included in these evaluations.

As part of these efforts, Covered Entities and their business associates should ensure that they have conducted, and maintain and are ready to produce appropriate policies and procedures backed up by a well-documented, up-to-date industry wide risk assessment of their organization’s susceptibility to breaches or other misuse of electronic or other protected health information. The starting point of these efforts should be to adopt and enforce updated written policies, procedures, technical and physical safeguards, processes and training to prevent the improper use, access, destruction or disclosure of patient PHI. Processes also should create, retain and be designed to cost effectively track, capture, and retain both all protected health information, its use, access, protection, destruction and disclosure, and the requisite supportive documentation supporting the appropriateness of those action to position the organization cost-effectively and quickly to fulfill required accounting, reporting and other needs in the event of a data breach, audit, participant inquiry or other event.

As part of this process, Covered Entities and business associates should maintain strong and ongoing processes for assessing and monitoring the adequacy of their policies and practices. In addition to ensuring that their organization has a comprehensive risk management and compliance assessment, Covered Entities and business associates need to conduct documented periodic audits and spot HIPAA audits and assessments. In doing so, they must use care to look outside the four corners of their Privacy Policies and core operating systems to ensure that their policies, practices, oversight and training address all protected health information within their operations on an entity wide basis. This entity-wide assessment should include communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer.

In connection with these efforts, the enforcement actions make clear that Covered Entities and business associates should adopt, implement and monitor PHI privacy, and security on an entity wide basis. These efforts should include general policies, practices and procedures as well as specifically tailored policies, processes and training to protect PHI and preserve HIPAA compliance throughout their organization. Testing and analysis should be conducted on a regular basis. Documented reassessments and testing should be performed in response to software, hardware or other changes or events that could impact security or other operations. Beyond security, attention also should cover business or system interruption including losses that might occur from the bankruptcy, termination of business or other disruptions of business associates or other parties. Attention should be paid both to protecting access and use of PHI and ePHI in the course of business as well as the transmission, transport, storage and destruction of records or systems containing such information.

Careful attention should be devoted to ensuring that business associate agreements as well and other processes provide for HIPAA compliance with respect to all PHI created, used, accessed or disclosed to business associates or others not part of their direct workforce or operating outside the core boundaries of their facilities.

Covered entities and their business associates also must recognize and design their compliance efforts and documentation recognizing that HIPAA compliance is a living process, which require both constant diligence about changes in systems or other events that may require reevaluation or adjustments, whether from changes in software, systems or processes or external threats.

Because the cost of responding to and investigating breaches or other compliance concern can be quite burdensome, Covered Entities and their business associates also generally will want to pursue options to plan for and minimize potential expenses in the design and administration of their programs as well as to minimize and cover the potentially extraordinary costs of breach or other compliance investigation and results that commonly arise following a breach or other compliance event. As a part of this planning, Covered Entities and their business associates also generally will want to add consideration of changes to federal tax rules on the deductibility of compliance penalty and other related compliance expenditures.

While the Internal Revenue Code traditionally has prohibited businesses and individuals from deducting penalties, fines and other expenditures arising from violations of federal or state laws under Section 162(f) of the Internal Revenue Code, Section 13306 of the Tax Cuts and Jobs Creation Act creates a new exception for amounts (other than amounts paid or incurred any amount paid or incurred as reimbursement to the government or entity for the costs of any investigation or litigation) that a taxpayer establishes meet the following requirements:

Constitute restitution (including remediation of property) for damage or harm which was or may be caused by the violation of any law or the potential violation of any law, or
Are paid to come into compliance with any law which was violated or otherwise involved in the investigation or inquiry into a violation or potential violation of any law;
Are identified as restitution or as an amount paid to come into compliance with such law, as the case may be, in the court order or settlement agreement, and
In the case of any amount of restitution for failure to pay any tax imposed under this title in the same manner as if such amount were such tax, would have been allowed as a deduction under this chapter if it had been timely paid.

Because the true effect of these modifications will be impacted by implementing regulations and a number of other special conditions and rules may impact the deductibility of these payments and the reporting obligations attached to their payment, Covered Entities will want to consult with legal counsel about these rules and monitor their implementation to understand their potential implications on compliance expenditures and penalties.

About The Author

Ms. Stamer also has an extensive contributes her leadership and insights with other professionals, industry leaders and lawmakers. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here. For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here including:

Leave a Comment » | Academic medicine, Ambulatory care, Anethesiology, Centers For Disease Control, Childrens Health Insurance Program, Civil Rights, Conditions of Participation, Corporate Compliance, Cyber crime, data breach, data security, Doctor, E-Prescribing, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, ERISA, FACTA, Federal Health Center, Federal Sentencing Guidelines, Fiduciary Responsibility, Genetic Information, Health Care, Health care coding, Health Care Provider, health care reimbursement, Health Insurance Exchange, Health IT, Health Plan, Health Plans, Health Policy, healthcare, HHS, HIPAA, HIPAA Cyber Crime, home health, Hospital, Indian Health, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Joint Commission, Medical Privacy, Medical Records, Mental Health, Pharmaceudical, Pharmacy, Privacy, Public Policy, Technology, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Total Nurse Staffing

CMS Tightening LTC Assessments

Temporary Limited Exceptions

Implementation Deadlines

CMS Nursing Home Staffing Campaign

Begin Preparing Now

For Additional Information

About the Author

About Solutions Laws Press, Inc.™

IMPORTANT NOTICE

Share this:

Duty To Guard Against Malware

Green Ridge Ransomeware Breach

First Malware Settlement

Warning To All Covered Entities

For More Informational

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

For More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Proposed HHS Grants Rule Overview

For More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Biden Marijuanna Pardons

Potential Employer Challenges

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Banner Health Settlement

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

False Claims Act Liability Arising From Participation In Or Filing Claims Involving Improper Inducements

Gampel, Modern Vascular FCA Complaint

Warning To Other Heath Care Providers & Suppliers

For More Information

Other Helpful Resources & Information

Share this:

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

eCQMs As Measure of Health Care Quality

2022 eCQMs Updates

More Information

About the Author

About Solutions Law Press, Inc.™