Electronic Medical Records |

Southern States Collect Largest Share of $162 Million AARA Fund Meaningful Use Development Grants

March 16, 2010

By Cynthia Marcotte Stamer

Southern states are the big winners among the 16 states and qualified state designated entities (SDEs) to share in the approximately $162 Million in American Recovery and Reinvestment Act of 2009 (ARRA) fund grants to facilitate the development of health information exchange and advance health information technology (health IT) announced by the U.S. Department of Health and Human Services HHS today (March 15, 2010).

Drawn from the $2 billion in funding set aside in ARRA to promote widespread meaningful use of health IT and use of an electronic health record, the following health information exchange awards seek to facilitate to facilitate non-proprietary health information exchange that adheres to national standards widely perceived as critical to enabling care coordination and improving the quality and efficiency of health care.

The recipients and award amounts of the grants announced today are:

Texas Health and Human Services Commission, $28,810,208
Florida Agency of Health Care Administration, $20,738,582
New Jersey Health Care Facilities Financing Authority, $11,408,594
Louisiana Health Care Quality Forum, $10,583,000
State of Mississippi, $10,387,000
Indiana Health Information Technology, Inc., $10,300,000
The Maryland Department of Health and Mental Hygiene, $9,313,924
South Carolina Department of Health & Human Services, $9,576,408
Iowa Department of Public Health, $8,375,000
State of Connecticut Department of Public Health, $7,297,930
Nebraska Department of Administrative Services, $6,837,180
South Dakota Department of Health, $6,081,750
Idaho Health Data Exchange, $5,940,500
State of North Dakota, Information Technology Department, $5,343,733
State of Alaska, $4,963,063

Additional information about the state HIE program may be found here. Other information about other health IT programs funded through ARRA generally can be found at here.

For Assistance With This Opportunity Or Other Health Industry Concerns

If your organization needs advice or assistance with commenting on the AHRO proposal or to respond to other health care quality or other health care matters, consider contacting the author of this article, Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail here.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 22 years experience advising health industry clients about these and other matters. A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

We hope that this information is useful to you. If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Edwin J. Tomko at (214) 270-1405 or another Curran Tomko Tarski LLP Partner of your choice. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters.

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to cstamer@cttlegal.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

Leave a Comment » | ARRA, ARRA Funding, Consumer Driven Health Care, Doctor, Electronic Health Records, Electronic Medical Records, Health Care, Health Care Reform, Health IT, Health Policy, HIPAA, HITECH Act, Hospital, Meaningful Use, Physician, Public Policy, Reimbursement, Technology, Telemedicine | Tagged: ARRA, Doctor, Health Care, Health Care Policy, Health Care Provider, Health Care Reform, Health Care Reimbursement, Health Policy, HHS, Hospital, Physician, Physicians, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

Senate Finance Committee Releases Statutory Language of America’s Healthy Future Act To Present To Full Senate

October 22, 2009

Americans finally have a chance to read the actual statutory language of the painfully negotiated package of proposed health care reforms that the Senate Finance Committee proposes for adoption. The Senate Finance Committee leadership finally finished drafting has posted the 1506 page long text of the proposed statutory language of the health care reform provisions of the “America’s Healthy Future Act” on its website here.

When the Senate Finance Committee vote passing the America’s Health Future Act, members of the Senate Finance Committee had not yet had the opportunity to review the actual statutory language to be proposed to implement the package of heatlh care reforms painfully hashed out in their committee. As the actual statutory language had not been completed at the time a majority of the Democrats and one Republican Senator serving on the Senate Finance Committee voted to send the legislation to the the full Senate, the vote actually was taken based on a narative description of the intended reforms set forth in a revised draft of the “Chairman’s Mark” of the legislation. Since that time Senate Finance Committee Chairman Max Baucus and other key Democrat Senators on the Senate Finance Committee have worked behind closed doors to prepare the actual statutory language to be presented to the full Senate.

As proposed, the America’s Healthy Future Act would require sweeping changes to the U.S. health care systems that if adopted will radically impact the roles and responsibilities of every patient, health care provider, health care payor, employer and other American. Because of the potential implications on the way health care is financed, delivered and administered and the projections that the legislation will cost approximately $1 Trillion, all parties are urged to carefully review the complex and lengthy legislation to gain an understanding of the legislation and to act quickly to make any concerns known to elected leaders in Congress.

For More Information

We hope that this information is useful to you. If you need assistance with these or other health care public policy, regulatory, compliance, risk management, workforce and other staffing, transactional or operational concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters. You can review other recent health care and related resources and additional information about the health industry and other experience of Ms. Stamer here.

Leave a Comment » | America's Healthy Futures Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Consumer Driven Health Care, Doctor, Electronic Medical Records, Employer, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Insurance Exchange, Health IT, Health Plan, Health Plans, Hospital, Indian Health, Inpatient Rehabilitation Facility, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Mental Heatlh, OIG, Physician, Prescription Drugs, Reimbursement, Rural Health Care | Permalink
Posted by Cynthia Marcotte Stamer

North Texas Healthcare Compliance Professional Association To Meet At Texas Health Resources On October 13

September 29, 2009

NORTH TEXAS HEALTHCARE COMPLIANCE PROFESSIONAL ASSOCIATION

October 13, 2009 Meeting Reminder

2:00 – 4:00 p.m. at the Texas Health Resources Pavilion

North Texas Health Care Compliance Professional Association’s October 13, 2009 Meeting will feature a participatory Health Care Compliance Roundtable Discussion of Hot Topics moderated by the Erma E. Lee, JPS Health Network District Compliance Officer and NTPCA President on Tuesday, October 13, 2009 from 2:00 – 4:00 p.m at the Texas Health Resources Pavilion located at 612 E. Lamar Blvd., Arlington, TX. Topics to be discussed include:

HIPAA Data Breach, Red Flag & Other Evolving Privacy & Data Security Obligations & Risks
Office of Civil Rights Health Industry Disability & Other Civil Rights Enforcement
Tax-Exemption Issues Including Proposed Form 990 and Exemption Reforms In Health Care Reform
Health Care Fraud Enforcement
Other Hot Developments

Come catch up on these and other new developments and exchange thoughts and insights with other Health Care Compliance Professionals!

NTHCPA thanks Texas Health Resources for hosting this month’s meeting.

For additional information, please contact NTHCPA Vice-President Cynthia Marcotte Stamer at (214) 270-2402 or by e-mail at cstamer@solutionslawyer.net.

We look forward to seeing you there!

About the NTHCPA

NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles.

The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.

To register or update your registration or to receive notice of future meetings, e-mail here .

This communication may be considered a marketing communication for certain purposes. If you wish to update your e-mail for purposes of or would prefer not to receive future e-mail concerning meetings or other activities of the North Texas Healthcare Compliance Professionals Association or other marketing and promotional mailings from it, please send an email with the word “unsubscribe” in its subject heading to here.

Leave a Comment » | Anti-KickBack, ARRA, Disability Discrimination, Discrimination, Doctor, Electronic Health Records, Electronic Medical Records, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health IT, Health Policy, HIPAA, HITECH Act, Medicaid, Medicare, OCR, OIG, Physician, Privacy, Reimbursement, Tax, Tax-Exemption, Technology | Tagged: Data Security, Doctor, Events, false claims act, Form 990, Health Care, Health Care Compliance, Health Care Discrimination, Health Care Fraud, Health Care Policy, Health Care Reform, Health Care Reimbursement, Health Policy, HIPAA, HITECH Act, Hospital, North Texas Health Care Compliance Professionals Association, Physician, Red Flag Rules, Reimbursement, Tax-Exemption | Permalink
Posted by Cynthia Marcotte Stamer

HIT Committee To Meet October 14 In Washington, D.C.

September 29, 2009

The next meeting of the HIT Standards Committee of the Office of the National Coordinator for Health Information Technology (ONC) will be held on October 14, 2009, from 9 a.m. to 3 p.m./Eastern Time at the Omni Shoreham Hotel, 2500 Calvert Street, NW., Washington, DC. The hotel telephone number is 202-234-0700. Interested members of the public are invited to attend.

Created under the American Recovery and Reinvestment Act of 2009 (ARRA), the HIT Standards Committee is charged with making recommendations to the Office of National Coordinator for Health Information Technology (ONC) on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information consistent with the implementation of the Federal Health IT Strategic Plan, and in accordance with policies developed by the HIT Policy Committee. Even as Congress debates further reforms, the activities of the HIT Committee and other components of the ONC are key actors in the continuing efforts of the Obama Administration to promote health care efficiency by reengineering health care technology.

During a previous meeting on August 20, 2009, the HIT Committee finalized certain recommendations concerning meaningful use of electronic medical records, clinical quality, and privacy and security of protected health information, which are available for review here.

According to the ONC announcement regarding the upcoming meeting in today’s (September 29, 2009) Federal Register available here, the Committee plans during the meeting to:

Discuss reports from its Clinical Operations, Clinical Quality, and Privacy and Security Workgroups
Take testimony from invited experts in the field of security as it relates to health information technology

Interested persons may present data, information, or views, orally or in writing, on issues pending before the committee. Written submissions may be made to the contact person on or before October 6, 2009. Oral comments from the public will be scheduled between approximately 2:30 p.m. to 3 p.m. Time allotted for each presentation may be limited. If the number of speakers requesting to comment is greater than can be reasonably accommodated during the scheduled open public hearing session, ONC will take written comments after the meeting until close of business.

ONC hopes to make background material available to the public at least two (2) business days prior to the meeting. However, if ONC is unable to post the background material on its Web site before the meeting, it will make that material publicly available at the location of the advisory committee meeting, and post the background material on ONC’s web site after the meeting here.

The designated person to contact for additional information is Jonathan Ishee, Office of the National Coordinator, HHS, 200 Independence Ave, SW., Room 729-G, Washington, DC 20201, 202-205-8493, Fax: 202-690-6079, e-mail: jonathan.ishee@hhs.gov.

If you need assistance preparing or presenting comments to the HIT Standards Committee or with monitoring or responding to other health care IT, privacy and data security, regulatory, operational, public policy or other health care concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Chair and Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail at CStamer@CTTLegal.com.

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Solution Law Press Updates available online by clicking on the applicable article title below:

For More Information

We hope that this information is useful to you. If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters.

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here, registering to receive updates in blog form here or e-mailing this information to support@solutionslawyer.net.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

Leave a Comment » | ARRA, Doctor, Electronic Health Records, Electronic Medical Records, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Outcomes Data, Physician, Technology | Tagged: ARRA, Health Care, Health Care Policy, Health Care Provider, Health Care Reform, Health Care Reimbursement, Health Insurance, Health IT, Health Plans, Health Policy, Health Technology, HHS, HIPAA, Hospital, Identity Theft, Medicare, Medicare Part B, PBMs, Privacy, Public Policy, Reimbursement, Technology | Permalink
Posted by Cynthia Marcotte Stamer

DEA Seeks Comments on Standardization of Code Number For Institutionally Based Practitioners Dispensing Controlled Substances

September 9, 2009

Midnight on November 9, 2009 is the deadline to respond to request for comments of the Drug Enforcement Administration (DEA) on how best to standardize the specific internal code number associated with each individual practitioner permitted by the hospital or other institutional practitioner to administer, dispense, or prescribe controlled substances using that institution’s DEA registration.

DEA is soliciting public input in response to comments received to its Notice of Proposed Rulemaking “Electronic Prescriptions for Controlled Substances” regarding electronic prescriptions for controlled substances published on June 27, 2008, 73 FR 36722. In that Notice, DEA proposed:

That pharmacy applications receiving electronic prescriptions for controlled substances be capable of reading and retaining the full DEA registration number, including any extensions, or other identification numbers used under 21 CFR 1306.05(c).
That the full number including extensions must be retained in the prescription record.
That the pharmacy application must verify that the practitioner’s DEA registration was valid at the time the prescription was signed by checking the DEA CSA database or by having another entity check the DEA CSA database during transmission and indicate on the record that the check has occurred and the registration is valid.
That the pharmacy application must reject prescriptions signed by practitioners without valid DEA registrations.
Every person who dispenses controlled substances is required to obtain a DEA registration under the Comprehensive Drug Abuse Prevention and Control Act of 1970, often referred to as the Controlled Substances Act (CSA) and the Controlled Substances Import and Export Act (21 U.S.C. 801-971), (CSA).
An individual practitioner who is an agent or employee of a hospital or other institution registered with DEA may use the DEA registration of that hospital or other institution to administer, dispense, or prescribe controlled substances in accordance with the regulations (21 CFR 1301.22(c)). Specifically, an individual practitioner who is an agent or employee of a hospital or other institution may, when acting in the normal course of business or employment, administer, dispense, or prescribe controlled substances under the registration of the hospital or other institution which is registered in lieu of being registered himself if:
The dispensing, administering or prescribing is done in the usual course of his professional practice;
The individual practitioner is authorized or permitted to do so by the jurisdiction in which he is practicing;
The hospital or other institution by whom he is employed has verified that the individual practitioner is so permitted to dispense, administer, or prescribe drugs within the jurisdiction;
The individual practitioner is acting only within the scope of his employment in the hospital or institution;
The hospital or other institution authorizes the individual practitioner to administer, dispense or prescribe under the hospital registration and designates a specific internal code number for each individual practitioner so authorized consisting of numbers, letters, or a combination thereof and shall be a suffix to the institution’s DEA registration number, preceded by a hyphen; and
A current list of internal codes and the corresponding individual practitioners is kept by the hospital or other institution and is made available at all times to other registrants and law enforcement agencies upon request for the purpose of verifying the authority of the prescribing individual practitioner. See 21 CFR 1301.22(c).

In response to the comments on these proposed provisions, DEA has determined standardization of the internal code numbers assigned by institutional practitioners to the individual practitioners they permit to use their registration to administer, dispense, and prescribe controlled substances is essential for DEA to require pharmacy systems to retain this information.

Since this number has never been standardized, however, DEA anticipates that institutional practitioner registrants have established a variety of internal code number systems. Accordingly, DEA is soliciting information from the regulated industry and other interested members of the public regarding current methods used and how best to implement industry standardization in this area. Specifically, DEA seeks the following information:

Information regarding formats used by institutional practitioners when establishing internal code numbers for individual practitioners permitted to use the institution’s registration number;
Estimates of the number of individual practitioners using internal code numbers for identification purposes;
Estimates of the number of individual practitioners using internal code numbers for identification purposes in a particular institutional practitioner;
Estimates of costs to institutional practitioners if code numbers for individual practitioners were to be standardized and what changes would be associated with those costs;
Formats pharmacy applications could accommodate or would prefer, recognizing that pharmacy applications may need to be reprogrammed to accept this information;
Estimates of the costs to pharmacies and/or pharmacy application providers for such reprogramming;
Comments regarding whether pharmacies have had difficulty obtaining information from institutional practitioners regarding individual practitioners’ internal code numbers and, if so, any proposed solutions.

Persons wishing to address the above topics or provide other information relative to these proposed rules should submit their comments by Midnight on November 9, 2009 in accordance with the instructions contained in the Notice available for review here.

Register Now For Upcoming September Health Industry Update Programs

If you found this information of interest, you also may be interested in one of the following upcoming health industry programs to be presented by Ms. Stamer during September:

How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination — What You Should Be Doing To Be Prepared for the New, Stepped Up Enforcement Actions on September 10, 2009 hosted via teleconference by Health Resources Publishing
Health Information Security & Data Breach Under HITECH Act on September 17, 2009 hosted via teleconference by the Health Care Compliance Association

To register or for other details about these and other upcoming programs and presentations by Ms. Stamer and other Curran Tomko Tarski members, see here.

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Health Care Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you. If you need assistance with auditing or defending health care fraud concerns or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Edwin J. Tomko at (214) 270-1405 or another Curran Tomko Tarski LLP Partner of your choice. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters.

Leave a Comment » | Controlled Substances, DEA, Doctor, Electronic Health Records, Electronic Medical Records, FDA, Health Care, Health IT, HIPAA, Hospital, Pharmacy, Physician, Physician Licensing | Permalink
Posted by Cynthia Marcotte Stamer

Two Recent Criminal Prosecutions For HIPAA Privacy Rule Violations Signal Rising Criminal Enforcement Risks

September 8, 2009

Register here To Participate In September 9 or September 17 Briefings on New HIPAA Data Breach Rules

September 8, 2009

Two recent separate criminal actions against hospital workers for wrongfully accessed medical records in violation of the medical privacy provisions of the Health Insurance Portability & Accountability Act of 1996, as amended (HIPAA) are the latest reminders to health care providers, health plans, health care clearinghouses, their business associates and members of their workforce that the criminal provisions of the HIPAA Privacy Rules have teeth.

Palmetto General Hospital Employee And Accomplice Indicted For Stealing Patient Records As Part Of Fraud

In Miami-Dade County, federal felony charges are pending against Jacquettia L. Brown, 29, and Tear Renee Barbary, 25, prosecution on for offenses relating to the theft of patient profile records from Palmetto General Hospital to further a fraud scheme.

A seven-count Indictment announced by the Department of Justice on May 26, 2009 charges Brown and Barbary with conspiracy to commit access device fraud in violation of Title 18, United States Code, Section 1029(b)(2), and criminal violations of HIPAA. In addition, Brown is charged with aggravated identity theft, in violation of Title 18, United States Code, Section 1028A(a)(1). If convicted, the defendants face a statutory maximum of five (5) years’ imprisonment on Count 1, and a statutory maximum of ten (10) years’ imprisonment as to each of Counts 2, 3, and 7. As to Counts 4-6, Brown faces a two (2) year mandatory prison sentence per count.

According to the Indictment, Brown, a medical records employee of Palmetto General Hospital, took records containing personal profile information of Palmetto General Hospital patients. Defendant Brown and Barbary then used the stolen personal information to further a credit card fraud conspiracy. The patient profile records that Brown stole included personal identifying information, such as patients’ names, birthdates, Social Security numbers, addresses, driver’s license numbers, and next of kin contacts. Brown used the stolen identifying information to obtain patients’ credit card account numbers. She gave patient profile records and credit card account numbers to Barbary, who used the information to make unauthorized credit card purchases. When law enforcement officials disrupted the scheme, Brown was in possession of 41 patient profile records and Barbary was in possession of six patient profile records.

Curiosity Check of Medical Records Results In Arkansas Doctor, 2 Former Hospital Employees Guilty Plea To HIPAA Violation

Three Arkansas health care workers could be sentenced to up to 1 year in prison, a fine of not more than $50,000, or both after pleading guilty in July, 2009 to misdemeanor violations of the health information privacy provisions of HIPAA for accessing a patient’s record without any legitimate purpose.

United States Magistrate Judge Henry L. Jones, Jr. accepted the guilty pleas of Dr. Jay Holland, age 56, of Little Rock, Arkansas; Sarah Elizabeth Miller, age 28, of England Arkansas; and Candida Griffin, age 34 of Little Rock, Arkansas after each admitted to accessing patient records to satisfy their own curiosity.

Dr. Holland, Medical Director of Select Specialty Hospital, located on the 6 floor of the St. Vincent Infirmary Medical Center (SVIMC), admitted that after watching news reports on television, he logged on to the SVIMC patient records from his computer at home and accessed a patient’s files to determine if the news reports were accurate. He admitted he accessed the file because he was curious even though he had had HIPAA training and understood he was violating HIPAA when he accessed the file. SVIMC suspended Dr. Holland’s privileges for two weeks and required him to complete on-line HIPAA training.

Sarah Elizabeth Miller, formerly an account representative at SVIMC, Sherwood Campus, was responsible for checking patients in and out of the clinic and for processing patient billing. In order to perform her duties, she had access to the SVIMC patient records program which includes all locations, not just that of the Sherwood clinic. Miller admitted that on October 20 and 21, 2008, she accessed a patient’s files approximately 12 times out of curiosity. She admitted that she accessed the records without any legitimate purpose. Records show that Miller was trained on HIPAA privacy laws by SVIMC. SVIMC fired Miller from her position.

Candida Griffin was the emergency room unit coordinator at SVIMC. Her responsibilities were to order patient tests, perform data entry into electronic patient files for patients and perform other secretarial functions in the emergency room. Griffin admitted that on October 20, 2008, she was told by the charge nurse to set-up an alias for a particular patient admitted to the emergency room. On October 21, 2008, after the patient had been moved to ICU, Griffin admitted that she became curious about the patient’s status and accessed the medical chart to find out if the patient was still living. Although Griffin did not inform anyone about accessing the chart, hospital records show that the patient’s records were accessed three times that day by Ms. Griffin. SVIMC records show that Griffin was trained on HIPAA privacy laws. SVIMC fired Griffin from her position.

Pursuant to plea agreements with the United States, Holland, Miller and Griffin pleaded guilty to a misdemeanor a violation of the health information privacy provisions of HIPAA based on their accessing a patient’s record without any legitimate purpose. Each faces a maximum penalty of 1 year imprisonment, a fine of not more than $50,000, or both. A sentencing date has not yet been set, but is expected within the next few weeks.

Criminal Referral and Enforcement Continues

Together with the HIPAA-related criminal convictions of in 2008 of David Gibson, Ferando Ferrer, Jr. and Andrea Smith discussed here, these new Arkansas and Florida criminal actions document the willingness of Justice Department attorneys to investigate and prosecute certain criminal violations. Because they involved the theft of health information for use in furtherance of other health care fraud schemes, many have viewed as predictable and understandable the prosecution of Gibson, Ferrer, Brown and Barbary. In contrast, the willingness of Jane W. Duke, United States Attorney for the Eastern District of Arkansas, to prosecute criminally the wrongful access by the SVIMC health care workers and Andrea Smith in the absence of other health care fraud motives challenges the perception widely held among certain segments of the health care and health plan industry that the criminal provisions of HIPAA have little teeth. Since U.S. Attorney Duke pursued both the SVIMC and Smith prosecutions, it remains to be seen whether other U.S. Attorneys will be equally willing to pursue prosecution of HIPAA violations in the absence of evidence of other federal health care crimes.

Less speculative is the growing readiness of the Department of Health & Human Services Office of Civil Rights to pursue civil remedies for HIPAA violations. On February 18, 2009, for instance, OCR and the Federal Trade Commission (“FTC”) issued a joint announcement (the “Announcement”) ordering CVS Pharmacy, Inc., the nation’s largest retail pharmacy chain, to pay the U.S. government a $2.25 million settlement and to take other corrective action to ensure that it does not violate the privacy rights patients under HIPAA when disposing of patient information such as identifying information on pill bottle labels. In a coordinated action, CVS Caremark Corp., the parent company of the pharmacy chain, also signed a consent order and agreed to a settlement with the FTC to settle potential violations of the FTC Act. The investigation resulting in the settlement marks the first instance where the OCR formally coordinated on investigation and resolution of a case with the FTC.

Coming as new data breach notification requirements for HIPAA-covered entities are set to take effect on September 23, 2009, these and other stepped up oversight and enforcement activities make it critical that all health care providers, health plans, health care clearinghouses and their business associates need to update their policies and practices, tighten their compliance and data breach monitoring processes, and strengthen their internal controls, compliance in preparation for defending their actions under the newly strengthened Privacy Rules. Covered entities and their business associates more than ever must ensure their ability to demonstrate to federal regulators the effectiveness of their HIPAA compliance efforts by both adopting the written policies and procedures required by HIPAA and continuously monitoring and administering these safeguards. Covered entities should consider reviewing the adequacy of their current HIPAA Privacy and Security compliance practices taking into consideration the Corrective Action Plan, published OCR noncompliance and enforcement statistics, their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

If you need assistance with auditing, updating or defending your organizations HIPAA and other privacy and data security practices, please contact Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail at CStamer@CTTLegal.com.

Register Now For Upcoming September Health Industry Update Programs

If you found this information of interest, you also may be interested in one of the following upcoming health industry programs to be presented by Ms. Stamer during September:

HITECH ACT Health Data Security & Breach Update on September 9, 2009 hosted live or via teleconference by Curran Tomko Tarski LLP
How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination — What You Should Be Doing To Be Prepared for the New, Stepped Up Enforcement Actions on September 10, 2009 hosted via teleconference by Health Resources Publishing
Health Information Security & Data Breach Under HITECH Act on September 17, 2009 hosted via teleconference by the Health Care Compliance Association

To register or for other details about these and other upcoming programs and presentations by Ms. Stamer and other Curran Tomko Tarski members, see here.

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Curran Tomko Tarski LLP Latest in Health Care Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you. If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Edwin J. Tomko at (214) 270-1405 or another Curran Tomko Tarski LLP Partner of your choice. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters.

Leave a Comment » | Corporate Compliance, Electronic Medical Records, FACTA, Health Care, Health Care Provider, Health IT, Health Plan, Health Plans, HIPAA, OCR | Tagged: ARRA, Doctor, Federal Sentencing Guidelines, Health Care, Health Care Provider, Health Insurance, HIPAA, Hospital, Identity Theft, Physician, Physicians, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Health Care Providers & Other HIPAA Covered Entities Must Comply With New Data Breach Rules By September 23

August 26, 2009

Health care providers, health clearinghouses, health plans and their business associates generally must start complying with new federal data breach notification rules on September 23, 2009.

The new “Breach Notification For Unsecured Protected Health Information” regulation (Breach Regulation) published here in today’s Federal Register requires health care providers, health plans, health care clearinghouses and their business associates (Covered Entities) covered under the personal health information privacy and security rules of the Health Insurance Portability & Accountability Act (HIPAA) to notify affected individuals following a “breach” of “unsecured” protected health information. The Breach Regulation is part of a series of guidance that HHS is issuing to implement new and stricter personal health information privacy and data security requirements for Covered Entities added to HIPAA under the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law on February 17, 2009 as part of American Recovery and Reinvestment Act of 2009 (ARRA).

HITECH Act Data Breach and Unsecured PHI Rules

Published in the Federal Register on August 24, 2009, the new Breach Regulation implements the HITECH Act requirement that Covered Entities and their business associates notify affected individuals, the Secretary of HHS, and in some cases, the media, when a breach of “unsecured protected health information” happens and the form, manner, and timing of that notification. Covered Entities must begin complying with the new Breach Regulation on September 23, 2009.

Part of a series of new HHS rules implementing recent changes to HIPAA enacted under the HITECH Act to strengthen existing federally mandates requiring Covered Entities to safeguard protected health information, the Breach Regulation will obligate Covered Entities and business associates to provide certain notifications following a breach of “protected health information” that not secured at the time of the breach through the use of a technology or methodology meeting minimum standards issued by HHS pursuant to other provisions of the HITECH Act.

Under the HITECH Act, the breach notification obligations contained in the Breach Notification only apply to a breach of “unsecured protected health information.” The Breach Regulation exempts breaches of protected health information that qualify as “secured” under separately issued HHS and Federal Trade Commission (FTC) standards for encryption and destruction of protected health information from its breach notification requirements.

For purposes of the HITECH Act, electronic protected health information is considered “unsecured” unless the Covered Entity has satisfied certain minimum standards for the protection of that data established pursuant to the HITECH Act. Earlier this year, HHS and the FTC issued interim rules defining the minimum encryption and destruction technologies and methodologies that Covered Entities must use to render protected health information unusable, unreadable, or indecipherable to unauthorized individuals for purposes of determining when protected health information is “unsecured” for purposes of the HITECH Act. Concurrent with its publication of the Breach Regulation, HHS also released guidance updating and clarifying this previously issued guidance.

Read the Breach Regulation here. To review the HITECH Act Breach Notification Guidance and Request for Information, see here.

OCR officials are continuing to work on other guidance concerning the amendments to HIPAA’s privacy and security rules enacted under the HITECH Act and the Genetic Information and Nondiscrimination Act (GINA). Differences in the effective dates of certain requirements generally will necessitate that Covered Entitites and their business associates move forward to comply with the Breach Regulations and other aspects of these changes before some of these other rules or guidance relating to them takes effect.

About The Author

The author of this update, Curran Tomko Tarski LLP Health Practice Leader Cynthia Marcotte Stamer is nationally known for her work, publications and presentations on privacy and security of health and other sensitive information in health and managed care, employment, employee benefits, financial services, education and other contexts.

Vice President of the North Texas Health Care Compliance Professionals Association and Past Chair of the ABA Health Law Section Managed Care & Insurance Section, and Former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 20 years experience advising clients about health and other privacy and security matters. A popular lecturer and widely published author on privacy and data security and other related health care and health plan matters, Ms. Stamer is the Editor in Chief of the forthcoming 2010 edition of the Information Security Guide to be published by the American Bar Association Information Security Committee in 2010, as well as the author of “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA,” and a host of other highly regarded publications. She has continuously advises employers, health care providers, health insurers and administrators, health plan sponsors, employee benefit plan fiduciaries, schools, financial services providers, governments and others about privacy and data security, health care, insurance, human resources, technology, and other legal and operational concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry privacy, data security and other technology, regulatory and operational risk management matters. Her insights on health care, health insurance, human resources and related matters appear in the Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Managed Healthcare, Health Leaders, and a many other national and local publications. For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.

We hope that this information is useful to you. If you need assistance monitoring, evaluating or responding to these or other compliance, risk management, transaction or operation concerns, please contact the author of this update, Cynthia Marcotte Stamer, at (214) 270-2402, cstamer@cttlegal.com or another Curran Tomko Tarski LLP Partner of your choice.

Other Helpful Resources & Other Information

If you found this updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Curran Tomko Tarski LLP publications available for review here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@cttlegal.net.

Leave a Comment » | ARRA, Doctor, Electronic Health Records, Electronic Medical Records, Employer, FACTA, Health Care, Health IT, Health Plan, Health Plans, HIPAA, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Health Care Providers & Other HIPAA-Covered Entities & Their Business Associates Must Comply With New HHS Health Information Data Breach Rules By September 24

August 24, 2009

Register Now To Participate in September 9 “HITECH Act Health Data Security & Breach Update”

Health care providers, health clearinghouses, health plans and their business associates generally must start complying with new federal data breach notification rules on September 24, 2009.

You are invited to catch up on what these new rules mean for your organization and how it must respond by participating in the “HITECH Act Health Data Security & Breach Update” on Wednesday, September 9, 2009 from Noon to 1:30 P.M. Central Time.

HITECH Act Data Breach and Unsecured PHI Rules

Scheduled for publication in the Federal Register on August 24, 2009, the new Breach Regulation implements the HITECH Act requirement that Covered Entities and their business associates notify affected individuals, the Secretary of HHS, and in some cases, the media, when a breach of “unsecured protected health information” happens and the form, manner, and timing of that notification. Covered Entities must begin complying with the new Breach Regulation on September 24, 2009.

Read the Breach Regulation here. To review the HITECH Act Breach Notification Guidance and Request for Information, see here.

September 9 “HITECH Act Health Data Security & Breach Update” Briefing

Interested persons are invited to register here now to learn what these new rules mean for your organization and how it must respond by participating in the “HITECH Act Health Data Security & Breach Update” on Wednesday, September 9, 2009 from Noon to 1:30 P.M. Central Time. For a registration fee of $45.00, registrants will have the option to participate via teleconference or in person at the offices of Curran Tomko Tarski LLP, 2001 Bryan Street, Suite 2050, Dallas Texas 75201. For information about registering for this program or other questions here.

Conducted by Curran Tomko and Tarski LLP Partner Cynthia Marcotte Stamer, the briefing will cover:

Who must comply
What your organization must do
How to qualify protected health information as exempt from the breach regulations as “secure” protected health information
What is considered a breach of unsecured protected health information
What steps must a covered entity take if a breach of unsecured protected information happens
What liabilities do covered entities face for non-compliance
What new contractual requirements, policies and procedures Covered Entities and Business Associates will need
How the Breach Regulation, the Privacy Regulation, impending FTC red flag rules and state data breach and privacy rules interrelate
Other recent developments
Practical tips for assessing, planning, moving to and defending compliance
Participant questions
More

About The Presenter

The program will be presented by Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer. Ms. Stamer is nationally known for her work, publications and presentations on privacy and security of health and other sensitive information in health and managed care, employment, employee benefits, financial services, education and other contexts.

Other Helpful Resources & Other Information

If you found these updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Curran Tomko Tarski LLP publications available for review here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

Leave a Comment » | ARRA, Disease Management, Doctor, Electronic Health Records, Electronic Medical Records, Employer, FACTA, FDA, Health Care, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Indian Health, Inpatient Rehabilitation Facility, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Mental Heatlh, OCR, Outcomes Data, Peer Review, Physician, Prescription Drugs, Privacy, Reimbursement, Tax | Tagged: ARRA, Corporate Compliance, Data Security, Doctor, Health Care, Health Care Provider, Health Care Reimbursement, HHS, HIPAA, Hospital, Identity Theft, Long Term Care Hospital, Medicare, Medicare Part B, Physician, Physicians, Privacy, public health, Public Policy, Red Flag Rules, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

HHS Issues Interim Final Requiring Health Care Provider, Health Plans & Other Covered Entities To Give Breach Notifications When Certain Personal Health Information Breached Beginning In September; Register to Participate In September 10th Briefing on New Rules In Person or Via Telephone

August 20, 2009

The U.S. Department of Health and Human Services (HHS) yesterday (August 19, 2009) issued “breach notification” regulations requiring health care providers, health plans and other covered entities (Covered Entities) under the personal health information privacy and security rules of the Health Insurance Portability & Accountability (HIPAA) to notify affected individuals following a “breach” of “unsecured” protected health information. Scheduled for publication in the Federal Register on August 24, 2009, the new breach notification regulations are part of a series of new rules that implement new electronic personal health information data security and data breach notification requirements for Covered Entities added to HIPAA under the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law on February 17, 2009 as part of American Recovery and Reinvestment Act of 2009 (ARRA). Covered entities must begin complying with the new rules no later than September 24, 2009.

Curran Tomko Tarski, LLP Health Practice leader Cynthia Marcotte Stamer will conduct a briefing on these new protected health information data security and data breach rules on Thursday, September 10, 2009 from Noon to 1:30 P.M. Central Time. For a registration fee of $45.00, registrants will have the option to participate via teleconference or in person at the offices of Curran Tomko Tarski LLP, 2001 Bryan Street, Suite 2050, Dallas Texas 75201. For more information, e-mail here.

HITECH Act Data Breach and Unsecured PHI Rules

The new data breach notification rules are part of a series of recent HIPAA enacted under the HITECH Act to strengthen the federal rules requiring HIPAA covered entities to safeguard electronic and certain other protected health information. Enhanced data security and data breach rules added as part of these HITECH Act amendments obligate covered entities and business associates to provide certain notifications following a breach of “unsecured” “protected health information” within the meaning of HIPAA, as amended. “Unsecured protected health information” is defined as protected health information that is not secured through the use of a technology or methodology specified by the HHS Secretary.

The new data breach regulations implement the HITECH Act requirement that Covered Entities and their business associates notify affected individuals, the Secretary of HHS, and in some cases, the media, of a breach and the form, manner, and timing of that notification. For purposes of the HITECH Act, electronic protected health information is considered “unsecured” unless the covered entity has satisfied certain minimum standards for the protection of that data established pursuant to the HITECH Act. HHS and the Federal Trade Commission previously issued certain initial guidance concerning the HITECH Act standards for determining when electronic personal health information qualifies as secure. To help further define when electronic health information is treated as “unsecured” and therefore subject to the breach notification requirements, the data breach rules also update and clarify the previously issued existing HHS guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals published earlier this year by HHS to for purposes of determining when protected health information will be considered “unsecured” for purposes of the HITECH Act data breach rules. Entities subject to the HHS and FTC regulations that secure health information as specified by the guidance through encryption or destruction are relieved from having to notify in the event of a breach of such information.

The HHS interim final regulations are effective September 24, 2009, which is the date 30 days after the date they will be published on the Federal Register and include a 60-day public comment period. To review the interim final data breach regulations, see here. To review the HITECH Act Breach Notification Guidance and Request for Information, see here.

For More Information

The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health care providers, payors and their business associates about HIPAA and other privacy and data security matters, as well as a diverse range of health care policy, regulatory, compliance, risk management and operational concerns.

Past chair of the American Bar Association Health Law Section Managed Care & Insurance Section, Martindale Hubble AV-rated and recognized in International Who’s Who of Professionals, Ms. Stamer continuously advises health care providers, health care payers and administrators, employers, governments and others about health care, insurance, human resources, privacy and data security, technology, and other legal and operational concerns. A popular lecturer and widely published author on privacy and data security and other related health care and health plan matters, Ms. Stamer also writes and speaks extensively on health and managed care industry privacy, data security and other technology, regulatory and operational risk management matters. She currently serves as the Editor in Chief of the forthcoming 2010 edition of the Information Security Guide to be published by the American Bar Association Information Security Committee in 2010. Examples of her other works include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA,” and a host of others. Her insights on health care, health insurance, human resources and related matters appear in the Atlantic Information Service Privacy Report, The Wall Street Journal, Business Insurance, the Dallas Morning News, Managed Healthcare, Health Leaders, and a various other national and local publications. For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.

We hope that this information is useful to you. If you need assistance monitoring, evaluating or responding to these or other proposed health care or other regulatory reforms or with other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270-2402, cstamer@cttlegal.com or your other favorite Curran Tomko Tarski LLP Partner.

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Solutions Law Press Health Care Update publication available here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please register to receive this Solutions Law Press Health Care Update here and be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

Leave a Comment » | ARRA Funding, Corporate Compliance, Doctor, Electronic Health Records, Electronic Medical Records, FACTA, Health Care, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Physician, Privacy | Tagged: ARRA, Corporate Compliance, Data Security, Doctor, Federal Sentencing Guidelines, Health Care, Health Care Policy, Health Care Provider, Health Insurance, Health Plans, Hospital, Identity Theft, Physician, Physicians, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Reassignment of HIPAA Security Rule Enforcement Signals Growing Seriousness About Enforcing HIPAA

August 4, 2009

The Department of Health & Human Services (HHS) today (August 3, 2009) transferred authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to the Office for Civil Rights (OCR). Prior to this announcement, responsibility for interpretation and enforcement of the Security Rule rested with the Centers for Medicare & Medicaid Services (CMS). The change reflects the growing seriousness of HHS and others about enforcing federal privacy and data security mandates for health information. HHS anticipates the transfer of authority will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.

HHS has the authority for administration and enforcement of the federal standards for health information privacy called for in HIPAA. The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. OCR has been responsible for enforcement of the Privacy Rule since 2003. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule.

Through a separate delegation, CMS continues to have authority for administration and enforcement of the HIPAA Administrative Simplification regulations, other than privacy and security of health information.

The transfer of Security Rule enforcement authority comes as guidance about new data breach rules for electronic protected health information is impending. This impending guidance relates to the implementation of new breach notification rules for covered entities and their business associates concerning their obligation to use of technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals, as required by amendments to HIPAA enacted under the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA) last February. OCR officials have stated that they are working to publish the next set of regulations regarding these new breach notifications before the end of August, 2009.

In addition to adding the breach notification requirements, the HITECH Act also tightened the HIPAA mandates in several other respects. Among other things, it amended HIPAA to:

Broaden the applicability of the HIPAA’s Privacy Rules and penalties to include business associates;
Clarify that HIPAA’s criminal sanctions apply to employees or other individuals that wrongfully use or access PHI held by a covered entity;
Increase criminal and civil penalties for HIPAA Privacy Rules violators;
Allow State Attorneys General to bring civil damages actions on behalf of certain state citizens who are victims of HIPAA Privacy and Security Rule violations;
Modify certain HIPAA use and disclosure and accounting requirements and risks;
Prohibits sales of PHI without prior consent;
Tighten certain other HIPAA restrictions on uses or disclosures;
Tighten certain HIPAA accounting for disclosure requirements;
Clarify the definition of health care operations to excludes certain promotional communications; and
Expand the Business Associates Agreement Requirements.

These and other developments make it imperative HIPAA covered entities and their business associates take prompt action to immediately review and update their data security and privacy practices to guard against growing liability exposures under HIPAA and other federal and state laws. Covered entities must update policies and practices to avoid these growing liabilities. Business associates that have not already done so also must appoint privacy officers and adopt and implement privacy and data security policies and procedures fully compliant with HIPAA and other applicable federal and state rules, including amendments enacted as part of the American Recovery and Reinvestment Act of 2009 signed into law on February 17, 2009.

For more information about today’s announcement, see here. See here for the initial guidance and request for comments issued by HHS regarding these new security standards.

For More Information

We hope that this information is useful to you. If you need assistance with health care privacy and data security, technology, or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270-2402, cstamer@cttlegal.com or your other favorite Curran Tomko Tarski LLP Partner. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health care privacy and data security and related matters.

Leave a Comment » | Doctor, Electronic Health Records, Electronic Medical Records, Health Care, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Physician, Privacy, Technology | Tagged: Data Security, Health Care, Health Care Provider, Health Insurance, Health Plans, HIPAA, Hospital, Identity Theft, Nonprofits, Personal Health Information, PHI, Physicians, Privacy, Red Flag Rules | Permalink
Posted by Cynthia Marcotte Stamer

Blue Dog Democrats Hold Key Voice On House Democrats Proposed Health Care Reform Plan; Contact Numbers Here

July 20, 2009

Health care providers and others concerned about the “American’s Affordable Health Care Choices Act of 2009” health care reform proposal introduced by the House Democratic Leadership should target their input on the Democrats in Congress most likely to listen to those concerns. In the House of Representatives, these members likely are the “Blue Dog Democrats” in the House. Read about Blue Dog Democrats here.

The fiscal conservatism of Blue Dog Democrats makes them more likely to listen to concerns about the cost and other concerns relating to the health care reform bills touted by the Democrat Leadership in the House and Senate. In fact, many Blue Dog Democrats already are speaking out about their concerns about the cost and other aspects of the Bill.

Contact from voters and contributors in their districts and others could make a major difference in the ability that the House Democrat Leadership needs to pass their Bill. Immediately contacting these members and getting others – particularly voters and contributors in the districts that elect these members – is one of the most important steps that concerned Americans can do to position their concerns to be heard.

For most concerned voters, telephone or fax contact is the best means to convey these messages. To minimize spam, most members only accept e-mail submitted through their website links. Security concerns can delay receipt of written correspondence for weeks.

For persons interested in making their voices heard and sharing information with others who wish to do the same, the following contact information may be of interest:

The number of the Capital Switchboard is 202-224-3121.

The Blue Dog Leadership Team and there telephone and fax numbers are:

Rep. Stephanie Herseth Sandlin (SD), Blue Dog Co-Chair for Administration, Telephone: 202.225.2801 , Fax: 202.225.5823

Rep. Baron Hill (IN-09), Blue Dog Co-Chair for Policy,Telephone: 202-225-4031, Fax: (202) 226-6866

Rep. Charlie Melancon (LA-03), Blue Dog Co-Chair for Communications, Telephone: 202-225-4031, Fax: (202) 226-3944

Rep. Heath Shuler (NC-11), Blue Dog Whip, Telephone: 202-225-6401, Fax: (202) 226-6422

The Blue Dog Members and their telephone numbers are :

Altmire, Jason (PA-04),(202)225-2565

Arcuri, Mike (NY-24), (202)225-3665

Baca, Joe (CA-43),(202)225-6161

Barrow, John (GA-12), (202) 225-2823

Berry, Marion (AR-01), (202) 225-4076

Bishop, Sanford (GA-02), (202) 225-3631

Boren, Dan (OK-02), (202) 225-2701

Boswell, Leonard (IA-03), (202) 225-3806

Boyd, Allen (FL-02), (202) 225-5235

Bright, Bobby (AL-02), (202) 225-2901

Cardoza, Dennis (CA-18), (202) 225-6131

Carney, Christopher (PA-10), (202) 225-3731

Chandler, Ben (KY-06), (202) 225-4706

Childers, Travis (MS-01), (202) 225-4306

Cooper, Jim (TN 5^th), (202) 225-4311

Costa, Jim (CA 20^th), (202) 225-3341

Cuellar, Henry (TX 28^th), (202) 225-1640

Dahlkemper, Kathleen A. (PA 3^rd), (202) 225-5406

Davis, Lincoln (TN 4^th),(202) 225-6831

Donnelly, Joe (IN 2^nd), (202) 225-3915

Ellsworth, Brad (IN 8^th), (202) 225-4636

Giffords, Gabrielle (AZ 8^th), (202) 225-2542

Gordon, Bart (TN 6^th), (202) 225-4231

Griffith, Parker (AL 5^th), (202) 225-4801

Harman, Jane (CA 36^th), (202) 225-8220

Herseth Sandlin, Stephanie (SD At Large), (202) 225-2801

Hill, Baron P. (IN 9^th), (202) 225-5315

Holden, Tim (PA 17^th), (202) 225-5546

Kratovil, Frank Jr. (MD 1^st), (202) 225-5311

McIntyre, Mike (NC 7^th), (202) 225-2731

Marshall, Jim (GA 8^th), (202) 225-6531

Matheson, Jim (UT 2^nd), (202) 225-3011

Melancon, Charlie (LA 3^rd), (202) 225-4031

Michaud, Michael H. (ME 2^nd), (202) 225-6306

Minnick, Walt (ID 1^st), (202) 225-6611

Mitchell, Harry E. (AZ 5^th), (202) 225-2190

Moore, Dennis (KS 3^rd), (202) 225-2865

Murphy, Patrick J. (PA 8^th), (202) 225-4276

Nye, Glenn C. (VA 2^nd), (202) 225-4215

Peterson, Collin C. (MN 7^th), (202) 225-2165

Pomeroy, Earl (ND At Large), (202) 225-2611

Ross, Mike (AR 4^th), (202) 225-3772

Salazar, John T. (CO 3^rd), (202) 225-4761
Sanchez, Loretta (CA 47^th), (202) 225-2965

Schiff, Adam B. (CA 29^th), (202) 225-4176
Scott, David (GA 13^th), (202) 225-2939

Shuler, Heath (NC 11^th), (202) 225-6401

Space, Zachary T. (OH 18^th), (202) 225-6265

Tanner, John S. (TN 8^th), (202) 225-4714

Taylor, Gene (MS 4^th), (202) 225-5772

Thompson, Mike (CA 1^st), (202) 225-3311

Wilson, Charles (OH-06), (202) 225-5705

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, registering to receive these updates here The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns. You can get more information about her health industry experience here.

If you need assistance evaluating or formulating comments on the proposed reforms contained in the House Bill or on other health industry matters please contact Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com, 214.270.2402 or your other favorite Curran Tomko Tarski LLP attorney.

Other Helpful Resources & Other Information

Leave a Comment » | American's Affordable Health Choices Act, Childrens Health Insurance Program, Consumer Driven Health Care, Doctor, Electronic Medical Records, Evidence Based Medicine, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Insurance Exchange, Health Plan, Health Plans, Health Policy, Hospital, Indian Health, Medicaid, Medical Malpractice, Medicare, Medicare Advantage, Outcomes Data, Outpatient, Physician, Prescription Drugs, Reimbursement, Rural Health Care, Stark, Uncategorized, Veterans Health, Veterans Health Care | Tagged: American's Affordable Health Care Choices act of 2009, Health Care, Health Care Policy, Health Care Provider, Health Care Reimbursement, Health Insurance, Health Plans, Health Policy, HHS, Hospital, House Democrat Majority, Long Term Care Hospital, Medicare, Medicare Part B, Physician, Physicians, Prescription Drugs, public health, Public Policy, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

House Democrats Introduce the “American’s Affordable Health Care Choices Act of 2009”

July 15, 2009

House Democrats introduced their proposal for health care reform this afternoon (July 14, 2009), the “America’s Affordable Health Choices Act of 2009 (the “House Bill”). Introduced under the sponsorship of three key House committees — Energy and Commerce, Ways and Means, and Education and Labor — the 1018 page House Bill details the sweeping and comprehensive health care reforms touted by House Democrat Leaders.. A copy of the House Bill as introduced may be reviewed here.

The House Bill proposes sweeping reforms built around the establishment of a public plan option while technically continuing to permit private plans to operate but in a federally regulated form allowing for little meaningful plan design control to private payers, health care providers or the individuals choosing among the plan options. The Congressional Budget Office estimates that the coverage side of the bill will cost $1 trillion and cover 97 percent of the legal population within 10 years.

The following is a brief overview of certain key provisions of the House Bill drawn mostly from a series of high level summaries released by House Democrats along with the House Bill. Long on politically comforting phrasing and short on details, you can read these summaries here.

Public Plan Option. The House Bill proposes the establishment of a public health insurance option that would compete with allowable private plans, both of which would be subject to sweeping federal controls. Democrat House co-sponsors represent the House Bill:

Provides a public health insurance option that would compete with private insurers within the Health Insurance Exchange.
The public health insurance option would be made available in the new Health Insurance Exchange (Exchange) along with private health insurance plans that comply with the design dictates established in the House Bill.
The public health insurance option and private plan options meet the same benefit requirements and comply with the same insurance market reforms
The public option’s premiums would be established for the local market areas designated by the Exchange.
Individuals with affordability credits could choose among the private carriers and the public option.
Require that the public health plan and private health plan options and private options each must be financially self-sustaining
Promote primary care, encourage coordinated care and shared accountability, and improve quality.
Institute new payment structures and incentives to promote these critical reforms.
Specify health care provider participation in the plans will be voluntary; Medicare providers are presumed to be participating unless they opt out.
Provides for provider reimbursements for services from the plans initially will be established using “rates similar to those used in Medicare with greater flexibility to vary payments.
Speaker of the House Nancy Pelosi has announced plans to proceed immediately on mark up on the House Bill with the intention to of scheduling a vote on the House Bill by the end of July. Assuming that House leaders adhere to this schedule, the planned timetable leaves little opportunity for critical evaluation and input by members of Congress or the public who may have questions or concerns about the proposed legislation. Prompt and coordinated action is required for individuals with concerns about any of the proposed reforms.

Federal Mandates Health Plan Benefits. In order to achieve affordable, quality health care for all, the House Bill would impose federal standards regulating the benefits that the public health plan and private health plans would be required and permitted to offer. Under these provisions, the House Bill would:

Establish a standardized benefit package that covers essential health services.
Vest the power in the Secretary of Health & Human Services to decide the coverage that would be included in this mandated standardize benefit package.
Eliminate cost-sharing for preventive care (including well baby and well child care)
Impose caps annual out-of-pocket spending for individuals and families.
Create a new independent Benefits Advisory to recommend to the Secretary and update the core package of benefits.
Provide for the public health plan option to offer four tiers of benefit packages from which consumers can choose to best meet their health care needs. Each allowable plan would be required to provide the dictated core benefits.
- The Basic Plan would include the federally mandated core set of covered benefits and cost sharing protections;
- The Enhanced Plan would include the federally mandated core set of covered benefits with more generous cost sharing protections than the Basic plan;
- The Premium Plan would include the federally mandated core set of covered benefits with more generous cost sharing protections than the Enhanced plan; and
- The Premium Plus Plan would include the federally mandated core set of covered benefits, the more generous cost sharing protections of the Premium plan, and additional covered benefits (e.g., oral health coverage for adults, gym membership, etc.) that will vary per plan. In this category, insurers must disclose the separate cost of the additional benefits so consumers know what they’re paying for and can choose among plans accordingly.

The House Bill empowers the Secretary of Health & Human Services to decide the federally dictated, required core set of benefits provides coverage with input from a newly created Benefits Advisory Commission. These core benefits are intended to include inpatient hospital services, outpatient hospital services, physician services, equipment and supplies incident to physician services, preventive services, maternity services, prescription drugs, rehabilitative and habilitative services, well baby and well child visits and oral health, vision, and hearing services for children and mental health and substance abuse services. However, the particular, terms and scope of these benefits is left to HHS to define.

Health Insurance Exchange. The House Bill also calls for the establishment of a “Health Insurance Exchange” meeting federal mandates through which low income individuals initially, and certain small businesses would be offered the option to purchase health care coverage through federally mandated purchasing groups. In the first year, the House Bill provides for the Health Insurance Exchange to accept those without health insurance, those who are buying health insurance on their own, and small businesses with fewer than 10 people. In the second year, the Health Insurance Exchange could accept small businesses with fewer than 20 people. After that, “larger employers as permitted by the Commissioner.” In other words, expansion is discretionary, not mandated.

Affordability & Subsidies. The House Bill provides sliding-scale affordability credits for individuals and families with incomes above the Medicaid thresholds but below 400% of poverty and imposes a cap on total out-of-pocket spending for individuals and families covered under the plans regardless of income. In addition, the House Bill would broaden Medicaid coverage to include individuals and families with incomes below 133% of poverty.

Effective 2013, sliding scale affordability credits would be provided provided to individuals and families between 133% to 400% of poverty. That means the credits phase out completely for an individual with $43,320 in income and a family of four with $88,200 in income (2009).

The sliding scale credits limit individual family spending on premiums for the essential benefit package to no more than 1.5% of income for those with the lowest income and phasing up to no more than 11% of income for those at 400% of poverty.

The affordability credits also subsidize cost sharing on a sliding scale basis, phasing out at 400% of poverty, ensuring that covered benefits are accessible.

The Health Insurance Exchange would administer the affordability credits in relationship with other federal and state entities, such as local Social Security offices and Medicaid agencies.

The essential benefit package, and all other benefit options, limit exposure to catastrophic costs with a cap on total out of pocket spending for covered benefits. Special provisions would apply to Medicaid.

Effective 2013, individuals with family income at or below 133% of poverty ($14,400 for an individual in 2009) are eligible for Medicaid. State Medicaid programs would continue to cover those individuals with incomes above 133% of poverty, using the eligibility rules states now have in place.

Paying The Tab. House Democrats propose to finance approximately half of the estimated $1 trillion bill for their proposed reforms through projected $500 billion or so in savings from Medicare and Medicaid achieved by a variety of reimbursement and benefit cutbacks and other reforms. The rest of the financing would come from a combination of revenue expections from employer and individual mandates (an estimated $200 billion over 10 years) and a surtax on the richest 1.5 percent of Americans. The surtax is 1 percent on income between $350,000 and $500,000; 1.5 percent on income between $500,000 and $1,000,000; and 5.4 percent in income above $1,000,000. The House Bill permits the amount of this surtax to vary if the bill is less or more expensive than initially anticipated.

The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns. You can get more information about her health industry experience here.

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you or someone else you know would like to receive future updates about developments on these and other concerns, please register to receive this Solutions Law Press Health Care Update in real time here, joining the LinkedIn SLP Health Care Risk Management & Operations Group, and/or subscribing to receive e-mail distributions of some of these updates by sharing your current contact information – including your preferred e-mail- by creating or updating your profile here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject here.

Leave a Comment » | Anti-KickBack, Centers For Disease Control, Childrens Health Insurance Program, Consumer Driven Health Care, Corporate Compliance, Disease Management, Doctor, Electronic Health Records, Electronic Medical Records, Employer, Evidence Based Medicine, false claims act, FDA, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, Health Policy, HIPAA, Hospital, Indian Health, Medicaid, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Outcomes Data, Patient Empowerment, Peer Review, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Tax, Veterans Health, Veterans Health Care, Wellness | Tagged: Corporate Compliance, Doctor, Health Care Policy, Health Care Provider, Health Care Reform, Health Care Reimbursement, Health Insurance, HIPAA, Hospital, Medicare, Medicare Part B, PBMs, Physician, Physicians, Prescription Drugs, Privacy, public health, Public Policy, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

Southern States Collect Largest Share of $162 Million AARA Fund Meaningful Use Development Grants

Senate Finance Committee Releases Statutory Language of America’s Healthy Future Act To Present To Full Senate

North Texas Healthcare Compliance Professional Association To Meet At Texas Health Resources On October 13

HIT Committee To Meet October 14 In Washington, D.C.

DEA Seeks Comments on Standardization of Code Number For Institutionally Based Practitioners Dispensing Controlled Substances

Two Recent Criminal Prosecutions For HIPAA Privacy Rule Violations Signal Rising Criminal Enforcement Risks

Health Care Providers & Other HIPAA Covered Entities Must Comply With New Data Breach Rules By September 23

Health Care Providers & Other HIPAA-Covered Entities & Their Business Associates Must Comply With New HHS Health Information Data Breach Rules By September 24

HHS Issues Interim Final Requiring Health Care Provider, Health Plans & Other Covered Entities To Give Breach Notifications When Certain Personal Health Information Breached Beginning In September; Register to Participate In September 10th Briefing on New Rules In Person or Via Telephone

Reassignment of HIPAA Security Rule Enforcement Signals Growing Seriousness About Enforcing HIPAA

Blue Dog Democrats Hold Key Voice On House Democrats Proposed Health Care Reform Plan; Contact Numbers Here

House Democrats Introduce the “American’s Affordable Health Care Choices Act of 2009”

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update