Health Care Provider |

Former Houston Area DME Owner To Serve 7+ Years, Pay $1.6 M In Restitution For Health Care Fraud

February 9, 2015

On February 2, 2015, U.S. District Judge Michael Schneider sentenced former Ivy Health Care Supply owner Vivian Yusuf to 7 years and 3 months in jail and ordered her to pay $1.6 million in restitution for her September 17, 2014 guilty plea to conspiracy to commit health care fraud.

In March 2011, Yusuf was indicted on charges of conspiracy to commit health care fraud, health care fraud, and aggravated identity theft. Investigators believe that Yusuf and her co-conspirators billed Medicare for more than $3.4 million for durable medical equipment (DME) that was neither medically necessary nor prescribed by a physician.

The guilty plea stemmed from Yusuf’s January 12, 2012 indictment for conspiracy to commit health care fraud, health care fraud, and aggravated identity theft for acts committed when she owned and operated Ivy Health Care Supply, a Houston-area durable medical equipment (DME) company based in Stafford, Texas.

According to information presented in court, from June 2007 to May 2009, Yusuf and Aghaegbuna “Ike” Odelugo, James Reese, and others unlawfully submitted false and fraudulent claims to Medicare of more than $3.4 million and defrauded Medicare of more than $1.6 million by marketing of power wheelchairs and accessories, as well as “ortho kits,” which primarily consisted of a bag of orthotic items, including braces, wraps, and supports, and a heat lamp or heat pad. As part of the scheme, the defendant and her co-conspirators illegally obtained protected health information, including names, dates of birth, and Medicare numbers from elderly individuals. Yusuf and her co-conspirators supplied approximately 790 beneficiaries located primarily in Texas and Louisiana with kits and power wheelchairs that the beneficiaries did not want and not prescribed or otherwise authorized by a physician. In some instances, physicians’ signatures were forged and false claims were submitted to Medicare in the names of Medicare beneficiaries who were deceased.

A fugitive for several years before her arrest June 3, 2014 at George Bush Intercontinental Airport in Houston, the Department of Health & Human Services Office of Inspector General (OIG) once listed her on its “Most Wanted List.”

According to OIG, Odelugo and Reese were indicted for their involvement in similar health care fraud schemes. Odelugo pleaded guilty to conspiracy to commit health care fraud, health care fraud, and money laundering and was sentenced to 72 months in federal prison. The loss to Medicare as a result of Odelugo’s scheme was approximately $9.9 million. Reese pleaded guilty to health care fraud and tax evasion and was sentenced to 180 months in federal prison. The loss to Medicare as a result of Reese’s scheme was approximately $8.6 million.

In the face of these continuing investigations and prosecutions, health care providers should continue to diligently work to comply with the False Claims Act and other federal and state health care fraud laws by tightening their internal controls and other compliance programs. As a key element of these efforts, health care providers should ensure that their human resources and other management carefully monitor employee, contractor and vendor complaints, concerns and other communications for potential signs of compliance concerns, retaliation or other indicators of the need to intervene to correct potential violations or other risks.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

Community Health Systems Professional Services Corporation & 3 Affiliated NM Hospitals Agree to $75 Million False Claims Act Settlement Use New State Ebola Protocol Table In Ebola Prevention & Management Planning
Unpatched and Unsupported Software Triggers Latest HIPAA Security Breach Resolution Agreement
Congress Sends Bill To Fast Track FDA Ebola Treatment Review & HHS Declaration Gives Ebola Treatment Manufacturers Special Immunity
Former Center Texas Medical Center CFO Faces 5 Years After Guilty Plea To EHR Incentive Fraud Reminder To Manage Incentive Compliance
Preparing Privacy Compliance For Emergencies-Ebola Crisis Prompts HHS OCR To Share Guidance On HIPAA Privacy in Emergency Situations
IRS Issues Ebola-Related Tax Relief
Columbia to Pay $9 Million Plus To Settle DOJ/HHS False Claims Charges For Submitting Inaccurate Cost Reports and Mischarging Federal Grants
OIG Warns Pharma Manufacturers to Prevent Copayment Coupon Use for Part D Drug Purchases
10/10 Kidney Foundation Professional Symposium Offers 7.5 Hours CME/CEUs
Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle
Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement
Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts
CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule
Medicare Fraud Strike Force Nails 90 Individuals For Almost $260 Million In False Billing Including 16 Doctors
Columbia to Pay $9 Million Plus To Settle DOJ/HHS False Claims Charges For Submitting Inaccurate Cost Reports and Mischarging Federal Grants
OIG Warns Pharma Manufacturers to Prevent Copayment Coupon Use for Part D Drug Purchases
Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle
Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement
Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts
CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule
Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements
Small Smiles Dental Centers Excluded As Federal Health Program Provider For 5 Years
Latest OCR Resolution Agreement Hits Public Health Department, Shows Needs To Stay Up-To-Date
NLRB Helps Union Force Another Health Care Employer To Recognize & Bargain With Union
Federal Health Care Fraud Enforcement Recouped Record $4.3 Billion in FY 2013
Former Houston Texas Physician Gets 70 Month Prison Sentence For Fraud Conviction
Euless Healthcare Corporation Owner, Associates Face Conspiracy And Health Care Fraud Charges For Alleged Submission Of $700,000+ In Fraudulent Health Care Claims
Former Manager 9th Employee Sentenced For Involvement In Maxim Medicare False Claims Action
Medical Identity Theft/Fraud Convictions Highlight Need For Health Care Providers To Safeguard Health Information, Guard Against Fraud Schemes
Detroit-Area Foot Doctor Pleads Guilty to Medicare Fraud Scheme
Merck To Pay $950 Million To Settle Vioxx® Off-Label Marketing Charges
Texas Physicians Get New Option For Resolving Some Medical Board Complaint
Broad-Reaching Prosecution Of Individuals Participating In Operations Of Companies Convicted Of Fraud Shows Risks Of Participation
Hospitals Can Expect CMS To Add Hospital Incident Reporting To Surveys In Response To OIG Report
Quality, Recordkeeping & Unprofessional Conduct Lead Reasons For Medical Board Discipline of Physicians
DEA Cautions Practitioners Must Restrict Delegation of Controlled Substance Prescribing Functions, Urges Adoption of Written Policies & Agreements
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.

Leave a Comment » | Durable Medical Equipment, false claims act, Federal Health Center, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Money Laundering, Uncategorized | Tagged: false claims act, Health Care Fraud, OIG | Permalink
Posted by Cynthia Marcotte Stamer

Community Health Systems Professional Services Corporation & 3 Affiliated NM Hospitals Agree to $75 Million False Claims Act Settlement

February 3, 2015

Franklin, Tennessee based Community Health Systems Professional Services Corporation (CHSPSC) and three of its New Mexico affiliate hospitals- Eastern New Mexico Medical Center in Chaves County, Mimbres Memorial Hospital and Nursing Home in Luna County and Alta Vista Regional Medical Center in San Miguel County (collectively CHS) will pay the United States $75 million to settle Justice Department allegations that CHS violated the False Claims Act by illegally donating funds to county governments to use to fund the 25 percent “matching share” of the now discontinued New Mexico Sole Community Provider (SCP) program. The Justice Department action and resulting settlement highlight both the rising role of whistleblowers in helping Federal and state officials uncover potential False Claims Act or other health care fraud allegations and the Federal government’s continuing commitment to investigate and prosecute health care fraud charges against hospitals and other health care providers.

The Justice Department announced on February 3, 2015 that CHS had agreed to settle charges made by the Justice Department in United States ex rel. Baker v. Community Health Systems Professional Services Corporation, et al., Civ. Action No. 05-279 (D. N.M.). , that CHS violated the False Claims Act by providing illegal donations to New Mexico to use to pay its required portion of the SCP funding.

The New Mexico SCP program provided supplemental Medicaid funds to hospitals in mostly rural communities using a mix of federal and state funding. Under the program, the federal government reimbursed the state of New Mexico for approximately 75 percent of its health care expenditures under the SCP program provided that New Mexico provide state or county funds, and not impermissible “donations” from private hospitals, to fund the remaining 25 percent “matching” share of SCP program payments. Congress enacted the prohibition against the use of private hospital funds to fund the state’s required matching share of SCP program payments to curb possible abuses and ensure that states have sufficient incentive to curb rising Medicaid costs.

According to the Justice Department, CHS violated the False Claims Act from August 1, 2000 to December 31, 2010, by knowingly causing the state of New Mexico to present false claims to the United States for payments made to CHS under the SCP program by making improper donations to Chaves, Luna and San Miguel counties, which were then used by the counties, and later the state, to obtain federal matching payments. The government alleged that CHS concealed the true nature of these donations to avoid detection by federal and state authorities. The Justice Department additionally claimed that as a result of its scheme, CHS received SCP payments which were funded by the United States in the amount of three times CHS’ “donations.”

The prosecution leading to the settlement provides yet another example of the role of whistleblowers in helping the governing identify and prosecute fraud. The False Claims Act qui tam rules allow individuals to bring a lawsuit on behalf of the government and to share in the proceeds of the suit. The act also permits the government to intervene in and take over the lawsuit, as it did in this case as to some of Baker’s allegations. The United States did not intervene in Baker’s allegations as to SCP payments made to two other affiliated New Mexico hospitals, Carlsbad Medical Center and Lea Regional Medical Center. Today’s settlement also resolves these other allegations. Baker will receive $18,671,561 as his share of the government’s recovery.

In addition, the action and its settlement also affirms the Federal government’s continuing commitment to find and prosecute health care providers that it perceives violate the False Claims Act or other Federal health care fraud laws.

“Congress expressly intended that states and counties use their own money when seeking federal matching funds in order to encourage them to join the federal government in ensuring that Medicaid funds are spent on the needs of beneficiaries,” said Acting Assistant Attorney General for the Justice Department’s Civil Division Joyce R. Branda. “When private hospitals violate the rules against hospital donations funding the state share, that important protection of the Medicaid program is destroyed.”

“Hospitals that make provider donations with the expectation that they will receive a windfall from the Medicaid program threaten the integrity of the Medicaid program and will be held accountable,” said Special Agent in Charge Mike Fields for the U.S. Department of Health and Human Services-Office of Inspector General (HHS-OIG) Dallas region.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Use New State Ebola Protocol Table In Ebola Prevention & Management Planning
Unpatched and Unsupported Software Triggers Latest HIPAA Security Breach Resolution Agreement
Congress Sends Bill To Fast Track FDA Ebola Treatment Review & HHS Declaration Gives Ebola Treatment Manufacturers Special Immunity
Former Center Texas Medical Center CFO Faces 5 Years After Guilty Plea To EHR Incentive Fraud Reminder To Manage Incentive Compliance
Preparing Privacy Compliance For Emergencies-Ebola Crisis Prompts HHS OCR To Share Guidance On HIPAA Privacy in Emergency Situations
IRS Issues Ebola-Related Tax Relief
Columbia to Pay $9 Million Plus To Settle DOJ/HHS False Claims Charges For Submitting Inaccurate Cost Reports and Mischarging Federal Grants
OIG Warns Pharma Manufacturers to Prevent Copayment Coupon Use for Part D Drug Purchases
10/10 Kidney Foundation Professional Symposium Offers 7.5 Hours CME/CEUs
Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle
Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement
Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts
CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule
Medicare Fraud Strike Force Nails 90 Individuals For Almost $260 Million In False Billing Including 16 Doctors
Columbia to Pay $9 Million Plus To Settle DOJ/HHS False Claims Charges For Submitting Inaccurate Cost Reports and Mischarging Federal Grants
OIG Warns Pharma Manufacturers to Prevent Copayment Coupon Use for Part D Drug Purchases
Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle
Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement
Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts
CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule
Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements
Small Smiles Dental Centers Excluded As Federal Health Program Provider For 5 Years
Latest OCR Resolution Agreement Hits Public Health Department, Shows Needs To Stay Up-To-Date
NLRB Helps Union Force Another Health Care Employer To Recognize & Bargain With Union
Federal Health Care Fraud Enforcement Recouped Record $4.3 Billion in FY 2013
Former Houston Texas Physician Gets 70 Month Prison Sentence For Fraud Conviction
Euless Healthcare Corporation Owner, Associates Face Conspiracy And Health Care Fraud Charges For Alleged Submission Of $700,000+ In Fraudulent Health Care Claims
Former Manager 9th Employee Sentenced For Involvement In Maxim Medicare False Claims Action
Medical Identity Theft/Fraud Convictions Highlight Need For Health Care Providers To Safeguard Health Information, Guard Against Fraud Schemes
Detroit-Area Foot Doctor Pleads Guilty to Medicare Fraud Scheme
Merck To Pay $950 Million To Settle Vioxx® Off-Label Marketing Charges
Texas Physicians Get New Option For Resolving Some Medical Board Complaint
Broad-Reaching Prosecution Of Individuals Participating In Operations Of Companies Convicted Of Fraud Shows Risks Of Participation
Hospitals Can Expect CMS To Add Hospital Incident Reporting To Surveys In Response To OIG Report
Quality, Recordkeeping & Unprofessional Conduct Lead Reasons For Medical Board Discipline of Physicians
DEA Cautions Practitioners Must Restrict Delegation of Controlled Substance Prescribing Functions, Urges Adoption of Written Policies & Agreements
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.

Leave a Comment » | Anti-KickBack, false claims act, Federal Health Center, Health Care Finance, Health Care Provider, Uncategorized | Tagged: false claims act, Health Care Fraud, OIG | Permalink
Posted by Cynthia Marcotte Stamer

Use New State Ebola Protocol Table In Ebola Prevention & Management Planning

January 10, 2015

Health care providers, public health, school, and other community organizations, employers and other business leaders and others concerned about continuing Ebola and other pandemic prevention and containment should check out the new table of State Ebola Protocols Table compiled by the Centers for Disease Control (CDC) to help law and policy makers prepare for and respond to Ebola-related situations As part of continuing Federal efforts to make up for lost time on helping U.S. health care providers and communities prepare to prevent and respond to Ebola outbreak risks since the death of Liberian Ebola patient Thomas Eric Duncan at a in Dallas hospital last year alerted Americans to the risks and need for tighter preparations.

While the Dallas hospital that treated Mr. Duncan paid a settlement to his family and faced other widespread criticism and negative publicity, it then has become clear that misinformation provided by the patient, the original presentation of the patient with flu-like symptoms, the Obama Administration’s reluctance to adopt policies or communications that might interfere with its pro-immigration political agenda, the CDC’s failure to maintain and communicate the most current health care information to health care providers and communities, the CDC’s academic rather than operational emphasis, EMTALA mandates that forced the hospital to triage the patient, Medicaid and other insurance payment protocols that would have as medically unnecessary screening tests in the absence of more clear risk factors, federal licensing restrictions on the use of testing and a host of other limits and deficiencies in the Federal government’s preparations and response to Ebola and other communication risks, left Texas Health Resources and other U.S. health care providers, as well as U.S schools, public service agencies, employers and others at a great disadvantage in their efforts to deal with the outbreak. After denying the seriousness of Ebola risk concerns for several weeks, the diagnosis with Ebola of health care providers that treated Mr. Duncan and subsequent death and diagnosis resulted in the CDC and other federal and state agencies stepping up their Ebola preparation and guidelines. In keeping with this ongoing commitment, CDC says the CDC now will continue to update the State guidelines table as states continue to modify their Ebola response protocols.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related developments or other risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Centers For Disease Control, Childrens Health Insurance Program, Disability Discrimination, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, FDA, Health Care, Health Care Fraud, Health Care Provider, Health Care Quality, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Medical Licensure, Medical Malpractice, OIG, Pandemic, Patient Empowerment, Pharmacy, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, Health Plans, HEAT, HIPAA, licensure, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Unpatched and Unsupported Software Triggers Latest HIPAA Security Breach Resolution Agreement

December 11, 2014

Health care providers, health plans, health care clearinghouses (covered entities) and their business associates need to watch for and protect protected health information (PHI) against security exposures from unpatched or unsupported software and other weaknesses in their data security protections as part of their compliance obligations under the Security Rules of the Health Insurance Portability & Accountability Act (HIPAA).

The need to monitor and address data security threats associated with unpatched or unsupported software is demonstrated by the December 9, 2014 announcement by the U.S. Department of Health & Human Services (HHS) Office of Civil Rights (OCR) that Anchorage Community Mental Health Services (ACMHS) will pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program resulting from unpatched and unsupported software.

OCR opened an investigation against the five-facility, nonprofit provider of behavioral health care services to children, adults, and families in Anchorage, Alaska after receiving notification from ACMHS of a breach of unsecured electronic protected health information (ePHI) affecting 2,743 individuals due to malware compromising the security of its information technology resources.

According to the OCR announcement of the ACMHS Resolution Agreement with OCR, OCR’s investigation revealed that ACMHS had adopted sample Security Rule policies and procedures in 2005, but failed to follow these procedures. Moreover, OCR found that the reported security incident directly resulted of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software.

“Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis,” said OCR Director Jocelyn Samuels. “This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”

In an effort to promote awareness of the need to assess and monitor the security of ePHI by covered entities and business associates, OCR continues to encourage covered entities and business associates to conduct regular documented evaluations of the adequacy of their ePHI safeguards and systems. To aid in this process, OCR and the Office of the National Coordinator for Health Information Technology have created a Security Rule Risk Assessment Tool available here to assist organizations that handle PHI in conducting a regular review of the administrative, physical and technical safeguards they have in place to protect the security of the information. Since OCR points to the Tool as a resource, covered entities and business associates should anticipate that their failure to identify and address any deficiencies in the areas identified by the tools as a potentially serious compliance issue. As a result, covered entities and business associates likely will want to take steps to ensure that their records include documented review of the adequacy of the security safeguards identified in the Tool. At the same time, covered entities and their business associates should not assume that the Tool adequately covers all potential HIPAA Security Rule exposures. OCR has made clear in this and other Resolution Agreements that HIPAA’s Security Rule requires ongoing monitoring and assessment of the adequacy of security in response to changes in software or system, emerging threats and other developments.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Centers For Disease Control, Childrens Health Insurance Program, Disability Discrimination, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, FDA, Health Care, Health Care Fraud, Health Care Provider, Health Care Quality, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Hospital, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Medical Licensure, Medical Malpractice, OIG, Pandemic, Patient Empowerment, Pharmacy, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, Health Plans, HEAT, HIPAA, licensure, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Congress Sends Bill To Fast Track FDA Ebola Treatment Review & HHS Declaration Gives Ebola Treatment Manufacturers Special Immunity

December 11, 2014

As part of Washington’s late response to the Ebola outbreak crisis, the House and Senate in the past week have passed legislation that if signed by the President as expected will add Ebola and other filoviruses to the list of diseases eligible for fast track review by the Food and Drug Administration (FDA) under the FDA Priority Review Voucher Program (Program).

The FDA Program awards vouchers to sponsors of human drug applications that are approved to prevent or treat designated tropical diseases. A voucher entitles the holder to have a future human drug application acted upon by the FDA within six months.

The House on December 3, 2014 and the Senate on December 10, 2014 respectively passed the “FDA Priority Review Voucher Program Act,” (S.B. 2917/H.B. 5729) (the “Bill”) that will amend the Federal Food, Drug, and Cosmetic Act to add Ebola and other filoviruses to the list of diseases covered by the Program. The Bill also seeks to expedite FDA approval of Ebola and other designated disease treatments by:

Changing the process by which infectious diseases that do not significantly impact developed nations and disproportionately affect poor and marginalized populations can be designated as tropical diseases from rulemaking to order of the Secretary of Health and Human Services (HHS).
Allowing priority review vouchers to be transferred between sponsors of human drug applications any number of times.
Reducing from 365 days to 90 days the advance notice required before submitting a human drug application subject to a priority review voucher.

Congress sent the Bill to the President just one day after Department of Health & Human Services (HHS) Secretary Sylvia M. Burwell today announced a declaration under the Public Readiness and Emergency Preparedness (PREP) Act HHS says it hopes will “facilitate the development and availability of experimental Ebola vaccines in hopes of helping combat the current epidemic in West Africa and help prevent future outbreaks there.”

Fighting the disease in Africa has been the primary focus of the Obama Administration’s Ebola response. The December 9, 2014 HHS declaration provides immunity under United States law against legal claims related to the manufacturing, testing, development, distribution, and administration of three vaccines for Ebola virus disease. It does not, generally, provide immunity for a claim brought in a court outside the United States.

For many years, the U.S. has encouraged vaccine development by managing liability and compensation, starting with the National Childhood Vaccine Injury Act of 1986. The PREP Act was designed to facilitate the development of medical countermeasures to respond to urgent public health needs, including the development of critical vaccines like those to prevent the spread of Ebola. This U.S. declaration under the PREP act is part of a global dialogue to address these issues in the U.S., and other countries where the vaccine is being developed, manufactured and potentially used.

“My strong hope in issuing this PREP Act declaration in the United States is that other nations will also enact appropriate liability protection and compensation legislation,” said Secretary Burwell. “As a global community, we must ensure that legitimate concerns about liability do not hold back the possibility of developing an Ebola vaccine, an essential strategy in our global response to the Ebola epidemic in West Africa.”

HHS hopes the PREP Act declaration will strengthen the incentive to conduct research and spur development, manufacturing, and the potential use of the vaccines in large scale vaccination campaigns in West Africa. The PREP Act declaration provides legal protection under U.S. law for three vaccine candidates:

the GlaxoSmithKline’s Recombinant Replication Deficient Chimpanzee Adenovirus Type 3-Vectored Ebola Zaire Vaccine known as ChAd3-EBO-Z;
the BPSC1001 vaccine, known as rVSV-ZEBOV-GP, made by BioProtection Services Corporation, a subsidiary of Newlink Genetics; and
the Ad26.ZEBOV/MVA-BN-Filo vaccine manufactured by Janssen Corporation, subsidiary of Johnson & Johnson/Bavarian Nordic.

Similar PREP Act declarations have been issued, revised or renewed 14 times since the Act was signed in 2005. Past declarations have covered vaccines used in H5N1 pandemic influenza clinical trials in 2008, products related to the H1N1 influenza pandemic in 2009, and the development and manufacturing of antitoxins to treat botulism in 2008. For more information about the PREP Act, see here .

The Bill and the HHS PREP Act declaration are the latest efforts to provide what many health care providers see as a long overdue response to the Ebola outbreak in the wake of the diagnosis and subsequent death of an Ebola patient in Dallas lead to his death and the infection of nurses involved in his treatment, and a small number of other Ebola victims in the United States raised national awareness and concern.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Former Center Texas Medical Center CFO Faces 5 Years After Guilty Plea To EHR Incentive Fraud Reminder To Manage Incentive Compliance

November 18, 2014

The prosecution and resulting November 12, 2014 guilty plea of former Shelby Regional Medical Center Chief Financial Officer Joe White to making false statements when applying for electronic health record (EHR) incentives highlights another growing fraud exposure risk that health care organizations and their leaders need to manage arising from applications or other claims made in seeking EHR or other incentives or grants.

White presently faces sentencing to up to five years in prison after pleading guilty to making a false statement in an application for EHR incentives he signed on behalf of Center, Texas-based Shelby Regional Medical Center. White plead guilty to the charge before U.S. Magistrate Judge John D. Love on November 12, 2014.

The charges against White stemmed from an application he made on behalf of the medical center for EHR incentives. According to information presented by the U.S. Department of Justice in court, White was the Chief Financial Officer for the medical center owned and operated by Dr. Taqriq Mahmood. White oversaw the implementation of EHRs for the hospital and was responsible for attesting to the meaningful use of electronic health records in order to qualify to receive incentive payments under Medicare’s Electronic Health Record (EHR) Incentive Program.　 The Justice Department charged that on November 20, 2012, White knowingly made a false statement to Medicare falsely representing that the hospital was a meaningful user of electronic health records, when the hospital did not meet the meaningful use requirements.　 As a result, the medical center received $785,655.00 in EHR incentives from Medicare.　 A federal grand jury indicted White on February 6, 2014. He faces up to five years in prison when sentenced. The sentencing date is not set yet.
White’s prosecution and guilty plea is one of several actions that highlight the growing exposure that health care organizations and their leaders face to criminal and civil prosecution for fraud or other misconduct in seeking or collecting federal incentives or grants.

Federal and state officials responsible for administering the massive influx of grants and incentives to health care providers and others authorized under the Patient Protection and Affordable Care Act, the Stimulus Bill and other legislation now are auditing and investigating fraud or other compliance concerns and acting aggressively to prosecute organizations and individuals criminally, civilly or both for fraudulent or other abuse of the rules. The White criminal conviction, for instance, follows the October, 2014 civil complaint and simultaneous settlement of theFalse Claims Act civil suit, US ex rel. v. Columbia U. and ICAP complaint-in-intervention and its resolution through the simultaneously filed US ex rel. v. Columbia U. and ICAP stipulation and order (“Settlement”) involving the Trustees Of Columbia University In The City Of New York (“Columbia University”), and ICAP (formerly known as the International Center For Aids Care And Treatment Programs) (collectively, “Columbia”). In that suit, federal officials charged Columbia University with improperly defrauding the federal government in violation of the False Claims Act in federal grants that Columbia University obtained to fund ICAP’s AIDS- and HIV-related work. The United States’ Complaint-in-Intervention (the “Complaint”) alleged that Columbia University, as the grant administrator on behalf of ICAP, received millions of dollars in federal grants and, pursuant to the rules applicable to such grants, was required for nearly 200 of ICAP’s employees located in New York City to use a suitable means of verifying that the employees had actually performed the work charged to a particular grant. The Complaint alleges that Columbia was well aware that this was not being done, yet continued wrongly to charge many federal grants for work that was not devoted to the projects they funded. According to the Justice Department, Colombia failed to ensure that these reports were created or verified by the more than 200 individuals for which grant monies were sought. Instead, Columbia’s Finance Department provided information for these reports even though the employees of that department had limited or no knowledge of which grants the individuals actually worked on. In addition, the lawsuit charged that the effort reports were certified as correct by the principal investigators on the grants without using suitable means to verify the accuracy of the reports. Instead of taking the appropriate steps to determine whether the reports were accurate, the principal investigators would certify large batches of the reports, without making any inquiry into whether the allocation of work among the grants was accurate. Moreover, ICAP’s management was well aware of the inaccuracies of the effort reporting system. According to the complaint, these omissions resulted in Columbia charging grants for work that was not performed on the project being funded by that grant. For instance, an ICAP Finance Analyst stated that he spent approximately 15-20% of his time on MCAP in fiscal year 2010, but his effort report falsely listed his MCAP effort, and related salary charges, as 85%. Likewise, in fiscal year 2010, an ICAP Subcontracts Manager’s effort report listed her effort as 100% MCAP, but the Subcontracts Manager actually worked on three other grants, in addition to MCAP, that year. The time submitted for many other employees was similarly mischarged. The complaint also charged that ICAP also charged federal grants for time spent on activities that are not chargeable to any federal grants, such as competitive grant proposal writing. For example, an ICAP Grants Manager spent a significant amount of her time writing competitive grant proposals, but her effort report showed that all of her time was charged to grants, with as much as 92% of her time charged to MCAP in some years.

In the Settlement, Columbia admitted failing to use a suitable means of verifying whether the salary and wage charges that ICAP applied to specific federal grants were based on an employee’s actual effort for that grant. Columbia also admitted that as a result, certain effort reports contained inaccurate information, and for a number of years ICAP mischarged certain federal grants for work that was not allocable to those agreements. Columbia also agreed to pay $9,020,073 to resolve the Government’s claims.

The White criminal prosecution and conviction and the Colombia civil prosecution and settlement are two of a growing list of reminders to health care, educational and other organizations receiving Department of Health & Human Services or other federal grants or incentives as a critical reminder to review and tighten as necessary their federal grant and other incentive program compliance and documentation to ensure that it can withstand an audit or other scrutiny by federal officials.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | DME, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, EHR, Electronic Health Records, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Preparing Privacy Compliance For Emergencies-Ebola Crisis Prompts HHS OCR To Share Guidance On HIPAA Privacy in Emergency Situations

November 11, 2014

The recent US Ebola scare provided an important reminder to health care providers, health insurers and health plans, health care clearinghouses, employers and others of the importance of understanding and preparing to deal with health care privacy and other challenges arising from epidemics and other emergencies. In response to the recent Ebola and other contagious disease outbreaks and just as U.S. health care and other business leaders are working to prepare for the biggest contagious disease time of the year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is reminding health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates that the privacy rules of the Health Insurance Portability & Accountability Act (HIPAA) requiring Covered Entities and their business associates to limit the use, access and disclosure of patient’s protected health information (PHI) continue to apply during emergency situations and help them understand when HIPAA allows them to share PHI in emergency situations in a new notice titled “HIPAA Privacy in Emergency Situations” (Guidance) published November 10, 2014. A business associate of a covered entity (including a business associate that is a subcontractor) also must continue to comply with HIPAA and may only make disclosures permitted by the Privacy Rule on behalf of a Covered Entity or another business associate to the extent authorized by its business associate agreement and consistent with HIPAA’s requirements.

Sharing Patient Information

The Guidance begins by reminding Covered Entities and their business associates that HIPAA’s Privacy Rule continues to apply in emergency situations and requires Covered Entities protect and prohibits their use, access or disclosure of patient’s protected health information except as allowed by HIPAA unless the patient authorizes the Covered Entity to disclose the PHI in accordance with HIPAA’s requirements for authorization set forth in 45 CFR 164.508.

The Guidance then goes on to discuss the following circumstances that the HIPAA Privacy Rule might allow Covered Entities to share PHI without getting patient authorization, subject to the reminder that in many cases, HIPAA will require that the Covered Entity limit the disclosure to the minimum necessary disclosure necessary for the allowable purpose and require other conditions to be fulfilled:

Treatment.

Under the Privacy Rule, covered entities may disclose, without a patient’s authorization, protected health information about the patient as necessary to treat the patient or to treat a different patient. Treatment includes the coordination or management of health care and related services by one or more health care providers and others, consultation between providers, and the referral of patients for treatment. See 45 CFR §§ 164.502(a)(1)(ii), 164.506(c), and the definition of “treatment” at 164.501.

Public Health Activities.

The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information that is necessary to carry out their public health mission. Therefore, the Privacy Rule permits covered entities to disclose needed protected health information without individual authorization:

To Or At The Direction Of A Public Health Authority.

The HIPAA Privacy Rule allows Covered Entities to share protected health information with Public Health Authorities authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury or disability like the Centers for Disease Control and Prevention (CDC) or a state or local health department. This would include, for example, the reporting of disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions. A “public health authority” is an agency or authority of the United States government, a State, a territory, a political subdivision of a State or territory, or Indian tribe that is responsible for public health matters as part of its official mandate, as well as a person or entity acting under a grant of authority from, or under a contract with, a public health agency. See 45 CFR §§ 164.501 and 164.512(b)(1)(i). For example, a covered entity may disclose to the CDC protected health information on an ongoing basis as needed to report all prior and prospective cases of patients exposed to or suspected or confirmed to have Ebola virus disease.

The HIPAA Privacy Rule also allows Covered Entities to share information at the direction of a public health authority:

To a foreign government agency that is acting in collaboration with the public health authority. See 45 CFR 164.512(b)(1)(i); and
To persons at risk of contracting or spreading a disease or condition if other law, such as state law, authorizes the covered entity to notify such persons as necessary to prevent or control the spread of the disease or otherwise to carry out public health interventions or investigations. See 45 CFR 164.512(b)(1)(iv)

Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification.

The HIPAA Privacy Rule allows a Covered Entity to share protected health information:

With a patient’s family members, relatives, friends, or other persons identified by the patient as involved in the patient’s care;
About a patient as necessary to identify, locate, and notify family members, guardians, or anyone else responsible for the patient’s care, of the patient’s location, general condition, or death including where necessary to notify family members and others, the police, the press, or the public at large. See 45 CFR 164.510(b).

The Guidance reminds Covered Entities, however, that the Privacy Rule requires the Covered Entity to get verbal permission from individuals or otherwise be able to reasonably infer that the patient does not object, when possible. If the individual is incapacitated or not available, the Guidance states Covered Entities may share information for these purposes if, in their professional judgment, doing so is in the patient’s best interest.

The Guidance also confirms that Covered Entities may share protected health information with disaster relief organizations authorized by law or by their charters to assist in disaster relief efforts like the American Red Cross for the purpose of coordinating the notification of family members or other persons involved in the patient’s care, of the patient’s location, general condition, or death. It is unnecessary to obtain a patient’s permission to share the information in this situation if doing so would interfere with the organization’s ability to respond to the emergency.

Imminent Danger

The Guidance also states that Covered Entities that are health care providers may share patient information with anyone as necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public – consistent with applicable law (such as state statutes, regulations, or case law) and the provider’s standards of ethical conduct. See 45 CFR 164.512(j).

Disclosures to the Media & Others Not Involved in the Care of the Patient/Notification

The Guidance also reminds Covered Entities of the importance of closely adhering to HIPAA’s rules when responding to information requests from the medial or others not involved in the care of a patient. The Guidance states that when the media or other other party not involved un the patient’s care asks the Covered Entity for information about a particular patient by name, a hospital or other health care facility may release limited facility directory information to acknowledge an individual is a patient at the facility and provide basic information about the patient’s condition in general terms (e.g., critical or stable, deceased, or treated and released) if the patient has not objected to or restricted the release of such information or, if the patient is incapacitated, if the disclosure is believed to be in the best interest of the patient and is consistent with any prior expressed preferences of the patient. See 45 CFR 164.510(a). In general, except in the limited circumstances authorized in the HIPAA Privacy Rule, affirmative reporting to the media or the public at large about an identifiable patient, or the disclosure to the public or media of specific information about treatment of an identifiable patient, such as specific tests, test results or details of a patient’s illness, may not be done without the patient’s written authorization (or the written authorization of a personal representative who is a person legally authorized to make health care decisions for the patient).

Minimum Necessary Restriction Requirement

The Guidance cautions Covered Entities and their business associates that for most disclosures, a Covered Entity generally must make reasonable efforts to limit the information disclosed to that which is the “minimum necessary” to accomplish the purpose. However, this minimum necessary requirement does not apply to disclosures to health care providers for treatment purposes.

Covered Entities may rely on representations from a public health authority or other public official that the requested information is the minimum necessary when making disclosures in response to request from those parties. For example, a covered entity may rely on representations from the CDC that the protected health information requested by the CDC about all patients exposed to or suspected or confirmed to have Ebola virus disease is the minimum necessary for the public health purpose.

Required Internal Restrictions On Use, Access & Disclosure

Internally, covered entities should continue to apply their role-based access policies to limit access to protected health information to only those workforce members who need it to carry out their duties. See 45 CFR §§ 164.502(b), 164.514(d).

Safeguarding Patient Information

Beyond limiting the use, access and disclosure of PHI, the Guidance also reminds Covered Entities and their business associates that even in emergency situations, HIPAA continues to require them to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures as well as to apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic PHI.

Limited Waiver

Although HHS has yet to take steps to trigger a limited waiver, the Guidance also reminds Covered Entities and their business associates that HHS has the power to do so, the effect of a limited waiver and the circumstances under which HHS could elect to apply a limited waiver to waive sanctions against a hospital for certain specific types of HIPAA violations while the waiver is in effect.

As the Guidance notes, the HIPAA Privacy Rule is not suspended during a public health or other emergency. Rather, the limited waiver rules only operates to permit the Secretary of HHS to waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act. The limited waiver only applies when the President declares an emergency or disaster and HHS declares a public health emergency. When and if these requirements are met, HHS may waive sanctions and penalties against a Covered Entity that is a hospital for failing to comply with the following HIPAA Privacy Rule provisions:

The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).
The requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a).
The requirement to distribute a notice of privacy practices. See 45 CFR 164.520.
The patient’s right to request privacy restrictions. See 45 CFR 164.522(a).
The patient’s right to request confidential communications. See 45 CFR 164.522(b).

If the Secretary issues such a waiver, Covered Entities and their business associates should keep in mind the waiver only applies to the list violations and only applies:

For so long as the waiver remains in effect;
In the emergency area and for the emergency period identified in the public health emergency declaration
To hospitals that have instituted a disaster protocol; and
For up to 72 hours from the time the hospital implements its disaster protocol.

When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.

Not Necessarily Just About HIPAA

HIPAA is not necessarily the only law that Covered Entities, business associates or others need to consider when deciding what to disclose during an emergency or otherwise. The HIPAA Privacy Rule applies to disclosures made by and Covered Entities, business associates employees, volunteers, and other members of a Covered Entity’s or Business Associate’s workforce. The Privacy Rule does not apply to disclosures made by entities or other persons who are not Covered Entities.

Beyond HIPAA, Covered Entities, their business associates or members of their workforce, employers, and other organizations also need to consider whether other federal or state laws, ethical rules, contracts or policies may restrict use or disclosure, safeguard, or take other steps to protect PHI or other information. For instance, other federal laws, state law, professional ethical rules, contracts, facility policies or procedures, or other restrictions often apply to health care provides, insurers, brokers, employers or others. Employers, health care organizations, insurers and others also need to be concerned about potential discrimination, common law and statutory privacy, retaliation, defamation and other exposures.

Prepare For Compliance Now

The recent experiences of various health care organizations intimately involved in caring for the Ebola patients highlights the importance of anticipating, preparing and conducting training, and having your workforce practice to prepare to deal with the special challenges of dealing with HIPAA and other legal responsibilities in advance of emergency events. When preparing for these events, Covered Entities and business associates need to take into account the need to comply operationally as well as to document and retain records of compliance. They should both should anticipate and prepare to respond to both typical inquiries as well as those from the media, public and others. They also should consider how various types of emergencies could create new privacy or security risks. For instance, in certain emergency situations, recordkeeping or other systems could be disrupted, impacting the ability retain and subsequently produce required documentation. Furthermore, Covered Entities also should prepare to manage the patient and public relations aspects of these events including adverse impressions that often arise when the media or others are disappointed at being denied information because of compliance obligations, from breaches or perceived breaches, or other similar events.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Centers For Disease Control, Childrens Health Insurance Program, Disability Discrimination, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, FDA, Health Care, Health Care Fraud, Health Care Provider, Health Care Quality, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Hospital, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Medical Licensure, Medical Malpractice, OIG, Pandemic, Patient Empowerment, Pharmacy, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, Health Plans, HEAT, HIPAA, licensure, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

IRS Issues Ebola-Related Tax Relief

October 29, 2014

The Internal Revenue Service (IRS) has published the following tax rule relief under the Internal Revenue Code (Code)

Notice 2014-65 designates the Ebola virus outbreak occurring in the West African countries of Guinea, Liberia, and Sierra Leone as a qualified disaster for purposes of section 139 of the Code. As a result of the designation of the EVD outbreak as a qualified disaster for purposes of § 139, payments of qualified disaster relief to assist victims affected by the EVD outbreak in the three countries (Guinea, Liberia, and Sierra Leone) are excludable from the recipients’ gross income.

Notice 2014-68 provides guidance on the treatment of leave-based donation programs to aid victims of the Ebola virus outbreak occurring in the West African countries of Guinea, Liberia, and Sierra Leone for income and employment tax purposes where an employer allows employees to elect to forgo vacation, sick, or personal leave in exchange for cash payments an employer makes to organizations described in § 170(c) of the Code for the relief of victims of the EVD outbreak in Guinea, Liberia, and Sierra Leone. This notice provides guidance on the treatment of these payments for income and employment tax purposes.

Notice 2014-65 and Notice 2014-68 will be published in Internal Revenue Bulletin 2014-47 on Nov. 17.

For More Information Or Assistance

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle

Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement

Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts

CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule

Medicare Fraud Strike Force Nails 90 Individuals For Almost $260 Million In False Billing Including 16 Doctors

Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements

Small Smiles Dental Centers Excluded As Federal Health Program Provider For 5 Years

Latest OCR Resolution Agreement Hits Public Health Department, Shows Needs To Stay Up-To-Date

Euless Healthcare Corporation Owner, Associates Face Conspiracy And Health Care Fraud Charges For Alleged Submission Of $700,000+ In Fraudulent Health Care Claims

Former Manager 9th Employee Sentenced For Involvement In Maxim Medicare False Claims Action

Leave a Comment » | DME, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Columbia to Pay $9 Million Plus To Settle DOJ/HHS False Claims Charges For Submitting Inaccurate Cost Reports and Mischarging Federal Grants

October 29, 2014

The US ex rel. v. Columbia U. and ICAP complaint-in-intervention civil False Claims Act lawsuit (lawsuit) and its resolution through the simultaneously filed US ex rel. v. Columbia U. and ICAP stipulation and order (“Settlement”) entered against the Trustees Of Columbia University In The City Of New York (“Columbia University”), and ICAP (formerly known as the International Center For Aids Care And Treatment Programs) (collectively, “Columbia”) that U.S. Department of Justice (DOJ) announced October 28, 2014 reminds health care, education and other organizations receiving federal grant monies that their False Claims Act and other compliance programs must provide for appropriate management and recordkeeping of any federal grant programs participated in by their organizations. The lawsuit and settlement highlight the importance for health care, education and other organizations receiving or managing federal grants to establish appropriate controls to ensure that they can demonstrate the requisite compliance with grant requirements and other terms and conditions.

The settlement resolves a civil lawsuit jointly brought and simultaneously settled by DOJ and the Department of Health & Human Service against Colombia that charged Columbia with submitting false claims in connection with federal grants that Columbia University obtained to fund ICAP’s AIDS- and HIV-related work. The United States’ Complaint-in-Intervention (the “Complaint”) alleged that Columbia University, as the grant administrator on behalf of ICAP, received millions of dollars in federal grants and, pursuant to the rules applicable to such grants, was required for nearly 200 of ICAP’s employees located in New York City to use a suitable means of verifying that the employees had actually performed the work charged to a particular grant. The Complaint alleges that Columbia was well aware that this was not being done, yet continued wrongly to charge many federal grants for work that was not devoted to the projects they funded. The lawsuit seeks damages and penalties under the False Claims Act.

According to DOJ, the Colombia lawsuit and Settlement arose from Columbia’s participation in the President’s Emergency Plan for AIDS Relief (“PEPFAR program”), a global HIV/AIDS program, targeting billions of dollars in new funding for prevention, treatment, and care services in the most affected countries of the world. Columbia received $125 million in PEPFAR funding through the Multi-Country Columbia Antiretroviral Program (“MCAP”) grant, and over the years obtained over 75 grants and many millions more from the federal government for HIV- and AIDs-related work performed by ICAP.

The grant rules among other things, required that grantees track the work performed by the recipient’s employees and, with limited exceptions, charge grants only for work actually performed as a part of that grant. Columbia claimed to accomplish this by producing effort reports for ICAP’s New York City-based employees purportedly detailing the employees’ distribution of work across federal, state, and private grants, as well as Columbia-sponsored projects. These reports were used to determine how much a given grant was charged for work performed by individual employees.

For nearly 200 individuals, however, DOJ and the Justice Department charged Colombia failed to ensure that these reports were created or verified by the individuals to whom they applied. Instead, Columbia’s Finance Department provided information for these reports even though the employees of that department had limited or no knowledge of which grants the individuals actually worked on. In addition, the lawsuit charged that the effort reports were certified as correct by the principal investigators on the grants without using suitable means to verify the accuracy of the reports. Instead of taking the appropriate steps to determine whether the reports were accurate, the principal investigators would certify large batches of the reports, without making any inquiry into whether the allocation of work among the grants was accurate. Moreover, ICAP’s management was well aware of the inaccuracies of the effort reporting system.

According to the complaint, these omissions resulted in Columbia charging grants for work that was not performed on the project being funded by that grant. For instance, an ICAP Finance Analyst stated that he spent approximately 15-20% of his time on MCAP in fiscal year 2010, but his effort report falsely listed his MCAP effort, and related salary charges, as 85%. Likewise, in fiscal year 2010, an ICAP Subcontracts Manager’s effort report listed her effort as 100% MCAP, but the Subcontracts Manager actually worked on three other grants, in addition to MCAP, that year. The time submitted for many other employees was similarly mischarged.

The complaint also charged that ICAP also charged federal grants for time spent on activities that are not chargeable to any federal grants, such as competitive grant proposal writing. For example, an ICAP Grants Manager spent a significant amount of her time writing competitive grant proposals, but her effort report showed that all of her time was charged to grants, with as much as 92% of her time charged to MCAP in some years.

Health care, educational and other organizations receiving HHS or other federal grants should heed the lawsuit and settlement as a reminder to review and tighten as necessary their federal grant program compliance and documentation to ensure that it can withstand an audit or other scrutiny by federal officials.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | DME, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

OIG Warns Pharma Manufacturers to Prevent Copayment Coupon Use for Part D Drug Purchases

September 19, 2014

Pharmaceutical manufacturers risk sanctions unless they take appropriate steps to ensure that their copayment coupons intended to reduce patient out-of-pocket costs for purchase for specific brand name drugs do not induce improperly the purchase drugs paid for by Medicare Part D or other Federal health care programs items or services.

The warning from the Department of Health & Human Services Office of Inspector General (OIG) appears in OEI-05-12-00540 Study Results and accompanying Special Advisory Bulletin published warns pharmaceutical manufacturers they may be liable under the anti-kickback statute if they offer coupons to induce the purchase of drugs paid for by Federal health care programs, including Medicare Part D.

Pharmaceutical manufacturers often offer copayment coupons to reduce or eliminate the cost of patients’ out of pocket copayments for specific brand name drugs.

The anti-kickback statute prohibits the knowing and willful offer or payment of remuneration to a person to induce the purchase of any item or service for which payment may be made by a Federal health care program.

According to OIG, the use of coupons by Medicare beneficiaries could impose significant costs on the Part D program because many coupons encourage beneficiaries to choose more expensive brand name drugs over less expensive alternative drugs.

OIG’s warning comes in conjunction with its announcement of findings an OIG study about the safeguards pharmaceutical manufacturers employ to prevent their copayment coupons from being used for drugs paid for by Part D and to identify vulnerabilities in those safeguards which OIG reports revealed that pharmaceutical manufacturers’ current safeguards may not prevent all copayment coupons from being used for drugs paid for by Part D.

According to the OIG, all surveyed manufacturers provide notices directed to beneficiaries and pharmacists that coupons may not be used in Federal health care programs. Most surveyed manufacturers use pharmacy claims edits to prevent coupons from being processed for drugs covered by Part D. Despite these actions, OIG reports most of these edits may not prevent all coupons from being processed for Part D covered drugs. Finally, Part D plans and other entities cannot identify coupons within pharmacy claims.

In light of these findings, OIG’s Special Advisory Bulletin affirms that pharmaceutical manufacturers should act to ensure that their copayment coupons do not induce the purchase of Federal health care programs items or services, including drugs paid for by Medicare Part D. The guidance makes clear that OIG does not view the current practices of many manufacturers as sufficient controls.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | DME, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle

July 6, 2014

Health care providers, health plans, heath care clearinghouses and their business associates heed both the lesson about properly protecting protected health information and the more subtle lesson about the role of employees and other whistleblowers in bringing these violations to the attention of regulators contained in the latest Health Insurance Portability & Accountability Act (HIPAA) resolution agreement.

Late last month, the Department of Health & Human Services Office of Civil Rights (HHS) announced that complaints of a retiring physician over the mishandling of her patient records by Parkview Health System, Inc. (Parkview) prompted the investigation that lead Parkview to agree to pay $800,000 to settle charges that it violated HIPAA’s Privacy Rule.

The resolution agreement settles charges lodged by HHS based on an OCR investigation into the retiring physician’s allegations that Parkview violated the HIPAA Privacy Rule by failing to properly safeguard the records when it returned them to the physician following her retirement.

As a covered entity under the HIPAA Privacy Rule, HIPAA requires that Parkview appropriately and reasonably safeguard all protected health information in its possession, from the time it is acquired through its disposition.

In an investigation prompted by the physician’s complaint, OCR found that Parkview breached this responsibility in its handling of certain physician patient records in helping the physician to transition to retirement.

According to OCR, in September 2008, Parkview took custody of medical records pertaining to approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice.

Subsequently on June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue. OCR concluded this conduct violated the Privacy Rule.

To settle OCR’s charges that these actions violated HIPAA, OCR has agreed to pay the $800,000 resolution amount and to adopt and implement a corrective action plan requiring Parkview to revise their policies and procedures, train staff, and provide an implementation report to OCR.

The resolution agreement highlights the role that current or former physicians, employees or others can play in helping OCR to identify HIPAA violations. Health care providers and other covered entities and their business associates should take into account the likelihood that physicians on their own or other facility medical staffs, their employees and other participants in the care delivery system often may have and be motivated to report to government sensitive information about violations of HIPAA or other laws. Since HIPAA and most other laws prohibited covered entities from forbidding or retaliating against a person for objectiving to or reporting the concern and offer whistleblowers potential participation in the reporting and prosecution of violations, employees or other workforce members increasingly make the complaints bring violations to OCR and other regulators.

Whether from an internal employee complaint, a patient or competitor complaint or other source, HIPAA violations carry significant liability risks. The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates. In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes. Furthermore, enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same. When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need assistance in auditing or assessing, updating or defending your HIPAA, or other health or other employee benefit, labor and employment, compensation, privacy and data security, or other internal controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer at cstamer@solutionslawyer.net or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters. She also is recognized for her publications, industry leadership, workshops and presentations on privacy and data security and other human resources, employee benefits and health care concerns. Her many highly regarded publications on privacy and data security concerns include “Privacy Invasions of Medical Care-An Emerging Perspective.” ERISA Litigation Manual. BNA, 2003-2009; “Privacy & Securities Standards-A Brief Nutshell.” BNA Tax Management and Compliance Journal. February 4, 2005; “Cybercrime and Identity Theft: Health Information Security beyond HIPAA.” ABA Health eSource. May, 2005 and many others. She also regularly conducts training on HIPAA and other privacy and data security compliance and other risk management matters for a broad range of organizations including the Association of State and Territorial Healthcare Organizations (ASTHO), the Los Angeles County Health Department, a multitude of health plans and their sponsors, health care providers, the American Bar Association, SHRM, the Society for Professional Benefits Administrators and many others. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see www.CynthiaStamer.com or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

Leave a Comment » | Academic medicine, ASC, Childrens Health Insurance Program, Doctor, Electronic Medical Records, Employment, Federal Health Center, Federal Sentencing Guidelines, Genetic Information, GINA, Health Care, Health Care Provider, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Hospital, Indian Health, Medicare Advantage, Mental Heatlh, OCR, Pharmacy, Physician, Privacy, Rural Health Care | Tagged: Civil Monetary Penalties, HIPAA, Mass General, OCR, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement

June 26, 2014

Former employee turned whistleblower Donald Gale will receive $17.24 million of the $124.24 million that the U.S.’ largest provider of pharmaceuticals and pharmacy services to nursing homes, Omnicare, Inc. has agreed to pay to settle charges that Omnicare violated the Anti-Kickback Statute by offering improper financial incentives to skilled nursing facilities in return for their continued selection of Omnicare to provide pharmaceuticals and pharmacy services to their residents. The settlement announced June 25, 2014 by the Department of Justice (DOJ) highlights the growing risks that health care organizations using aggressive marketing incentive programs face to whistleblower, Department of Justice and other investigations.

According to DOJ, the Omnicare settlement resolves allegations that “Omnicare provided improper discounts in return for the opportunity to provide medication to Medicare and Medicaid beneficiaries” in violation of the Anti-Kickback Statute. The settlement resolves allegations initially brought by two whistleblowers that Omnicare submitted false claims by entering into below-cost contracts to supply prescription medication and other pharmaceutical drugs to skilled nursing facilities and their resident patients to induce the facilities to select Omnicare as their pharmacy provider. The facilities were participating providers under agreements with Medicare and Medicaid. In addition to the facilities’ own claims for reimbursement from Medicare for short-term rehabilitation treatment rendered to patients, Omnicare submitted additional claims for reimbursement to Medicare and Medicaid for drugs Omnicare supplied.

The Anti-Kickback Statute prohibits offering, paying, soliciting or receiving remuneration to induce referrals of items or services covered by Medicare, Medicaid and other federally funded programs as a means of helping to ensure that the selection of health care providers and suppliers is not compromised by improper financial incentives and is instead based on the best interests of the patient. This settlement illustrates both the government’s emphasis on combating health care fraud and marks another achievement for the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative and the critical role that current or former employees or other whistleblowers often play in the successful investigation and prosecution of these cases.

The HEAT initiative announced in May 2009 by Attorney General Eric Holder and Secretary of Health and Human Services Kathleen Sebelius makes heavy use of whistleblowers to uncover potential violations and then uses the False Claims Act and other expanded investigatory and enforcement tools granted by Congress to nail providers.

In conducting its war against health care fraud, Federal officials credited new tools created under the Patient Protection & Affordable Care Act (Affordable Care Act) with aiding their health care fraud investigation and enforcement efforts. Legal reforms and new resources granted under the Affordable Care Act and various other legal changes have beefed up the fraud detection and fighting powers of Federal health care fraud investigators and prosecutors. Examples of these new tools include:

Tough new rules and sentences for criminals
Enhanced screening and other enrollment requirements
Increased coordination of fraud prevention efforts
Health Care Fraud Prevention and Enforcement Action Team (HEAT)
New focus on compliance and prevention
Expanded overpayment recovery efforts
New durable medical equipment (DME) requirements
An additional $350 million over 10 years to ramp up anti-fraud efforts
Greater oversight of private insurance abuses
Senior Medicare Patrols

The continuing success of these and other federal health care fraud investigation and enforcement efforts continue to prove the need for health care providers and payers to strengthen their compliance practices and documentation to avoid getting caught in the ever tightening health care fraud dragnet. Since January 2009, the Justice Department has recovered a total of more than $19.5 billion through False Claims Act cases, with more than $13.9 billion of that amount recovered in cases involving fraud against federal health care programs. In announcing the settlement, Justice Department officials sent strong warnings to other health care providers and suppliers about the dangers of providing or accepting improper discounts or other improper incentives as part of their business marketing strategies. “Health care providers who seek to profit from providing illegal financial benefits will be held accountable,” said Assistant Attorney General for the Justice Department’s Civil Division Stuart F. Delery. “Schemes such as this one undermine the health care system and take advantage of elderly nursing home residents.” Meanwhile, Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, said “Nursing homes should select their pharmacy provider based on the best quality, service and cost to the residents, not based on improper discounts to the nursing facility.”

Any quick look at the DOJ’s enforcement record shows its acting on these promises. For instance, in addition to the Omnicare settlement, DOJ also announced on June 25 the guilty plea of a physician and the sentencing on an ambulance company owner on health care fraud charges. See Huntersville Physician Pleads Guilty To Health Care Fraud and Tax Fraud and Agrees To Pay $6.2 Million to Settle Civil Fraud Claims; Ambulance Company Co-Owner Sentenced To 13 1/2 Years for Health Care Fraud Scheme.

Health Care Providers Must Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts

June 11, 2014

Health care providers, health plans and insurers, health care clearinghouses (collectively “Covered Entities”), their business associates, and others concerned about medical privacy regulations or protections should check out two new reports to Congress about breach notifications reported and other compliance data under the Health Insurance Portability & Accountability Act (HIPAA) by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). Reviewing this data can help Covered Entities and their business associates identify potential areas of exposures and enforcement that can be helpful to minimize their HIPAA liability as well as to expect OCR enforcement and audit inquiries.

Required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the two new reports discuss various details about HIPAA compliance for calendar years 2011 and 2012. They include the following:

Report to Congress on Breach Notifications, discussing the breach notification requirements and reports OCR received as a result of these breach notification requirements; and
Report to Congress on Compliance with the HIPAA Privacy and Security Rules, summarizing complaints received by OCR of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164 .
Covered entities and their business associates should review the finding reported as part of their compliance practices. Others concerned about medical or other privacy or data security regulations or events also may find the information in the reports of interest.

Under HIPAA, covered entities generally are prohibited from using, accessing or disclosing protected health information about individuals except as specifically allowed by HIPAA, In addition, HIPAA also requires Covered Entities to establish safeguards to protect protected health information against improper access, use or destruction, to afford certain rights to individuals who are the subjects of protected information, to obtain certain written assurances from service providers who are business associates before allowing those service providers to use, access or disclose protected health information when carrying out covered functions for the Covered Entity, and meet other requirements.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates. In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.

Enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

HIPAA Privacy Rule and Sharing Information Related to Mental Health published on
Spanish Language Model Notices of Privacy Practices published on 2/13/14
CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports published on 2/3/14; and
Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) published on 1/7/14.

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

For Help With Investigations, Policy Review & Updates Or Other Needs

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule

May 28, 2014

July 28, 2014 is the deadline for concerned persons to comment on the Centers for Medicare & Medicaid Services (CMS) proposed rule requiring prior authorization for certain durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS). The proposed rule available for review at http://www.gpo.gov/fdsys/pkg/FR-2014-05-28/pdf/2014-12245.pdf would establish a prior authorization process for certain durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) items that are frequently subject to unnecessary utilization and would add a contractor’s decision regarding prior authorization of coverage of DMEPOS items to the list of actions that are not initial determinations and therefore not appealable.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

1 Comment | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Medicare Fraud Strike Force Nails 90 Individuals For Almost $260 Million In False Billing Including 16 Doctors

May 13, 2014

27 Medical Professionals Charged with Health Care Fraud

A nationwide takedown by Medicare Fraud Strike Force operations in six cities today (May 13, 2014) resulted in charges against 90 individuals, including 27 doctors, nurses and other medical professionals, for alleged participation in Medicare fraud schemes involving approximately $260 million in false billings, according to U.S. Attorney General Eric Holder and Department of Health and Human Services (HHS) Secretary Kathleen Sebelius. The announcement reminds U.S. health care providers that the Obama Administration continues to target health care providers in its campaign against health care fraud.

The seventh coordinated national Medicare fraud takedown by the Medicare Fraud Strike Force operations team of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), Federal officials filed charges that accuse the defendants of various health care fraud-related crimes, including conspiracy to commit health care fraud, violations of the anti-kickback statutes and money laundering. The charges are based on a variety of alleged fraud schemes involving various medical treatments and services, including home health care, mental health services, psychotherapy, physical and occupational therapy, durable medical equipment and pharmacy fraud.

Among the defendants charged were 27 medical professionals, including 16 doctors, who Federal officials charge included doctors billing for services that were never rendered, supply companies providing motorized wheelchairs that were never needed, and recruiters paying kickbacks to get Medicare billing numbers of patients. According to court documents, the defendants allegedly participated in schemes to submit claims to Medicare for treatments that were medically unnecessary and often never provided. In many cases, court documents allege that patient recruiters, Medicare beneficiaries and other co-conspirators were paid cash kickbacks in return for supplying beneficiary information to providers, so that the providers could then submit fraudulent bills to Medicare for services that were medically unnecessary or never performed. Collectively, the doctors, nurses, licensed medical professionals, health care company owners and others charged are accused of conspiring to submit approximately $260 million in fraudulent billings.

In Miami, a total of 50 defendants were charged today and yesterday for their alleged participation in various fraud schemes involving approximately $65.5 million in false billings for home health care and mental health services, and pharmacy fraud. In one case, two defendants were charged in connection with a $23 million pharmacy kickback and laundering scheme. Court documents allege that the defendants solicited kickbacks from a pharmacy owner for Medicare beneficiary information, which was used to bill for drugs that were never dispensed. The kickbacks were concealed as bi-weekly payments under a sham services contract and were laundered through shell entities owned by the defendants.

Eleven individuals were charged by the Houston Medicare Strike Force. Five Houston-area physicians were charged with conspiring to bill Medicare for medically unnecessary home health services. According to court documents, the defendant doctors were paid by two co-conspirators to sign off on home health care services that were not necessary and often never provided.

Eight defendants were charged in Los Angeles for their roles in schemes to defraud Medicare of approximately $32 million. In one case, a doctor was charged for causing almost $24 million in losses to Medicare through his own fraudulent billing and referrals for durable medical equipment, including over 1,000 expensive power wheelchairs, and home health services that were not medically necessary and often not provided.

In Detroit, seven defendants were charged for their roles in fraud schemes involving approximately $30 million in false claims for medically unnecessary services, including home health services, psychotherapy and infusion therapy. In one case, four individuals, including a doctor, were charged in a sophisticated $28 million fraud scheme, where the physician billed for expensive tests, physical therapy and injections that were not necessary and not provided. Court documents allege that when the physician’s billings raised red flags, he was put on payment review by Medicare. He was allegedly able to continue his scheme and evade detection by continuing to bill using the billing information of other Medicare providers, sometimes without their knowledge.

In Tampa, Florida, seven individuals were charged in a variety of schemes, ranging from fraudulent physical therapy billings to a scheme involving millions of dollars in physician services and tests that never occurred. In one case, five individuals were charged for their alleged roles in a $12 million health care fraud and money laundering scheme that involved billing Medicare using names of beneficiaries from Miami-Dade County for services purportedly provided in Tampa area clinics, 280 miles away. The defendants then allegedly laundered the proceeds through a number of transactions involving several shell entities.

In Brooklyn, New York, the Strike Force announced an indictment against Syed Imran Ahmed, M.D., in connection with his alleged $85 million scheme involving billings for surgeries that never occurred; Dr. Ahmed had been arrested last month and charged by complaint. Dr. Ahmed has charged with health care fraud and making false statements. In addition, the Brooklyn Strike Force charged six other individuals, including a physician and two billers who allegedly concocted a $14.4 million scheme in which they recruited elderly Medicare beneficiaries and billed Medicare for medically unnecessary vitamin infusions, diagnostic tests and physical and occupational therapy supposedly provided to these patients.

The cases announced today are being prosecuted and investigated by Medicare Fraud Strike Force teams comprised of attorneys from the Fraud Section of the Justice Department’s Criminal Division and from the U.S. Attorney’s Offices for the Southern District of Florida, the Eastern District of Michigan, the Eastern District of New York, the Southern District of Texas, the Central District of California, the Middle District of Louisiana, the Northern District of Illinois and the Middle District of Florida; and agents from the FBI, HHS-OIG and state Medicaid Fraud Control Units.

The HEAT Strike Force is a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. The joint Department of Justice and HHS Medicare Fraud Strike Force is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing. Almost 400 law enforcement agents from the FBI, HHS-OIG, multiple Medicaid Fraud Control Units and other federal, state and local law enforcement agencies participated in today’s takedown.

Since their inception in March 2007, Strike Force operations in nine locations have charged almost 1,900 defendants who collectively have falsely billed the Medicare program for almost $6 billion. Overall, since its inception, the Department of Justice’s Medicare Fraud Strike Force has charged nearly 1,900 individuals involved in approximately $6 billion of fraud. We are committed to using every tool at our disposal to prevent, deter, and prosecute health care fraud. In addition, CMS, working in conjunction with HHS-OIG, has suspended enrollments of high-risk providers in five Strike force locations and has removed over 17,000 providers from the Medicare program since 2011.

“Medicare is a sacred compact with our nation’s seniors, and to protect it, we must remain aggressive in combating fraud,” said Attorney General Holder. “This nationwide Medicare Strike Force takedown represents another important step forward in our ongoing fight to safeguard taxpayer resources and to ensure the integrity of essential health care programs. Department of Justice will not tolerate these activities. And we will continue working alongside the Department of Health and Human Services – as well as federal, state, and local partners – to use every appropriate tool and available resource to find, stop, and punish those who seek to take advantage of their fellow citizens.”

Tough new rules and sentences for criminals
Enhanced screening and other enrollment requirements
Increased coordination of fraud prevention efforts
Health Care Fraud Prevention and Enforcement Action Team (HEAT)
New focus on compliance and prevention
Expanded overpayment recovery efforts
New durable medical equipment (DME) requirements
An additional $350 million over 10 years to ramp up anti-fraud efforts
Greater oversight of private insurance abuses
Senior Medicare Patrols

“The Affordable Care Act has given us additional tools to preserve Medicare and protect the tens of millions of Americans who rely on it each day,” said Secretary Sebelius. “By expanding our authority to suspend Medicare payments and reimbursements when fraud is suspected, the law allows us to better preserve the system and save taxpayer dollars. Today we’re sending a strong, clear message to anyone seeking to defraud Medicare: You will get caught and you will pay the price. We will protect a sacred trust and an earned guarantee.”

The continuing success of these and other federal health care fraud investigation and enforcement efforts continue to demonstrate the need for health care providers and payers to strengthen their compliance practices and documentation to avoid getting caught in the ever tightening health care fraud dragnet.

Health Care Providers Must Act To Manage Risks

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

6/30 Comment Deadline For Proposed Inpatient Rehab Payment and Quality Reporting Rules

May 6, 2014

On May 1, 2014, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule outlining proposed fiscal year (FY) 2015 Medicare payment policies and rates for inpatient rehabilitation facilities (IRFs) and the IRF Quality Reporting Program (IRF QRP). The FY 2015 proposals are summarized below.

Changes to the payment rates under the IRF Prospective Payment System (PPS). We are proposing to update the IRF PPS payments for FY 2015 to reflect an estimated 2.1 percent increase factor (reflecting a 2.7 percent market basket, reduced by a 0.4 percent multi-factor productivity adjustment and a 0.2 percentage point reduction mandated by the Affordable Care Act). An additional 0.1 percent increase to aggregate payments due to updating the outlier threshold results in an overall update of 2.2 percent (or $160 million), relative to payments in FY 2014.
Facility-level adjustment updates. CMS is proposing to freeze the facility-level adjustment factors for FY 2015 and all subsequent years at the FY 2014 levels, while we continue to monitor the most current IRF data available and evaluate the effects of the FY 2014 changes. Additionally, we want to allow providers time to acclimate to the FY 2014 changes.
ICD-10-CM Conversion. The FY 2015 IRF PPS proposed rule discusses the transition from ICD-9-CM to ICD-10-CM for all diagnosis codes used in the IRF PPS Grouper software and the software for evaluating IRFs’ compliance with the 60 percent rule. Using the General Equivalence Mappings (GEMs) tool, we have transitioned the following lists of diagnosis codes used in the IRF PPS: the List of Comorbidities, Codes That Meet Presumptive Compliance Criteria, and Impairment Group Codes That Meet Presumptive Compliance Criteria. Our intent was to keep the same meaning of the codes in transitioning from ICD-9-CM to ICD-10-CM. We did not intend to add or delete conditions, or otherwise change the meaning of the code lists. We are addressing the conversion of ICD-9-CM to ICD-10-CM codes for the IRF PPS in this proposed rule, but in light of the Protecting Access to Medicare Act of 2014 (PAMA) (Pub. L. No. 113-93), the effective date of those changes would be the date when ICD-10-CM becomes the required medical data code set for use on Medicare claims and IRF-PAI submissions. Until that time, we will continue to require use of the ICD-9-CM codes for the IRF PPS.
Further Refinements to the Presumptive Methodology. In the FY 2014 IRF PPS final rule (78 FR 47860), we revised the list of ICD-9-CM diagnosis codes that are compared with a patient’s comorbidities in determining an IRF’s presumptive compliance with the 60 percent rule. However, a patient’s comorbidities are not the only aspect of a patient’s record that is evaluated in determining whether that patient should be counted towards an IRF’s presumptive compliance. In the FY 2014 IRF PPS final rule, we addressed only the comorbidity portion of the presumptive compliance determination, and did not address the IGC or Etiologic Diagnosis portions. In this proposed rule, CMS is proposing some additional revisions to the comorbidity, IGC, and Etiologic Diagnosis portions of the presumptive compliance determination to be consistent with the changes we implemented in the FY 2014 final rule.
Therapy Data Collection. CMS is proposing to add a new item to the inpatient rehabilitation facility-patient assessment instrument (IRF-PAI) that would require IRFs to record how much and what type of therapy (i.e., individual, group, co-treatment) patients receive in each therapy discipline (i.e., physical therapy, occupational therapy, and speech-language pathology), similar to what is currently reported on the minimum data set in the skilled nursing facility setting.
New IRF-PAI Item for Arthritis Diagnosis Codes. CMS is proposing to add an item to the IRF-PAI form in which providers could indicate that the prior treatment and severity requirements had been met for patients with arthritis conditions. The addition of this item would mitigate a potential increase in burden due to the changes in the presumptive compliance methodology finalized in the FY 2014 IRF PPS final rule (78 FR 47860 at 47887 through 47890) and the changes proposed in this year’s NPRM. For providers that fail the presumptive compliance test, the new IRF-PAI item would first be used to determine whether or not the inclusion of all of the arthritis cases indicated as meeting the severity and prior treatment requirements would be enough for the facility to comply with the 60 percent rule requirement. If so, instead of the Medicare Administrative Contractor (MAC) doing a medical review on all cases, the MAC could take a random sample of the arthritis cases to determine if the requirements were met by including these cases. Only in those instances where the facility did not meet the compliance requirements including the arthritis cases, would the MAC need to complete a medical review on all cases.
New Measure Proposals. CMS also is proposing to adopt two additional quality measures to the IRF QRP: NHSN Facility-Wide Inpatient Hospital-Onset Methicillin-Resistant Staphylococcus aureus (MRSA) Bacteremia Outcome Measure (NQF #1716), and NHSN Facility-Wide Inpatient Hospital-Onset Clostridium difficile Infection (CDI) Outcome Measure (NQF #1717).

CMS also is proposing various new policies including the following:

Reconsideration Process. CMS is proposing a formal reconsideration policy for the IRF QRP, which proposes to require that IRF providers follow specific procedures when submitting a request for CMS’ reconsideration of an initial IRF QRP provider compliance determination.
Extraordinary Circumstances Waiver Process. CMS is proposing to change the name of the previously finalized “Disaster Waiver” process to “Extraordinary Circumstances Exception/Extension.” We are also proposing to expand the process, previously finalized in the FY 2014 IRF PPS Final Rule, to allow IRF providers to request exceptions or extensions for other circumstances beyond their control, including those that are not classified as natural disasters.
CMS IRF QRP Thresholds and Data Validation. CMS is proposing a new Data Accuracy Validation policy, which will require randomly selected IRF providers to meet a proposed 90% data reliability threshold for required IRF-PAI quality indicator data items.

The proposed rule will be published in the Federal Register on May 7, 2014. CMS will accept comments on the proposed rule until June 30, 2014.

For More Information Or Assistance

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | ASC, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Hospital, Medicare, Medicare Advantage, Medicare Fee Schedule, Money Laundering, Physician, Reimbursement | Tagged: 2014, On May 1, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule outlining proposed fiscal year (FY) 2015 Medicare payment policies and rates for inpatient rehabilitation facilities (IRFs | Permalink
Posted by Cynthia Marcotte Stamer

Small Smiles Dental Centers Excluded As Federal Health Program Provider For 5 Years

April 4, 2014

Yesterday’s announcement of the exclusion of the operator and manager of the national dental chain, Small Smiles Dental Centers, from exclusion in Medicaid, Medicare and other federal health programs highlights the risks health care providers run by failing to comply with a Corporate Integrity Agreement.

Daniel R. Levinson, Inspector General of the U.S. Department of Health and Human Services, announced April 3, 2014 that the operator and manager of the Small Smiles Dental Centers, CSHM, LLC (formerly known as FORBA Holdings and Church Street Health Management (CSHM), has signed an Exclusion Agreement that bars CSHM from participating in Medicare, Medicaid, and all other Federal health care programs for 5 years. Small Smiles Dental Centers provides services primarily to children on Medicaid.

Mr. Levinson said that this exclusion “makes clear to the provider community that OIG closely monitors our CIAs, critically evaluates providers’ representations and certifications, and will pursue exclusion actions against providers that fail to abide by their integrity agreement obligations.”

According to the announcement, the exclusion is based on CSHM’s alleged material breaches of its Corporate Integrity Agreement (CIA) with the Office of Inspector General (OIG).

CSHM’s corporate predecessor entered into the CIA in 2010, as part of the resolution of a False Claims Act case involving allegations that the company had provided dental services to children on Medicaid that were medically unnecessary or failed to meet professionally recognized standards of care.

On March 7, 2014, OIG issued a Notice of Exclusion to CSHM based upon numerous material breaches of its obligations under the CIA. CSHM failed to report serious quality-of-care reportable events, take corrective action, or make appropriate notifications of those events to the State dental boards as required by the CIA, OIG found. CSHM also failed to implement and maintain key quality-related policies and procedures, comply with internal quality and compliance review requirements, properly maintain a log of compliance disclosures, and perform training as required by the CIA. Finally, CSHM submitted a false certification from its Compliance Officer regarding its compliance with CIA obligations.

This exclusion marks the culmination of a series of alleged failures by CSHM and its corporate predecessors to comply with its CIA. Under the CIA, an independent quality monitor conducted more than 90 site visits and reviews to monitor CSHM’s compliance. Since the 2010 settlement, OIG repeatedly cited CSHM and took actions to address those violations, promote improved compliance, and maintain access to care for an underserved population. These actions included imposing financial penalties and forcing the divestiture of one of the company’s clinics.

Despite these actions, CSHM remained in material breach of its CIA and OIG issued Notices of Intent to Exclude to the company in December 2013 and January 2014. In such cases, providers get the chance to show OIG that they have cured, or are in the process of curing, the material breaches. CSHM represented to OIG that it would cure the material breaches. However, through meetings with CSHM and its Board of Directors and review of its written submissions, OIG determined that CSHM had failed to cure the material breaches and proceeded with the exclusion.

CSHM disputed OIG’s determination that it was in material breach of the CIA. However, under the Exclusion Agreement, CSHM now has waived its objections to these findings.

To minimize immediate disruption of care to the hundreds of thousands of children treated at CSHM clinics and to enable an orderly, controlled shutdown of the company or divestiture of its assets, the exclusion takes effect September 30, 2014. CSHM waived its right to appeal this exclusion in any judicial forum.

Until the exclusion goes into effect on September 30, 2014, an independent monitor will continue to monitor the quality of care being provided to patients at CSHM clinics. CSHM is required to inform patients at least 30 days before closing a clinic. CSHM is also required to keep State Medicaid agencies abreast of developments and provide monthly status reports to OIG. Any divestiture of assets by CSHM must be through bona fide, arms-length transactions to an entity that is not related to or affiliated with CSHM.

Beyond the implications for Small Smiles Dental Centers, the announced exclusion carries important implications for other health care providers. First, of course, the exclusion means that Small Smiles Dental Centers and CSHM as excluded providers are ineligible for hiring by other providers participating in Medicare or other Federal Health Programs. Second, the exclusion also highlights the advisability for other providers covered by CIAs not only to see to comply with their CIA and in the event the OIG questions of the adequacy of that compliance to look for opportunities to work with OIG to rectify alleged concerns as cooperatively as possible unless a high degree of certainty that the provider can prove that OIG’s concerns are unfounded.

For More Information Or Assistance

Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Federal Health Program Exclusion, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Latest OCR Resolution Agreement Hits Public Health Department, Shows Needs To Stay Up-To-Date

March 16, 2014

Health Department HIPAA Violations Cost County $250,000, Requires Sweeping HIPAA Reforms

Hear Update On Resolution Agreement & Other New HIPAA Developments At 3/18 North Texas Healthcare Professionals Association Meeting –

RSVP here by Noon on March 17, 2014

Skagit County, Washington will pay a $215,000 monetary settlement and work closely with the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) to correct deficiencies in its HIPAA compliance program to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules by the Skagit County Public Health Department (Health Department) under a Resolution Agreement announced by OCR on March 7, 2014. The Resolution Agreement makes clear the need for health care providers, health plans, health care clearinghouses and their business associates to update and maintain their policies and practices in compliance with the constantly evolving OCR guidance and resolution agreements, as well as to timely investigate and report breaches. Interested persons are invited to hear a briefing on a series of new developments including this latest Resolution Agreement at the March 18, 2014 North Texas Healthcare Professionals Association Meeting.

OCR investigated the Health Department after receiving a breach report that unknown parties accessed money receipts with electronic protected health information (ePHI) of seven individuals after the ePHI had been inadvertently moved to a publicly accessible server maintained by the County.

OCR reports its investigation revealed a broader exposure of protected health information involved in the incident, which included the ePHI of 1,581 individuals. Many of the accessible files involved sensitive information, including protected health information about the testing and treatment of infectious diseases.

OCR’s investigation further uncovered general and widespread non-compliance by Skagit County with the HIPAA Privacy, Security, and Breach Notification Rules.

Specifically, the Resolution Agreement between OCR and the Health Department states that OCR found the following conduct occurred (“Covered Conduct”).

From approximately September 14, 2011 until September 28, 2011, Skagit County disclosed the ePHI of 1,581 individuals in violation of the Privacy Rule by providing access to ePHI on its public web server;
From November 28, 2011 until present, Skagit County failed to provide notification as required by the Breach Notification Rule to all of the individuals for whom it knew or should have known that the privacy or security of the individual’s ePHI had been compromised as a result of the breach incident;
From April 20, 2005 until present, Skagit County failed to implement sufficient policies and procedures to prevent, detect, contain, and correct security violations;
From April 20, 2005 until June 1, 2012, Skagit County failed to implement and maintain in written or electronic form policies and procedures reasonably designed to ensure compliance with the Security Rule; and
From April 20, 2005 until present, Skagit County failed to provide security awareness and training to all workforce members, including its Information Security staff members, as necessary and appropriate for the workforce members to carry out their functions within Skagit County.

To resolve OCR’s allegations of these breaches, Skagit County agrees under the Resolution Agreement to pay HHS $215,000.00 and to ensure that the Health Department implements a series of corrective actions. Among other things, the Resolution Agreement requires that the Health Department:

Provide substitute Breach Notification to individuals not previously notified of the breach of their ePHI in accordance with the Resolution Agreement
Revise to the satisfaction of OCR and adopt revised accounting for disclosure, hybrid entity designations, policies on safeguarding PHI, including its sample business associate agreements;
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered health care components of Skagit County as identified in its hybrid entity documentation approved by HHS and implement security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level.
Create and revise, as necessary, written policies and procedures for its covered health care components to comply with the Federal standards that govern the privacy, security, and breach notification of individually identifiable health information;
Comply with strict workforce training requirements;
Notify and OCR of the occurrence of some reported breaches, its investigation and corrective actions;
Provide a summary of the reported events and the status of any corrective and preventative action relating to all such Reportable Events; and
Provide OCR with an attestation signed by an officer of Skagit County attesting that he or she has reviewed the Annual Report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful.

In addition to bringing its policies and practices up to date with OCR regulations in effect at the time of the breach that resulted in the Resolution Agreement, the Health Department also will have to update its polic9ies and practices to meet changes to OCR’s HIPAA rules that have taken effect since the breach under the revised rules published by OCR in its Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013 as well as a series of recently issued OCR rules such as the following:

Covered Entities & Business Associates Should Review & Tighten Practices in Response To Resolution Agreement & Other New Guidance

Other covered entities and their business associates should carefully evaluate and tighten their existing practices in response to the Resolution Agreement and other recent guidance. In the past, OCR officials have stated it expects that other health care providers, health plans, health care clearinghouses and their business associates will review resolution agreements like this one along with other emerging OCR guidance and update their practices as necessary to address concerns within their own organization that might be similar to those reflected in the applicable resolution agreement. The Resolution Agreement documents this expectation by specifically incorporating this requirement as part of its terms.

Hear Stamer’s Update On Resolution Agreement & Other New HIPAA Developments At 3/18 North Texas Healthcare Professionals Association Meeting

Scribe for the American Bar Association Annual Agency Meeting with OCR for the fourth year, attorney Cynthia Marcotte Stamer will overview these and other HIPAA developments when she presents “Tutoring On OCR’s Latest HIPAA Homework” at the North Texas Healthcare Professionals Association Study Group Luncheon on Tuesday, March 18, 2014 from 11:30 p.m. to 1:00 p.m. at the offices of the Dallas Ft Worth Hospital Council, 250 Decker Drive, Irving, TX 75062-2706. A complimentary luncheon will be served to guests to who register in advance. There is no charge to particulate but space is limited. RSVP here by Noon on March 17, 2014.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, GINA, Health Care, Health Care Provider, Health IT, HIPAA, HITECH Act, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: Business Associates, Compliance, controlled substance, Covered Entities, DEA, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, HIPAA, licensure, Medicaid, Medical Board, Medical Privacy, pain management, pharmacist, pharmacy, PHI, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

NLRB Helps Union Force Another Health Care Employer To Recognize & Bargain With Union

March 13, 2014

Hospitals, skilled nursing and other health care organizations need to be concerned about union organizing of their employees in light of the growing success of unions with the aid of the pro-union support and agenda of the National Labor Relations Board (NLRB) under the Obama Administration’s leadership. The Administration’s goal of telling health care providers what to do extends well beyond Medicare and Medicaid into their workforce and terms and conditions of employment.

On February 21, 2014, for instance, the Obama Administration helped the Service Employees International Union (the Union) force Holy Cross Youth and Family Services, Inc., d/b/a Kairos Healthcare (the Employer), a provider of drug and alcohol rehabilitation services, to recognize and bargain with the over terms and conditions of employees with the Union by securing a court order forcing the employer to recognize and bargain with the Union.

Ruling in a lawsuit filed by the NLRB against the Employer on February 21, a federal court judge for the Eastern District of Michigan ordered upheld the allegations made in August 23, 2013 by the National Labor Relations Board (NLRB) Detroit, Michigan Regional Office that the Employer violated the National Labor Relations Act when it withdrew recognition from Local 517M, made unilateral changes to employees’ terms and conditions of employment without affording the Union an opportunity to bargain over those changes, and failed to provide relevant information to the Union to help in its bargaining with the Employer on behalf of the employees.

The Regional Office sought, and the Board authorized, seeking interim injunctive relief to return the parties to the bargaining table pending final resolution of the matter, to require the Employer to provide the Union with the information it requested and, upon request, to rescind the unilateral changes made to employees’ terms and conditions of employment.

On February 21, 2014, the District upheld the Regional Office’s action. It ruled that an interim injunction was appropriate to prevent loss of Union support, to keep the employees’ right to bargain with their Employer through their chosen bargaining representative, and to provide the Union with the information it needs to evaluate and make bargaining proposals while the administrative case is pending before the Board.

The case is one of a growing number of actions where the NLRB has used is powers to help Unions force health care and other employers to yield to union demands. See e.g., Specialty Healthcare and Rehabilitation of Mobile, Board Case No. 15-CA-68248 (reported at 357 NLRB No. 174) (6^th Cir. decided August 15, 2013 under the name Kindred Nursing Centers East, LLC f/k/a Specialty Healthcare and Rehabilitation of Mobile v. NLRB).

These decisions should remind health care and other employers of the highly union-friendly bent of the NLRB under the current administration, as well as the hazards of mishandling efforts to defend against union organizing and other protected activities under the NLRA. Beyond the obligation to recognize and bargain with properly certified collective bargaining unions, the NLRB and other federal labor laws also grant employees a host of other protections. Among these are recently affirmed rights-even for a worker not represented by a union – to insist another employee be present when participating in disciplinary and certain other meetings with management, rules limit the ability of employers to prohibit or restrict employees requiring employees to keep confidential and not discuss among each other salary, wages or other terms of compensation or employment terms and conditions, and others. The Obama Administration has made known its desire to expand these rights further and has carried out an aggressive legislative, regulatory and enforcement campaign in pursuit of this goal since taking office. For this reason, health care or other organizations should seek the advice and assistance of qualified legal counsel experienced with labor management relations matters to review policies for compliance, to prepare and administer anti-organizing activities, and to evaluate and respond to union organizing or bargaining activities.

For More Information Or Assistance

If you need assistance responding to health industry staffing and workforce, regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD, and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Board Certified in Labor and Employment Law, Ms. Stamer’s experience includes continuous involvement in advising and representing health care organizations about employment, labor-management, peer review and staffing and other workforce management and compensation concerns. Ms. Stamer also continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

1 Comment | Corporate Compliance, Doctor, Employment law, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Labor Law, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: Breach Notification, collective bargaining, Employment, Health Care, HHS, HIPAA Privacy, Hospital, labor law, labor-management, NLRA, NLRB, nursing home, Security, Union, Union Organizing | Permalink
Posted by Cynthia Marcotte Stamer

Hospital Will Pay $75K For Refusing To Hire Disabled Worker

March 10, 2014

Osceola Community Hospital Refused To Hire Child Care Worker With Cerebral Palsy Who Had Worked As Volunteer

Osceola Community Hospital in Sibley, Iowa will pay $75,000 and furnish other relief to settle an Americans With Disabilities Act (ADA) disability discrimination lawsuit filed by the U.S. Equal Employment Opportunity Commission (EEOC) for its refusal to hire a child care worker with cerebral palsy. The case shows both the need for health care and other employers to have sufficient evidence to support decisions not to hire disabled workers for safety reasons as well as the potential risks that hospitals or other face when refusing to hire disabled individuals who have been allowed to work as volunteers in their organizations.

The EEOC charged a day care center operated by the hospital, Bright Beginnings of Osceola County, unlawfully failed to hire a volunteer employee into a paid position for which she was qualified because of her cerebral palsy. Although the woman who brought the charge of discrimination against the hospital already volunteered in the day care center and held a job driving a school bus, the EEOC’s investigation revealed the county refused to hire her into a paying job in the center out of an unfounded fear that her disability meant that she could not safely care for the children.

Judge Mark Bennett entered a consent decree on February, 28, 2014, resolving the brought by the EEOC in EEOC v. Osceola Community Hospital d/b/a Bright Beginnings of Osceola County, Civil Action No. 5:12-cv-4087 (N.D. Iowa, Sept. 26, 2012 that orders Osceola Community Hospital to pay $75,000 to the discrimination victim. The decree also requires the hospital to institute a policy prohibiting discrimination on the basis of disability and to distribute the policy to all of its employees. The hospital also must train its employees and report regularly to the EEOC on its compliance with the ADA.

The lawsuit provides another example to health care and other employers of their growing exposure to disability discrimination claims under the ADA. The EEOC action and lawsuit highlights the importance of employers ensuring that decisions to refuse to hire disabled workers for safety reasons are based upon appropriate evidence of actual safety concerns that prevent the worker from safely performing the assigned duties with or without reasonable accommodation.

The fact that the worker in this case had in fact worked as a volunteer likely created additional challenges in defending the decision. The use of volunteer workers in health industry businesses is a common practice that may justify special care before those organizations deny employment to a former volunteer on the basis of safety concerns associated with the disabilities of the applicant or worker both to document the reasonable basis of the safety concern and that the concern could not be adequately resolved through reasonable accommodation.

Health Care Providers Must Strengthen Disability Compliance & Risk Management

Employment discrimination isn’t the only disability discrimination risk that hospitals and other health industry organizations need to worry about in today’s liability charged environment. Enforcing federal discrimination laws is a high priority of the Obama Administration. The Departments of Labor, Health & Human Services, Education, Justice, Housing & Urban Development, and others all have both increased enforcement, audits and public outreach, as well as have sought or are proposing tighter regulations.

The expanding applicability of nondiscrimination rules coupled with the wave of new policies and regulatory and enforcement actions should alert private businesses and state and local government agencies of the need to exercise special care to prepare to defend their actions against potential disability or other Civil Rights discrimination challenges under employment, Medicare, housing and a broad range of other laws.

The Obama Administration is targeting disability discrimination by health care organizations in a broad range of areas as part of its Barrier Free Health Care Initiative (Initiative). Launched on the 22^nd anniversary of the ADA in July 2012, the Initiative is a partnership of the Civil Rights Division and 40 U.S. Attorney’s offices across the nation, that targets ADA and other disability discrimination law enforcement efforts on a critical area for individuals with disabilities.

Part of a broader enforcement initiative of the Obama Administration to enforce and expand federal protections for individuals with disabilities, the Initiative seeks to protect patients with disabilities against illegal disability discrimination by prosecuting health care providers under the ADA and the Rehab Act.

Section 504 of the Rehab Act requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. The public accommodation provisions of the ADA, for instance, generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities. The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

The Justice Departments campaign against disability discrimination by health care providers is supported and enhanced by the concurrent efforts of OCR. Along side the Justice Department’s efforts, OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with the Rehab Act and the ADA well as various other federal nondiscrimination and civil rights laws. Through its own antidiscrimination campaign, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. See, e.g. Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled. Meanwhile, both the Justice Department and OCR also are encouraging victims of discrimination to enforce their rights through private action through educational outreach to disabled and other individuals protected by federal disabilities and other civil rights laws to make them aware of and to encourage them to act to enforce these rights.

Health Care Organizations & Providers Should Act To Manage Patient-Related Disability Discrimination Risks

Prosecutions and settlements by these and other federal agencies show the need for health care providers and other public and private organizations to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the Justice Department, OCR, the EEOC and other agencies as well as private law suits. Hospitals, health care clinics, physicians and other health care providers should take steps to guard against joining the growing list of health care providers caught in the enforcement sights of the Initiative by reviewing and updating practices, policies, training and oversight to ensure that their organizations can prevent and defend against charges of disability discrimination.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

In light of the expanding readiness of the Justice Department, OCR, HUD, EEOC and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and help businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. ©2013 Cynthia Marcotte Stamer, P.C. All rights reserved.

Leave a Comment » | Academic medicine, ADA, DME, Doctor, Electronic Health Records, Employer, Employment, Health Care, Health Care Provider, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: ADA, Disability Discrimination, EEOC, Health Care, Hospital, OCR | Permalink
Posted by Cynthia Marcotte Stamer

OCR Assigns More HIPAA Compliance Work To Health Care Providers

March 5, 2014

Think your health care organization or health plan has health care privacy covered? Think again.

A series of supplemental guidance issued by the Department of Health & Human Services Office of Civil Rights (OCR) in recent weeks is giving health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates even more to do in reviewing and updating their policies, practices and training for handing protected health information (PHI) beyond bringing their policies and practices into line with OCR’s restatement and update to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act since the Omnibus Final Rule took effect on March 26, 2013 and to have updated business associate agreements in place since September 23, 2013. Meanwhile, the Omnibus Final Rule generally has required business associates have updated business associate agreements in place and otherwise to have come into compliance with all of the applicable requirements of the Omnibus Final Rule since September 23, 2013. Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the modifications implemented in the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance concerning its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to demonstrate their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same. When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Federal Health Care Fraud Enforcement Recouped Record $4.3 Billion in FY 2013

March 4, 2014

Health care providers got another reminder last week of their ever-growing exposure to federal health care fraud detection and enforcement efforts. The joint federal health care fraud enforcement efforts of the Departments of Justice (DOJ) and Health and Human Services (HHS) set new records for recoveries in Fiscal Year (FY) 2013, according to the newly released annual Health Care Fraud and Abuse (HCFAC) Program Report (the “Fraud Report”).

Record Breaking Fraud Recoveries In FY 2013 Highlight Health Care Fraud Enforcement Risk

According to the Fraud Report, the government’s health care fraud prevention and enforcement efforts recovered a record-breaking $4.3 billion in taxpayer dollars in Fiscal Year (FY) 2013, up from $4.2 billion in FY 2012, from individuals and companies who attempted to defraud federal health programs serving seniors or who sought payments from taxpayers to which they were not entitled.　 Over the last five years, the Fraud Report says administration’s enforcement efforts have recovered $19.2 billion, up from $9.4 billion over the prior five-year period.　 Since the inception of the program in1997, the HCFAC Program has returned more than $25.9 billion to the Medicare Trust Funds and treasury.

These reported recoveries show the commitment and growing success of federal health care fraud detection, investigation and enforcement efforts targeting providers and others in health care. This is the fifth consecutive year that the program has increased recoveries over the past year, climbing from $2 billion in FY 2008 to over $4 billion every year since FY 2011.

Recoveries Show Providers Big & Growing

The DOJ and HHS credit the success of these efforts largely to the joint Health Care Fraud Prevention and Enforcement Action Team (HEAT) program DOJ and HHS created in 2009 to target health care fraud and reforms passed as part of the Patient Protection and Affordable Care Act (ACA) that aid government investigation and enforcement efforts.

DOJ and HHS have used HEAT and expanded powers in ACA to strengthen and grow their join fraud detection and enforcement efforts. ACA reforms have strengthened these efforts by giving the agencies new tools.

Among other things, ACA empowered HHS to:

Suspend payments to providers and suppliers based on credible allegations of fraud in Medicare and Medicaid;
Impose a temporary moratorium on Medicare, Medicaid, and CHIP enrollment on providers and suppliers when necessary to help prevent or fight fraud, waste, and abuse without impeding beneficiaries’ access to care.
Strengthen and build on current provider enrollment and screening procedures to more accurately assure that fraudulent providers are not gaming the system and that only qualified health care providers and suppliers are allowed to enroll in and bill Medicare, Medicaid and CHIP;
Terminate providers from Medicaid and CHIP when they have been terminated by Medicare or by another state Medicaid program or CHIP;
Require provider compliance programs, now required under the Affordable Care Act, that will ensure providers are aware of and comply with CMS program requirements.

These tools make it easier for HHS to detect and prevent potential questionable activities, as well as aid DOJ and HHS in investigating and prosecuting suspected fraud or other misconduct. The agencies tout their use of these tools along with their heightened enforcement and coordination for the growing success of their health care fraud detection and prosecution efforts.

“With these extraordinary recoveries, and the record-high rate of return on investment we’ve achieved on our comprehensive health care fraud enforcement efforts, we’re sending a strong message to those who would take advantage of their fellow citizens, target vulnerable populations, and commit fraud on federal health care programs,” said Attorney General Eric Holder.　 “Thanks to initiatives like HEAT, our work to combat fraud has never been more cooperative or more effective.　 And our unprecedented commitment to holding criminals accountable, and securing remarkable results for American taxpayers, is paying dividends.”

“These impressive recoveries for the American taxpayer are just one aspect of the comprehensive anti-fraud strategy we have implemented since the passage of the Affordable Care Act,” said HHS Secretary Sebelius.　 “We’ve cracked down on tens of thousands health care providers suspected of Medicare fraud. New enrollment screening techniques are proving effective in preventing high risk providers from getting into the system, and the new computer analytics system that detects and stops fraudulent billing before money ever goes out the door is accomplishing positive results – all of which are adding to savings for the Medicare Trust Fund.”

Federal officials also give credit to new new authorities given to them by the Affordable Care Act that help HHS and the Centers for Medicare & Medicaid Services (CMS) to detect and target heatlh care fraud.

In FY 2013, CMS announced the first use of its temporary moratoria authority granted by the Affordable Care Act.　 The action stopped enrollment of new home health or ambulance enrollments in three fraud hot spots around the country, allowing CMS and its law enforcement partners to remove bad actors from the program while blocking provider entry or re-entry into these already over-supplied markets.

The Justice Department and HHS have improved their coordination through HEAT and are currently operating Medicare Fraud Strike Force teams in nine areas across the country. The strike force teams use advanced data analysis techniques to identify high-billing levels in health care fraud hot spots so that interagency teams can target emerging or migrating schemes as well as chronic fraud by criminals masquerading as health care providers or suppliers. The Justice Department’s enforcement of the civil False Claims Act and the Federal Food, Drug and Cosmetic Act has produced similar record-breaking results.　 These combined efforts coordinated under HEAT have expanded local partnerships and helped educate Medicare beneficiaries about how to protect themselves against fraud.

In Fiscal Year 2013, the strike force secured records in the number of cases filed (137), individuals charged (345), guilty pleas secured (234) and jury trial convictions (46). Beyond these remarkable results, the defendants who were charged and sentenced are facing significant time in prison – an average of 52 months in prison for those sentenced in FY 2013, and an average of 47 months in prison for those sentenced since 2007.

In FY 2013, the Justice Department opened 1,013 new criminal health care fraud investigations involving 1,910 potential defendants, and a total of 718 defendants were convicted of health care fraud-related crimes during the year.　 The department also opened 1,083 new civil health care fraud investigations.

The strike force coordinated a takedown in May 2013 that resulted in charges by eight strike force cities against 89 individuals, including doctors, nurses and other licensed medical professionals, for their alleged participation in Medicare fraud schemes involving approximately $223 million in false billings. As a part of the May 2013 takedown, HHS also suspended or took other administrative action against 18 providers using authority under the health care law to suspend payments until an investigation is complete.

In FY 2013, the strike force secured records in the number of cases filed (137), individuals charged (345), guilty pleas secured (234) and jury trial convictions (48). Beyond these remarkable results, the defendants who were charged and sentenced are facing significant time in prison – an average of 52 months in prison for those sentenced in FY 2013, and an average of 47 months in prison for those sentenced since 2007.

In March 2011, CMS began an ambitious project to revalidate all 1.5 million Medicare enrolled providers and suppliers under the Affordable Care Act screening requirements. As of September 2013, more than 535,000 providers were subject to the new screening requirements and over 225,000 lost the ability to bill Medicare due to the Affordable Care Act requirements and other proactive initiatives.　 Since the Affordable Care Act, CMS has also revoked 14,663 providers and suppliers’ ability to bill the Medicare program. These providers were removed from the program because they had felony convictions, were not operational at the address CMS had on file, or were not in compliance with CMS rules.

HHS and the Justice Department are leading historic efforts with the private sector to bring innovation to the fight against health care fraud. In addition to real-time data and information exchanges with the private sector, CMS’ Program Integrity Command Center worked with the HHS Office of the Inspector General and the FBI to conduct 93 missions to detect, investigate, and reduce improper payments in FY 2013.

From May 2013 through August 2013, CMS led an outreach and education campaign targeted to specific communities where Medicare fraud is more prevalent.　 This multimedia campaign included national television, radio, and print outreach and resulted in an increased awareness of how to detect and report Medicare fraud.

These and other activities make it more important than ever that hospitals, physicians and other health care providers participating in Medicare, Medicaid or other federal health care programs tighten their compliance and risk management practices and processes to manage their exposures.

Providers Urged To Act To Manage Risks

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

CMS Publishes Tools To Help Providers Understand E-Health Administrative Simplification Tools & Processes

March 4, 2014

The Centers for Medicare & Medicaid Services (CMS) is offering training resources to help providers learn about the electronic administrative simplification tools available through the CMS eHealth programs implemented as part of the Health Insurance Portability & Accountability Act (HIPAA) Administrative Simplification rules.

CMS recently launched eHealth University, a new education portal designed to give providers information vital for understanding, implementing, and successfully participating in a range of . The curriculum offers resources organized by level, from beginner to advanced, in a variety of formats, including　fact sheets, guides, videos, checklists, webinar recordings, and more.

As part of eHealth University, CMS is offering tools and resources to help providers understand Administrative Simplification initiatives such as claims and eligibility operating rules, electronic funds transfer and remittance advice operating rules and standards, and the health plan identifier. These resources include:

What Administrative Simplification Does For You – This fact sheet explains the basics behind how Administrative Simplification will help improve health care efficiency and lower costs.
Introduction to Administrative Simplification – This guide gives an overview of Administrative Simplification initiatives and their purposes.
Introduction to Administrative Simplification: Operating Rules – A short video with information on Administrative Simplification operating rules.

Once providers or others have an understanding of the basics of Administrative Simplification through these beginner-level resources, the user can use the intermediate and advanced resources also available on the eHealth University website.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients on how to establish, administer and defend workforce, staffing, management, compliance and risk management policies and practices; prevent, conduct and investigate, and respond to employment, staffing, peer review and other quality, compliance and enforcement concerns; and to respond to OSHA and other Department of Labor, IRS, Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: ADministrative Simplification, eHealth, health plan issuer, HIPAA health-care, Hospital, insurer, OSHA, Physician, Safety | Permalink
Posted by Cynthia Marcotte Stamer

OSHA Hospital Tool Signals OSHA Enforcement Risk

January 20, 2014

Health industry employers brace for heightened worker health and safety exposures. The U.S. Department of Labor’s Occupational Safety and Health Administration (OHSA) is getting serious about health care worker safety.

On January 15, 2014, OSHA launched a new educational Web-based OSHA Hospital Resource with extensive materials it intends to help hospitals prevent worker injuries, assess workplace safety needs, enhance safe patient handling programs, and implement safety and health management systems. The materials include fact books, self-assessments and best practice guides.

In announcing the new resource, OSHA noted that hospital workers face serious hazards, including: lifting and moving patients, workplace violence, slips and falls, exposure to chemicals and hazardous drugs, exposures to infectious diseases and needlesticks.

According to OSHA, U.S. hospitals recorded 250,000 work-related injuries and illnesses, almost 60,000 of which caused employees to miss work in 2012. Nationwide, workers’ compensation losses result in a total annual expense of $2 billion for hospitals.

According to OSHA, the website’s materials on safe patient handling are designed to address the most common type of injuries hospital workers face, and hospitals can use these resources to protect their workers, improve patient safety and reduce costs.

While presented as helpful tools for industry employers, health care employers should not overlook the potential legal exposures risked by failing to properly manage employee health and safety risks.

Under the Occupational Safety and Health Act of 1970, employers are responsible for providing safe and healthful workplaces for their employees. OSHA’s role is to ensure these conditions for America’s working men and women by setting and enforcing standards, and providing training, education and assistance. Viewed from this perspective, health industry employers generally will want to use the tool within the scope of attorney-client privilege to evaluate their potential risks and exposures in the event of a workplace injury or death, OSHA audit or both, and take appropriate steps to mitigate those risks promptly.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients on how to establish, administer and defend workforce, staffing, management, compliance and risk management policies and practices; prevent, conduct and investigate, and respond to employment, staffing, peer review and other quality, compliance and enforcement concerns; and to respond to OSHA and other Department of Labor, IRS, Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Health Insurance Provider Fee Reporting Rules Published

January 20, 2014

Notice 2013-76 provides guidance on the health insurance providers fee related to (1) the time and manner for submitting Form 8963, “Report of Health Insurance Provider Information,” (2) the time and manner for notifying covered entities of their preliminary fee calculation, (3) the time and manner for submitting a corrected Form 8963 for the error correction process, and (4) the time for notifying covered entities of their final fee calculation. The Notice was published in the Internal Revenue Bulletin on December 16, 2013.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: EHR, electronic health record, Health Care, Health Care Reform, health insurance provider, health plan issuer, insurer, Physician, Safety | Permalink
Posted by Cynthia Marcotte Stamer

IRS Extends Existing 501(r) Guidance Reliance Period For ACA-Added Hospital Tax-Exemption Requirements

January 20, 2014

Tax-exempt hospitals can continue to rely upon existing guidance concerning the additional requirements for continued qualification for tax-exemption for hospitals added as Internal Revenue Code Section 501(r) as part of the health care reforms imposed by the Patient Protection & Affordable Care Act according to two new Internal Revenue Service (IRS) Notices.

Notice 2014-2 confirms that tax-exempt hospitals can rely on proposed regulations under § 501(r) contained in notices of proposed rulemaking (NPRMs) issued on June 26, 2012, and April 5, 2013, pending the publication of final or temporary regulations or other applicable guidance. Meanwhile, Notice 2014-3 contains a proposed revenue procedure that provides correction and disclosure procedures under which certain failures to meet the requirements of § 501(r) of the Internal Revenue Code will be excused for purposes of § 501(r)(1) and 501(r)(2)(B).

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Doctor, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Reform | Tagged: 501(r), Affordable Care Act, Health Care, Hospitals, tax-exempt | Permalink
Posted by Cynthia Marcotte Stamer

HHS “Safer Guides” Tool For Safe EHR Implementation Published

January 20, 2014

The Office of the National Coordinator for Health Information Technology (ONC) recently published guidance intended to help health care providers safely use electronic health record (EHR) technology. The Safety Assurance Factors for EHR Resilience (SAFER) Guides published here January 15, 2014 as part of the U.S. Department of Health and Human Services’ (HHS’) Health IT Patient Safety Action and Surveillance Plan are intended to serve as a tool health care providers can use to help identify and mitigate potential hazards of EHR technology.
According to HHS, HHS does not intend for the SAFER Guides to replace or revise the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, the Centers for Medicare & Medicaid Services EHR Incentive Program (Meaningful Use) Rules or other federal rules. Rather, HHS intends for health care providers to use the Guides to start a process that identifies electronic health record (EHR) EHR-related safety concerns and encourages mitigation of the high-priority risks of the EHR.
HHS has published each SAFER Guide in an interactive PDF format designed to help guide providers in self-assessing and documenting their assessments in the following areas associated with EHR implementation:

High Priority Practices;
Organizational Responsibilities;
Patient Identification;
Computerized Physician Order Entry with Decision Support;
Test Results Review and Follow-Up;
Clinician Communication;
Contingency Planning;
System Interfaces; and
System Configuration

A checklist of recommended practices in each SAFER Guide may help providers show and assess EHR safety practices adopted at their organization.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

2/28/14 Deadline To Submit Quality Data for 2013 PQRS-Medicare EHR Incentive Pilot

January 17, 2014

February 28, 2014 is the deadline for any eligible professional participating or wishes to participate in the 2013 PQRS-Medicare EHR Incentive Pilot to submit its quality data. Eligible providers wishing to participate in the pilot must submit 12 months of CQM data by February 28, 2014 at 11:59 pm ET. The system is currently open to accept this data so eligible professionals wishing to participate should complete the collection and submission of this data as soon as possible.

Steps to Successfully Participate
To successfully participate in the pilot, you must do the following by February 28, 2014:

Register for an IACS account (for EHR submission only)
Indicate intent to report CQMs using pilot in EHR Registration & Attestation System
Generate required reporting files
Test data submission
Submit quality data

Eligible professionals that cannot submit their CQM data for 12 months electronically through PQRS must return to the EHR Attestation System and deselect the electronic reporting option. Please note: if a provider does not submit its 2013 quality data or deselect the electronic reporting option in the EHR Attestation System, CMS says the provider will not receive an EHR incentive payment.

For More Information
For further guidance on the 2013 PQRS-Medicare EHR Incentive Pilot, eligible providers should read the Participation Guide and Quick-Reference Guide.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: aging in place, community-based care, controlled substance, DEA, Disability, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, long-term care, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Final CMS Rule To Expand Medicaid Support For Community & Home-Based Care

January 12, 2014

New Rule Expands Medicaid Coverage For Community Living For Disabled Aging Adults

Caregivers and service providers caring the Medicaid-eligible aging or disabled individuals will want to check out the new final rule on Home and Community-Based Services published by the Department of Health & Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) on Friday, January 10. See Final Rule: Home and Community-Based Services (“Final Rule”).

HHS views the Final Rule as supporting its Community Living Initiative, which seeks to expand and improve community services in order to allow aging and disabled people to live, work, and participate in the greater community. The Initiative reflects the growing community support for helping aging and disabled individuals to avoid institutionalization and instead “age in place” by offering broader care options, developing community services that extend options for disabled and aging persons to live independently, and other actions that support the ability of individuals to live safely within community rather than institutional settings. In announcing the Final Rule, HHS Secretary Kathleen Sebelius. “Today’s announcement will help ensure that all people participating in Medicaid home and community-based services programs have full access to the benefits of community living.”

The Final Rule expands the conditions under which Medicaid provides coverage for home and community-based services as an alternative to institutional care for older.. adults covered by Medicaid. Among other things, the Final Rule defines home and community-based settings and implements new flexibility authorized by the Patient Protection and Affordable Care Act (ACA) that gives states additional options as part of their State Plan Option to expand home and community-based services and to target services to specific populations under the provisions of Section 1915(i) on home and community-based services. It also amends the 1915(c) home and community-based services waiver program to add new person-centered planning requirements, allow states to combine multiple target populations in one waiver, and streamlines waiver administration. The final rule also includes a transitional period for states to adjust their programs to meet the new home and community-based services settings requirements. CMS says technical assistance will also be available for states.

Service providers and community agencies caring for Medicaid-eligible populations will want to check out these new rules for insights on helping the aging and disabled covered by Medicaid and their families to adapt care plans in response to the new options that the Final Rule may afford.

For more information about Home and Community-Based Services available under Medicaid, see here. For information about the HHS Community Living Initiative, see here. For additional resources, persons interested in these and other aging in place trends and resources may want to contact the author of this update, Cynthia Marcotte Stamer, who regularly speaks and writes on these concerns.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, DEA, Doctor, E-Prescribing, FDA, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: aging in place, community-based care, controlled substance, DEA, Disability, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, long-term care, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Abbott Labs, Sisters of Charity Paying More Than $9M In Two Anti-Kickback Settlements

January 2, 2014

The Justice Department’s recovery of more than $9 million in two physician kickback settlements during the last week of December, 2013 sends another strong warning to health care providers and physicians of the risks of structuring physician compensation or other arrangements that run afoul of the federal Anti-kickback Statute, STARK Law or False Claims Act Health care providers and physicians or others who may be receiving or seeking compensation or other benefits prohibited by these and other federal or state health care fraud laws should seek advice and assistance from experienced qualified legal counsel to structure or review any proposed or existing transactions that could create these risks.

The two settlements both stem from alleged payments of kickbacks to physicians to induce referrals in contravention of federal health care fraud laws.

On December 31, 2013, DOJ announced that Butte, Montana based St. James Healthcare (St. James) and its Denver-based parent company, Sisters of Charity of Leavenworth Health System (Sisters of Charity), have agreed to pay $3.85 million to resolve allegations that they violated the Anti-Kickback Statute, the Stark Law and the False Claims Act by improperly providing financial benefits to physicians and physician groups that made referrals to the hospital. Colorado Health Care Organization and One of Its Montana Hospitals to Pay $3.85 Million for Allegedly Providing Financial Benefits to Referring Physicians and Physician Groups.

The St. James settlement announcement follows DOJ’s December 27, 2013 announcement that pharmaceutical giant Abbot Laboratories has agreed to pay the United States $5.475 million to resolve allegations that it violated the False Claims Act by paying kickbacks to induce doctors to implant the company’s carotid, biliary and peripheral vascular products. U.S. Department of Justice. Abbott Laboratories Pays U.S. $5.475 Million to Settle Claims That Company Paid Kickbacks to Physicians.

St. James/Sisters of Charity Settlement

The settlement with St. James and Sisters of Charity resolves DOJ charges that they provided various improper financial incentives to physicians and physician groups involved in a joint venture with St. James to own and run a medical office building on the St. James campus. These incentives included a payment to the joint venture that increased the share values for the physicians and physician groups in the joint venture and resulted in below fair market value lease rates for the physicians renting space in the medical office building. Additional incentives provided by St. James and Sisters of Charity included below fair market value lease rates for the land upon which the medical office building was constructed and other below fair market value arrangements related to shared facilities, use and maintenance. These issues were disclosed by St. James and Sisters of Charity to the government. To resolve their liability, St. James and the Sisters of Charity will pay $3.85 millions to the U.S. Government.

In announcing the settlement, U.S. Attorney for the District of Montana Michael W. Cotter cautioned other heath care providers to review their own transactions and to take the rules seriously, stating. “We are encouraged that hospitals like St. James Healthcare are taking these issues seriously by reviewing their operations and making disclosures to the government where necessary.”

Abbott Laboratories Settlement

The Abbott Laboratories settlement requires it to pay the U.S. $5.475 million to resolve allegations that Abbott Laboratories knowingly paid prominent physicians for teaching assignments, speaking engagements and conferences with the expectation that these physicians would arrange for the hospitals with which they were affiliated to purchase Abbott’s carotid, biliary and peripheral vascular products in violation of the Anti-Kickback Act and caused the submission of false claims to Medicare for the procedures using these Abbott products .

The settlement resolves allegations originally brought in a lawsuit filed by Steven Peters and Douglas Gray, former Abbott employees, under the qui tam provision of the False Claims Act. See United States ex rel. Peters et al. v. Abbott Laboratories, Inc., Civil Action No. 3:09-CV-430 (E.D. Tenn.). The False Claims Act allows whistleblowers to file suit on behalf of the United States for false claims and share in any recovery Whistleblower claims are a major tool in the enforcement efforts and success of the DOJ in its campaign to find and prosecute health care fraud. As part of the Abbott Laboratory’s settlement, the two whistleblowers will receive a total payment of more than $1 million.

Settlements Reflect Heightened Enforcement Risks For Health Care Providers Participating In Kickback Arrangements

Health care providers offering or providing illegal or otherwise aggressive inducements to physicians or others for referrals of health care services covered by Medicare, Medicaid or other federal health care programs should heed the settlements as a warning. The two settlements illustrate the growing emphasis on the investigation and enforcement of Anti-Kickback, STARK and False Claims Act laws against health care providers by the DOJ and Department of Health & Human Services (HHS). The Anti-Kickback Statute prohibits the provision of remuneration with the intent to induce referrals of government health care program business unless the transaction falls within one of the safe harbors or otherwise qualifies as exempt from the prohibition. The Stark Law restricts financial relationships that hospitals or other designated health care providers may enter into with physicians who refer patients to them unless the arrangement meets the criteria to qualify as exempt from the prohibition. When either of these two prohibitions is violated, billing for services for care rendered creates additional fraud law exposures. Federal law prohibits payment by federal health care programs of medical claims that result from arrangements that violate the Anti-Kickback Statute or the Stark Law. The settlements announced this week both stemmed from civil prosecutions by the Justice Department. However, violations of these health care fraud laws also may result in criminal prosecutions.

DOJ, HHS and other federal and state agencies acting through the Medicare Fraud Strike Force activities conducted as part of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), federal RAC audits and other actions hunting for, and increasingly finding an prosecuting health care providers and others who participate in transactions that violate these and other federal health care fraud laws as part of efforts to control health care costs and expenditures. HEAT is a joint initiative between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. The joint Department of Justice-HHS Medicare Fraud Strike Force is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing. Since its announcement, the Strike Force has used the combined resources of agents from the FBI, HHS-Office of Inspector General (HHS-OIG), multiple Medicaid Fraud Control Units, and other state and local law enforcement agencies to investigate and prosecute a rising number of organizations and individuals throughout the industry for alleged violations of Federal health care fraud prohibitions.

The effectiveness of these Federal efforts to deter, find and prosecute false claims and other perceived abuses of Federal health care law has been significantly strengthened since Congress passed the Patient Protection & Affordable Care Act (Affordable Care Act). Among other things, ACA empowered HHS to:

Suspend payments to providers and suppliers based on credible allegations of fraud in Medicare and Medicaid;
Impose a temporary moratorium on Medicare, Medicaid, and CHIP enrollment on providers and suppliers when necessary to help prevent or fight fraud, waste, and abuse without impeding beneficiaries’ access to care.
Strengthen and build on current provider enrollment and screening procedures to more accurately assure that fraudulent providers are not gaming the system and that only qualified health care providers and suppliers are allowed to enroll in and bill Medicare, Medicaid and CHIP;
Terminate providers from Medicaid and CHIP when they have been terminated by Medicare or by another state Medicaid program or CHIP;
Require provider compliance programs, now required under the Affordable Care Act, that will ensure providers are aware of and comply with CMS program requirements.

In its Abbott Laboratories settlement announcement, DOJ touted the HEAT efforts with resulting in the recovery of a total of more than $17 billion through False Claims Act cases, with more than $12.2 billion of that amount recovered in cases involving fraud against federal health care programs.

Act To Manage Risks

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

APDerm To Pay $150k To Settle 1st HIPAA Breach Rule Charges

December 27, 2013

A new settlement agreement announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows health plans, health care providers, health care clearinghouses and their business associates the perils of failing to properly implement the necessary policies and procedures to comply with the breach notification requirements added to the Health Insurance Portability & Accountability Act of 1996 (HIPAA) added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).

APDerm Settlement Overview

Private dermatology practice, Adult & Pediatric Dermatology, P.C., (APDerm) has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. The APDerm Settlement marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

According to its December 26, 2013 announcement of the settlement, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The APDerm settlement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. It joins the growing list of settlement or resolution agreements under HIPAA announced by OCR.

The APDerm also is notable both as it settles the first ever charges against a covered entity for failing to adopt required Breach Notification policies and procedures and the relatively most settlement payment required in comparison to other announced settlement. Other settlements have been significantly higher. For instance, OCR required that Blue Cross Blue Shield of Tennessee (BCBST) to pay $1.5 million to resolve HIPAA violations charges.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s audit, investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, evolving rules and technology, and other developments to determine if additional steps are necessary or advisable. For tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: Breach Notification, DOJ, Health Care, Health Care Fraud, HIPAA, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Reminder To Follow Confidentiality, Due Process When Conducting Peer Revew & Credentialing

December 16, 2013

Hospitals, physicians, health plans and others participating in credentialing and peer review activities need to use care to ensure that they and others involved in these matters understand and comply with the confidentiality requirements of the Health Care Quality Improvement Act and similar state laws.

Hospitals and their medical staffs, physician and other practice groups and other health care organizations commonly require or query the National Practitioner Data Bank (NPDB) established under HCQIA and other sensitive professional and personal when checking the backgrounds and credentials of physicians seeking admission to the medical staff, employment, staff privileges, participation in provider panels or other positions. These health care organizations and providers also frequently may receive inquiries from other health care providers or organizations seeking information about a provider who is applying for admission, employment or other status. Finally, medical staffs, practices and other health care organizations from time to time may conduct credentialing, peer review or other disciplinary activities, or quality assurance reviews that may involve the discussion of information about the conduct, quality, discipline or other credentials and qualifications of current or former physicians at their own or another health care organization.

The investigation or discipline of a physician and certain other information regarding potential performance or credentialing concerns about a physician or other health care worker often by necessity involves the receipt, sharing, or use of sensitive professional or personal information with credentialing, management, medical staff leadership or others involved in the investigation, review or process. When participating in any of these activities, all parties involved in the activities or providing input or participation in their conduct need to understand and be required to comply fully with all applicable confidentiality and privacy requirements. While participants in these processes often may feel great temptation to circumvent formal processes in the name of expediency, to share sensitive insight with special relationships or other inducements to cut corners on confidentiality, the participants in these activities and the organizations conducting the activities should take all necessary steps to ensure that the participants carefully comply with the confidentiality and privacy requirements and only obtain and share information as allowed by and in accordance with the procedures established by these rules.

The background check rules of the Fair Credit Reporting Act (FCRA) generally require that health care organizations, as well as other businesses, conducting background check or other investigations using third party data or investigators comply with the notice, consent and disclosures of the FCRA. Parties requesting or providing information as part of a credentialing, peer review or other investigation should ensure that the necessary disclosures, notices and consents have been obtained before requesting or sharing information. The fulfillment of these requirements should not be assumed as experience demonstrates that these requirements are commonly overlooked by many health care and other organizations engaged in these activities.

In addition to meeting the FCRA, HCQIA, most state peer review, and medical staff bylaws generally require that credentialing, peer review, quality assurance, and other performance and discipline activities be conducted in accordance with carefully prescribed rules, including specific requirements concerning the protection of the confidentiality of information about a provider. While relatively rare, violation of HCQIA’s confidentiality rules can create significant liability. For instance, after it self-disclosed conduct to the Department of Health & Human Services Office of Inspector General (OIG), The Queen’s Medical Center (QMC), Hawaii, agreed to pay $150,500 in civil money penalties for allegedly violating the NPDB in 2009.

Beyond the rare sanctions under HCQIA, failing to following the rules of HCQIA and state laws can undermine the defensibility of peer review and credentialing decisions by undermining the ability of participants in the process to rely upon the peer review privilege to protect deliberations and discussions conducted in connection with the peer review and credentialing process from discovery, as well as by providing evidence of bad faith, malice or other bad motivation or acts corrupted the process and determination. Beyond hurting the defensibility of the credentialing and peer review process, violations of confidentiality or other procedures often also give rise to antitrust, defamation, invasion of privacy, tortious interferences, and other damage claims by physicians who feel their ability to practice and reputations have been injured by alleged improper conduct in connection with a peer review, credentialing or quality assurance process.

Beyond avoiding giving rise to claims by the targeted physician or other health care provider, all participants in these processes also need to use care to properly protect any individually identifiable patient information. Records and information about a patient, his medical condition, payment history and other related patient data and information often involved in these activities typically qualifies as personal health information, the use, access, and disclosure of which is restricted by the Privacy Rules of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state common law, HIPAA and other medical records privacy and confidentiality laws. In addition to the specific requirements of HIPAA and other medical information privacy laws, patient financial information and certain other sensitive information also may be protected by a broad range of federal and state laws protecting personal financial and other sensitive personal information, contractual rights created by privacy policies of the organizations involved or other laws.

Conducting proper credentialing, peer review and quality assurance activities is a critical aspect of the hiring and oversight of physicians and others providing care. As important as these requirements are, health care providers and organizations participating in these activities need to remember that the physicians who are subjected to these requirements also enjoy confidentiality, due process and other legal protections, which can create significant liability when violated. Consequently, health care organizations, physicians and members of management, and other staff and participants should use care to follow the proper procedures to ensure that physician rights to confidentiality, due process and other protections are honored as these activities are conducted.

Using care when discussing these concerns is equally important for a physician or other health care provider who is the subject of an investigation, credentialing, peer review, quality assurance or other activity. While a physician whose personal or professional conduct or credentials are questioned understandably feels a strong urge to defend him or herself through a campaign of communication or other actions, physicians on the receiving end also need to follow the process and restrict their discussions.

Cynthia Marcotte Stamer, for additional information or representation.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: CMS, compensation, DOJ, E-Prescribing, Fee Schedule, Health Care, Health Care Fraud, Home Care, home health, medical expense, Medicare, Medicare Fraud, mileage reimbursement, Minimum Wage, nurses, OIG, Overtime, Physician, physician compensation, Physician Fee Schedule, Provider, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

CMS Gives Providers Facing Fee Schedule Reduction For Unsuccessful EPrescribing Can Request Review Until 2/28

December 16, 2013

Physicians and other eligible professionals and group practices (who self-nominated for the 2012 and/or 2013 Electronic Prescribing (eRx) group practice reporting option) who were unsuccessful electronic prescribers under the 2012 or 2013 eRx Incentive Program can expect to receive notification from the Centers for Medicare & Medicaid Services (CMS) plans that CMS will have their 2014 eRx payment adjusted to 98.0% of his or her otherwise applicable Medicare Part B physician fee schedule (PFS) allowed charges amount for the specified services for all charges with dates of service from January 1–December 31, 2014.

Providers receiving these notices may wish to request a review of this planned adjustment under an informal review process for the 2014 eRx payment adjustment implemented by CMS. An informal review may be requested if the eligible professional or group practice receives notification from CMS confirming they will be subject to the 2014 eRx payment adjustment or they did not meet the requirements to avoid the 2014 eRx payment adjustment. CMS will accept nformal review requests through February 28, 2014.

Eligible professionals and group practices should submit their eRx informal review request via email to the informal review mailbox at eRxInformalReview@cms.hhs.gov.

Complete instructions on how to request an informal review are available in the 2014 eRx Payment Adjustment Informal Review Made Simple educational document.

Physicians or other health care providers who have questions about these or other e-prescribing or reimbursement concerns may contact the author of this update, Cynthia Marcotte Stamer, for additional information or representation.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: CMS, compensation, DOJ, E-Prescribing, Fee Schedule, Health Care, Health Care Fraud, Home Care, home health, medical expense, Medicare, Medicare Fraud, mileage reimbursement, Minimum Wage, nurses, OIG, Overtime, Physician, physician compensation, Physician Fee Schedule, Provider, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Update Mileage Reimbursement Policies, Communications For IRS 2014 Mileage Rates

December 10, 2013

Health care organizations should review the updated optional standard mileage rates and maximum standard automobile costs for purposes of claiming certain automobile allowances during 2014 recently released by the Internal Revenue Service (IRS) to determine and make the necessary arrangements to communicate and implement any changes in the rates that their business plans to use to reimburse employees and others for mileage. In addition, health care organizations also may want to consider sharing information about the updates to medical expense mileage reimbursement rates and other aspects of those rules in newsletters or other marketing communications to help empower those patients and their families to understand and use the new rates and rules to properly claim deductions that their families qualify for on their 2014 tax return for mileage incurred traveling for medical care.

Notice 2013-80, which is scheduled for official publication in Internal Revenue Bulletin 2013-52 on December 23, 2013, provides the optional 2014 standard mileage rates for taxpayers to use in computing the deductible costs of operating an automobile for business, charitable, medical or moving expense purposes. This notice also provides the amount taxpayers must use in calculating reductions to basis for depreciation taken under the business standard mileage rate, and the maximum standard automobile cost that may be used in computing the allowance under a fixed and variable rate (FAVR) plan. The IRS released an advanced copy of the Notice on December 6, 2013.

Many health care organizations reimburse doctors, management, home health, sales and marketing or other employees and other service providers for mileage and other automobile expenses under policies that use these IRS standard rates to calculate the reimbursement amounts. Reimbursement of employees based on these rate is not required. Because reimbursements in excess of the standard rates can create income tax recordkeeping and reporting challenges for the employer, the employee or both, however, most businesses use standard mileage reimbursement rates set at or below the IRS optional standard rates. Businesses facing financial or other challenges may want to reevaluate whether to continue to reimburse mileage and if so, the rate of reimbursement to use to do so.

When communicating with employees about the businesses’ policies for reimbursing business and moving expense mileage, businesses should take care to ensure that employees understand differences in the mileage reimbursement rates that apply to different categories of expenses. As an added service to employees, many human resources departments also may want to consider alerting employees to consult their tax advisor or take other steps to properly understand and retain documentation of mileage not only for business expense reimbursement, but also medical and moving purposes. The availability of this information can be helpful to empower workers and their families to understand and take proper advantage of rules for deducting these expenses even when the employer or its health plan does not reimburse the employee for the expenses.

In addition to reimbursements for workers, businesses also should consider the potential effects of the adjustments in the IRS optional standard mileage rates on the amounts they may bill their customers for mileage expenses as well as the amount that they should expect that their vendors and service providers may bill the business for mileage expenses under contracts that provide for reimbursement of those expenses. Businesses whose contracts with vendors or customers provide for reimbursement of mileage expenses using rates based on the IRS’ optional standard mileage rates should evaluate the effect of the announced adjustments on those mileage obligations to ensure that mileage expenses are properly anticipated, billed and paid.

Beyond dealing with their own policies for reimbursement and billing for mileage, many health care organizations may want to consider sharing information about the 2014 medical mileage reimbursement rates announced by the IRS with patients and their families. Many patients and their families may qualify to claim deductions for mileage for medical travel under IRS rules, but may not be aware of the adjusted rates or the proper procedures for identifying and documenting their medical mileage. While often negligible for families who are not suffering major illness requiring extensive commuting or travel, patients with chronic or serious medical conditions often can benefit from claiming these deductions properly. Communicating the new rates and other tips for keeping records and claiming the mileage deduction could be a significant and valued service to aid these families.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: compensation, DOJ, Health Care, Health Care Fraud, Home Care, home health, Hospital, medical expense, Medicare Fraud, mileage reimbursement, Minimum Wage, nurses, OIG, Overtime, Physician, physician compensation, Provider, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Doc Sentenced to 15 Years for Health Care Fraud

November 16, 2013

Dr. Anthony Stevens Chase faces a 15 month sentence and must pay $360,293 in restitution after pleading guilty to two health care fraud counts.

On October 21, 2011, Jase pled guilty to two counts of health care fraud before Judge James J. Brady, for involvement in two nearly identical schemes to defraud Medicare.

The first conviction arose from Jase’s association Baton Rouge-based company Lobdale Medical Services, which was owned by Beatrice and Young Anyanwu. As part of the scheme to defraud, Sandra Parkman Thompson and others procured the names and personal information of Medicare beneficiaries in and around the New Orleans area and delivered these names to Jase, who then signed false and fraudulent prescriptions for power wheelchairs and other durable medical equipment for which the Medicare beneficiaries had no medical need. Thompson later delivered the fraudulent prescriptions to the Anyanwus, who submitted claims to Medicare through Lobdale Medical Services for the medically unnecessary equipment. The total billings to Medicare by Lobdale Medicare Services exceeded $1,000,000.

The second conviction arose from JASE’s involvement with a New Orleans-based durable medical equipment company known as Psalms 23-DME, which also paid Thompson to deliver prescriptions for wheelchairs and other durable medical equipment. Jase wrote prescriptions for beneficiaries whom he had never seen and who had no need for the equipment prescribed them. As a result, Psalms 23-DME billed Medicare for claims totaling $230,963 using JASE’s provider number.

Beatrice and Young Anyanwu pled guilty to the health care fraud scheme to defraud Medicare as well as the illegal remuneration conspiracy on August 14, 2012. Theywere sentenced February 1, 2013. Sandra Parkman Thompson was convicted after a jury trial on August 20, 2012. She was sentenced on March 14, 2013.

The investigation of Jase was conducted by the Department of Health and Human Services, Office of Inspector General, the Federal Bureau of Investigation, and the Louisiana Department of Justice. Announcing the sentence, acting U.S. Attorney Walt Green stated, “This case is a great example of how federal and state law enforcement work together on a daily basis to stamp out health care fraud by doctors and others who abuse our health care system in our state.”

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

DOL Extends Minimum Wage, Overtime Protections To Home Care Workers

September 18, 2013

Health care and other parties employing or otherwise engaging the services of home care workers should review and update their policies and practices for scheduling, tracking hours worked and paying these workers to ensure that they comply by January 1, 2015 with a new final rule announced by the U.S. Department of Labor’s Wage and Hour Division today (September 18, 2013). Today’s announcement of the regulatory changes means employers of home care workers can expect to see costs rise and also will join most other U.S. businesses that must worry about getting caught in minimum wage and overtime enforcement traps.

Under the new final rule, the Labor Department extends the Fair Labor Standards Act’s minimum wage and overtime protections to most of the nation’s direct care workers who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities beginning January 1, 2015.

The new final rule generally will require that the approximately two million home care workers such as home health aides, personal care aides, and certified nursing assistants will qualify for minimum wage and overtime. Employers engaging these services also generally will need to keep records and comply with other FLSA requirements with respect to these workers as well.

In anticipation of the rollout of these new protections, the Labor Department is kicking off a public outreach campaign to educate home care workers and their employers about the rule change. The Department will be hosting five public webinars during the month of October and has created a new, dedicated web portal here with fact sheets, FAQs, interactive web tools, and other materials.

The Labor Department’s focus on home workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks.

New Home Care Worker Rules Effective January 2015

The impending change in the treatment of home care workers is part of a larger commitment by the Obama Administration to both expansion and enforcement of the FLSA’s minimum wage and overtime provisions, and a specific program targeting employers in health care and related services industries.

The Obama Administration since taking office has conducted an aggressive campaign seeking to significantly increase the minimum wage under the FLSA and expand other protections. Along with this proactive regulatory agenda, the Obama Administration also specifically is aggressively targeting health care and other caregiver businesses in its enforcement and audit activities. See, e.g. Home health care company in Dallas agrees to pay 80 nurses more than $92,000 in back wages following US Labor Department investigation; US Department of Labor secures nearly $62,000 in back overtime wages for 21 health care employees in Pine Bluff, Ark.; US Department of Labor initiative targeted toward increasing FLSA compliance in New York’s health care industry; US Department of Labor initiative targeted toward residential health care industry in Connecticut and Rhode Island to increase FLSA compliance; Partners HealthCare Systems agrees to pay 700 employees more than $2.7 million in overtime back wages to resolve U.S. Labor Department lawsuit; US Labor Department sues Kentucky home health care provider to obtain more than $512,000 in back wages and damages for 22 employees; and Buffalo, Minn.-based home health care provider agrees to pay more than $150,000 in back wages following US Labor Department investigation.

Violation of wage and hour laws exposes health care and other employers to significant back pay awards, substantial civil penalties and, if the violation is found to be willful, even potential criminal liability. Because states all have their own wage and hour laws, employers may face liability under either or both laws. Coupled with these and other enforcement efforts against health and other caregiver businesses, today’s announcement reflects enforcement risks will continue to rise for employers of home care workers.

In light of the proposed regulatory changes and demonstrated willingness of the Labor Department and private plaintiffs to bring actions against employers violating these rules, health care and others employing home care workers should take well-documented steps to manage their risks. These employers should both confirm the adequacy of their practices under existing rules, as well as evaluate and begin preparing to respond to the proposed changes to these rules. In both cases, employers of home care or other health care workers are encouraged to critically evaluate their classification or workers, both with respect to their status as employees versus contractor or leased employees, as well as their characterization as exempt versus non-exempt for wage and hour law purposes. In addition, given the nature of the scheduled often worked by home care givers, their employers also generally should pay particular attention to the adequacy of practices for recordkeeping.

Enforcement Against Other Industries Shows Risks

Of course, the home care and health care industry are not the only industries that need to worry about FLSA enforcement. The Obama Administration is very aggressive in its enforcement of wage and hour and overtime laws generally. For instance, First Republic Bank recently paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions. The Labor Department announced the settlement resulting in the payment on November 27, 2012. The settlement resulted from an investigation by the Labor Department that found the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.

The FLSA requires that covered, nonexempt employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.

While the FLSA provides an exemption from both minimum wage and overtime pay requirements for individuals employed in bona fide executive, administrative, professional and outside sales positions, as well as certain computer employees, job titles do not determine the applicability of this or other FLSA exemptions. In order for an exemption to apply, an employee’s specific job duties and salary must meet all the requirements of the department’s regulations. To qualify for exemption, employees generally must meet certain tests regarding their job duties and be paid on a salary basis at not less than $455 per week.

Investigators found that First Republic Bank failed to consider the FLSA’s criteria that allow certain administrative and professional employees to be exempt from receiving overtime pay. In fact, the employees were entitled to overtime compensation at one and one-half times their regular rates for hours worked over 40 in a week. Additionally, the bank failed to include bonus payments in nonexempt employees’ regular rates of pay when computing overtime compensation, in violation of the act. Record-keeping violations resulted from the employer’s failure to record the number of hours worked by the misclassified employees.

“It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”

FLSA Violations Generally Costly; Enforcement Rising

The enforcement record of the Labor Department confirms that employers that improperly treat workers as exempt from the FLSA’s overtime, minimum wage and recordkeeping requirements run a big risk. The Labor Department and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers. Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay. In an effort to further promote compliance and enforcement of these rules, the Labor Department is using smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers. As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the Labor Department and private litigation.

Employers Should Strengthen Practices For Defensibility

To minimize exposure under the FLSA, employers should review and document the defensibility of their existing practices for classifying and compensating workers under existing Federal and state wage and hour laws and take other actions to minimize their potential liability under applicable wages and hour laws. Steps advisable as part of this process include, but are not necessarily limited to:

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

Because of the potentially significant liability exposure, employers generally will want to consult with qualified legal counsel before starting their risk assessment and assess risks and claims within the scope of attorney-client privilege to help protect the ability to claim attorney-client privilege or other evidentiary protections to help shelter conversations or certain other sensitive risk activities from discovery under the rules of evidence.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

1 Comment | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Employer, Fair Labor Standards Act, FLSA, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

CMS Releases New Eligible Professionals Guide On Stage 2 EHR Incentive Program

September 18, 2013

CMS just released An Eligible Professional’s Guide to Stage 2 of the EHR Incentive Programs, which provides a comprehensive overview of Stage 2 of the EHR Incentive Programs for eligible professionals. The guide outlines criteria for Stage 2 meaningful use, 2014 clinical quality measure reporting, and 2014 EHR certification including Chapters on;

What is Stage 2 of the EHR Incentive Programs?
What are the requirements under Stage 2 of Meaningful Use?
How will clinical quality measures (CQMs) change?
Resources

The guide can be found on the Educational Resources page of the EHR website.

Health care providers and their vendors and advisors using these resources also are reminded to ensure that their business associate agreements, privacy practices notices and other privacy and data security processes, policies, and procedures are updated to comply with changes to the Privacy, Security, Breach Notification and other requirements he for the protection and handling of personal health information including electronic personal health information of the Health Insurance Portability & Accountability Act (HIPAA) as amended by the HITECH Act. The Final Omnibus Regulations published by the Office of Civil Rights (OCR) generally took effect earlier this year except that the regulations set next Monday, September 23, 2013 as the deadline for updating business associate agreements and the effective date for the extension of most HIPAA requirements to business associates. As demonstrated by recent enforcement actions by OCR, Health care providers and other covered entities, their business associates and advisors continuously reconfirm that their systems and arrangements continue to comply with these requirements as they make updates.

For More Information Or Assistance

If you need assistance responding to EHR, HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information on this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

OCR Shares Model Privacy Notices 1 Week Before Deadline For Updated Business Associate Agreements

September 16, 2013

A week before the September 23, 2013 deadline for all health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates to have updated their business associate agreements to comply with the Final Omnibus HIPAA Rule, the Department of Health & Human Services Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) today (September 16, 2013) released Model Notices of Privacy Practices (Notices) for health care providers and health plans to use to communicate with their patients and plan members. With penalties and enforcement continuing to rise, Covered Entities and their business associates should take appropriate steps to review and update their privacy and breach notification policies and procedures, privacy officer appointments, notices of privacy practices, business associate agreements and other HIPAA compliance and risk management documentation, practices, procedures and coverage, breach notification and other HIPAA compliance and risk management practice.

Model HIPAA Notices

Developed collaboratively by ONC and OCR the Notices available here designed in the following three different styles are designed for users to customize to fit their specific needs and practices:

A notice in the form of a booklet;
A layered notice with a summary of the information on the first page and full content on the following pages; and
A notice with the design elements of the booklet, but that is formatted for full-page presentation.

Use of these model Notices is optional. While the agencies designed the Notices to let Covered Entities to use these models by entering some of their own information into the model, such as contact information, and then printing for distribution and posting on their websites, Covered Entities should consult with legal counsel to determine the suitability of the Notices generally for their entity’s use and any customization, if any, that may be recommended or required to a Notice if the Covered Entity decides rely upon a model Notice to prepare its Notice of Privacy Practices. To facilitate any tailoring, the agencies provided a text-only version for Covered Entities wishing only wish to use the content with or without tailoring.

September 23 Business Associate Agreement Update Deadline

September 23, 2013 also is the final deadline established in the Final Omnibus HIPAA Rule for Covered Entities and their business associations to update the business associate agreements required by HIPAA to reflect application of the breach notification, business associate, and many of HIPAA’s requirements to directly cover business associates and other aspects of the Health Information Technology for Economic and Clinical Health (HITECH) Act enacted as part of the American Recovery and Reinvestment Act of 2009. While HHS published a Sample Business Associate Agreement last June to aid Covered Entities and their business associates with understanding the business associate agreement requirements as impacted by the Omnibus Final HIPAA Rule, it also made clear that Covered Entities and their business associates should tailor their business associate agreements to fit their specific circumstances and relationships. OCR National Office and regional officials speaking about their findings about past business associate agreement compliance have indicated that their audit and enforcement activities show widespread compliance issues among Covered Entities and business associates with the original business associate agreements. OCR clearly expects Covered Entities and their business associates to address and resolve these compliance issues going forward.

Covered Entities and their business associates are increasingly at peril if caught violating HIPAA’s Privacy, Security or Breach Notification rules. With the HITECH Act Breach Notification rules now requiring Covered Entities to self-disclose breaches, OCR becomes aware of breaches much more easily. Coupled with the HITECH Act’s increase in sanctions for HIPAA violations, Covered Entities and, beginning September 23, 2013, their business associates face rising risks for violating HIPAA. See, e.g. HHS Settles with Health Plan in Photocopier Breach Case; WellPoint Settles HIPAA Security Case for $1,700,000; Shasta Regional Medical Center Settles HIPAA Security Case for $275,000; Idaho State University Settles HIPAA Security Case for $400,000; and HHS announces first HIPAA breach settlement involving less than 500 patients.

In response to the updated Final Regulations and these expanding HIPAA enforcement and exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For More Information Or Assistance

If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information on this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

CMS To Host Provider Webinar To Celebrate National Health IT Week

September 13, 2013

In celebration of the third annual National Health IT Week is September 16-20, the Centers for Medicare & Medicaid Services (CMS) will host several webinars and launching new eHealth tools and resources that it intends to help providers participate in eHealth programs. These programs may be of interest to providers as well as payers who are interested in what providers are doing to use eHealth tools.

Details of Webinar

The eHealth Provider Webinar will be held on Thursday, September 19^th from 12:00 p.m. to 1:30 p.m. ET. CMS plans to present an overview of the eHealth programs and its eHealth initiative—an initiative that aligns health IT and electronic standards programs on:

Administrative Simplification
eRx Incentive Program
ICD-10
Quality Measurement

A portion of the webinar will also be dedicated to Q&A.

Registration Information

Space is limited. Register now to secure your spot for the eHealth Provider Webinar. Once registration is complete, you will receive a follow-up email with step-by-step instructions on how to log-in to the webinar. Listserv messages are sent prior to each webinar session with registration information.

If you’d like to view past webinars, the PowerPoint presentations and recordings can now be accessed on the Resources page of the eHealth website. For more information about CMS’ eHealth Initiatives, visit the CMS eHealth website for the latest news and updates on CMS’ eHealth initiatives.

For More Information Or Assistance

If you need assistance responding to this invitation or with other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Ambulatory care, Anti-KickBack, ASC, Childrens Health Insurance Program, Conditions of Participation, Consumer Driven Health Care, Controlled Substances, Corporate Compliance, Disability Discrimination, Disease Management, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, Employment, Evidence Based Medicine, Federal Health Center, Genetic Information, Grants, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Qulity, Health Care Reform, Health Insurance Exchange, Health Plan, Health Plans, Health Policy, HIPAA, Home Health, Hospital, Hospital, Indian Health, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Meaningful Use, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OCR, OIG, Outcomes Data, Outpatient, Pandemic, Patient Empowerment, Patient Protection and Affordable Care Act, Peer Review, Physician, Physician Licensing, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Real Estate, Rehabilitation Act, Reimbursement, Reproductive Rights, Rural Health Care, Stark, Substance Abuse, Swine Flu, Technology, Telemedicine, Veterans Health, Veterans Health Care | Tagged: Breach Notification, CMS, eHealth, Health IT, HHS, HIPAA Privacy, Hospital, Physicians, Providers, Security | Permalink
Posted by Cynthia Marcotte Stamer

Tell HHS What You Think-Comment On HHS Strategic Plan Now!

September 9, 2013

Health care providers, health plans, employers and others concerned about the regulatory and enforcement activities of the Department of Health & Human Services (HHS) can make their concerns known by speaking up now. Share your input on the draft HHS strategic plan that will guide HHS’ regulatory and enforcement agenda for the next 4 years.

Every 4 years, HHS updates its strategic plan, which describes its work to address complex, multifaceted, and ever-evolving health and human service issues, including:

Health Care
Research and Innovation
Prevention and Wellness

HHS is inviting public input on the draft HHS Strategic Plan for FY 2014-2018. The comment period is open until October 15, 2013. Individuals or organizations wishing to respond to this invitation can read the HHS Strategic Plan FY 2014-2018 (Draft) and submit your comments several ways including:

Submit your comments online here
Via Email to: strategicplanning@hhs.gov
Via Fax: (202) 690-8252
U.S. Mail (not recommended as security screening results in significant delay.

For More Information Or Assistance

If you need assistance responding to this invitation for comment or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Ambulatory care, Anti-KickBack, ASC, Childrens Health Insurance Program, Conditions of Participation, Consumer Driven Health Care, Controlled Substances, Corporate Compliance, Disability Discrimination, Disease Management, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, Employment, Evidence Based Medicine, Federal Health Center, Genetic Information, Grants, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Qulity, Health Care Reform, Health Insurance Exchange, Health Plan, Health Plans, Health Policy, HIPAA, Home Health, Hospital, Hospital, Indian Health, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Meaningful Use, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OCR, OIG, Outcomes Data, Outpatient, Pandemic, Patient Empowerment, Patient Protection and Affordable Care Act, Peer Review, Physician, Physician Licensing, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Real Estate, Rehabilitation Act, Reimbursement, Reproductive Rights, Rural Health Care, Stark, Substance Abuse, Swine Flu, Technology, Telemedicine, Veterans Health, Veterans Health Care | Tagged: Breach Notification, HHS, HIPAA Privacy, Hospital, Security | Permalink
Posted by Cynthia Marcotte Stamer

Court Upholds NLRB Certification of CNAs As Bargaining Union Based On NLRB Modified Community Of Interest Test

August 21, 2013

Hospitals, skilled nursing and other health care organizations facing or concerned about union organizing or their nursing or other staffs employees should consider an apparent change in National Labor Relations Board (NLRB) certification policy upheld when the Sixth Circuit ruling upheld the NLRB’s certification of a bargaining unit consisting exclusively of certified nursing assistants (CNAs) at Specialty Healthcare and Rehabilitation of Mobile (Specialty) nursing home and enforced the Board’s order finding that Specialty’s refusal to bargain with the certified unit violated Section 8(a)(5) and (1) of the National Labor Relations Act (NLRA).

Specialty Healthcare and Rehabilitation of Mobile, Board Case No. 15-CA-68248 (reported at 357 NLRB No. 174) (6^th Cir. decided August 15, 2013 under the name Kindred Nursing Centers East, LLC f/k/a Specialty Healthcare and Rehabilitation of Mobile v. NLRB), arose after the union had petitioned to represent a unit of 53 full-time and part-time CNAs, Specialty claimed that the smallest appropriate unit must include 86 other service and maintenance employees.　 The NLRB Regional Director found the unit appropriate and conducted the election, which the union won.　 The NLRB granted review, asked the parties and public for their views on eight questions on community of interest unit determinations in the non-acute care healthcare industry, and ultimately issued a decision upholding the unit determination and the union’s election victory.

In its decision, the Board overruled Park Manor Care Center, 305 NLRB 872 (1991), which applied a “pragmatic or empirical community of interests approach” to determining unit appropriateness in nursing homes.　 Instead, the Board ruled that it would apply the traditional test to evaluate appropriateness, which examines whether a proposed unit is readily identifiable and shares a community of interest distinct from other employees.　 Then, the Board explained, if “a party contends that a petitioned-for unit containing employees readily identifiable as a group who share a community of interest is nevertheless inappropriate because it does not contain additional employees, the burden is on the party so contending to show that the excluded employees share an overwhelming community of interest with the included employees.”　 Because the CNA-only unit was readily identifiable and shared a distinct community of interest, and because Specialty failed to show that the excluded service and maintenance employees shared an overwhelming community of interest with the CNAs, the Board certified the unit and the union’s victory.　 Specialty refused to bargain, and this technical NLRA Section 8(a)(5) proceeding followed.

The Sixth Circuit affirmed the Board’s order and its clarification of the community-of-interest test.　 First, rejecting Specialty’s argument that the Board did not merely embrace the traditional community-of-interest test but instead improperly created an entirely new framework, the court held that the Board permissibly “adopted a community-of-interest test based on some of the Board’s prior precedents, and . . . did explain its reasons for doing so.”　 In so holding, the court explicitly recognized the ambiguity in the Act’s command that bargaining units must be “appropriate,” and observed that the Board merely granted Judge Posner’s “wish that the Board would give [the traditional community-of-interest test] ‘a precise meaning.’” Slip op. at 13 (quoting Cont’l Web Press v. NLRB, 742 F.2d 1087, 1090 (7th Cir. 1984)).

Next, the court concluded that the Board acted within its discretion in requiring a party claiming that the smallest appropriate unit must include additional employees to show that the excluded employees share an “overwhelming community of interest” with the proposed unit.　 Indeed, the court explained that “[t]he Board has used the overwhelming-community-of-interest standard before, so its adoption [here] is not new.”　 After citing numerous cases, including the D.C. Circuit’s Blue Man Vegas LLC v. NLRB, 529 F.3d 417 (D.C. Cir. 2008), the court agreed that the Board merely clarified existing law, overruled any inconsistent precedent, appropriately placed the burden of proving overwhelming community of interest on the employer (who typically possesses the information to make that case), and explained its reasons for doing all of the above.

Turning to Specialty’s third defense, the court concluded that the Board’s test did not run afoul of Section 9(c)(5), which prohibits the Board from finding “the extent to which the employees have organized . . . controlling” in making unit determinations.　 To the contrary, the court noted that the Board first engaged in an independent community of interest determination to find out whether the proposed CNA-only unit was appropriate “aside from the fact that the union had organized it.”　 Further, “[a]s long as the Board applies the overwhelming community of interest standard only after the proposed unit has been shown to be prima facie appropriate, the Board does not run afoul of the statutory injunction that the extent of the union’s organization not be given controlling weight.”　 Slip op. at 19 (internal quotations omitted and emphasis in original).

Finally, the court held that “the Board did not abuse its discretion in adopting a generally applicable rule through adjudication instead of rule making because NLRB v. Bell Aerospace Co. Div. of Textron, Inc., 416 U.S. 267, 294 (1974), holds both that ‘the Board is not precluded from announcing new principles in an adjudicative proceeding and that the choice between rule making and adjudication lies in the first instance within the Board’s discretion.’”

The Court’s opinion is available here.

The Speciality ruling reminds health care and other employers of the highly union-friendly bent of the NLRB under the current administration, as well as the hazards of mishandling efforts to defend against union organizing and other protected activities under the NLRA. Beyond the obligation to recognize and bargain with properly certified collective bargaining unions, the NLRB and other federal labor laws also grant employees a host of other protections. Among these are recently affirmed rights-even for a worker not represented by a union – to insist another employee be present when participating in disciplinary and certain other meetings with management, rules limit the ability of employers to prohibit or restrict employees requiring employees to keep confidential and not discuss among each other salary, wages or other terms of compensation or employment terms and conditions, and others. For this reason, health care or other organizations should seek the advice and assistance of qualified legal counsel experienced with labor management relations matters to review policies for compliance, to prepare and administer anti-organizing activities, and to evaluate and respond to union organizing or bargaining activities.

For More Information Or Assistance

If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD, and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Board Certified in Labor and Employment Law, Ms. Stamer’s experience includes continuous involvement in advising and representing health care organizations about employment, labor-management, peer review and staffing and other workforce management and compensation concerns. Ms. Stamer also continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: Breach Notification, collective bargaining, Employment, Health Care, HHS, HIPAA Privacy, Hospital, labor-management, NLRB, nursing home, Security, Union Organizing | Permalink
Posted by Cynthia Marcotte Stamer

$1.2M HIPAA Settlement Results From Improper Copier Disposal

August 15, 2013

Be careful when repurposing or disposing of copiers and other equipment and media that may contain protected health information. That’s the message the Office of Civil Rights is sending health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates in its August 14, 2013 announcement of a $1.2 million plus settlement agreement with Affinity Health Plan, Inc. (Affinity) under the Health Insurance Portability & Accountability Act Privacy and Security Rules.

According to OCR, the non-profit New York area managed care plan Affinity will pay $1,215,780 and take other corrective actions to settle alleged HIPAA violations under the Affinity Resolution Agreement and CAP (Affinity Settlement). The settlement comes as the September 24, 2013 deadline for health plans, health care providers, health care clearinghouses (Covered Entities) and their business associates to update the written business associate agreements that HIPAA requires exist before business associates can be allowed to create, use, access or disclose personally identifiable health care information protected by HIPAA (PHI) to carry out HIPAA-covered functions on behalf of a Covered Entity to comply with changes to HIPAA’s implementing regulations adopted by OCR earlier this year. Health plans and other Covered Entities should take timely action to confirm that their existing procedures appropriate safeguards to protect PHI when using or disposing of copiers or other equipment or media as well as to implement business associate or other policy, procedures or training updates required to comply with the updated HIPAA rules.

HIPAA Updates Require Breach Notification, Tightened Other HIPAA Requirements

HIPAA generally requires that Covered Entities (and after September 24, 2013, their business associates) safeguard and restrict the use, access or disclosure of PHI as required by HIPAA. The HITECH Act amended these requirements to tighten certain of these requirements and restrictions, to expand the sanctions for violation of these requirements, to require Covered Entities and their business associates to provide notification of breaches of unsecured PHI to individuals whose information was breached, OCR and in some cases, the media, and made certain other changes to the original requirements of HIPAA. Earlier this year, OCR amended and restated its original Privacy and Security Rules here (2013 Final Rule) to comply with changes in the regulations resulting from these HITECH Act amendments beginning last March, but set the deadline for updating business associate agreements to meet these updated requirements at September 23, 2013.

The 2013 Final Rule and other OCR guidance makes clear that OCR expects Covered Entities and their business associates appropriately to safeguard PHI stored in computers, hard drives, and other digital media until it is properly disposed in accordance with the updated standards required by HIPAA as implemented under the 2013 Final Rule. HITECH Breach Notification Rule requires HIPAA-covered entities to notify HHS of a breach of unsecured protected health information, including breaches resulting from failure to properly secure PHI stored in digital format until it has been destroyed in accordance with the standards established by the 2013 Final Rule. OCR previously has sanctioned other Covered Entities for failed to properly destroy or safeguard PHI stored in digital format on computer or other equipment before abandoning or disposing of that equipment. The Affinity Settlement reaffirms OCR’s concern that Covered Entities meet these disposal requirements when replacing or abandoning equipment containing electronic PHI.

Affinity Settlement Highlights

According to the August 14, 2013 OCR announcement of the settlement, the settlement resulted from an investigation initiated after Affinity filed a breach report with OCR on April 15, 2010, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH Act.)

In its breach report, Affinity indicated that it was informed by a representative of CBS Evening News that, as part of an investigatory report, CBS had purchased a photocopier previously leased by Affinity. CBS informed Affinity that the copier that Affinity had used contained confidential medical information on the hard drive.

Affinity estimated in its breach report that up to 344,579 individuals may have been affected by this breach. OCR’s investigation indicated that Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives. In addition, OCR reports its investigation revealed that Affinity failed to incorporate the electronic protected health information (ePHI) stored on photocopier hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the photocopiers to its leasing agents.

In addition to the $1,215,780 payment, the Affinity Settlement includes a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and to take certain measures to safeguard all ePHI.

Learn From Affinity Lesson On Proper Disposal Procedures

Like prior OCR settlements stemming from inadequate security for PHI when transitioning equipment, media or facilities, the Affinity Settlement sends another reminder to Covered Entities and their business associates again of the importance of using appropriate procedures to protect or dispose of PHI when replacing or redeploying equipment or media that may contain PHI.

“This settlement illustrates an important reminder about equipment designed to retain electronic information: Make sure that all personal information is wiped from hardware before it’s recycled, thrown away or sent back to a leasing agent,” said OCR Director Leon Rodriguez. “HIPAA covered entities are required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have appropriate safeguards in place to protect this information.”

OCR has published guidance concerning HIPAA’s requirements for the proper safeguarding and disposal of media and equipment in the 2013 Final Rule and other guidance. Concerning the proper disposition of copiers that may have PHI stored on their hard drives or in other digital formal, OCR in the Affinity Settlement recommended that Covered Entities and their associates also review the Federal Trade Commission’s Guidance On Safeguarding Sensitive Data Stored In The Hard Drives Of Digital Copiers and the National Institute of Standards and Technology has issued Guidance On Assessing The Security Of Multipurpose Office Machines. Covered Entities and their business associates should use this and other guidance to ensure that they can demonstrate that appropriate practices and procedures have been used to when disposing of or repurposing copies or other equipment that may contain electronic PHI.

HIPAA Regulation Updates Require Other Updates Beyond Disposal Procedures

In addition to addressing the concerns that lead to the Affinity Settlement, Covered Entities and their business associates also should verify that their practices, policies, privacy notices, business associate agreements, and training also are updated to comply with updates to the updated 2013 Final Rule adopted by OCR earlier this year here.

Since passage of the HITECH Act, OCR officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While OCR had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating OCR’s HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR’s interpretation and enforcement of HIPAA.

For More Information Or Assistance

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

CMS Rescinds Plan To Require Automatic Denial of Provider Enrollment To Providers With Outstanding Overpayments

August 5, 2013

Citing “industry concerns,” the Centers for Medicare & Medicaid Services (CMS) has abandoned at least temporarily its May 31 request to change Section 15.13 of its Program Integrity Manual chapter to require the denial of enrollment applications when the requesting provider or its owner had an overpayment of $1500 or more which was not repaid at the time it submitted its application.

In Change Request 8304, CMS on May 31, 2013 sought to revise its Provider Integrity Manual to instruct a Medicare administrative contractor (MAC) to deny a Form CMS-855 enrollment application if the current owner of an enrolling provider or supplier, an enrolling physician or a non-physician practitioner had an existing of $1500 or more that had not been repaid in full when the provided filed its application. The instruction would have required the MAC to deny the enrollment application regardless of the reason for the overpayment.

CMS rescinded the Change Request 8304 on July 27, 2013 pending further consideration. Change Request 8304 Rescission Notice.

For More Information Or Assistance

If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Academic medicine, Corporate Compliance, Doctor, Durable Medical Equipment, Federal Health Center, Health Care, Health Care Finance, Health Care Provider, Home Health, Hospital, Hospital, Medicaid, Medical Licensure, Medicare, Medicare Advantage, OIG, Physician, Rehabilitation Act, Reimbursement | Tagged: HHS, Hospital, Medicare, provider enrollment, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

IRS Publishes 2014 Branded Prescription Drug Fee Guidance

August 5, 2013

The Internal Revenue Service (IRS) today released Notice 2013-51. “Branded Prescription Drug Fee; Guidance for the 2014 Fee Year,” which contains guidance on the branded prescription drug fee imposed under section 9008 of the Patient Protection and Affordable Care Act (ACA) for the 2014 fee year.

Branded Prescription Drug Fee Background

ACA requires that covered entities that engage in the business of manufacturing or importing branded prescription drugs pay the branded prescription drug fee. The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51, published on August 18, 2011 (76 FR 51245), provide the method by which each covered entity’s annual fee is calculated. These regulations also define terms for the administration of the fee.

Regulation section 51.2T(g) defines fee year as the calendar year in which the fee for a particular sales year must be paid and section 51.2T(m) defines sales year as the second calendar year preceding the fee year.

Section 51.3T of the Regulation requires that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.

Section 51.6T provides that for each sales year the Internal Revenue Service (IRS) will make a preliminary fee calculation for each covered entity and will tell each covered entity of this calculation by the date prescribed in guidance published in the Internal Revenue Bulletin. This notification will also include additional prescribed information. As used in this notice, “notice of preliminary fee calculation” includes the additional prescribed information.

Section 51.7T provides that upon receipt of its preliminary fee calculation, each covered entity will have an opportunity to dispute this calculation by submitting to the IRS an error report with prescribed information. Sections 51.7T(b) and (c) set out the information that a covered entity must submit to support each asserted error. Section 51.7T(d) provides that each covered entity must submit reports and error reports, if anyin the form and way required by the IRS.

Section 51.8T provides that the IRS will send each covered entity its final fee calculation no later than August 31st of each fee year and also provides that covered entities must pay their fee by September 30th of the fee year.

2014 Deadlines & Procedures

Notice 2013-51 provides guidance for covered entities for 2014 on:

Submission of Form 8947, “Report of Branded Prescription Drug Information,”
The time and manner for notifying covered entities of their preliminary fee calculation,
The time and manner for submitting error reports for the dispute resolution process; and
The time for notifying covered entities of their final fee calculation.

For the 2014 fee year, the Notice states that a covered entity that chooses to submit Form 8947 must file the form by November 1, 2013.

For the 2014 fee year, the Notice states that the IRS will mail each covered entity a paper notice of its preliminary fee calculation by March 3, 2014. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to Regulation section 51.4T.

A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by February 17, 2014. The Notice instructs that this request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the notice says the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by March 3, 2014.

For the 2014 fee year, the Notice also states a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 15, 2014. When the IRS mails each covered entity a notice of its preliminary fee calculation by March 3, 2014, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM and sent by mail as instructed in the Notice.

The Notice also indicates that the IRS will notify each covered entity of its final fee calculation for 2014 by August 29, 2014, after which each covered entity must pay this fee by September 30, 2014 in accordance with Regulation section 51.8T(c),

For More Information Or Assistance

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

August 5, 2013

Medicare payments to inpatient psychiatric facilities (IPFs) will rise by 2.3% for fiscal year (FY) 2014 under the final Inpatient Psychiatric Facilities Prospective Payment System (PPS) Updated for Fiscal Year Beginning October 1, 2013 (FY 2013) posted by the Centers for Medicare & Medicaid Services (CMS) July 29 here.

The notice updates the prospective payment rates for Medicare inpatient hospital services provided by inpatient psychiatric facilitates for discharges occurring during the fiscal year (FY) beginning October 1, 2013 through September 30, 2014.

Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:

The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.

IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

August 1, 2013

Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:

The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.

IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

CMS Publishes FY 2014 Final Inpatient Rehabiliation Facility Prospective Payment Rule

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

1 Comment | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

August 1, 2013

Inpatient Rehabilitation Facilities (IRFs) take note. The Centers for Medicare & Medicaid Services yesterday (July 31, 2013) published its final Inpatient Rehabilitation Facility (IRF), Inpatient Rehabilitation Facility Prospective Payment System for Federal Fiscal Year 2014 Final Rule (Rule). The Rule, which with its preamble is 272 pages, among other things:

Updates the prospective payment rates for (IRFs) for federal fiscal year (FY) 2014 (for discharges occurring on or after October 1, 2013 and on or before September 30, 2014) as required by the statute.
Revises the list of diagnosis codes that may be counted toward an IRF’s “60 percent rule” compliance calculation to determine “presumptive compliance,” update the IRF facility-level adjustment factors using an enhanced estimation methodology;
Revises sections of the Inpatient Rehabilitation Facility-Patient Assessment Instrument,
Revises requirements for acute care hospitals that have IRF units;
Clarifies the IRF regulation text regarding limitation of review;
Updates references to previously changed sections in the regulations text; and
Revises and updates quality measures and reporting requirements under the IRF quality reporting program.

The regulatory amendments in this Rule generally are effective as follows:

Its revisions to the list of diagnosis codes used to determine presumptive compliance under the “60 percent rule” are applicable for compliance review periods beginning on or after October 1, 2014; and
The updated IRF prospective payment rates are applicable for IRF discharges occurring on or after October 1, 2013 and on or before September 30, 2014 (FY 2014).
The changes to the Inpatient Rehabilitation Facility-Patient Assessment Instrument, the amendments to §412.25, and the revised and updated quality measures and reporting requirements under the IRF quality reporting program are applicable for IRF discharges occurring on or after October 1, 2014.

IRFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, ADA, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Inpatient Rehabilitation Facilities, Justice Department, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

Tighten Disability Compliance To Avoid ADA Suits, Program Disqualification & Other Risks

July 30, 2013

The Department of Justice’s July 29, 2013 announcement that it is suing Dr. Hal Brown and Primary Care of the Treasure Coast of Vero Beach, Florida (PCTC) for violating the Americans With Disabilities Act (ADA) by discriminating and retaliating against two deaf patients reminds physicians, clinics, hospitals and other health industry providers, their landlords, and other vendors to tighten their understanding, practices of federal and state disability discrimination laws to avoid getting nailed for improper discrimination. Following on the Department of Health & Human Service’s recently announced exclusion of a physician that illegally discriminated against a HIV-positive patient, health care providers are on notice that Federal officials are gunning for health care providers who illegally discriminate against patients and others with disabilities.

With the Justice Department, HHS and others targeting discrimination in the health care industry, physicians and their practices, clinics, hospitals and other private and public health care providers, and their landlords and other vendors should update their understanding of disability discrimination responsibilities and exposures, and then review and tighten policies, practices, workforce training and oversight, and other risk management and compliance practice to help prevent and mitigate exposures to disability and other discrimination claims.

Health Care Providers & Industry Under Fire For Disability Discrimination

While the heavy emphasis generally placed upon the enforcement of disability laws by the Obama Administration has heightened the risks of all U.S. businesses, health care providers are particularly at risk to disability discrimination liability as a result of the Barrier-Free Health Care Initiative of the Justice Department and related health industry disability enforcement initiatives of HHS and other federal agencies.

Health care provider, like other U.S. businesses, face sweeping responsibilities under the various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws. Section 504 of the Rehabilitation Act generally requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs. Rather, the ADA requirements and disability discrimination prohibitions generally apply to all U.S. health care and other businesses even if they do not receive federal financial assistance. Under the ADA, health care providers and other covered businesses generally have a duty other to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities.

Specifically under the ADA:

The public accommodation provisions generally both prohibit discrimination against individuals with disabilities when delivering health care or other services, as well as require health industry and other businesses to provide reasonable accommodations to individuals with disabilities unless the health care provider proves its actions are defensible under an exception to these general rules.
The employment discrimination provisions generally prohibit health care industry and other employers from discriminating against qualified individuals with a disability and require employers to provide reasonable accommodations for disabled workers unless the health care provider can prove that its conduct qualifies under one of the allowable exceptions to the general prohibition against discrimination.
The anti-retaliation rules prohibit retaliation against an individual because he opposes an act that is unlawful under the ADA or because he made a charge, testified, assisted or participated in any way in an investigation, proceeding or hearing under the ADA. These provisions also make it unlawful to coerce, intimidate, threaten or interfere with any individual exercising their rights protected by the ADA.

Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

Justice Department ADA Suit Against Brown & PCTC

The ADA lawsuit against Dr. Brown and PCTC comes on the heels of the Justice Department’s Celebration of the 23rd Anniversary of the ADA last week and is an example of one of a growing number of lawsuits and other actions against health care providers resulting from the Justice Department “Barrier-Free Health Care Initiative” and related Department of Health & Human Services (HHS) enforcement efforts focusing on ensuring access to health care for individuals with disabilities.

The Department of Justice suit charges Dr. Brown and PCTC with violating the public accommodation and anti-retaliation provisions of ADA by discriminating against a deaf couple, Susan and James Liese by discriminating against a deaf couple, Susan and James Liese and then retaliating against the couple for engaging in activities protected under the ADA.

According to the Justice Department’s complaint, Dr. Brown and PCTC terminated Mr. and Mrs. Liese as patients because the couple pursued ADA claims against a hospital located next door to and affiliated with PCTC for not providing effective communication during an emergency surgery. The complaint alleges that after learning that the Lieses threatened the hospital with an ADA suit based on failure to provide sign language interpreter services, PCTC and Dr. Brown, who was the Liese’s primary doctor at PCTC, immediately terminated the Lieses as patients.

The Justice Department says this termination of the Lieses as patients violated the ADA. According to Jocelyn Samuels, Acting Assistant Attorney General for the Civil Rights Division, “A person cannot be terminated as a patient because he or she asserts the right to effective communication at a hospital.”

While it remains to be seen if the Justice Department will be successful in its suit against Dr. Brown and PCTC, it has experienced significant success in disability discrimination actions against other health care providers.

Justice Department Barrier-Free Health Care Initiative Successes Growing

Justice Department suits like the ADA suit against Dr. Brown and PCTC are increasingly common and successful.

While the Justice Department across the years has prosecuted various health care providers for illegal discrimination under the ADA, it has turned up the heat with its nationwide Barrier-Free Health Care Initiative. According to the Justice Department, it intends that the prosecutions under the Barrier-Free Health Care Initiative to focus and leverage the Justice Department’s resources together and send a clear message that disability discrimination in health care is illegal and unacceptable.

Since the Justice Department announced its Barrier-Free Health Care Initiative last year, for instance, the Justice Department has entered into 18 settlements under the Barrier-Free Health Care Initiative. These include three agreements requiring health care providers to provide auxiliary aids and services, including sign language interpreters, to individuals who are deaf to ensure effective communication in health care settings including two settlements in the last month.

On June 27, 2013, the U.S. Attorney’s Office for the Western District of Tennessee announced that Heart Center of Memphis has agreed to provide qualified sign language and oral interpreters as well as other auxiliary aids and services to patients who are deaf, have hearing loss or have speech disabilities to resolve a Justice Department complaint charging the Heart Center violated the ADA by telling a deaf patient that it was his responsibility to arrange a sign language interpreter for his appointment. After several unsuccessful attempts to get the Heart Center to provide a qualified sign language interpreter as required by law, the patient cancelled his appointment.

On June 26, 2013, the U.S. Attorney’s Office for the Northern District of Georgia announced it had reached a disability discrimination settlement agreement with Midtown Neurology P.C. The settlement resolved a complaint alleging that Midtown Neurology P.C. failed to provide, over multiple appointments, a qualified sign language interpreter for a patient who is deaf. At one appointment, the patient underwent a painful neurological test. Because there was no interpreter, the patient could not communicate that she was frightened and in pain, and that she wanted the doctor to stop the procedure. Under the agreement, Midtown Neurology P.C. will provide auxiliary aids and services, including qualified interpreters, to individuals who are deaf or hard of hearing where necessary to ensure effective communication.

In previous months, the Justice Department also has reached settlement agreements resolving charges health care providers violated the ADA by failing to provide interpreters or other accommodations for deaf or other communication impaired patients with Burke Health and Rehabilitation Center (May 3, 2013); Monadnock Community Hospital (April 5, 2013); Manassas Health and Rehab Center (April 5, 2013); Gainesville Health and Rehab Center (April 5, 2013); the Center for Orthopaedic and Sports Medicine, Inc. (April 5, 2013); Northern Ohio Medical Specialists (April 5, 2013); Northshore University Healthsystems (June 28, 2012); Steven Senica, M.D., and Senica Bruneau, Ltd. (June 11, 2012); Trinity Regional Medical Center and Trinity Health Systems (March 29, 2012); Henry Ford Health System (February 1, 2012); and Cheshire Medical Center, Keene Health Alliance, and Dartmouth-Hitchcock Clinic D/B/A Dartmouth-Hitchcock Keene (October 31, 2011)

In addition, the Justice Department also particularly is aggressive in prosecuting health care providers that discriminate against individuals with HIV. In the past six months, the Department reports it has reached five settlement agreements with medical providers to address HIV discrimination.

For instance, the Justice Department on July 26, 2013 announced that Barix Clinics, an organization that operates bariatric treatment facilities in Michigan and Pennsylvania, will pay $35,000 to victim-complainants and a $10,000 civil penalty, train its staff on the ADA and implement an anti-discrimination policy to settle Justice Department charges that Barix Clinics unlawfully refused to perform bariatric surgery on a man at its Langhorne, Pa., facility because he has HIV. The Department also determined that Barix Clinics cancelled bariatric surgery for another individual at its Ypsilanti, Michigan facility because he has HIV.

The Barix Clinic settlement added to a long list of earlier settlements of ADA charges stemming from discrimination against HIV patients including Glenbeigh (settlement regarding exclusion of an individual from an alcohol treatment program because of the side effects of his HIV medication, March 13, 2013); Woodlawn Family Dentistry (dentist office’s unequal treatment of people with HIV in the scheduling of future dental appointments, February 12, 2013); Castlewood Treatment Center (eating disorder clinic’s refusal to treat a woman for a serious eating disorder because she has HIV, February 6, 2013); and Fayetteville Pain Center (unlawful exclusion of a person with HIV from treatment, January 31, 2013).

While most announced Justice Department settlements involve the denial of interpreters to deaf or other communication impaired patients and discrimination in the treatment of HIV patients, the Justice Department also has shown a willingness to prosecute health care providers who engage in other types of disability discrimination. For instance, on April 3, 2012, the Justice Department reached a settlement with Richard Noren, M.D., Henry Kurzydlowski, M.D., and Pain Care Consultant, Inc., which resolved charges that they violated the ADA by failing to make reasonable changes to policies, practices, and procedures to enable a child with diabetes to participate in summer camp. Furthermore, although not necessarily reflected in the currently published, officially announced settlements of the Justice Department, health care providers have reported that the Justice Department and HHS also have become increasingly aggressive in investigating disability claims of visually or other physically, cognitively, or emotionally disabled patients arising from the failure of health care providers to accommodate their need for support or comfort animals.

Justice Department Plans To Keep Heat On Health Care Providers

All signs are that the Justice Department intends to continue, if not expand its Barrier-Free Health Care Initiatives. In fact, the suit against Dr. Brown and PCTC comes on the heels of the Justice Department’s filing of an ADA disabilities discrimination lawsuit against the State of Florida alleging the state is in violation of the ADA in its administration of its service system for children with significant medical needs.

The Justice Department lawsuit against the State of Florida charges that Florida’s programs have resulted in nearly 200 children with disabilities being unnecessarily segregated in nursing facilities which should be served in their family homes or other community-based settings. The Justice Department further alleges that the state’s policies and practices place other children with significant medical needs in the community at serious risk of institutionalization in nursing facilities. The department’s complaint seeks declaratory and injunctive relief, as well as compensatory damages for affected children.

“Florida must ensure that children with significant medical needs are not isolated in nursing facilities, away from their families and communities,” said Eve Hill, Deputy Assistant Attorney General for the Civil Rights Division. “Children have a right to grow up with their families, among their friends and in their own communities. This is the promise of the ADA’s integration mandate as articulated by the Supreme Court in Olmstead. The violations the department has identified are serious, systemic and ongoing and require comprehensive relief for these children and their families.”

Health Industry Disability Discrimination Risks: Beyond The Justice Department

While private plaintiffs as well as the Justice Department and other agencies increasingly successfully sue health care providers for violating the ADA and other disability discrimination laws, the often significant damages and defense costs that often arise from these suits are only part of the exposure that health care providers should consider and manage. Among other things, health care providers accused or found to engage in disability discrimination also generally also risk significant adverse publicity, loss or curtailment of federal or state program participation, reimbursement or other contractual or administrative penalties, licensing board and accreditation sanctions, burdensome corrective action and ongoing reporting and oversight and other consequences.

Perhaps most notably, HHS also is stepping up enforcement against health care providers that discriminate against the disabled. Like the actions of the Justice Department, many of these enforcement actions focus heavily on discrimination against HIV patients as well as deaf or other individuals whose disabilities impairs their ability to communicate effectively with health care providers.

For instance, on July 18, 2013, HHS announced the termination of Medicaid funding to a California surgeon who intentionally discriminated against an HIV-positive patient by refusing to perform much-needed back surgery. The HHS Departmental Appeals Board concluded that the surgeon violated Section 504 of the Rehabilitation Act of 1973, which prohibits disability discrimination by health care providers who receive federal funds. The order follows an Office for Civil Rights (OCR) investigation of a complaint filed by a patient who alleged that the surgeon refused to perform back surgery after learning that the patient was HIV-positive. OCR found that the surgeon discriminated against the patient on the basis of his HIV status in violation of federal civil rights laws. See HHS Press Release; HHS Departmental Appeals Board Decision; OCR Violation Letter of Findings.

HHS’s exclusion of the surgeon from federal program participation is part of a long-standing policy of OCR of pursuing disability discrimination actions against providers that discriminate against patients with HIV. For instance OCR previously has announced that an Austin, Texas orthopedic surgeon had agreed to ensure that individuals living with HIV/AIDS have equal access to appropriate medical treatment in order to resolve charges brought in an OCR Violation Letter of Finding charging the surgeon with violating the Rehabilitation Act by refusing to perform knee surgery on an HIV-positive patient. See Settlement Agreement.

OCR, like the Justice Department, also is aggressive in pursuing Rehabilitation Act claims against health care providers for failing to provide interpreters or other appropriate accommodations for deaf or other patients with disabilities that impair their ability to communicate. In March, for instance, OCR announced a settlement agreement with national senior care provider, Genesis HealthCare (Genesis) which resolved an OCR complaint that Genesis violated Section 504 of the Rehabilitation Act by failing to provide a qualified interpreter to a resident at its skilled nursing facility in Randallstown, Maryland. See, Genesis Settlement.

OCR construes Section 504 of the Rehabilitation Act of 1973, as among other things requiring that facilities take appropriate steps to ensure effective communications with individuals. According to OCR, throughout the patient’s stay at the facility, an OCR investigation showed center staff relied on written notes and gestures to communicate with the resident, even while conducting a comprehensive psychiatric evaluation with him. Moreover, by not being provided a qualified interpreter, evaluations of his care and discussions on the effects of his numerous medications and the risks caused by not following recommended treatments and prescription protocols had harmful effects on the patient’s overall health status. According to OCR Director Leon Rodriguez, “This patient’s care was unnecessarily and significantly compromised by the stark absence of interpreter services.” OCR concluded that in order for the patient and staff to be able to communicate effectively with each other regarding treatment, a qualified sign language interpreter would have been necessary.

Under the terms of the agreement, Genesis must require all facilities to provide interpreters and other suitable communications accommodations to language disabled patients, form an auxiliary aids and services hotline; create an advisory committee to provide guidance and direction on how to best communicate with the deaf and hard of hearing community; designate a monitor to conduct a self-assessment and obtain feedback from deaf and hard of hearing individuals and advocates and conduct outreach to promote awareness of hearing impairments and services that are available for deaf and hard of hearing individuals. In addition Genesis will be required to pay monetary penalties for noncompliance with any terms of the agreement.

In announcing the Genesis settlement, Director Rodriguez warned, “My office continues its enforcement activities and work with providers, particularly large health care systems like Genesis, to make certain that compliance with nondiscrimination laws is a system wide obligation.

The Genesis Agreement is typical of a multitude of settlements resulting from OCR enforcement against health care providers for failing to accommodate deaf, speech or other communication impaired patients. See, e.g. Cattaraugus County Department of Aging Settlement Agreement; District of Columbia Children and Family Services Agency Settlement Agreement (February 8, 2013); Memorial Health System Colorado Springs Voluntary Resolution Agreement (November 7, 2012); Advanced Dialysis Centers Settlement Agreement (February 17, 2012).

When evaluating the need to provide interpreters, health care providers also should consider the advisability of offering interpreters for patients whose primary language is not English. OCR’s discrimination enforcement efforts often extend to other language impaired persons such as English as a Second Language patients. In addition to its efforts on behalf of individuals with disabilities impacting their ability to communicate, OCR recently announced a national initiative under which it will conduct compliance reviews of critical access hospitals as part of its efforts to strengthen language access for individuals whose primary language is not English. See OCR Launches Nationwide Compliance Review Initiative To Strengthen Language Access Programs At Critical Access Hospitals.

Health care providers also should ensure that their take appropriate steps to accommodate other disabilities. For instance, the use of support animals by veterans, children, and other patients with physical, emotional or cognitive disorders on the rise, health care providers need to ensure that their policies, practices, training, facilities leases and other vendor contracts, posting and other arrangements are updated to accommodate patients requiring the use of support or comfort animals. OCR’s enforcement actions already have extended to protection of the rights of disabled individuals to have the aid and assistance of their service animals when receiving services from health care providers. For instance, under a settlement agreement with the St. Mercy Medical Center (Mercy) in Fort Smith, Arkansas resolving an OCR complaint that it violated Section 504 and the Rehabilitation Act of 1973, Mercy committed to revise it policies and procedures to comply with Section 504 and to provide staff comprehensive training on their obligations to provide services without discrimination to qualified persons with disabilities. This settlement follows an OCR investigation into a complaint filed by an individual whose service animal was not allowed to go with him into the hospital. See, Mercy Settlement Agreement. This recent newscast video highlights how the failure to update postings, training, and other practices could result in a host of negative publicity and enforcement actions from refusing or limiting the ability of a person with a disability to have the support of his comfort animal within a health care facility. North Texas Vet Cries Foul After Service Dog Rejection. This type of adverse publicity not only can do serious damage to a health care provider’s public image, it also is likely to trigger the type of investigation that lead to the Mercy enforcement action.

Other Disability Discrimination Risks

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR, the Justice Department and other agencies to pursue investigations and enforcement of disability discrimination and other laws, physicians and other licensed professionals can expect that they may face disciplinary action by their applicable licensing boards, whose rules typically now make disability or other wrongful discrimination against patients a violation of their rules. Meanwhile, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

Act To Manage & Mitigate Disability Risks

In the face of these growing risks , physicians, hospitals and their medical staffs, and other health care providers should review and tighten their policies, leases and other vendor contracts, practices and training to minimize their exposure to prosecution or other sanctions for disability discrimination.

In light of the expanding readiness of OCR, the Justice Department and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures.

Given a series of recent changes in the provisions of the ADA, discrimination regulations, and enforcement standards, this process generally should begin by reviewing the health care provider’s understanding and policies regarding disability and other discrimination to ensure that they comply with current legal and credentialing requirements and standards. Once the organization confirms its understanding of current rules is up-to-date, the health care provider also should critically evaluate its operations to identify where its postings, policies, training, practices and operations need to be updated or tightened to meet these standards or avoid other risks.

In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To meet and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here. About Solutions Law Press

Leave a Comment » | ADA, DME, Doctor, Durable Medical Equipment, Employer, Employment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Real Estate, Rehabilitation Act, Substance Abuse | Tagged: accommodation, ADA, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Physician, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

Doc Caught Submitting Conflicting Patient Records to Private Payer Versus Medicare Criminally Sentence, Pays Civil Settlement

July 23, 2013

The recent criminal sentencing and civil settlement of Illinois physician Dr. Mahmoud Yassin highlights the growing- but too often appreciated exposure of physicians and other health care providers and their billing or other management who submit conflicting claims data to private and government claims or otherwise permit in false falsely bill or participate in the cover-up of fraudulent or other improper billings to payers. The Yassin sentencing is notable both because Yassin incurred criminal liability for obstruction based on his presentation of altered patient records to a private payer and and civil liability for making false claims to Medicare and others.

Yassin was sentenced July 22, 2013 to serve 30 days in prison and 3 years of probation and to pay a fine of $10,000, a special assessment of $100, and restitution to Blue Cross Blue Shield of Illinois in the amount of $19,615.17 in federal district court in Benton, Illinois for Obstructing a Criminal Health Care Fraud Investigator. The felony obstruction conviction stemmed from charges that on March 2, 2012, when a FBI agent, having served a subpoena for patient records on Dr. Yassin, gave an altered patient progress note that showed an in-office examination previously claimed to an insurance carrier, but which had not taken place.

In a separate civil settlement with the United States Attorney’s Office regarding false claims to Medicare, Dr. Yassin also previously has paid double damages for $87,348.64. The restitution and civil false claims settlement were based on claims for in person office visits in which the patient either failed to show up for an appointment or only was spoken to by telephone.

The Yassin prosecution demonstrates the importance of providers getting their records and billings straight when billing both private payers and government payers. While most health care providers recognize the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ), many don’t recognize their exposure from private payer billings or the potential interaction between private and government claims investigations Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers. Furthermore, federal fraud investigators and private payers increasingly are working together on the investigation and redress of false billing and other aggressive practices. These and other risks mean that providers cannot afford to be unprepared when asked to respond to investigations like one that lead to the Yassin conviction, recoupment or other audit and enforcement actions See, Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings. Rather, physicians and other health care clinics must be ready to prove and defend their billings to public and private payers. In both cases, these preparations should ensure that records accurately and completely document the care provided, that the coding and billing applied is reflective of actual care and consistent with existing reimbursement, and otherwise defensible. As demonstrated by Yassin, inconsistencies between records presented to different payers should be avoided.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Accreditation, Ambulatory care, ASC, Doctor, Employer, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Hospital, Joint Commission, Medical Licensure, OIG, Physician | Tagged: accreditation, Ambulatory care organizations, ambulatory surgery, Doctor, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Compliance, Health Care Fraud, Health Care Provider, Health Care Reimbursement, Health Insurance, Health Plans, HEAT, HIPAA, Hospital, Hospitals, Joint Commission, Physician, Physicians, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

OCR To Covered Entities: Learn From WellPoint $1.7 Settlement

July 12, 2013

WellPoint $1.7 M HIPAA Settlement Expensive Lesson On HIPAA Risks Of Leaving PHI Too Accessible In Web-Based Applications

With health care providers, health care organizations and others increasingly using Web-based applications and portals in operations and patient communications, managed care company WellPoint Inc. (WellPoint) is learning a $1.7 million lesson about the importance of ensuring Web-based applications and portals that allow access to members or other consumers protected health information (PHI) incorporate the administrative, technical and other security safeguards required by the Health Insurance Portability & Accountability Act (HIPAA) Privacy and Security rules.

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced late yesterday (July 11, 2013) that WellPoint has agreed to pay $1.7 million to settle OCR charges that WellPoint violated the HIPAA Security Rule and left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet by failing to implement appropriate administrative and technical safeguards in its Web-based applications. See WellPoint HIPAA Settlement Press Release.

Web-based application use is increasingly popular among health care providers, health plans, employers and others. Health care providers use them for health care operations, as well as patient engagement and communication tools. Employers and health plans use them both in plan administration and as member tools.

The WellPoint settlement shows that managed care and other health insurers, health plans and their employer or other sponsors, health care providers, health care clearinghouses (Covered Entities) and their business associates can’t let their enthusiasm for the ease of use of these products to compromise the security of PHI.

Rather, health care providers and other Covered Entities, employer and other health plan sponsors, their business associates, and the Web and other technology developers, providers and consultants marketing products, services or other solutions to these organizations should learn from WellPoint’s hard lesson to ensure that current and future Web-based applications, portals and other information system components that are or could be used to provide access to PHI incorporate the Security Rule safeguards both when originally implemented and with each subsequent upgrade.

HIPAA Privacy, Security & Breach Notification Rules Require PHI Safeguards & Other Protections

The Breach Notification Rule added to HIPAA under the Health Information Technology for Economic and Clinical Health, or HITECH Act requires HIPAA-covered entities to notify OCR, affected individuals and the media promptly of a breach of “unsecured protected health information” (UPHI) impacting more than 500 individuals. For smaller breaches, the Breach Notification Rule still requires prompt notice to impacted individuals, but allows Covered Entities to disclose the breach to OCR as part of an annual breach report and to forego notification to the media. UPHI generally includes any PHI, whether or not ePHI that is not either secured or destroyed in the manner described by the Breach Notification Rules.

In addition to the Breach Notification Rule, most Covered Entities and their business associates also are subject to state laws or regulations that impose similar or additional breach notification and other standards and responsibilities on the protection of personal health or other data including required notification and other responses following a breach of the security of UPHI or other PHI.

WellPoint’s $1.7 HIPAA Security Mistake

WellPoint’s $1.7 million settlement lesson resulted from an OCR investigation started in response to a breach report WellPoint submitted to comply with the Breach Notification Rules.

According to OCR, the Breach Report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.

OCR says its investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule. According to OCR, WellPoint did not:

Adequately implement policies and procedures for authorizing access to the on-line application database;
Perform an appropriate technical evaluation in response to a software upgrade to its information systems; or
Have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

As a result, OCR concluded that from October 23, 2009 until March 7, 2010, WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to their ePHI maintained in the application database. This data included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

Under the resulting WellPoint HIPAA Resolution Agreement, WellPoint must pay OCR a $1.7 million settlement payment as well as take a series of corrective actions to correct the deficiencies in its policies and practices that resulted in the reported breach to minimize future risks of breaches resulting from these deficient.

OCR Warns Learn From WellPoint’s Experience

All Covered Entities and their business associates and leaders should heed the lesson sent to them by OCR in announcing the WellPoint settlement and take appropriate steps other to ensure that appropriate policies and safeguards are adopted and applied in selecting and implementing future application or system upgrades, as well as review existing systems to ensure that the security of existing systems and applications have incorporated and apply the requisite safeguards.

OCR made clear that the WellPoint settlement is intended to send a message to Covered Entities and their business associates to ensure that these steps are appropriately taken. The settlement announcement states:

This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet. Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet.

The settlement announcement also reminds business associates that OCR will begin holding them directly accountable along with their Covered Entity clients for complying with many HIPAA requirements beginning in September, stating:

Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

Take Documented Steps To Show You Hear OCR’s Messages

Covered entities and their business associates and leaders, and vendors and consultants offering services or products to them should take care to conduct careful and well-documented reviews and implement corrective actions necessary to show their applications and systems, policies and practices reflect their strong commitment and action to appropriately protect PHI in accordance with the expectations shown by the WellPoint HIPAA Resolution Agreement and other OCR settlements, OCR’s updated HIPAA regulations, and other OCR and industry information.

In addition to the guidance set forth in OCR’s Resolution Agreements with WellPoint and other Covered Entities, revisions to OCR’s Privacy and Security Rules in OCR’s 2013 restatement of its regulations here cause all Covered Entities and their business associates conduct a well-documented reassessment of the adequacy of their existing policies, systems and practices and steps taken to redress any uncovered gaps.

Among other things, the 2013 Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Covered Entities were required to begin complying with most of these rule changes earlier this year. However, delayed compliance dates in the 2013 Regulations allowed Covered Entities and Business Associates to delay updates to pre-existing business associate agreements and the date that OCR would begin enforcing many of the HIPAA Rules directly against business associates to September 23, 2013.

Even without the necessity Settlements like that involving WellPoint, these 2013 Regulations make it imperative that Covered Entities to take the necessary steps to conduct an appropriate and well-documented review and update as needed their systems, policies and practices, business associate agreements, training and documentation.

With self-disclosures of breaches mandated by the Breach Notification Rules and OCR audits and enforcement rising, careful documentation of these activities and its analysis is necessary so that Covered Entities can be in a position to show OCR that the risk assessments required by the Security Rules was conducted as well as the efforts and commitment of the Covered Entity or business associate in the event of a breach investigation or audit. Yesterday’s WellPoint HIPAA announcement is just the latest in an ever-growing list of examples of the expensive consequences that can result if a Covered Entity or business associate cannot produce this documentation in response to an OCR audit or investigation. See, e.g. OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards. In contrast, the OCR website also provides a multitude of examples showing how the ability to produce documentation and other evidence showing diligent efforts to comply has helped other covered entities that fall under OCR investigation to avoid or mitigate serious sanctions.

Coupled with statements by OCR about its intolerance, the WellPoint and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions against WellPoint and others, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. Covered Entities and business associates should document this review in a manner that both reflects the scope and diligence of their activities including relevant considerations and decision-making about identified potential susceptibilities and reasoning about the adequacy of safeguards and other solutions.

Because this review is likely to uncover existing or past deficiencies or breaches, most covered entities and business associates will want to discuss with qualified legal counsel the planned assessment within the scope of attorney-client privilege to understand when and how to conduct the assessment to preserve options to claim attorney-client privilege to protect sensitive work product or discussions that may result in the course of the investigation within the attorney-client communication, work product or other evidentiary privileges, evaluation of the adequacy and appropriateness of the audit and resulting investigations and its documentation, and other assistance in strengthening the defensibility of compliance and risk management activities.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health care providers, health plans and their sponsors, their workforces, professional associations and others.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Anti-KickBack, DME, Doctor, E-Prescribing, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, Money Laundering, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: Health Care Providers, Health Plans, HIPAA, HIPAA Privacy, HIPAA Security, OCR, Privacy, WellPoint | Permalink
Posted by Cynthia Marcotte Stamer

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update