Health Care | | Page 8

$1.2M HIPAA Settlement Results From Improper Copier Disposal

August 15, 2013

Be careful when repurposing or disposing of copiers and other equipment and media that may contain protected health information. That’s the message the Office of Civil Rights is sending health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates in its August 14, 2013 announcement of a $1.2 million plus settlement agreement with Affinity Health Plan, Inc. (Affinity) under the Health Insurance Portability & Accountability Act Privacy and Security Rules.

According to OCR, the non-profit New York area managed care plan Affinity will pay $1,215,780 and take other corrective actions to settle alleged HIPAA violations under the Affinity Resolution Agreement and CAP (Affinity Settlement). The settlement comes as the September 24, 2013 deadline for health plans, health care providers, health care clearinghouses (Covered Entities) and their business associates to update the written business associate agreements that HIPAA requires exist before business associates can be allowed to create, use, access or disclose personally identifiable health care information protected by HIPAA (PHI) to carry out HIPAA-covered functions on behalf of a Covered Entity to comply with changes to HIPAA’s implementing regulations adopted by OCR earlier this year. Health plans and other Covered Entities should take timely action to confirm that their existing procedures appropriate safeguards to protect PHI when using or disposing of copiers or other equipment or media as well as to implement business associate or other policy, procedures or training updates required to comply with the updated HIPAA rules.

HIPAA Updates Require Breach Notification, Tightened Other HIPAA Requirements

HIPAA generally requires that Covered Entities (and after September 24, 2013, their business associates) safeguard and restrict the use, access or disclosure of PHI as required by HIPAA. The HITECH Act amended these requirements to tighten certain of these requirements and restrictions, to expand the sanctions for violation of these requirements, to require Covered Entities and their business associates to provide notification of breaches of unsecured PHI to individuals whose information was breached, OCR and in some cases, the media, and made certain other changes to the original requirements of HIPAA. Earlier this year, OCR amended and restated its original Privacy and Security Rules here (2013 Final Rule) to comply with changes in the regulations resulting from these HITECH Act amendments beginning last March, but set the deadline for updating business associate agreements to meet these updated requirements at September 23, 2013.

The 2013 Final Rule and other OCR guidance makes clear that OCR expects Covered Entities and their business associates appropriately to safeguard PHI stored in computers, hard drives, and other digital media until it is properly disposed in accordance with the updated standards required by HIPAA as implemented under the 2013 Final Rule. HITECH Breach Notification Rule requires HIPAA-covered entities to notify HHS of a breach of unsecured protected health information, including breaches resulting from failure to properly secure PHI stored in digital format until it has been destroyed in accordance with the standards established by the 2013 Final Rule. OCR previously has sanctioned other Covered Entities for failed to properly destroy or safeguard PHI stored in digital format on computer or other equipment before abandoning or disposing of that equipment. The Affinity Settlement reaffirms OCR’s concern that Covered Entities meet these disposal requirements when replacing or abandoning equipment containing electronic PHI.

Affinity Settlement Highlights

According to the August 14, 2013 OCR announcement of the settlement, the settlement resulted from an investigation initiated after Affinity filed a breach report with OCR on April 15, 2010, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH Act.)

In its breach report, Affinity indicated that it was informed by a representative of CBS Evening News that, as part of an investigatory report, CBS had purchased a photocopier previously leased by Affinity. CBS informed Affinity that the copier that Affinity had used contained confidential medical information on the hard drive.

Affinity estimated in its breach report that up to 344,579 individuals may have been affected by this breach. OCR’s investigation indicated that Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives. In addition, OCR reports its investigation revealed that Affinity failed to incorporate the electronic protected health information (ePHI) stored on photocopier hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the photocopiers to its leasing agents.

In addition to the $1,215,780 payment, the Affinity Settlement includes a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and to take certain measures to safeguard all ePHI.

Learn From Affinity Lesson On Proper Disposal Procedures

Like prior OCR settlements stemming from inadequate security for PHI when transitioning equipment, media or facilities, the Affinity Settlement sends another reminder to Covered Entities and their business associates again of the importance of using appropriate procedures to protect or dispose of PHI when replacing or redeploying equipment or media that may contain PHI.

“This settlement illustrates an important reminder about equipment designed to retain electronic information: Make sure that all personal information is wiped from hardware before it’s recycled, thrown away or sent back to a leasing agent,” said OCR Director Leon Rodriguez. “HIPAA covered entities are required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have appropriate safeguards in place to protect this information.”

OCR has published guidance concerning HIPAA’s requirements for the proper safeguarding and disposal of media and equipment in the 2013 Final Rule and other guidance. Concerning the proper disposition of copiers that may have PHI stored on their hard drives or in other digital formal, OCR in the Affinity Settlement recommended that Covered Entities and their associates also review the Federal Trade Commission’s Guidance On Safeguarding Sensitive Data Stored In The Hard Drives Of Digital Copiers and the National Institute of Standards and Technology has issued Guidance On Assessing The Security Of Multipurpose Office Machines. Covered Entities and their business associates should use this and other guidance to ensure that they can demonstrate that appropriate practices and procedures have been used to when disposing of or repurposing copies or other equipment that may contain electronic PHI.

HIPAA Regulation Updates Require Other Updates Beyond Disposal Procedures

In addition to addressing the concerns that lead to the Affinity Settlement, Covered Entities and their business associates also should verify that their practices, policies, privacy notices, business associate agreements, and training also are updated to comply with updates to the updated 2013 Final Rule adopted by OCR earlier this year here.

Since passage of the HITECH Act, OCR officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While OCR had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating OCR’s HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR’s interpretation and enforcement of HIPAA.

In response to the updated Final Regulations and these expanding HIPAA enforcement and exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For More Information Or Assistance

If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

CMS Rescinds Plan To Require Automatic Denial of Provider Enrollment To Providers With Outstanding Overpayments

August 5, 2013

Citing “industry concerns,” the Centers for Medicare & Medicaid Services (CMS) has abandoned at least temporarily its May 31 request to change Section 15.13 of its Program Integrity Manual chapter to require the denial of enrollment applications when the requesting provider or its owner had an overpayment of $1500 or more which was not repaid at the time it submitted its application.

In Change Request 8304, CMS on May 31, 2013 sought to revise its Provider Integrity Manual to instruct a Medicare administrative contractor (MAC) to deny a Form CMS-855 enrollment application if the current owner of an enrolling provider or supplier, an enrolling physician or a non-physician practitioner had an existing of $1500 or more that had not been repaid in full when the provided filed its application. The instruction would have required the MAC to deny the enrollment application regardless of the reason for the overpayment.

CMS rescinded the Change Request 8304 on July 27, 2013 pending further consideration. Change Request 8304 Rescission Notice.

For More Information Or Assistance

If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Corporate Compliance, Doctor, Durable Medical Equipment, Federal Health Center, Health Care, Health Care Finance, Health Care Provider, Home Health, Hospital, Hospital, Medicaid, Medical Licensure, Medicare, Medicare Advantage, OIG, Physician, Rehabilitation Act, Reimbursement | Tagged: HHS, Hospital, Medicare, provider enrollment, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

IRS Publishes 2014 Branded Prescription Drug Fee Guidance

August 5, 2013

The Internal Revenue Service (IRS) today released Notice 2013-51. “Branded Prescription Drug Fee; Guidance for the 2014 Fee Year,” which contains guidance on the branded prescription drug fee imposed under section 9008 of the Patient Protection and Affordable Care Act (ACA) for the 2014 fee year.

Branded Prescription Drug Fee Background

ACA requires that covered entities that engage in the business of manufacturing or importing branded prescription drugs pay the branded prescription drug fee. The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51, published on August 18, 2011 (76 FR 51245), provide the method by which each covered entity’s annual fee is calculated. These regulations also define terms for the administration of the fee.

Regulation section 51.2T(g) defines fee year as the calendar year in which the fee for a particular sales year must be paid and section 51.2T(m) defines sales year as the second calendar year preceding the fee year.

Section 51.3T of the Regulation requires that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.

Section 51.6T provides that for each sales year the Internal Revenue Service (IRS) will make a preliminary fee calculation for each covered entity and will tell each covered entity of this calculation by the date prescribed in guidance published in the Internal Revenue Bulletin. This notification will also include additional prescribed information. As used in this notice, “notice of preliminary fee calculation” includes the additional prescribed information.

Section 51.7T provides that upon receipt of its preliminary fee calculation, each covered entity will have an opportunity to dispute this calculation by submitting to the IRS an error report with prescribed information. Sections 51.7T(b) and (c) set out the information that a covered entity must submit to support each asserted error. Section 51.7T(d) provides that each covered entity must submit reports and error reports, if anyin the form and way required by the IRS.

Section 51.8T provides that the IRS will send each covered entity its final fee calculation no later than August 31st of each fee year and also provides that covered entities must pay their fee by September 30th of the fee year.

2014 Deadlines & Procedures

Notice 2013-51 provides guidance for covered entities for 2014 on:

Submission of Form 8947, “Report of Branded Prescription Drug Information,”
The time and manner for notifying covered entities of their preliminary fee calculation,
The time and manner for submitting error reports for the dispute resolution process; and
The time for notifying covered entities of their final fee calculation.

For the 2014 fee year, the Notice states that a covered entity that chooses to submit Form 8947 must file the form by November 1, 2013.

For the 2014 fee year, the Notice states that the IRS will mail each covered entity a paper notice of its preliminary fee calculation by March 3, 2014. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to Regulation section 51.4T.

A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by February 17, 2014. The Notice instructs that this request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the notice says the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by March 3, 2014.

For the 2014 fee year, the Notice also states a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 15, 2014. When the IRS mails each covered entity a notice of its preliminary fee calculation by March 3, 2014, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM and sent by mail as instructed in the Notice.

The Notice also indicates that the IRS will notify each covered entity of its final fee calculation for 2014 by August 29, 2014, after which each covered entity must pay this fee by September 30, 2014 in accordance with Regulation section 51.8T(c),

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

August 5, 2013

Medicare payments to inpatient psychiatric facilities (IPFs) will rise by 2.3% for fiscal year (FY) 2014 under the final Inpatient Psychiatric Facilities Prospective Payment System (PPS) Updated for Fiscal Year Beginning October 1, 2013 (FY 2013) posted by the Centers for Medicare & Medicaid Services (CMS) July 29 here.

The notice updates the prospective payment rates for Medicare inpatient hospital services provided by inpatient psychiatric facilitates for discharges occurring during the fiscal year (FY) beginning October 1, 2013 through September 30, 2014.

Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:

The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.

IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

August 1, 2013

Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:

The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.

IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

CMS Publishes FY 2014 Final Inpatient Rehabiliation Facility Prospective Payment Rule

1 Comment | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

August 1, 2013

Inpatient Rehabilitation Facilities (IRFs) take note. The Centers for Medicare & Medicaid Services yesterday (July 31, 2013) published its final Inpatient Rehabilitation Facility (IRF), Inpatient Rehabilitation Facility Prospective Payment System for Federal Fiscal Year 2014 Final Rule (Rule). The Rule, which with its preamble is 272 pages, among other things:

Updates the prospective payment rates for (IRFs) for federal fiscal year (FY) 2014 (for discharges occurring on or after October 1, 2013 and on or before September 30, 2014) as required by the statute.
Revises the list of diagnosis codes that may be counted toward an IRF’s “60 percent rule” compliance calculation to determine “presumptive compliance,” update the IRF facility-level adjustment factors using an enhanced estimation methodology;
Revises sections of the Inpatient Rehabilitation Facility-Patient Assessment Instrument,
Revises requirements for acute care hospitals that have IRF units;
Clarifies the IRF regulation text regarding limitation of review;
Updates references to previously changed sections in the regulations text; and
Revises and updates quality measures and reporting requirements under the IRF quality reporting program.

The regulatory amendments in this Rule generally are effective as follows:

Its revisions to the list of diagnosis codes used to determine presumptive compliance under the “60 percent rule” are applicable for compliance review periods beginning on or after October 1, 2014; and
The updated IRF prospective payment rates are applicable for IRF discharges occurring on or after October 1, 2013 and on or before September 30, 2014 (FY 2014).
The changes to the Inpatient Rehabilitation Facility-Patient Assessment Instrument, the amendments to §412.25, and the revised and updated quality measures and reporting requirements under the IRF quality reporting program are applicable for IRF discharges occurring on or after October 1, 2014.

IRFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, ADA, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Inpatient Rehabilitation Facilities, Justice Department, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

Tighten Disability Compliance To Avoid ADA Suits, Program Disqualification & Other Risks

July 30, 2013

The Department of Justice’s July 29, 2013 announcement that it is suing Dr. Hal Brown and Primary Care of the Treasure Coast of Vero Beach, Florida (PCTC) for violating the Americans With Disabilities Act (ADA) by discriminating and retaliating against two deaf patients reminds physicians, clinics, hospitals and other health industry providers, their landlords, and other vendors to tighten their understanding, practices of federal and state disability discrimination laws to avoid getting nailed for improper discrimination. Following on the Department of Health & Human Service’s recently announced exclusion of a physician that illegally discriminated against a HIV-positive patient, health care providers are on notice that Federal officials are gunning for health care providers who illegally discriminate against patients and others with disabilities.

With the Justice Department, HHS and others targeting discrimination in the health care industry, physicians and their practices, clinics, hospitals and other private and public health care providers, and their landlords and other vendors should update their understanding of disability discrimination responsibilities and exposures, and then review and tighten policies, practices, workforce training and oversight, and other risk management and compliance practice to help prevent and mitigate exposures to disability and other discrimination claims.

Health Care Providers & Industry Under Fire For Disability Discrimination

While the heavy emphasis generally placed upon the enforcement of disability laws by the Obama Administration has heightened the risks of all U.S. businesses, health care providers are particularly at risk to disability discrimination liability as a result of the Barrier-Free Health Care Initiative of the Justice Department and related health industry disability enforcement initiatives of HHS and other federal agencies.

Health care provider, like other U.S. businesses, face sweeping responsibilities under the various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws. Section 504 of the Rehabilitation Act generally requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs. Rather, the ADA requirements and disability discrimination prohibitions generally apply to all U.S. health care and other businesses even if they do not receive federal financial assistance. Under the ADA, health care providers and other covered businesses generally have a duty other to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities.

Specifically under the ADA:

The public accommodation provisions generally both prohibit discrimination against individuals with disabilities when delivering health care or other services, as well as require health industry and other businesses to provide reasonable accommodations to individuals with disabilities unless the health care provider proves its actions are defensible under an exception to these general rules.
The employment discrimination provisions generally prohibit health care industry and other employers from discriminating against qualified individuals with a disability and require employers to provide reasonable accommodations for disabled workers unless the health care provider can prove that its conduct qualifies under one of the allowable exceptions to the general prohibition against discrimination.
The anti-retaliation rules prohibit retaliation against an individual because he opposes an act that is unlawful under the ADA or because he made a charge, testified, assisted or participated in any way in an investigation, proceeding or hearing under the ADA. These provisions also make it unlawful to coerce, intimidate, threaten or interfere with any individual exercising their rights protected by the ADA.

Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

Justice Department ADA Suit Against Brown & PCTC

The ADA lawsuit against Dr. Brown and PCTC comes on the heels of the Justice Department’s Celebration of the 23rd Anniversary of the ADA last week and is an example of one of a growing number of lawsuits and other actions against health care providers resulting from the Justice Department “Barrier-Free Health Care Initiative” and related Department of Health & Human Services (HHS) enforcement efforts focusing on ensuring access to health care for individuals with disabilities.

The Department of Justice suit charges Dr. Brown and PCTC with violating the public accommodation and anti-retaliation provisions of ADA by discriminating against a deaf couple, Susan and James Liese by discriminating against a deaf couple, Susan and James Liese and then retaliating against the couple for engaging in activities protected under the ADA.

According to the Justice Department’s complaint, Dr. Brown and PCTC terminated Mr. and Mrs. Liese as patients because the couple pursued ADA claims against a hospital located next door to and affiliated with PCTC for not providing effective communication during an emergency surgery. The complaint alleges that after learning that the Lieses threatened the hospital with an ADA suit based on failure to provide sign language interpreter services, PCTC and Dr. Brown, who was the Liese’s primary doctor at PCTC, immediately terminated the Lieses as patients.

The Justice Department says this termination of the Lieses as patients violated the ADA. According to Jocelyn Samuels, Acting Assistant Attorney General for the Civil Rights Division, “A person cannot be terminated as a patient because he or she asserts the right to effective communication at a hospital.”

While it remains to be seen if the Justice Department will be successful in its suit against Dr. Brown and PCTC, it has experienced significant success in disability discrimination actions against other health care providers.

Justice Department Barrier-Free Health Care Initiative Successes Growing

Justice Department suits like the ADA suit against Dr. Brown and PCTC are increasingly common and successful.

While the Justice Department across the years has prosecuted various health care providers for illegal discrimination under the ADA, it has turned up the heat with its nationwide Barrier-Free Health Care Initiative. According to the Justice Department, it intends that the prosecutions under the Barrier-Free Health Care Initiative to focus and leverage the Justice Department’s resources together and send a clear message that disability discrimination in health care is illegal and unacceptable.

Since the Justice Department announced its Barrier-Free Health Care Initiative last year, for instance, the Justice Department has entered into 18 settlements under the Barrier-Free Health Care Initiative. These include three agreements requiring health care providers to provide auxiliary aids and services, including sign language interpreters, to individuals who are deaf to ensure effective communication in health care settings including two settlements in the last month.

On June 27, 2013, the U.S. Attorney’s Office for the Western District of Tennessee announced that Heart Center of Memphis has agreed to provide qualified sign language and oral interpreters as well as other auxiliary aids and services to patients who are deaf, have hearing loss or have speech disabilities to resolve a Justice Department complaint charging the Heart Center violated the ADA by telling a deaf patient that it was his responsibility to arrange a sign language interpreter for his appointment. After several unsuccessful attempts to get the Heart Center to provide a qualified sign language interpreter as required by law, the patient cancelled his appointment.

On June 26, 2013, the U.S. Attorney’s Office for the Northern District of Georgia announced it had reached a disability discrimination settlement agreement with Midtown Neurology P.C. The settlement resolved a complaint alleging that Midtown Neurology P.C. failed to provide, over multiple appointments, a qualified sign language interpreter for a patient who is deaf. At one appointment, the patient underwent a painful neurological test. Because there was no interpreter, the patient could not communicate that she was frightened and in pain, and that she wanted the doctor to stop the procedure. Under the agreement, Midtown Neurology P.C. will provide auxiliary aids and services, including qualified interpreters, to individuals who are deaf or hard of hearing where necessary to ensure effective communication.

In previous months, the Justice Department also has reached settlement agreements resolving charges health care providers violated the ADA by failing to provide interpreters or other accommodations for deaf or other communication impaired patients with Burke Health and Rehabilitation Center (May 3, 2013); Monadnock Community Hospital (April 5, 2013); Manassas Health and Rehab Center (April 5, 2013); Gainesville Health and Rehab Center (April 5, 2013); the Center for Orthopaedic and Sports Medicine, Inc. (April 5, 2013); Northern Ohio Medical Specialists (April 5, 2013); Northshore University Healthsystems (June 28, 2012); Steven Senica, M.D., and Senica Bruneau, Ltd. (June 11, 2012); Trinity Regional Medical Center and Trinity Health Systems (March 29, 2012); Henry Ford Health System (February 1, 2012); and Cheshire Medical Center, Keene Health Alliance, and Dartmouth-Hitchcock Clinic D/B/A Dartmouth-Hitchcock Keene (October 31, 2011)

In addition, the Justice Department also particularly is aggressive in prosecuting health care providers that discriminate against individuals with HIV. In the past six months, the Department reports it has reached five settlement agreements with medical providers to address HIV discrimination.

For instance, the Justice Department on July 26, 2013 announced that Barix Clinics, an organization that operates bariatric treatment facilities in Michigan and Pennsylvania, will pay $35,000 to victim-complainants and a $10,000 civil penalty, train its staff on the ADA and implement an anti-discrimination policy to settle Justice Department charges that Barix Clinics unlawfully refused to perform bariatric surgery on a man at its Langhorne, Pa., facility because he has HIV. The Department also determined that Barix Clinics cancelled bariatric surgery for another individual at its Ypsilanti, Michigan facility because he has HIV.

The Barix Clinic settlement added to a long list of earlier settlements of ADA charges stemming from discrimination against HIV patients including Glenbeigh (settlement regarding exclusion of an individual from an alcohol treatment program because of the side effects of his HIV medication, March 13, 2013); Woodlawn Family Dentistry (dentist office’s unequal treatment of people with HIV in the scheduling of future dental appointments, February 12, 2013); Castlewood Treatment Center (eating disorder clinic’s refusal to treat a woman for a serious eating disorder because she has HIV, February 6, 2013); and Fayetteville Pain Center (unlawful exclusion of a person with HIV from treatment, January 31, 2013).

While most announced Justice Department settlements involve the denial of interpreters to deaf or other communication impaired patients and discrimination in the treatment of HIV patients, the Justice Department also has shown a willingness to prosecute health care providers who engage in other types of disability discrimination. For instance, on April 3, 2012, the Justice Department reached a settlement with Richard Noren, M.D., Henry Kurzydlowski, M.D., and Pain Care Consultant, Inc., which resolved charges that they violated the ADA by failing to make reasonable changes to policies, practices, and procedures to enable a child with diabetes to participate in summer camp. Furthermore, although not necessarily reflected in the currently published, officially announced settlements of the Justice Department, health care providers have reported that the Justice Department and HHS also have become increasingly aggressive in investigating disability claims of visually or other physically, cognitively, or emotionally disabled patients arising from the failure of health care providers to accommodate their need for support or comfort animals.

Justice Department Plans To Keep Heat On Health Care Providers

All signs are that the Justice Department intends to continue, if not expand its Barrier-Free Health Care Initiatives. In fact, the suit against Dr. Brown and PCTC comes on the heels of the Justice Department’s filing of an ADA disabilities discrimination lawsuit against the State of Florida alleging the state is in violation of the ADA in its administration of its service system for children with significant medical needs.

The Justice Department lawsuit against the State of Florida charges that Florida’s programs have resulted in nearly 200 children with disabilities being unnecessarily segregated in nursing facilities which should be served in their family homes or other community-based settings. The Justice Department further alleges that the state’s policies and practices place other children with significant medical needs in the community at serious risk of institutionalization in nursing facilities. The department’s complaint seeks declaratory and injunctive relief, as well as compensatory damages for affected children.

“Florida must ensure that children with significant medical needs are not isolated in nursing facilities, away from their families and communities,” said Eve Hill, Deputy Assistant Attorney General for the Civil Rights Division. “Children have a right to grow up with their families, among their friends and in their own communities. This is the promise of the ADA’s integration mandate as articulated by the Supreme Court in Olmstead. The violations the department has identified are serious, systemic and ongoing and require comprehensive relief for these children and their families.”

Health Industry Disability Discrimination Risks: Beyond The Justice Department

While private plaintiffs as well as the Justice Department and other agencies increasingly successfully sue health care providers for violating the ADA and other disability discrimination laws, the often significant damages and defense costs that often arise from these suits are only part of the exposure that health care providers should consider and manage. Among other things, health care providers accused or found to engage in disability discrimination also generally also risk significant adverse publicity, loss or curtailment of federal or state program participation, reimbursement or other contractual or administrative penalties, licensing board and accreditation sanctions, burdensome corrective action and ongoing reporting and oversight and other consequences.

Perhaps most notably, HHS also is stepping up enforcement against health care providers that discriminate against the disabled. Like the actions of the Justice Department, many of these enforcement actions focus heavily on discrimination against HIV patients as well as deaf or other individuals whose disabilities impairs their ability to communicate effectively with health care providers.

For instance, on July 18, 2013, HHS announced the termination of Medicaid funding to a California surgeon who intentionally discriminated against an HIV-positive patient by refusing to perform much-needed back surgery. The HHS Departmental Appeals Board concluded that the surgeon violated Section 504 of the Rehabilitation Act of 1973, which prohibits disability discrimination by health care providers who receive federal funds. The order follows an Office for Civil Rights (OCR) investigation of a complaint filed by a patient who alleged that the surgeon refused to perform back surgery after learning that the patient was HIV-positive. OCR found that the surgeon discriminated against the patient on the basis of his HIV status in violation of federal civil rights laws. See HHS Press Release; HHS Departmental Appeals Board Decision; OCR Violation Letter of Findings.

HHS’s exclusion of the surgeon from federal program participation is part of a long-standing policy of OCR of pursuing disability discrimination actions against providers that discriminate against patients with HIV. For instance OCR previously has announced that an Austin, Texas orthopedic surgeon had agreed to ensure that individuals living with HIV/AIDS have equal access to appropriate medical treatment in order to resolve charges brought in an OCR Violation Letter of Finding charging the surgeon with violating the Rehabilitation Act by refusing to perform knee surgery on an HIV-positive patient. See Settlement Agreement.

OCR, like the Justice Department, also is aggressive in pursuing Rehabilitation Act claims against health care providers for failing to provide interpreters or other appropriate accommodations for deaf or other patients with disabilities that impair their ability to communicate. In March, for instance, OCR announced a settlement agreement with national senior care provider, Genesis HealthCare (Genesis) which resolved an OCR complaint that Genesis violated Section 504 of the Rehabilitation Act by failing to provide a qualified interpreter to a resident at its skilled nursing facility in Randallstown, Maryland. See, Genesis Settlement.

OCR construes Section 504 of the Rehabilitation Act of 1973, as among other things requiring that facilities take appropriate steps to ensure effective communications with individuals. According to OCR, throughout the patient’s stay at the facility, an OCR investigation showed center staff relied on written notes and gestures to communicate with the resident, even while conducting a comprehensive psychiatric evaluation with him. Moreover, by not being provided a qualified interpreter, evaluations of his care and discussions on the effects of his numerous medications and the risks caused by not following recommended treatments and prescription protocols had harmful effects on the patient’s overall health status. According to OCR Director Leon Rodriguez, “This patient’s care was unnecessarily and significantly compromised by the stark absence of interpreter services.” OCR concluded that in order for the patient and staff to be able to communicate effectively with each other regarding treatment, a qualified sign language interpreter would have been necessary.

Under the terms of the agreement, Genesis must require all facilities to provide interpreters and other suitable communications accommodations to language disabled patients, form an auxiliary aids and services hotline; create an advisory committee to provide guidance and direction on how to best communicate with the deaf and hard of hearing community; designate a monitor to conduct a self-assessment and obtain feedback from deaf and hard of hearing individuals and advocates and conduct outreach to promote awareness of hearing impairments and services that are available for deaf and hard of hearing individuals. In addition Genesis will be required to pay monetary penalties for noncompliance with any terms of the agreement.

In announcing the Genesis settlement, Director Rodriguez warned, “My office continues its enforcement activities and work with providers, particularly large health care systems like Genesis, to make certain that compliance with nondiscrimination laws is a system wide obligation.

The Genesis Agreement is typical of a multitude of settlements resulting from OCR enforcement against health care providers for failing to accommodate deaf, speech or other communication impaired patients. See, e.g. Cattaraugus County Department of Aging Settlement Agreement; District of Columbia Children and Family Services Agency Settlement Agreement (February 8, 2013); Memorial Health System Colorado Springs Voluntary Resolution Agreement (November 7, 2012); Advanced Dialysis Centers Settlement Agreement (February 17, 2012).

When evaluating the need to provide interpreters, health care providers also should consider the advisability of offering interpreters for patients whose primary language is not English. OCR’s discrimination enforcement efforts often extend to other language impaired persons such as English as a Second Language patients. In addition to its efforts on behalf of individuals with disabilities impacting their ability to communicate, OCR recently announced a national initiative under which it will conduct compliance reviews of critical access hospitals as part of its efforts to strengthen language access for individuals whose primary language is not English. See OCR Launches Nationwide Compliance Review Initiative To Strengthen Language Access Programs At Critical Access Hospitals.

Health care providers also should ensure that their take appropriate steps to accommodate other disabilities. For instance, the use of support animals by veterans, children, and other patients with physical, emotional or cognitive disorders on the rise, health care providers need to ensure that their policies, practices, training, facilities leases and other vendor contracts, posting and other arrangements are updated to accommodate patients requiring the use of support or comfort animals. OCR’s enforcement actions already have extended to protection of the rights of disabled individuals to have the aid and assistance of their service animals when receiving services from health care providers. For instance, under a settlement agreement with the St. Mercy Medical Center (Mercy) in Fort Smith, Arkansas resolving an OCR complaint that it violated Section 504 and the Rehabilitation Act of 1973, Mercy committed to revise it policies and procedures to comply with Section 504 and to provide staff comprehensive training on their obligations to provide services without discrimination to qualified persons with disabilities. This settlement follows an OCR investigation into a complaint filed by an individual whose service animal was not allowed to go with him into the hospital. See, Mercy Settlement Agreement. This recent newscast video highlights how the failure to update postings, training, and other practices could result in a host of negative publicity and enforcement actions from refusing or limiting the ability of a person with a disability to have the support of his comfort animal within a health care facility. North Texas Vet Cries Foul After Service Dog Rejection. This type of adverse publicity not only can do serious damage to a health care provider’s public image, it also is likely to trigger the type of investigation that lead to the Mercy enforcement action.

Other Disability Discrimination Risks

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR, the Justice Department and other agencies to pursue investigations and enforcement of disability discrimination and other laws, physicians and other licensed professionals can expect that they may face disciplinary action by their applicable licensing boards, whose rules typically now make disability or other wrongful discrimination against patients a violation of their rules. Meanwhile, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

Act To Manage & Mitigate Disability Risks

In the face of these growing risks , physicians, hospitals and their medical staffs, and other health care providers should review and tighten their policies, leases and other vendor contracts, practices and training to minimize their exposure to prosecution or other sanctions for disability discrimination.

In light of the expanding readiness of OCR, the Justice Department and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures.

Given a series of recent changes in the provisions of the ADA, discrimination regulations, and enforcement standards, this process generally should begin by reviewing the health care provider’s understanding and policies regarding disability and other discrimination to ensure that they comply with current legal and credentialing requirements and standards. Once the organization confirms its understanding of current rules is up-to-date, the health care provider also should critically evaluate its operations to identify where its postings, policies, training, practices and operations need to be updated or tightened to meet these standards or avoid other risks.

In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To meet and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here. About Solutions Law Press

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | ADA, DME, Doctor, Durable Medical Equipment, Employer, Employment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Real Estate, Rehabilitation Act, Substance Abuse | Tagged: accommodation, ADA, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Physician, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

Doc Caught Submitting Conflicting Patient Records to Private Payer Versus Medicare Criminally Sentence, Pays Civil Settlement

July 23, 2013

The recent criminal sentencing and civil settlement of Illinois physician Dr. Mahmoud Yassin highlights the growing- but too often appreciated exposure of physicians and other health care providers and their billing or other management who submit conflicting claims data to private and government claims or otherwise permit in false falsely bill or participate in the cover-up of fraudulent or other improper billings to payers. The Yassin sentencing is notable both because Yassin incurred criminal liability for obstruction based on his presentation of altered patient records to a private payer and and civil liability for making false claims to Medicare and others.

Yassin was sentenced July 22, 2013 to serve 30 days in prison and 3 years of probation and to pay a fine of $10,000, a special assessment of $100, and restitution to Blue Cross Blue Shield of Illinois in the amount of $19,615.17 in federal district court in Benton, Illinois for Obstructing a Criminal Health Care Fraud Investigator. The felony obstruction conviction stemmed from charges that on March 2, 2012, when a FBI agent, having served a subpoena for patient records on Dr. Yassin, gave an altered patient progress note that showed an in-office examination previously claimed to an insurance carrier, but which had not taken place.

In a separate civil settlement with the United States Attorney’s Office regarding false claims to Medicare, Dr. Yassin also previously has paid double damages for $87,348.64. The restitution and civil false claims settlement were based on claims for in person office visits in which the patient either failed to show up for an appointment or only was spoken to by telephone.

The Yassin prosecution demonstrates the importance of providers getting their records and billings straight when billing both private payers and government payers. While most health care providers recognize the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ), many don’t recognize their exposure from private payer billings or the potential interaction between private and government claims investigations Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers. Furthermore, federal fraud investigators and private payers increasingly are working together on the investigation and redress of false billing and other aggressive practices. These and other risks mean that providers cannot afford to be unprepared when asked to respond to investigations like one that lead to the Yassin conviction, recoupment or other audit and enforcement actions See, Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings. Rather, physicians and other health care clinics must be ready to prove and defend their billings to public and private payers. In both cases, these preparations should ensure that records accurately and completely document the care provided, that the coding and billing applied is reflective of actual care and consistent with existing reimbursement, and otherwise defensible. As demonstrated by Yassin, inconsistencies between records presented to different payers should be avoided.

For More Information Or Assistance

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Accreditation, Ambulatory care, ASC, Doctor, Employer, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Hospital, Joint Commission, Medical Licensure, OIG, Physician | Tagged: accreditation, Ambulatory care organizations, ambulatory surgery, Doctor, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Compliance, Health Care Fraud, Health Care Provider, Health Care Reimbursement, Health Insurance, Health Plans, HEAT, HIPAA, Hospital, Hospitals, Joint Commission, Physician, Physicians, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

OCR To Covered Entities: Learn From WellPoint $1.7 Settlement

July 12, 2013

WellPoint $1.7 M HIPAA Settlement Expensive Lesson On HIPAA Risks Of Leaving PHI Too Accessible In Web-Based Applications

With health care providers, health care organizations and others increasingly using Web-based applications and portals in operations and patient communications, managed care company WellPoint Inc. (WellPoint) is learning a $1.7 million lesson about the importance of ensuring Web-based applications and portals that allow access to members or other consumers protected health information (PHI) incorporate the administrative, technical and other security safeguards required by the Health Insurance Portability & Accountability Act (HIPAA) Privacy and Security rules.

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced late yesterday (July 11, 2013) that WellPoint has agreed to pay $1.7 million to settle OCR charges that WellPoint violated the HIPAA Security Rule and left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet by failing to implement appropriate administrative and technical safeguards in its Web-based applications. See WellPoint HIPAA Settlement Press Release.

Web-based application use is increasingly popular among health care providers, health plans, employers and others. Health care providers use them for health care operations, as well as patient engagement and communication tools. Employers and health plans use them both in plan administration and as member tools.

The WellPoint settlement shows that managed care and other health insurers, health plans and their employer or other sponsors, health care providers, health care clearinghouses (Covered Entities) and their business associates can’t let their enthusiasm for the ease of use of these products to compromise the security of PHI.

Rather, health care providers and other Covered Entities, employer and other health plan sponsors, their business associates, and the Web and other technology developers, providers and consultants marketing products, services or other solutions to these organizations should learn from WellPoint’s hard lesson to ensure that current and future Web-based applications, portals and other information system components that are or could be used to provide access to PHI incorporate the Security Rule safeguards both when originally implemented and with each subsequent upgrade.

HIPAA Privacy, Security & Breach Notification Rules Require PHI Safeguards & Other Protections

The Breach Notification Rule added to HIPAA under the Health Information Technology for Economic and Clinical Health, or HITECH Act requires HIPAA-covered entities to notify OCR, affected individuals and the media promptly of a breach of “unsecured protected health information” (UPHI) impacting more than 500 individuals. For smaller breaches, the Breach Notification Rule still requires prompt notice to impacted individuals, but allows Covered Entities to disclose the breach to OCR as part of an annual breach report and to forego notification to the media. UPHI generally includes any PHI, whether or not ePHI that is not either secured or destroyed in the manner described by the Breach Notification Rules.

In addition to the Breach Notification Rule, most Covered Entities and their business associates also are subject to state laws or regulations that impose similar or additional breach notification and other standards and responsibilities on the protection of personal health or other data including required notification and other responses following a breach of the security of UPHI or other PHI.

WellPoint’s $1.7 HIPAA Security Mistake

WellPoint’s $1.7 million settlement lesson resulted from an OCR investigation started in response to a breach report WellPoint submitted to comply with the Breach Notification Rules.

According to OCR, the Breach Report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.

OCR says its investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule. According to OCR, WellPoint did not:

Adequately implement policies and procedures for authorizing access to the on-line application database;
Perform an appropriate technical evaluation in response to a software upgrade to its information systems; or
Have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

As a result, OCR concluded that from October 23, 2009 until March 7, 2010, WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to their ePHI maintained in the application database. This data included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

Under the resulting WellPoint HIPAA Resolution Agreement, WellPoint must pay OCR a $1.7 million settlement payment as well as take a series of corrective actions to correct the deficiencies in its policies and practices that resulted in the reported breach to minimize future risks of breaches resulting from these deficient.

OCR Warns Learn From WellPoint’s Experience

All Covered Entities and their business associates and leaders should heed the lesson sent to them by OCR in announcing the WellPoint settlement and take appropriate steps other to ensure that appropriate policies and safeguards are adopted and applied in selecting and implementing future application or system upgrades, as well as review existing systems to ensure that the security of existing systems and applications have incorporated and apply the requisite safeguards.

OCR made clear that the WellPoint settlement is intended to send a message to Covered Entities and their business associates to ensure that these steps are appropriately taken. The settlement announcement states:

This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet. Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet.

The settlement announcement also reminds business associates that OCR will begin holding them directly accountable along with their Covered Entity clients for complying with many HIPAA requirements beginning in September, stating:

Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

Take Documented Steps To Show You Hear OCR’s Messages

Covered entities and their business associates and leaders, and vendors and consultants offering services or products to them should take care to conduct careful and well-documented reviews and implement corrective actions necessary to show their applications and systems, policies and practices reflect their strong commitment and action to appropriately protect PHI in accordance with the expectations shown by the WellPoint HIPAA Resolution Agreement and other OCR settlements, OCR’s updated HIPAA regulations, and other OCR and industry information.

In addition to the guidance set forth in OCR’s Resolution Agreements with WellPoint and other Covered Entities, revisions to OCR’s Privacy and Security Rules in OCR’s 2013 restatement of its regulations here cause all Covered Entities and their business associates conduct a well-documented reassessment of the adequacy of their existing policies, systems and practices and steps taken to redress any uncovered gaps.

Among other things, the 2013 Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Covered Entities were required to begin complying with most of these rule changes earlier this year. However, delayed compliance dates in the 2013 Regulations allowed Covered Entities and Business Associates to delay updates to pre-existing business associate agreements and the date that OCR would begin enforcing many of the HIPAA Rules directly against business associates to September 23, 2013.

Even without the necessity Settlements like that involving WellPoint, these 2013 Regulations make it imperative that Covered Entities to take the necessary steps to conduct an appropriate and well-documented review and update as needed their systems, policies and practices, business associate agreements, training and documentation.

With self-disclosures of breaches mandated by the Breach Notification Rules and OCR audits and enforcement rising, careful documentation of these activities and its analysis is necessary so that Covered Entities can be in a position to show OCR that the risk assessments required by the Security Rules was conducted as well as the efforts and commitment of the Covered Entity or business associate in the event of a breach investigation or audit. Yesterday’s WellPoint HIPAA announcement is just the latest in an ever-growing list of examples of the expensive consequences that can result if a Covered Entity or business associate cannot produce this documentation in response to an OCR audit or investigation. See, e.g. OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards. In contrast, the OCR website also provides a multitude of examples showing how the ability to produce documentation and other evidence showing diligent efforts to comply has helped other covered entities that fall under OCR investigation to avoid or mitigate serious sanctions.

Coupled with statements by OCR about its intolerance, the WellPoint and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions against WellPoint and others, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. Covered Entities and business associates should document this review in a manner that both reflects the scope and diligence of their activities including relevant considerations and decision-making about identified potential susceptibilities and reasoning about the adequacy of safeguards and other solutions.

Because this review is likely to uncover existing or past deficiencies or breaches, most covered entities and business associates will want to discuss with qualified legal counsel the planned assessment within the scope of attorney-client privilege to understand when and how to conduct the assessment to preserve options to claim attorney-client privilege to protect sensitive work product or discussions that may result in the course of the investigation within the attorney-client communication, work product or other evidentiary privileges, evaluation of the adequacy and appropriateness of the audit and resulting investigations and its documentation, and other assistance in strengthening the defensibility of compliance and risk management activities.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health care providers, health plans and their sponsors, their workforces, professional associations and others.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Anti-KickBack, DME, Doctor, E-Prescribing, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, Money Laundering, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: Health Care Providers, Health Plans, HIPAA, HIPAA Privacy, HIPAA Security, OCR, Privacy, WellPoint | Permalink
Posted by Cynthia Marcotte Stamer

Improper Billing Of Private Payers Increasing Source Of Liability & Risk For Providers

July 8, 2013

Physicians or other health care providers now have even more to worry about when a Medicare or other federal program audit reveals overpayments – repayment demands from commercial insurers and self-insured health plans, who are secondary payers. Federal officials and private payers alike increasingly are coming after providers to recover overpayments or other inappropriate billings identified through audits or other investigations. In the face of these actions, providers should use care to ensure that their billing and compliance programs appropriately manage and monitor the defensibility of claims billed to private payers as well as those to Medicare or other government programs.

Most health care providers recognize the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ).

Unfortunately, many health care providers don’t recognize that overbilling private payers can carry similar risks and liabilities. Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.

While CMS, OIG and DOJ tend to emphasize Medicare and other federal program recoveries in media releases about their overbilling and health care fraud enforcement efforts, careful review of these actions increasingly shows that these enforcement actions often also cover overbilling of private health plans uncovered in connection with the underlying Medicare or other federal program overpayment audit or investigation. For instance, upcoding and other false billing of claims was the basis of the federal criminal health care fraud prosecution of the Chief Executive Officer of a small, rural Texas health care clinic. Texas Clinic CEO Sentence Highlights Risks Of Upcoding. See, also Pharmas Face New Pressure To Put Patients Before Profits After GlaxoSmithKline Record $3 Billion Health Care Fraud & FDCA Settlement.

Unfortunately, many providers have failed to recognize and adequately respond to these and other clear indicators of their exposure to fraud, recoupment and other enforcement actions from sloppy or otherwise improper billings to private insurers and self insured plans. With health care reform increasingly focusing on reducing health care expenditures in the private as well as public arena, already existing federal and state enforcement against providers for improper billing of private payers will inevitably grown.

Taking into account these and other trends toward stepped up enforcement against aggressive billing by providers of private insurance or self-insured plans, physicians and other providers should not be surprised or unprepared to respond to recoupment or other audit and enforcement actions like that recently reported by Nina Youngstrom in AIS Health about the recoupment demands by commercial insurers against a Kansas health care clinic based on the Medicare audit findings of overpayments. See, Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings. Rather, physicians and other health care clinics must be ready to prove and defend their billings to private payers as well as Medicare and other government payers.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

2 Comments | Accreditation, Ambulatory care, ASC, Doctor, Employer, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Hospital, Joint Commission, Medical Licensure, OIG, Physician | Tagged: accreditation, Ambulatory care organizations, ambulatory surgery, Doctor, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Compliance, Health Care Fraud, Health Care Provider, Health Care Reimbursement, Health Insurance, Health Plans, HEAT, HIPAA, Hospital, Hospitals, Joint Commission, Physician, Physicians, Reimbursement | Permalink
Posted by Cynthia Marcotte Stamer

Ambulatory Care Orgs Face New Joint Commission Standards Beginning January 1, 2014

July 8, 2013

Ambulatory care organizations should review their current policies and procedures for compliance with revised ambulatory care organization accreditation standards published by the Joint Commission (TJC) on June 25, 2013. The new changes are effective January 1, 2014. The revisions include changes to standards on:

Renewal of clinical privileges
Requirements on providing care without regard to a patient’s ability to pay
Requirements for patient education about follow-up care to apply at the end of any episode of care;
Human resources
Leadership
Medication management
National patient safety goals
Provision of care, treatment, and services.

Ambulatory care organizations should begin assessing the implications of the new standards and identifying and implementing any changes they determine necessary or advisable to meet the new standards as soon as possible to ensure adequate time to operationalize compliance necessary to maintain desired accreditation.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Hollywood Pavillion & Other Fraud Convictions Show Individuals Risk Prison Time For Health Care Fraud Involvement

July 6, 2013

Convictions Show Growing Fraud Enforcement Risks Reach Broadly To Broad Range Of Actors

Do you love your health care organization enough to go to jail? With federal and state prosecutors stepping up health care fraud investigation and enforcement, this is a question that individuals leading, working or investing in health care organizations increasingly need to seriously consider.

As federal and state officials continue to ramp up their war on health care fraud, the ever-growing list of criminal convictions of individuals found to have participate in or tolerated prohibited billing, referral or other activities prohibited under federal or state health care fraud laws are intended to both punish the guilty and send a strong message to others throughout the industry: Don’t Do The Crime If You Don’t Want To Serve The Time!

Hollywood Pavilion Convictions

The July 28 federal jury conviction of four individuals for their involvement in nearly $70 million of fraudulent Medicare billings by Hollywood Pavilion (HP), a Miami-area mental health care hospital is the latest case in point. The successful prosecutions shows again the readiness of the Justice Department to prosecute individuals at all levels of organizations for their participation in health care fraud activities even after obtaining criminal convictions, civil settlements, and program disqualification or other administrative consequences against the health care organizations, their leaders, employees and others that participate illegal schemes that defraud federal health care programs like Medicare, private health insurance plans or both.

In the verdicts announced July 28 stemmed from the Justice Department’s prosecution of the former Chief Executive Officer, the former in-patient clinical director, former head of intensive outpatient care and former director of physical therapy for various health care fraud, wire fraud and other charges for their participation in a massive scheme that attempted to defraud the United States of approximately $70 million by taking advantage of Medicare beneficiaries.

Federal officials originally announced charges against the four defendants as part of high-profile sting and takedown by the Medicare Fraud Strike Force of 91 individuals across the nation for their alleged involvement in submitting approximately $430 million in false billings to federal health care programs. See Indictment of 91 Shows Growing Heath Care Fraud Enforcement Risk.

The convictions resulted after the Justice Department tried the defendants with illegally paying bribes to a network of patient recruiters, falsifying documents and other criminal conduct in violation of federal health care fraud, wire fraud and other laws. Based on evidence presented at trial, the federal jury found:

Karen Kallen-Zury, 59, and Daisy Miller, 44, each guilty of one count of conspiracy to commit wire fraud and health care fraud, five substantive counts of wire fraud and two substantive counts of health care fraud;
Michele Petrie, 64, guilty of one count of conspiracy to commit wire fraud and health care fraud and three substantive counts of wire fraud;
Kallen-Zury, Miller, Petrie and a fourth defendant, Christian Coloma, 49, of one count of conspiracy to pay bribes in connection with Medicare; and
Kallen-Zury and Coloma also each guilty of five substantive counts of paying bribes.

The convictions resulted after Federal prosecutors charged the four defendants and one other individual with participating and aiding HP to illegally bill Medicare for nearly $70 million for services that were not properly rendered, for patients that did not qualify for the services being billed and for claims for patients procured through bribes and kickbacks from at least 2003 through at least August 2012.

At trial, Federal prosecutors claimed that the defendants and their co-conspirators caused the submission of false and fraudulent claims to Medicare through HP, a state-licensed psychiatric hospital located in Hollywood that purportedly provided, among other things, inpatient psychiatric care and intensive outpatient psychiatric care. Prosecutors claimed the defendants paid illegal bribes and kickbacks to patient brokers in order to obtain Medicare beneficiaries as patients at HP who did not qualify for psychiatric treatment, then illegally submitted claims to Medicare for those patients who were procured through bribes and kickbacks.

Among other things, Federal prosecutors charged and introduced evidence that:

Karen Kallen-Zury, the CEO and registered agent of HP, attempted to conceal the payment of bribes and kickbacks by creating false documents to make it appear as if legitimate services were being rendered;
Miller, the clinical director of HP’s inpatient facility, and Petrie, the head of HP’s intensive outpatient program, facilitated the payment of bribes to patient recruiters and oversaw the fraudulent admissions and treatment of unqualified patients;
Coloma, the director of physical therapy for an entity associated with HP, facilitated the payment of bribes and kickbacks, and he supervised the creation of false documents to conceal the bribery scheme.

All four defendants now are awaiting sentencing.

Zealous Investigation & Prosecution Part of National Anti-Health Care Fraud Campaign

These and other convictions provide tangible proof of the growing success of the efforts to zealously investigate and prosecute health fraud by the Justice Department, HHS and other federal officials under their joint the Health Care Fraud Prevention & Enforcement Action Team (HEAT), Medicare Fraud Strike Force and other anti-fraud efforts. The joint Department of Justice-HHS Medicare Fraud Strike Force that lead to these charges and convictions is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing. Since its announcement, the Strike Force has used the combined resources of agents from the FBI, HHS-Office of Inspector General (HHS-OIG), multiple Medicaid Fraud Control Units, and other state and local law enforcement agencies to investigate and prosecute a rising number of organizations and individuals throughout the industry for alleged violations of Federal health care fraud prohibitions.

In recent years, Congress has amended the False Claims Act and enacted other reforms that give the Justice Department and other federal officials working in these anti-fraud efforts new tools that they are using to strengthen the effectiveness of their anti-fraud investigation and prosecution efforts. See Health Care Fraud Enforcement Packs New Heat.

Empowered by these and other new tools, the Justice Department and other participants in the HEAT and Medicare Fraud Strike Force increasingly are successful in prosecuting and convicting health care providers and others for participating in activities and schemes that violate federal or state health care fraud, referral, anti-kickback or other federal or state laws. See, e.g., North Texas Medical Supply Company Owner Indicted For Health Care Fraud Now Also Charged With Immigration Fraud; Former Houston Texas Physician Gets 70 Month Prison Sentence For Fraud Conviction; Euless Healthcare Corporation Owner, Associates Face Conspiracy And Health Care Fraud Charges For Alleged Submission Of $700,000+ In Fraudulent Health Care Claims; Former Manager 9th Employee Sentenced For Involvement In Maxim Medicare False Claims Action; Detroit-Area Foot Doctor Pleads Guilty to Medicare Fraud Scheme; Merck To Pay $950 Million To Settle Vioxx® Off-Label Marketing Charges. Indeed, since the jury rendered its July 28 verdict, Justice Department officials already have announced several other prosecutorial successes. See, e.g.,Los Angeles Medical Supply Company Owner Sentenced to Five Years in Prison for $8.4 Million Medicare Fraud Scheme; Los Angeles-Area Doctor and Patient Recruiter Plead Guilty to Participating in a Power Wheelchair Scheme That Defrauded Medicare of Over $10.1 Million; Owner of Rehabilitation Facility Pleads Guilty to Mail Fraud Charge; Local Oncology Practice Sentenced To Pay Millions for Medicare Fraud.

In addition to criminal prosecutions, the HHS Centers for Medicare and Medicaid Services, working with the HHS-OIG, are using a wide range of new and old tools in their campaign against what they perceive as fraudulent providers and to deter other perceived aggressiveness by health care providers and organizations. See e.g., U.S. to use software to crack down on Medicare, Medicaid, CHIP fraud; Health Care Fraud Enforcement Packs New Heat; OIG Shares Key Insights On When Owners, Officers & Managers Face OIG Program Exclusion Based On Health Care Entity Misconduct; OIG Launch of Health Care Fraud “Most Wanted” List Sign of Enforcement Risks; CMS Delegated Lead Responsibility For Development of New Affordable Care Act-Required Medicare Self-Referral Disclosure Protocol; HHS announces Rules Implementing Tools Added By Affordable Care Act to Prevent Federal Health Program Fraud.

The effectiveness of these Federal efforts to deter, find and prosecute false claims and other perceived abuses of Federal health care law has been significantly strengthened since Congress passed the Patient Protection & Affordable Care Act (Affordable Care Act). Among other things, ACA empowered HHS to:

Suspend payments to providers and suppliers based on credible allegations of fraud in Medicare and Medicaid;
Impose a temporary moratorium on Medicare, Medicaid, and CHIP enrollment on providers and suppliers when necessary to help prevent or fight fraud, waste, and abuse without impeding beneficiaries’ access to care.
Strengthen and build on current provider enrollment and screening procedures to more accurately assure that fraudulent providers are not gaming the system and that only qualified health care providers and suppliers are allowed to enroll in and bill Medicare, Medicaid and CHIP;
Terminate providers from Medicaid and CHIP when they have been terminated by Medicare or by another state Medicaid program or CHIP;
Require provider compliance programs, now required under the Affordable Care Act, that will ensure providers are aware of and comply with CMS program requirements.

See HHS announces Rules Implementing Tools Added By Affordable Care Act to Prevent Federal Health Program Fraud.

Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in wielding these and other tools against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Anti-KickBack, DME, Doctor, E-Prescribing, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Fraud, Health Care Provider, Hospital, Licensing, Medical Licensure, Medical Malpractice, Money Laundering, OIG, Physician, Physician Licensing, Prescription Drugs, Substance Abuse | Tagged: controlled substance, DEA, Drug Testing, drugs, false claims act, Health Care, Health Care Compliance, Health Care Fraud, HEAT, licensure, Medicaid, Medical Board, Medicare, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

55 Hospitals To Pay $35M+ To Settle FCA Claims Charges On Kyphoplasty Procedures

July 6, 2013

Whistleblowers Played A Big Role, Collectively Will Receive $5.5 Million From Settlement Proceeds

Fifty-five hospitals in 21 states will pay a total of more than $34 million to settle Justice Department allegations that the health care facilities submitted false claims to Medicare for a minimally-invasive procedure used to treat certain spinal fractures that often are due to osteoporosis known as “kyphoplasty.”

The settlement stems from charges by the Justice Department and Department of Health & Human Services (HHS) Office of Inspector General (OIG) that the settling hospitals frequently billed Medicare for performing kyphoplasty procedures on the more costly inpatient basis, rather than an outpatient basis, in order to increase their Medicare billings when the kyphoplasty could have been performed safely and effectively as an outpatient procedure without any need for a more costly hospital admission.

With the settlements announced July 1, the Justice Department says it has now reached settlements with more than 100 hospitals totaling approximately $75 million to resolve allegations that they mischarged Medicare for kyphoplasty procedures. Justice Department officials credited whistleblowers with helping it to identify the charged misconduct in virtually all of the cases. They collectively will receive an estimated $5.5 million of the total of $34 million to be paid under the settlements.

55 Settlements Impact Systems & Providers Across The Nation

According to the Justice Department’s July 1 announcement of the settlements, the settling facilities, and the amounts they have agreed to pay, include 23 hospitals affiliated with HCA Inc., Nashville, TN, who have agreed to pay a total of $7,145,842.72. These include:

Aventura Hospital & Medical Center, Aventura, FL
Capital Regional Medical Center, Tallahassee, FL
Coliseum Medical Center, Macon, GA
Coliseum Northside Hospital, Macon, GA
Conroe Regional Medical Center, Conroe, TX
Denton Regional Medical Center, Denton, TX
Doctors Hospital of Sarasota, Sarasota, FL
Edmond Regional Medical Center, Edmond, OK
Fawcett Memorial Hospital, Port Charlotte, FL
Fort Walton Beach Medical Center, Fort Walton Beach, FL
Garden Park Medical Center, Gulf Port, MS
JFK Medical Center, Atlantis, FL
Los Robles Regional Medical Center, Thousand Oaks, CA
North Florida Regional Medical Center, Gainesville, FL
Northlake Medical Center, Tucker, GA
Oklahoma University Medical Center, Oklahoma City, OK
Palmyra Medical Center, Albany, GA
Redmond Regional Medical Center, Rome, GA
Southwest Florida Regional Medical Center, Fort Myers, FL
St. Lucie Medical Center, Port Saint Lucie, FL
Summit Medical Center, Hermitage, TN
Sunrise Hospital & Medical Center, Las Vegas, NV
Wesley Medical Center, Wichita, KS

Also 6 hospitals affiliated with Lifepoint Hospitals, Inc., Brentwood, TN, have agreed to pay a total of $2,522,502.69. These include:

Andalusia Regional Hospital, Andalusia, AL
Jackson Purchase Medical Center, Mayfield, KY
Lake Cumberland Regional Hospital, Somerset, KY
Minden Medical Center, Minden, LA
Russellville Hospital, Russellville, AL
Western Plains Medical Complex, Dodge City, KS

Also, 5 hospitals affiliated with Trinity Health, Livonia, MI, have agreed to pay a total of $3,910,017.53. These include:

Mercy Medical Center, – Dubuque, Dubuque, IA
Mercy Medical Center – Sioux City, Sioux City, IA
St. Joseph Mercy Hospital, Pontiac, MI
Mercy Health Partners, Muskegon, MI
Mount Carmel New Albany Surgical Hospital, New Albany, OH

Justice Department officials also report that 4hospitals affiliated with Morton Plant Mease BayCare Health System, Clearwater, FL, have agreed to pay a total of $2,378,325.45. These include:

Morton Plant Hospital, Clearwater, FL
Morton Plant North Bay Hospital, New Port Richey, FL
Mease Dunedin Hospital, Dunedin, FL
Mease Countryside Hospital, Safety Harbor, FL

Justice Department officials also say 3 hospitals affiliated with Baptist Memorial Health Care Corporation, Memphis, TN, have agreed to pay a total of $691,168. These are:

Baptist Memorial Hospital-Golden Triangle, North Columbus, MS
Baptist Memorial Hospital-Collierville, Collierville, TN
Baptist Memorial Hospital-Memphis, Memphis, TN

In addition, Justice Department officials say 2 hospitals affiliated with Covenant Health, Knoxville, TN, have agreed to pay a total of $1,845,641.74. These are Parkwest Medical Center in Knoxville, TN and Methodist Medical Center of Oak Ridge in Oak Ridge, TN.

Meanwhile, 2 hospitals affiliated with Bayhealth Medical Center, Newark, DE, also reportedly have agreed to pay a total of $1,115,306.37. These are Bayhealth Kent General Hospital, Dover, DE and Bayhealth Milford Memorial Hospital, Milford, DE.

In addition to these hospitals, the following facilities have agreed to pay the following settlements:

Atrium Medical Center, Middletown, OH, has agreed to pay $4,232,992.50
Altru Health System, Grand Forks, ND, has agreed to pay $1,492,690
Cedars Sinai Medical Center, Los Angeles, CA, has agreed to pay $1,485,846
Des Peres Hospital, St. Louis, MO, has agreed to pay $900,000
Mount Sinai Medical Center, Miami, FL, has agreed to pay $1,846,194.00
New England Baptist Hospital, Boston, MA, has agreed to pay $374,814.48
St. Anne’s Hospital, Fall River, MA, has agreed to pay $552,745
The Queen’s Medical Center, Honolulu, HI, has agreed to pay $1,055,249.57
Trover Health System, Madisonville, KY, has agreed to pay $1,162,837
Wayne Memorial Hospital, Goldsboro, NC, has agreed to pay $1,250,000.

In addition to today’s settlement, the government previously settled with Medtronic Spine LLC, the corporate successor to Kyphon Inc., for $75 million to settle allegations that the company defrauded Medicare by counseling hospital providers to perform kyphoplasty procedures as inpatient rather than outpatient procedures.

According to Tom O’Donnell, Special Agent in Charge of the Office of Investigations of the HHS-OIG New York Regional Office, “The settlements related to kyphoplasty billing that have been reached with over 100 hospitals represent one of the largest and most successful multi-party health care investigations in the nation.”

While these settlements relate specifically to kyphoplasty procedures, they send a message impacting all procedures and practice areas that they risk OIG and/or Justice Department prosecution if procedures are performed in a most costly manner to increase reimbursement which is not medically necessary. Justice Department officials warned health care providers that Justice and OIG will act “Whenever hospitals knowingly overcharge Medicare, critically needed resources are wasted and health costs are driven up.”

Whistleblower Involvement Played Big Role

As in other recently announced settlement agreements, see e.g., Whistleblower Collects $2.7 M of $14.5M Sound Inpatient Physicians Overbilling Settlement, whistleblower involvement played a key role in helping OIG and Justice to identify and prosecute the alleged misconduct.

According to the Justice Department, all but four of the settling facilities announced today were named as defendants in a qui tam, or whistleblower, lawsuit brought under the False Claims Act, which permits private citizens to bring lawsuits on behalf of the United States and receive a portion of the proceeds of any settlement or judgment awarded against a defendant. The lawsuit was filed in federal district court in Buffalo, N.Y., by Craig Patrick and Charles Bates. Mr. Patrick is a former reimbursement manager for Kyphon, and Mr. Bates was formerly a regional sales manager for Kyphon in Birmingham, Ala. The whistleblowers will receive a total of approximately $5.5 million from the settlements.

Mitigate Risks With Effective Oversight of Both Documentation & Operations

As Acting Assistant Attorney General for the Civil Division Stuart F. Delery noted in the settlement announcement. “Physicians who participate in Medicare and other federal health care programs must document and bill for their services accurately and honestly.” With qui tam and other whistleblower participation, the Justice Department, HHS and other federal and state fraud investigators go beyond merely challenging whether the medical record documentation supports the charges billed to question whether the medical record itself accurately reflects the care in fact delivered by relying upon testimony of employees or other “insiders” often with an axe to grind against the provider.

To mitigate these exposures, health care providers clearly should work diligently both to ensure that their billing and other compliance programs accurately, honestly and completely document the care provided and code and bill for those services in accordance with the currently applicable federal program rules. While these compliance and risk management programs are indispensable components of any effective health care fraud compliance program, health care providers also should recognize that the effectiveness of their health care fraud and other compliance program also may depend on the effectiveness of their operational and workforce oversight and management. Along with effective billing and other fraud detection and compliance programs, providers also need effective medical quality and records documentation, provider and workforce performance and management, investigations and other management programs.

As a key element of these activities, providers should constantly be on watch for evidence of gaps between the medical and billing documentation and the factual realities looking at broad range of sources. Providers should target these activities to cover both specific medical documentation, coding and care, and other operational indicators that could show a problem. With qui tam and other whistleblower claims rising, however, providers should keep in mind that mere auditing of records and billing patterns alone often fails to uncover key evidence of potential concerns.

To help identify potential areas of scrutiny, providers should carefully monitor and examine the adequacy of their compliance and risk management agreements against corporate integrity agreements with other providers who have reached settlements with the Department of Justice, HHS Office of Inspector General or other agencies like the TranS1 Inc. Corporate Integrity Agreement .

Health care providers also should take into account a plethora of other potential indicators including but not limited to peer review and quality assurance data, deficient as well as inexplicably exceptional medical record or other record keeping documentation, hotline, exist interview and other workforce feedback, disagreements among providers in patterns of care, political and interpersonal differences, and a host of other indicators that could show a valid compliance concern or a developing hostility that could become the incentive for a whistleblower or other complaint. Providers should document these and other efforts to investigate, monitor and redress potential concerns In addition, providers also should guard against qui tam, retaliation and other claims by ensuring that their human resources, peer review, credentialing, background and other investigations, privacy and other operational activities are designed, documented to be both legally compliant and defensible.

For More Information Or Assistance

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Conditions of Participation, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: false claims act, HEAT, Hospitals, Medicaid Fraud, Medicare Fraud, Overbillng, Physicians, qui tam, Upcoding | Permalink
Posted by Cynthia Marcotte Stamer

Whistleblower Collects $2.7 M of $14.5M Sound Inpatient Physicians Overbilling Settlement

July 6, 2013

Former employee-turned Whistleblower Craig Thomas will collect $2.7 million out of the $14.5 million settlement that Sound Inpatient Physicians Inc. (SIP) will pay $14.5 million to settle allegations that it overbilled Medicare and other federal health care programs under a settlement announced by the Justice Department on July 3, 2013. The SIP announcement comes the same day the Justice Department announced medical device manufacturer TranS1 Inc., now known as Baxano Surgical Inc., will pay $6 million to resolve whistleblower-prompted FCA allegations that TranS1 Inc. caused health care providers to submit false claims to Medicare and other federal health care programs for minimally-invasive spine surgeries.

Both the SIP and TranS1 Inc. charges and settlement clearly show the ever-growing risk of Justice Department prosecution that providers face when billing Medicare or other government programs for care beyond the level delivered and documented in the medical record. The litigation and resulting settlement also show the too-often underappreciated rule that employees, vendors and other whistleblowing insiders increasingly play in the initiation and success of these prosecutions and how they impact the ability of providers charged with fraud to prove they have billed Medicare or other federal health plans accurately and honestly for services actually delivered in the manner documented in the record and in accordance with applicable Federal program rules.

To mitigate these exposures, health care providers both should strengthen their health care medical record documentation, billing and other fraud and compliance programs and their employee, vendor and other workforce relations and management processes.

Former SIP Employee’s Qui Tam Claim Prompted Suit

The settlement resolves charges that SIP fraudulently inflated billings to government programs brought in U.S. ex rel. Craig Thomas v. Sound Inpatient Physicians, Inc. and Robert A. Bessler, Civil Action No. C09-5301RBL (W.D. Wash.) that initially came to the government’s attention through a lawsuit filed by former SIP employee, Craig Thomas, under the qui tam, or whistleblower, provisions of the False Claims Act (FCA). The FCA allows private citizens to bring civil actions on behalf of the government and share in any recovery. Thomas will receive $2.7 million of the $14.5 million settlement for exposing Sound Physicians’ inflated claims.

In the lawsuit, the Justice Department alleged that SIP, a Tacoma, Washington-based employer of more than 700 hospitalists and post-acute physicians at 70 hospitals and a growing network of post-acute facilities in 22 states, between 2004 and 2012, knowingly submitted inflated claims to federal health benefits programs for its hospitalist employees for higher and more expensive levels of service than documented by hospitalists in patient medical records.

The SIP civil settlement illustrates the growing reliance on whistleblowers and other FCA tools by the Federal government in its rising campaign against false claims and other health care fraud by physicians, hospitals and other health care providers under the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative announced in May 2009 by Attorney General Eric Holder and Health and Human Services (HHS) Secretary Kathleen Sebelius. Since January 2009, the Justice Department claims to have recovered a total of more than $14.7 billion through FCA cases, with more than $10.7 billion of that amount recovered in cases involving fraud against federal health care programs.

TranS1 Inc. Whistleblower Gets $1M+ Out of $6M Settlement

Whistleblower claims also prompted the charges and settlement announced against medical device manufacturer TranS1 Inc. The Justice Department announced July 3 that TranS1 Inc. has agreed to pay the United States $6 million to resolve allegations under the FCA. Whistleblower Kevin Ryan, whose qui tam claim prompted the investigation that lead to the settlement will collect $1,020,000 from the settlement.

The settlement resolves Justice Department charges developed out of the qui tam action of a former employee that TranS1 knowingly caused health care providers to submit claims with incorrect diagnosis or procedure codes for minimally-invasive spine fusion surgeries using Trans1’s AxiaLIF System. That device was developed as alternative to invasive spine fusion surgeries. The United States alleges that TranS1 improperly counseled physicians and hospitals to bill for the AxiaLIF System by using incorrect and inaccurate codes intended for more invasive spine fusion surgeries. The Justice Department alleged that, as a result, health care providers received greater reimbursement than they were entitled to for performing the minimally-invasive AxiaLIF procedures.

The Justice Department also claimed TranS1 knowingly paid illegal remuneration to certain physicians for participating in speaker programs and consultant meetings intended to induce them to use TranS1 products, in violation of the Federal Anti-Kickback Statute, 42 U.S.C. § 1320a-7b(b), and thereby caused false claims to be submitted to federal health care programs. The Anti-Kickback Statute prohibits offering or paying remuneration to induce referrals of items or services covered by federally-funded programs and is intended to ensure that a physician’s medical judgments are not compromised by improper financial incentives and are based solely on the best interests of the patient.

In addition, the Justice Department alleged that TranS1 promoted the sale and use of its AxiaLIF System for uses that were not approved or cleared by the U.S. Food and Drug Administration, including use in certain procedures to treat complex spine deformity, and which were thus not covered by federal health care programs.

“A medical device manufacturer violates the law when it advises physicians and hospitals to report the wrong codes to federal health insurance programs in order to increase reimbursement rates,” said Rod J. Rosenstein, U.S. Attorney for the District of Maryland. “Health care providers are required to bill federal health care programs truthfully for the work they perform.”

As part of the settlement, TranS1 has agreed to enter into a corporate integrity agreement with the Office of Inspector General of the Department of Health and Human Services. That agreement provides for procedures and reviews to be put in place to avoid and promptly detect conduct similar to that which gave rise to this matter.

Mitigate Risks With Effective Oversight of Both Documentation & Operations

For More Information Or Assistance

About Solutions Law Press

OIG Urges CMS To Step Up Efforts To Recover “Overpayments”

July 2, 2013

The Department of Health & Human Services (HHS) Office of Inspector General (OIG) is recommending that the Centers for Medicare & Medicaid Services (CMS) step-up efforts to collect Medicare overpayments to providers currently considered uncollectable because the provider has failed to repay overpayments identified and demanded by CMS six or more months after CMS demands repayment. The recommendations made in OIG’s Medicare’s Currently Not Collectible Overpayments Report (Report) reflect the ever-growing emphasis of HHS on reducing Medicare and other federal program costs by aggressive enforcement of Medicare and other federal regulations against providers. While CMS has not concurred with all of OIG’s recommendations in the Report, providers can expect CMS to further tighten its overpayment processes in response to these and other OIG recommendations.

According to the Report, CMS identifies billions of dollars in alleged Medicare overpayments to health care providers each year. In fiscal year (FY) 2010, overpayments totaled $9.6 billion. While CMS identifies these amounts, the Report notes that CMS does not recover all overpayments. Under CMS current accounting policies, CMS classifies overpayments for which the provider has not repaid at least 6 months after the due date on the Medicare demand letter as “currently not collectible” (CNC). CMS does not report these CNC amounts in CMS’s annual financial statements because it considers these amounts unlikely to be recovered.

The Report summaries the results of an OIG study of these CNC amounts. In the study, OIG requested details from CMS about CNC overpayments in FY 2010 and summary financial data for FYs 2007 to 2010. CMS provided most of the data from its Healthcare Integrated General Ledger Accounting System (HIGLAS). OIG also surveyed CMS and all its claims processing contractors to identify (1) hindrances to debt collection and (2) strategies to reduce the number and dollar amount of overpayments that become CNC.

According to the Report, CMS reported $543 million in new CNC overpayments across all contractors in FY 2010. However, CMS provided detailed information on $69 million in CNC overpayments for only seven contractors. Citing contractor transitions, CMS did not provide detailed data for the remaining 32 contractors. For 54 percent of CNC overpayments associated with the seven contractors, the provider type was missing in HIGLAS. For the seven contractors, 97 percent of FY 2010 CNC overpayments were not recovered. According to contractors, inaccurate provider contact information delays or prevents some overpayment demand letters from reaching providers. In addition, CMS and contractors reported that expanding the types of provider identifiers used to recover payments could improve debt collection efforts.

Based on these findings, OIG recommended that CMS should:

Ensure the HIGLAS variable for provider type is populated for all overpayments,
Ensure that demand letters are mailed to the contacts and addresses identified by the provider, and
Use tax identification numbers and provider transaction access numbers in addition to national provider numbers for the collection of overpayments.

According to OIG, CMS partially concurred with the first recommendation, did not agree with our second recommendation, and concurred with our third recommendation. Accordingly, at minimum, providers should expect that CMS will step up use of tax identification and provider transaction access numbers in tracking down and collecting overpayments demanded by OIG.

The Report is just one of a plethora of activities that OIG, CMS and other HHS agencies, alone or in conjunction with the Department of Justice and other federal and state agencies are conducting in their campaign to control Medicare and other federal program costs by targeting provider reimbursements.With health care fraud and other billing audits and enforcement rising, hospitals and other health care providers should heed these reports as continuing reminders to tighten their billing practices to ensure defensibility in the event of an audit or other enforcement action.

For More Information Or Assistance

About Solutions Law Press

HHS Continues Preparations For Health Care Marketplace By Awarding $32M Of Grants To Up CHIP & Medicaid Enrollment

July 2, 2013

As part of its continuing efforts to promote enrollment in the Health Insurance Marketplace slated to take effect January 1, 2014, the Department of Health and Human Services (HHS) today (July 2, 2013) announced the award of nearly $32 million in grants for efforts to identify and enroll children eligible for Medicaid and the Children’s Health Insurance Program (CHIP). The Connecting Kids to Coverage Outreach and Enrollment Grants were awarded to 41 state agencies, community health centers, school-based organizations and non-profit groups in 22 states; two grantees are multistate organizations. The announcement follows the recent rollout of online tools to aid consumers enroll in the new Health Care Marketplace scheduled to launch January 1, 2014 as part of the continuing implementation of reforms enacted as part of the Patient Protection & Affordable Care Act (Affordable Care Act).

Announced Grants Target Increased CHIP & Medicaid Enrollment

In amounts ranging from $190,000 to $1 million out of the $140 million included in the Affordable Care Act and the Children’s Health Insurance Program Reauthorization Act (CHIPRA) of 2009 for enrollment and renewal outreach, HHS Reports the grants awarded to the grantees listed here focus on 5 areas:

Engaging schools in outreach, enrollment and retention activities (9 awards);
Reducing health coverage disparities by reaching out to subgroups of children that are less likely to have health coverage (8 awards);
Streamlining enrollment for individuals participating in other public benefit programs such as nutritional or other assistance programs (3 awards);
Improving application assistance resources to provide high quality, reliable Medicaid and CHIP enrollment and renewal services in local communities (13 awards); and
Training communities to help families understand the new application and enrollment system and to deliver effective assistance to families with children eligible for Medicaid or CHIP (8 awards).

According to HHS, the grants will build on the Secretary’s Connecting Kids to Coverage Challenge to find and enroll all eligible children and support outreach strategies that have been shown to be successful.

According to HHS, Connecting Kids to Coverage Outreach and Enrollment Grant Awards (Cycle III) Efforts to streamline Medicaid and CHIP enrollment and renewal practices, combined with robust outreach activities, have helped reduce the number of uninsured children. Since 2008, HHS claims 1.7 million children have gained coverage and the rate of uninsured children has dropped to 6.6 percent in 2012

“Today’s grants will ensure that more children across the nation have access to the quality health care they need,” said Secretary Sebelius. “We are drawing from successful children’s health coverage outreach and enrollment efforts to help promote enrollment this fall in Medicaid and the new Health Insurance Marketplace.”

Continuing Preparations For New Health Care Marketplace

The grant awards are part of a much broader effort by HHS to prepare Americans to enroll in the newly reformed Health Insurance Marketplace that the Obama Administration is working to implement as part of the sweeping reforms enacted by the Affordable Care Act.

Enrollment is the Health Insurance Exchanges also to be included in the new federal health care marketplace is scheduled to begin October 1, 2013. In anticipation of this deadline, HHS recently also announced its rollout of new consumer health care education and decision-making tools on its newly designed www.healthcare.gov website.

In announcing its launch of its Health Insurance Marketplace educational tools here on June 24, 2013, the Department of Health & Human Services (HHS) repeated recent claims that HHS and the states are on target to begin enrollment on October 1, 2013 in the federal and state health care exchanges now retitled “Health Insurance Marketplace” by the Administration, to meet other key milestones and to the beginning coverage under the newly created Health Insurance Marketplaces beginning January 1, 2014.

As part of these preparations, HHS kicked off an aggressive Health Insurance Marketplace education effort by announcing the deploying of with newly designed “consumer-focused” HealthCare.gov website and the 24-hours-a-day consumer call center that HHS claims provide all the necessary tools to prepare Americans for open enrollment and ultimately sign up for private health insurance.

While HHS says its tools and other preparations will get the Health Care Marketplaces and Americans ready for the conversion of the U.S. health care system slated to begin January 1, 2014, others are less confident. For instance, GAO officials recently found that major work that federal and state officials must complete to timely begin enrollment by October 1 remains unfinished, making it unclear if they will meet the impending October 1, 2013 enrollment kickoff deadline. See GAO Report and GAO Report.

Businesses concerned about impending “pay-or-play” and other mandates that require many employers that fail to provide minimum essential coverage also have been critical about delayed guidance on these and other Affordable Care Act mandates, which employers claim have left them confused and with inadequate time and guidance to prepare.

Despite these concerns, HHS is marching ahead on its efforts to implement the law by launching these and other enrollment and educational outreach.

For Representation, Training & Other Resources

If you need assistance understanding and responding to health care reforms, monitoring health and health plan related risk management and compliance, operations, regulatory, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

The scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly advises and represents clients in dealings with, and monitoring and responding to developments of HHS, IRS, DOL, Departments of Health & Insurance and other agencies, Congress and other legislators, and advises clients, publishes and speaks extensively on health care reform, medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. Her insights on health care reform and a broad range of other health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to ask about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: ACA, Affordable Care Act, Health Care Marketplace, Health Care Reform, Health Insurance Exchange, Health Insurance MArketplace | Permalink
Posted by Cynthia Marcotte Stamer

Hospital Pay $275K To Settle HIPAA Charges After Sharing PHI With Press, Workforce In Response To Fraud Reports

June 14, 2013

Health care providers, health plans, health care clearinghouses and their business associates should confirm their existing policies, practices and training for communicating with the media and others comply with the Privacy Rule requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in light of a Resolution Agreement with Shasta Regional Medical Center (SRMC) announced by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights today (June 14, 2013).

Under the Resolution Agreement, SRMC agrees to pay $275,000 and implement a comprehensive corrective action plan (CAP) to settle an investigation that resulted when SRMC used and disclosed protected health information (PHI) of a patient to members of the media and its workforce while trying to do damage control against fraud or other allegations of misconduct involving individual patient information or circumstances. The Resolution Agreement shows how efforts to respond to press or media reports, patient or other complaints, physician or employee disputes, high profile accidents, or other events that may involve communications not typically run by privacy officers can create big exposures.

Talking Out Of Turn To Media & Others Violated HIPAA

OCR investigated SRMC after a January 4, 2012 Los Angeles Times article reported two SRMC senior leaders had met with media to discuss medical services provided to a patient. OCR’s investigation indicated that SRMC failed to safeguard the patient’s protected health information (PHI) from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce. Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.

Among other things, the specific misconduct uncovered by HHS’s investigation indicated that from December 13 – 20, 2011, SRMC failed to safeguard the patient’s PHI from any impermissible intentional or unintentional disclosure on multiple occasions in connection with its response to media coverage arising from a Medicare fraud story including:

On December 13, 2011, for instance, OCR reports SRMC’s parent company sent a letter to California Watch, responding to a story about Medicare fraud. The letter described the patient’s medical treatment and provided specifics about her lab results even though SRMC did not have a written authorization from the patient to disclose this information to this news outlet.
On December 16, 2011, two of SRMC’s senior leaders also met with The Record Searchlight’s editor to discuss the patient’s medical record in detail even though SRMC did not have a written authorization from the patient to disclose this information to this newspaper.
On December 20, 2011, SRMC sent a letter to The Los Angeles Times, which contained detailed information about the treatment the patient received when, again, SRMC did not have a written authorization from the patient to disclose this information to this newspaper.

In addition, OCR found SRMC impermissibly used the affected party’s PHI when on December 20, 2011, SRMC sent an email to its entire workforce and medical staff, approximately 785-900 individuals, describing, in detail, the patient’s medical condition, diagnosis and treatment. SRMC did not have a written authorization from the patient to share this information with SRMC’s entire workforce and medical staff.

SRMC Must Correct & Pay $$275K Penalty

Under the Resolution Agreement, SRMC pays a $275,000 monetary settlement and agrees to comply with a CAP for the next year.

The CAP requires SRMC to update its policies and procedures on safeguarding PHI from impermissible uses and disclosures and to train its workforce members. The CAP also requires fifteen other hospitals or medical centers under the same ownership or operational control as SRMC to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media.

The Resolution Agreement specifically requires that Shasta Regional Medical Center, among other things:

To update policies to include specific policies about sharing PHI with the media, members of the workforce not involved in an individual patient’s care and others to comply with HIPAA;.
To provide updated policies to OCR for approval;
To provide training documented with certification of all workforce members before allowing them to access PHI;

SRMC is one of several Prime Healthcare Services facilities under common ownership and control. The Resolution Agreement also requires corrective action at these commonly owned facilities including California-based Alvarado Hospital Medical Center in San Diego, Centinela Hospital Medical Center in Inglewood, Chino Valley Medical Center in Chino, Desert Valley Hospital in Victorville, Garden Grove Hospital Medical Center in Garden Grove, La Palma Intercommunity Hospital in La Palma, Paradise Valley Hospital in National City, San Dimas Community Hospital in San Dimas, Shasta Regional Medical Center in Redding, and West Anaheim Medical Center in Anaheim; Saint Mary’s Regional Medical Center in Reno, Nevada; Pennsylvania based Lower Bucks Hospital in Bristol and Roxborough Memorial Hospital in Philadelphia;and Texas-based Dallas Medical Center in Dallas, Harlingen Medical Center in Harlingen, Pampa Regional Medical Center in Pampa. Among other things, the Resolution Agreement requires that for each of these related facilities:

The CEO and Privacy Officer of each facility must give OCR a signed affidavit stating that they understand that the Privacy Rule protects an individual’s PHI is protected by Privacy Rule even if such information is already in the public domain or even though it has been disclosed by the individual; and that disclosures of PHI in response to media inquiries are only permissible pursuant to a signed HIPAA authorization; and
Ensure all members of their respective workforce are informed of this policy.

The Resolution Agreement highlights the difficulty that health care providers and other covered entities often face in properly recognizing and handling PHI in the case of fraud or other disputes. While health care providers have an understandable desire to defend themselves in the media and elsewhere in response to charges of misconduct, today’s settlement shows that improperly sharing PHI of each patient in the process will make matters much worse. It’s important to keep in mind that just omitting to mention the name or other common identifying information may not overcome this concern because information about a patient can be considered individually identifiable and to enjoy protection under HIPAA where the facts and circumstances would allow another person to know or determine who the individual is, even if the specific name, address or more common identifying information is not shared.

Furthermore, the settlement also makes clear that merely because the patient or some other party has shared the same information with the media or others does not excuse the health care provider or other covered entity or business associate from the obligation to keep confidential the PHI unless it gets proper consent or otherwise can show that an exception to HIPAA applies.

While this means that health care providers or other covered entities and business associates may find themselves in the uncomfortable situation of facing unsavory reports and rumors without the ability to respond, the significant civil and even criminal penalties that can arise from violation of HIPAA make it critical that covered entities exercise discipline in responding to avoid sharing PHI improperly.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The SRMC Resolution Agreement again shows the growing risk of enforcement that health care providers, health plans, health care clearinghouses and their business associates face as OCR continues its audits and enforcement, new Omnibus HIPAA Regulations implementing the HITECH Act amendments to HIPAA and state and federal liability grows.. See e.g., $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

As part of this process, covered entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate training and clarification is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations. Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

For more information about the PCS Resolution Agreement and HIPAA compliance and risk management tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: covered entity, Health Care, Health Plan, HIPAA, Hospital, Media, OCR, PHI, Physician, Press, Privacy, Protected Health Information | Permalink
Posted by Cynthia Marcotte Stamer

OCR Makes Technical Corrections To HIPAA Omnibus Final Rule; September 2013 Enforcement Deadline Looming

June 7, 2013

The Department of Health & Human Services Office of Civil Rights (OCR) is publishing Technical Corrections (Technical Corrections) to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notifications Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Rule) previously published on January 25, 2013. The Technical Corrections will appear in the June 7, 2013 Federal Register. Physicians, hospitals, clinics and other health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates should take into account the Technical Corrections as they rush to update business associate agreements, policies, practices, training and other HIPAA compliance to comply with the Omnibus Rule changes by the September 2013 deadline.

Technical Corrections To Omnibus Rule Released

OCR published the Omnibus Rule to implement changes to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (“the HIPAA Rules”) enacted by the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”) and section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008, as well as to address public comment received on the interim final Breach Notification Rule and to other changes to the HIPAA Rules. The Technical Corrections are scheduled for publication in the Federal Register on June 7, 2013.

The Technical Corrections correct various typographical errors and other oversights in the Omnibus Regulations as originally published. While many of these corrections have limited material impact, certain corrections do have substantive implications. For instance, by correcting errors in references to other provisions of the Omnibus Regulations, the Technical Corrections clarify that the authority of OCR to extend the time pursuant to § 160.508(c)(5) for violations before February 18, 2009 also applies to violations occurring on or after February 18, 2009, as there is for violations occurring prior to February 18, 2009.

Covered Entities and their business associates will need to review and take into account the Technical Corrections as they work to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the Omnibus Rule.

Get Moving To Update HIPAA Compliance For New Omnibus Rule Requirements As Amended By Technical Corrections

Covered Entities and their business associates have a lot to accomplish between now and September to update their business associates and comply with other changes made by the Omnibus Rule by its September 2013 deadline. Among other things, the Omnibus Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the way required by the Omnibus Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Liability & Enforcement Risks Heighten Need To Act To Review & Update Policies & Practices

The restated rules in the Omnibus Rule make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements. See, e.g., OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

Coupled with statements by OCR about its intolerance, the HONI and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

All Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For More Information Or Assistance

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls. Extensively published and a popular speaker on HIPAA and other data security matters, Ms. Stamer works extensively with health care providers, health plans, employers, insurance and financial services, technology and other clients on privacy, data seurity and other privacy and cybercrime concerns. She also serves as the Scribe for the ABA JCEB Agency Techical Sessions Meetings with the Office of Civil Rights which occur each May in Washington, D.C.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Acute Care, CMS, Hospital, Medicare, PPS, Prospective Payment, Skilled Nursing, SNF | Permalink
Posted by Cynthia Marcotte Stamer

National Provider Calls: Medicare Shared Savings Program Application Process — Register Now

May 24, 2013

Medicare Fee For Service (FFS) providers and others interested in participating in Accountable Care Organizations (ACOs) should consider participating in the two National Provider Calls that the Centers for Medicare & Medicaid Services (CMS) plans to host on the Medicare Shared Savings Program (Shared Savings Program) outlined in final regulations published October 20, 2011 of the Affordable Care Act.

On Thursday, June 20, CMS subject matter experts will provide an overview and updates to the Shared Savings Program application process for the January 1, 2014 start date. A question and answer session will follow the presentations.
On Thursday, July 18, CMS subject matter experts will be available to answer questions about the Shared Savings Program and application process for the January 1, 2014 start date.

The Shared Savings Program Application web page has important information, dates, and materials on the application process. CMS encourages call participants to review the application and materials before the call.

To receive call-in information, interested participants must register for the call on the CMS Upcoming National Provider Calls registration website. Registration will close at 12pm on the day of the call or when available space has been filled. Since CMS says it will make no exceptions, interested persons should plan to register as soon as possible.

Following the conference calls, CMS plans to post the presentation on the FFS National Provider Calls web page. In addition, a link to the slide presentation will be emailed to all registrants on the day of the call.

CMS says certain continuing education credit may be awarded for participation in certain CMS National Provider Calls. Visit the Continuing Education Credit Information web page to learn more.

For More Information Or Assistance

About Solutions Law Press

Feds Arrest 36 More California & Florida Providers On Defrauding Medicare Of More than $66 Million

May 16, 2013

The Federal Medicare Fraud Strike Force’s arrest of 36 providers in California and Florida highlights again the continuing and growing zeal of federal health care fraud investigation and enforcement efforts. On May 14, 2013 the Justice Department announced it arrested and charged with Medicare fraud 12 defendants in Los Angeles here and 24 South Florida residents here in fraud enforcement actions on opposite coasts. The charges show the continuing commitment by Federal officials to find an prosecute health care fraud.

Florida Arrests

In South Florida, Federal officials announced charges against 24 South Florida residents for their alleged participation in various schemes to defraud Medicare out of more than $45,299,935 million. The charges in South Florida are part of a nationwide takedown by Medicare Fraud Strike Force operations in eight cities that resulted in charges against 89 individuals, including doctors, nurses and other licensed professionals, for their alleged participation in Medicare fraud schemes involving approximately $223 million in false billings.

Specifically, the South Florida cases announced as part of the nationwide Medicare Fraud Strike Force takedown include the following:

U.S. v. Emilio Amador, Cristobal Gonzalez, Eduims Mora, Jose Contreras, and Elizabeth Monteagudo, where five defendants are charged with conspiracy to receive health care kickbacks and substantive counts of receiving kickbacks in connection with a federal health care program. According to the indictment, the defendants participated in a scheme involving Caring Nurse Home Health, Corp. and Good Quality Home Health, Inc. The defendants allegedly supplied patients to Caring Nurse and/or Good Quality in exchange for kickbacks and bribes. Caring Nurse and Good Quality, in turn, fraudulently billed Medicare for approximately $50 million for home health services that were not provided and/or were not medically necessary. If convicted, the defendants face up to five years for each count.
United States v. Rafael Meana and Janet Farigola, where Defendants Rafael Meana and Janet Farigola are charged with conspiracy to commit health care fraud and several substantive counts of health care fraud. According to the indictment, the defendants participated in a scheme involving Lord’s Medical & Rehab Center, Inc. (Lords), a medical clinic that purportedly provided Medicare Advantage beneficiaries with medical items and services. From February 2010 through July 2011, Meana and Farigola allegedly caused Lord’s to submit approximately $5,497,047 in Medicare claims falsely claiming that health care benefits and services were medically necessary and had been provided to Medicare beneficiaries. As a result of the submission of these claims, Medicare paid Lord’s approximately $2,240,134. If convicted, the defendants face up to ten years in prison for each count of health care fraud.
United States v. Jose Moran, Rafael Meana, and Armando Rubio Cordero, where the defendants are charged with conspiracy to commit health care fraud and several substantive counts of health care fraud. According to the indictment, the defendants participated in a scheme involving Lord Family Services, Inc., a medical clinic that purportedly provided Medicare Advantage beneficiaries with medical items and services. From January 2010 through September 2011, the defendants allegedly caused Lord Family Services, Inc. to submit approximately $1,919,751 in Medicare claims falsely claiming that health care benefits and services were medically necessary and had been provided to Medicare beneficiaries. As a result of the submission of these claims, Medicare paid Lord Family Services, Inc. approximately $976,476. If convicted, the defendants face up to ten years in prison for each count of health care fraud.
United States v. Karina Merino, where defendant Karina U. Merino is charged with a single count of health care fraud in connection with her role in a massive health care fraud scheme involving Ideal Home Health, Inc. (Ideal), which submitted more than $40 million in fraudulent claims to Medicare. The Information alleges that Merino, as a nurse for Ideal, falsified patient visitation logs to reflect that home health care nursing services had been provided to beneficiaries when such services had, in fact, not been provided. Ideal fraudulently billed the Medicare program for approximately $148,000. If convicted of the health care fraud charge, Merino faces up to ten years in prison.
United States v. Delia Y. Chaveco and Arturo Y. Chaveco,
where Delia Y. Chaveco and Arturo Y. Chaveco (the Chavecos) were charged by Information with a single count of conspiracy to receive kickbacks in connection with a federal health care benefit program. This charge stems from the Chavecos’ role in a health care fraud scheme involving Ideal Home Health Inc. (Ideal), an agency that submitted more than $40 million in fraudulent claims to the Medicare program. The Information alleges that Ideal and other Miami-Dade area home health agencies paid the Chavecos kickbacks in exchange for recruiting Medicare beneficiaries that they later used to bill the Medicare program. If convicted, the defendants face up to five years in prison.
United States v. Roberto Marrero, Sandra Fernandez Viera and Enrique Rodriguez, where defendants are charged with conspiracy to commit health care fraud, conspiracy to receive and pay health care kickbacks, and substantive kickback charges. Defendants Roberto Marrero and Sandra Fernandez Viera were the owners and operators of Trust Care Health Services, Inc. (Trust Care), which allegedly paid kickbacks and bribes to patient recruiters and beneficiaries to obtain Medicare beneficiaries, and then submitted more than $20 million in false and fraudulent claims to Medicare, primarily for skilled nursing diabetic care and physical/occupational therapy. Defendant Enrique Rodriguez worked as a patient recruiter for Trust Care, supplying patients in exchange for kickbacks and bribes. A civil injunction is being filed under 18 U.S.C. § 1345 to restrain the defendants’ assets to satisfy restitution in the criminal matter. If convicted, the defendants face up to ten years for the health care fraud charges and five years for each count of the kickback charges.
United States v. Dora Moreira, Ivan Alejo, and Hugo Morales,
where the defendants are charged with conspiracy to commit health care fraud, conspiracy to receive and pay health care kickbacks, substantive kickback charges, conspiracy to commit money laundering, and substantive money laundering. Defendant Dora Moreira was the owner and operator of Anna Nursing Services Corp. (Anna Nursing), which paid kickbacks and bribes to patient recruiters and beneficiaries to obtain Medicare beneficiaries. Anna Nursing was paid more than $7 million for the false claims it submitted to Medicare, which claims were primarily for physical/occupational therapy. Defendant Ivan Alejo worked at Anna Nursing, and was responsible for, among other things, negotiating kickback rates and distributing kickback payments to patient recruiters on behalf of Anna Nursing. Defendant Hugo Morales worked as a physical therapist on behalf of Anna Nursing, and was responsible for, among other things, fabricating patient medical documentation. Defendant Dora Moreira laundered money for the purpose, among others, of concealing the proceeds of the fraud and the payment of kickbacks to recruiters. The Asset Forfeiture Section has obtained restraining orders on the corporate bank account and on real property that is traceable to the fraud. If convicted, the defendants face up to ten years for the health care fraud charges, five years for each count of the kickback charges, and twenty years for the money laundering charges.
United States v. Marina Sanchez Pajon and Miguel Jimenez,
where Federal officials charge defendants with conspiracy to commit health care fraud, conspiracy to receive and pay health care kickbacks, and substantive kickback charges. Defendants Marina Sanchez Pajon and Miguel Jimenez were the owners and operators of Flores Home Health Care Inc. (Flores Home Health), which allegedly paid kickbacks and bribes to patient recruiters and beneficiaries to obtain Medicare beneficiaries. Flores Home Health was paid more than $8 million for the false claims it submitted to Medicare, which claims were primarily for physical/occupational therapy. The Asset Forfeiture Section has obtained seizure warrants and restraining orders on five vehicles and bank accounts containing $160,000. They have also filed lis pendens against four real properties that were purchased with proceeds of the fraud. If convicted, the defendants face up to ten years for the health care fraud charges and five years for each count of the kickback charges.
United States v. Miguel A. Rodriguez, where defendant Miguel A. Rodriguez is charged with three counts of paying kickbacks in connection with a federal health care program. The defendant allegedly paid kickbacks and bribes to induce medical providers to refer Medicare beneficiaries to his medical company for services, including x-rays. If convicted, the defendant faces up to five years in prison for each count of the kickback charges.
United States v. Enrique Alberto Siret Rodriguez, where defendant Enrique Alberto Siret Rodriguez is charged with four counts of health care fraud and two counts of paying kickbacks in connection with a federal health care program. The defendant allegedly paid kickbacks and bribes to a doctor for fraudulent home health care prescriptions that could be used to fraudulently bill Medicare. If convicted, the defendant faces up to 10 years in prison for each health care fraud count and up to five years for each of the kickback counts.
United States v. Alberto Cosme Garcia, where defendant Alberto Cosme Garcia is charged with one count of health care fraud and two counts of paying kickbacks in connection with a federal health care program. The defendant allegedly paid kickbacks and bribes to a doctor for fraudulent home health care prescriptions that could be used to fraudulently bill Medicare. If convicted, the defendant faces up to 10 years in prison for the health care fraud count and up to five years for each of the kickback counts.

Los Angeles Charges

In Los Angeles, the Health Care Fraud Task Force action resulted in 12 arrests including California’s second-largest biller for chiropractic services, a physician’s assistant, and owners of durable medical equipment and ambulance companies, in relation to seven criminal cases that the Justice Department alleges resulted in the cumulative submission of more than $22 million in false billings to Medicare. The charges filed in Los Angeles are part of a nationwide “takedown” by Medicare Fraud Strike Force operations in eight cities that led to charges against 89 individuals for their alleged participation in schemes to collectively submit about $223 million in fraudulent claims to Medicare. See here.

The dozen defendants taken into custody are among 13 people charged in Los Angeles in cases that allege health care fraud. A thirteenth defendant is a fugitive.

Federal officials charge Dr. Houshang Pavehzadeh, of the Sylmar Physician Medical Group, allegedly billed Medicare more than $1.7 million for chiropractic treatments he never performed. During the scheme, which ran from 2005 through 2012, Dr. Pavehzadeh, 40, of Agoura Hills, became the second-largest Medicare biller in California for chiropractic services – even though he was not in the United States when some of the alleged services were performed. In addition to being charged with health care fraud, Pavehzadeh is charged with aggravated identity theft related to Medicare beneficiaries whose information he used to bill Medicare as a part of the scheme. When investigators tried to conduct an audit of Pavehzadeh’s claims, he falsely reported to the Los Angeles Police Department that he had been carjacked and that patient files requested by the auditors had been stolen from his car. Pavehzadeh surrendered this morning, and he is scheduled to be arraigned with other Los Angeles-area defendants this afternoon in the Roybal Federal Building.

Nine defendants affiliated with DME companies were also charged in five separate indictments.

Olufunke Fadojutimi, 41, of Carson, a registered nurse; Ayodeji Temitayo Fatunmbi, 41, formerly of Carson, and now believed to be residing in Nigeria; and Maritza Velazquez, 40, of Las Vegas, were charged with health care fraud. The scheme allegedly revolved around Lutemi Medical Supplies, a DME company Fadojutimi owned and where Fatunmbi and Velazquez worked. According to the indictment in this case, Lutemi billed Medicare more than $8.3 million in claims, primarily for medically unnecessary power wheelchairs. Fadojutimi and Fatunmbi allegedly laundered Medicare funds in order to purchase fraudulent prescriptions for those power wheelchairs and pay illegal kickbacks to recruit Medicare beneficiaries. Fadojutimi was arrested this morning in Los Angeles, while Velazquez was arrested in Las Vegas. Fatunmbi is currently a fugitive being sought by federal authorities.
Susanna Artsruni, 45, of North Hollywood, and Erasmus Kotey, 76, of Montebello, a licensed physician’s assistant, allegedly worked together to commit health care fraud out of a medical clinic on Vermont Avenue where they both worked. Kotey allegedly prescribed medically unnecessary DME, including power wheelchairs, for Medicare beneficiaries. Many of those power wheelchair prescriptions were then used by Artsruni’s DME company, Midvalley Medical Supply, to support fraudulent claims to Medicare. In only four months, the clinic and Midvalley billed Medicare more than $525,000 for these fraudulent claims. Artsruni has previously been convicted of health care fraud and was on pretrial supervision at the time she allegedly laundered some of the proceeds of this fraud. Artsruni was arrested this morning, while Kotey self-surrendered.

Three other DME cases were also charged, alleging fraudulent Medicare billing for medically unnecessary power wheelchairs that were sometimes never even delivered.

In one case, Akinola Afolabi, 53, of Long Beach, the owner of Emmanuel Medical Supply, allegedly submitted more than $2.6 million in in false and fraudulent billing to Medicare.
In another case, Queen Anieze-Smith, 52, of Encino, and Abdul King-Garba, 47, of Westwood, the owners and operators of ITC Medical Supply, allegedly submitted more than $1.8 million in false and fraudulent billing to Medicare.
In the third case, Clement Etim Aghedo, 53, of Fontana, the owner of Ace Medical Supply Company, allegedly submitted more than $1.8 in false and fraudulent claims to Medicare. Afolabi, Anieze-Smith, and King-Garba were all arrested this morning, while Aghedo self-surrendered.

In the seventh case brought as part of today’s takedown, three defendants affiliated with Gardena-based ProMed Medical Transportation, an ambulance company, were charged with submitting more than $5.9 million in false claims to Medicare between 2008 and 2011. ProMed’s owner, Yaroslav Proshak, 45, of Valley Village; general manager Sharetta Wallace, 35, of Inglewood; and office manager and biller Sergey Mumjian, 40, of West Hollywood, submitted claims for medically unnecessary transportation services and then created fake documentation purporting to support those claims. Proshak, Wallace, and Mumjian were arrested this morning.

The charge of health care fraud carries a statutory maximum penalty of 10 years in federal prison. Money laundering carries a potential penalty of 20 years in prison. Aggravated identity theft carries a mandatory two-year prison term.

Aggressive Medicare Health Care Fraud Task Force Enforcement Continues

The announcement of these arrests provides more evidence of the continuing zealousness of Federal health care fraud investment and enforcement efforts targeting heath care providers for health care fraud or other aggressive activities.

The Medicare Fraud Strike Force operations that lead to todays’ charges are part of the continuing activities Health Care Fraud Prevention & Enforcement Action Team (HEAT), a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country.

Since March 2007, Federal officials credit Strike Force operations in nine locations with leading to charges against more than 1,500 defendants who collectively have falsely billed the Medicare program for more than $5 billion.

In addition, the HHS Centers for Medicare and Medicaid Services, working in conjunction with the HHS-OIG, are taking steps to increase accountability and decrease the presence of fraudulent providers.

In announcing the Florida charges, HHS Secretary Sebelius commented on the effect of recent legal changes that have given Federal officials new tools in investigating and fighting health care fraud. She said, “The Affordable Care Act has given us additional tools to preserve Medicare and protect the tens of millions of Americans who rely on it each day,” said Secretary Sebelius. “By expanding our authority to suspend Medicare payments and reimbursements when fraud is suspected, the law allows us to better preserve the system and save taxpayer dollars. Today we’re sending a strong, clear message to anyone seeking to defraud Medicare: You will get caught and you will pay the price. We will protect a sacred trust and an earned guarantee.”

Meanwhile, U.S. Attorney General Holder said, “Today’s announcement marks the latest step forward in our comprehensive efforts to combat fraud and abuse in our health-care systems.”

In the face of these criminal efforts and expanding civil and administrative enforcement actions by Federal officials targeting heaelth care fraud and other aggressive billing and referral efforts, health care providers should exercising continuing care to maintain compliance with applicable rules and carefully document these and other compliance and risk management efforts.

For Help With Compliance, Investigations Or Other Needs

If you need assistance providing compliance or other training, reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns/ She also regularly designs and presents risk management, compliance and other training for health care providers, professional associations and others. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

1 Comment | DME, Doctor, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Plan, Health Plans, Home Health, Hospital, Hospital, Medicaid, Medicare, Medicare Advantage, Money Laundering, OIG, Physician, Physician Licensing, Reimbursement | Tagged: false claims act, Health Care Fraud, HEAT, Medical Licensure, Physician, texas medical board | Permalink
Posted by Cynthia Marcotte Stamer

Former White House Cybersecurity Coordinator Schmidt, Stamer & Others Share Key HIPAA & Other Privacy & Data Security Insights 5/21 In LA

May 3, 2013

SLP Readers Get Discount: Go to
blocked::http://securitysummitla.eventbrite.com/” href=”http://securitysummitla.eventbrite.com/” data-mce-href=”http://securitysummitla.eventbrite.com/”://securitysummitla.eventbrite.com/ and enter Promotional Code: Health_Summit_125

Former White House Cybersecurity Coordinator Howard Schmidt and Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer are two of an impressive lineup of leaders scheduled to share key HIPAA & other privacy and data security compliance and risk management strategies at the Healthcare HITECH Privacy and Security Summit at the Fifth Annual Information Security Summit on May 21 in Los Angeles. The program offers essential insights for hospitals, physicians, and other health care providers, health plans and insurers, employers and other health plan sponsors, fiduciaries and administrators, their business associates and other business partners and others on what their organizations should do to cope with the rapidly changing and expanding privacy and data security obligations of HIPAA and other federal and state laws.

With the rapidly approaching and privacy and data breach penalties and enforcement rising, health care providers, health plans, health care clearinghouses and their business associates must get moving to update business associate contracts, policies and notices and processes to meet changing HIPAA rules while managing ongoing compliance and risks.

Former Cybersecurity Coordinator Schmidt Keynotes

The Healthcare HITECH Privacy and Security Summit will bring together leaders in Privacy and Security within government and private industry for a day of collaboration, networking and presentations by leading Privacy and Security professionals sharing who HIPAA covered entities and business associates need to know to comply with new HITECH rules and OCR investigations.

Stamer Speaks On Latest HIPAA Rules & Developments

Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer will help lay the foundation for the workshop by briefing participants on changes made to HIPAA rules by the new Omnibus HIPAA Rulemaking changes that the Office of Civil Rights (OCR) plans to start enforcing in September, 2013.

Armed with the latest insights from serving as the scribe for the ABA JCEB annual agency meeting with the Office of Civil Rights (OCR), Ms. Stamer, a practicing attorney and widely published author and speaker, will discuss required changes and other recommended steps and strategies that covered entities and their business associates should take to maintain HIPAA compliance and manage HIPAA and other related risks in light of the Omnibus HIPAA Rulemaking changes, new OCR guidance for health care providers about disclosures to avert threats to health or safety, recent audit and enforcement activities and other changing risks and responsibilities including:

The latest on OCR’s regulatory guidance, audit and investigation and enforcement rules, actions and strategies and their implications on covered entities and business associates;
Changes to breach notification rules and their implications on covered entities and their business associates;
Practical implications of new rules on who is covered and their responsibilities;
Required and recommended updates to policies, business associate and other agreements, privacy notices and other HIPAA compliance arrangements;
Effective training and other risk management strategies;
Planning for, investigating and mitigating PHI privacy breaches and other compliance concerns under new rules other selected events; and
Other selected strategies for coordinating HIPAA and other privacy and data breach responsibilities and risk management; and
Participant questions.

For a complete agenda, to register, to get details on sponsorship or for other information, see here.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Border Health, Childrens Health Insurance Program, Consumer Driven Health Care, Corporate Compliance, DME, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Breach Notification, Data Breach, Data Security PHI, HIPAA, personal financial information, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

CMS Proposes To Further Tighten Medicare Provider Enrollment Rules

May 1, 2013

The proposed rule would also strengthen certain provider enrollment provisions including allowing HHS to deny enrollment of providers affiliated with an entity that has unpaid Medicare debt, deny or revoke billing privileges for individuals with felony convictions, and revoke privileges for providers and suppliers who are abusing their billing privileges.

Since provider enrollment is the gateway to Medicare, CMS routinely evaluates its provider enrollment policies, and has implemented new safeguards as a result of the Affordable Care Act. In the February 2011 final screening rule (72 FR 5862). CMS identified additional changes in enrollment policy that would increase the integrity of the Medicare program. Now, CMS is proposing include the following provisions:

Add the ability to deny the enrollment of providers, suppliers and owners affiliated with an entity that has unpaid Medicare debt. This proposal would prevent individuals and entities from being able to incur substantial debt to Medicare, leave the Medicare program and then re-enroll as a new business to avoid repayment of the outstanding Medicare debt. We are proposing that CMS would only enroll individuals or entities if they repay the debt or enter into a repayment plan, if they are otherwise eligible for the program.
Deny enrollment or revoke the billing privileges of a provider or supplier if a managing employee has been convicted of certain felony offenses. This provision ensures that CMS can block or remove bad actors from the Medicare program to protect beneficiaries and safeguard the Medicare Trust Fund.
Permit CMS to revoke billing privileges of providers and suppliers that have a pattern or practice of billing for services that do not meet Medicare requirements. This proposal is intended to address providers and suppliers that regularly submit inaccurate claims in such a way that it poses a risk to the Medicare program.
Make the effective date of billing privileges consistent across certain provider and supplier types. Most practitioners and practitioner groups may only submit bills as of the filing date of their enrollment application. CMS is proposing to eliminate ambulance suppliers’ current ability to bill for up to a year prior to enrollment in the Medicare program. CMS is also proposing to require that ambulance providers and other provider and supplier types submit any claims within 60 days of revocation of billing privileges, consistent with the requirements for practitioners and practitioner groups.

For More Information Or Assistance

About Solutions Law Press

HHS Proposes Increasing Health Care Fraud Reporting Rewards To Up To $9.9 Million

May 1, 2013

The Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) plans to increase rewards paid to Medicare beneficiaries and others whose tips about suspected fraud lead to the successful recovery of funds to as high as $9.9 million. Secretary Kathleen Sebelius announced proposed regulations that would increase the penalties on April 24. In addition, a new funding opportunity released this month supports the expansion of Senior Medicare Patrol (SMP) activities to educate Medicare beneficiaries on how to prevent, detect and report Medicare fraud, waste and abuse.

The Obama Administration has made health care fraud prosecutions and settlement a key element of its health care cost containment plan. Over the last three years, the administration claims its enforcement efforts have recovered over $14.9 billion in fraud, some of which resulted from fraud reporting by individuals.

Summary Of The SMP Incentive Reward Program Proposals

The SMP is a national, volunteer-based program that empowers Medicare beneficiaries to prevent and report Medicare fraud, waste, and abuse. Since 1997, HHS reports more than 7,000 referrals have been made to CMS and the Office of the Inspector General (OIG) for investigation since 1998.

Under the proposed changes, CMS is proposing to increase the potential reward amount for information that leads to a recovery of Medicare funds from 10 percent to 15 percent of the final amount collected. HHS currently offers a reward of 10 percent up to $1,000 under the current incentive reward program. In changes are modeled on an IRS program that has returned $2 billion in fraud since 2003, HHS proposes to increase the portion of the recovery on which CMS will pay a reward up to the first $66 million recovered – this means an individual could receive a reward of $9.9 million if CMS recovers $66 million or more.

HHS began paying rewards to individuals who reported tips that led to the recovery of funds in 1998. According to HHS, to date, HHS has recovered approximately $3.5 million as a result of this program and paid just $16,000 for 18 rewards. The proposed changes are similar to the IRS whistleblower program that has resulted in recoveries of over $2 billion since 2003.

To expand the SMP program’s capacity to reach more Medicare beneficiaries, the Administration for Community Living issued a new funding opportunity. Each of the current 54 SMP projects is eligible for varying funding levels, up to a total of $7.3 million across the program.

HHS says thhese proposed changes will support the administration’s comprehensive approach to program integrity, including the work being done with the Health Care Fraud Prevention and Enforcement Action Team, a joint effort between HHS and the Department of Justice to fight health care fraud. The Obama Administration credits this joint effort with recovering a record $4.2 billion in taxpayer dollars in fiscal year 2012.

The proposed increase in the reward for blowing the whistle on health care fraud is intended to fuel further reports by beneficiaries, workers and others of suspected health care fraud. Health care providers should share any concerns about the proposed increase in the rewards as well as review and tighten their health care fraud prevention and risk management to defend against rising exposures.

For more details, read a fact sheet on the proposed rule available here for more details.

For More Information Or Assistance

About Solutions Law Press

CMS Proposes Changes To Accute Care Hospital & Skilled Nursing Facility Propective Payment Rules

May 1, 2013

Acute care hospitals and skilled nursing facilities participating in Medicare should review proposed changes to key Medicare reimbursement rules and act quickly to share feedback on any provisions of significant concern.

The Centers For Medicare & Medicaid Services (CMS) is proposing changes to its Prospective Payment Systems and other reimbursement key reimbursement rules for Hospitals and Skilled Nursing Facilities for Fiscal Year (FY) 2014. Advance copies of the proposed rules were made available May 1.

CMS’ proposed rules on Prospective Payment System and Consolidated Billing for Skilled Nursing Facilities for FY 2014 are scheduled for official publication on May 1, 2013.

CMS’ proposed rules on Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and Long Term Care Hospital Prospective Payment System, etc. are scheduled for official publication on May 10, 2013.

Acute care hospitals and skilled nursing facilities should evaluate the implications of the proposed changes and provide relevant feedback as necessary to CMS.

For More Information Or Assistance

About Solutions Law Press

OCR Shares New Tools to Educate Consumers and Providers about HIPAA Privacy and Security

April 30, 2013

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has developed an array of new tools to educate consumers and health care providers about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Many consumers are unfamiliar with their rights under the HIPAA Privacy Rule. With that in mind, OCR has posted a series of factsheets, also available in eight languages, to inform consumers about their rights under the HIPAA Privacy Rule. These materials are available on OCR’s website here.

The fact sheets compliment a set of seven consumer-facing videos released earlier this year on OCR’s YouTube channel. An additional video, The HIPAA Security Rule, has been designed for providers in small practices and offers an overview of how to establish basic safeguards to protect patient information and comply with the Security Rule’s requirements. The videos are available on the HHS OCR YouTube Channel at here.

OCR has also launched three modules for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules, available at Medscape.org:

Patient Privacy: A Guide for Providers at here;
HIPAA and You: Building a Culture of Compliance here; and
Examining Compliance with the HIPAA Privacy Rule here.

The Medscape modules offer free Continuing Medical Education (CME) credits for physicians and Continuing Education (CE) credits for health care professionals.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Amgen Settlement Highlights Anti-Kickback Exposures From Whistleblowers, Need For Effective Compliance & Risk Management

April 22, 2013

California-based biotechnology giant Amgen, Inc. has agreed to pay $24,9 Million to resolve Justice Department False Claims Act charges that the biotechnology giant violated the False Claims Act by paying illegal kickbacks to long-term care pharmacy providers to promote the sale of its Aranesp and other products. The settlement announced by the Justice Department on April 16, 2013 is the latest in a series of settlements resulting from efforts by Federal officials to target pharmaceutical and other providers for violating federal anti-kickback and other health care fraud laws brought by the Justice Department. See Amgen to Pay U.S. $24.9 Million to Resolve False Claims Act Allegations. It highlights the growing risk of civil prosecution that pharmaceutical companies face for offering or providing prohibited kickbacks, as well as the growing role of whistleblowers in civil prosecutions under the anti-kickback law.

Amgen Settlement Highlights

The Amgen Settlement Agreement resolves Federal allegations that Amgen paid illegal kickbacks to long-term care pharmacy providers Omnicare Inc., PharMerica Corporation and Kindred Healthcare Inc. in return for implementing “therapeutic interchange” programs designed to switch Medicare and Medicaid beneficiaries from a competitor drug to Aranesp, which Amgen manufactures.

The government alleged that the kickbacks took the form of performance-based rebates tied to market-share or volume thresholds. The government also charged that, as part of the therapeutic interchange program, Amgen distributed materials to consultant pharmacists and nursing home staff encouraging the use of Aranesp for patients who did not have anemia associated with chronic renal failure.

The Amgen Settlement Agreement resolves a civil lawsuit filed under the qui tam, or whistleblower, provision of the False Claims Act, which allows private citizens with knowledge of false claims to bring civil actions on behalf of the United States and share in any recovery. The False Claims Act suit in the U.S. District Court for the District of South Carolina is captioned United States ex rel. Kurnik v. Amgen Inc., et al.

When announcing the settlement, Justice Department officials emphasized federal officials’ commitment to pursuing pharmaceutical companies for paying illegal kickbacks to secure drug sales. “We will continue to pursue pharmaceutical companies that pay kickbacks to long-term care pharmacy providers to influence drug prescribing decisions,” said Stuart F. Delery, Acting Assistant Attorney General for the Justice Department’s Civil Division. “Patients in skilled nursing facilities deserve care that is free of improper financial influences.”

The Settlement Agreement and lawsuit that it resolves also show the key role that whistleblowers can play in these types of prosecutions. Qui tam and other fraud reports made by employees or other business partners have become a significant tool in the Federal government’s war against health care fraud. The Amgen Settlement and other recent prosecutions and settlement show that Federal officials are acting on this promise and that whistleblowers increasingly are helping them to do so.

As this trend continues, pharmaceutical companies and other health care providers subject to the anti-kickback and other health care fraud laws will need to review their existing and former practices to identify pre-existing and ongoing exposures, and decide what steps to take, if any, to mitigate these risks. In addition to considering what corrective actions, if any are needed generally, these organizations also should consider the workforce management and other internal controls that will help promote compliance with these policies and manage potential whistleblower and other liabilities.

In addition to working to promote compliance with the False Claims Act and other health care laws, pharmaceutical companies and health care providers need to implement strong internal investigation, audit, and employee and contractor management procedures to help self-discover and address potential compliance or other liability concerns. These processes and policies should involve but not be limited to hotlines and other processes for reporting suspected fraud or other misconduct. Most companies also should consider adopting and enforcing strong policies that require employees, contractors and other business partners to timely report and coöperate in the investigation and redress of potential health care fraud or other legal violations, should promptly investigate and redress as needed alleged noncompliance, and should retaliation against individuals making these reports in good faith.

For More Information Or Assistance

For help reviewing and updating your Stark Law, Anti-Kickback Statute, or other health care compliance, workforce, internal controls and risk management policies, practices or programs; assessing the strength of your organizations existing risk management and compliance controls under these laws or other healthcare laws and regulations; or in addressing other compliance or health care concerns, please contact Cynthia Marcotte Stamer via e-mail here or via telephone at 469.767.8872. To review and register to receive other helpful updates or for more information about Ms. Stamer and her experience, see here.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to get information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Anti-KickBack, Controlled Substances, Corporate Compliance, Evidence Based Medicine, false claims act, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Medicaid, Medicare, OIG, Pharmacy, Prescription Drugs, Reimbursement | Tagged: FDA, Federal Sentencing Guidelines, Food and Drug, GlaxoSmithKiine, Health Care, Health Care Fraud, Health Care Fraud Task Force, Pharma, Pharmaceudical | Permalink
Posted by Cynthia Marcotte Stamer

HHS Publishes Medicaid Expansion Final Regs, Invites Public Comment

April 1, 2013

The Department of Health & Human Services (HHS) has published its final rule with a request for comments that provides, effective January 1, 2014, the federal government will pay 100 percent of the cost of certain newly eligible adult Medicaid beneficiaries. These payments will be in effect through 2016, phasing down to a permanent 90 percent matching rate by 2020. The Affordable Care Act authorizes states to expand Medicaid to adult Americans under age 65 with income of up to 133 percent of the federal poverty level (approximately $15,000 for a single adult in 2012) and provides unprecedented federal funding for these states.

Under the Affordable Care Act, states that cover the new adult group in Medicaid will have 100 percent of the costs of newly eligible Americans paid for by the federal government in 2014, 2015, and 2016. The federal government’s contribution is then phased-down gradually to 90 percent by 2020, and remains there permanently. For states that had coverage expansions in effect prior to enactment of the Affordable Care Act, the rule also provides information about the availability of an increased FMAP for certain adults who are not newly eligible.

For the full text of the final rule, see http://www.ofr.gov/inspection.aspx.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Hospitals with 2012 CMS Adverse Complaint Inspection Reports in AHCJ Data Bank Should Prepare Response

March 27, 2013

Acute-care and critical access hospitals that had adverse complaint inspections in 2012 by the Centers for Medicare & Medicaid Services (CMS) may want to prepare to respond to press and public inquiries. The Association of Health Care Journalists (AHCJ) updated its website, healthcareinspectionreports.com, to include details about deficiencies cited during complaint inspections at acute-care and critical access hospitals throughout the United States since January 1, 2011 obtained from CMS.

Although AHCJ cautions in its website that the posted data should not be used to rank hospitals because of omissions and limitations in the data, hospitals with posted reports in the data bank should expect that the reports on their hospital may draw the attention of the media, patients, health plans and others.

AHCJ publishes the reports, which historically have not been easily accessible to the general public. AHCJ cautions that the data is not necessarily complete and should not be used to rank hospitals within a state. AHCJ says data on acute-care and critical hospital access hospitals is incomplete because CMS has just begun gathering this data and releasing it in electronic format. AHCJ also says some reports are missing narrative details. Beyond that, CMS acknowledges that other reports that should appear may not. It does not include results of routine inspections or those of psychiatric hospitals or long-term care hospitals. It also does not include hospital responses to deficiencies cited during inspections. Those can be obtained by filing a request with a hospital or the U.S. Centers for Medicare and Medicaid Services (CMS).AHCJ to make future iterations of this data more complete. At this time, this data should not be used to rank hospitals within a state or between states. It can be used to review issues identified at hospitals during recent inspections.

Subject to these limitations, an individual wishing to review the available data can click on a state on the map will retrieve a list of all hospitals with their violations grouped together.

In anticipation of potential media or public review and reaction to the AHCJ website posting, hospitals with adverse reports posted on the website should consider acting proactively. Hospitals should consult with counsel and their public relations team to plan and prepare a factually accurate response to the shared reports and other suitable mitigation activities.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: health care quality, Health Plans, Hospitals, Public Relations | Permalink
Posted by Cynthia Marcotte Stamer

OCR Invites Comments On Plans to Survey HIPAA Covered Entities Audited Under 2012 HIPAA Audit Program

March 25, 2013

The Department of Health & Human Services (HHS) Office of Civil Rights (OCR) wants to ask the 115 health plans, health care clearinghouses, and health care providers (covered entities) that OCR audited in 2012 for compliance with Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA) under its HIPAA Audit Program to share feedback about their experience. The planned survey announcement follows OCR’s recent released of restated HIPAA Privacy & Security Rules scheduled to take effect in September, 2013 and as OCR continues and expanding its HIPAA Audit Program in 2013. All together, the signs are clear that covered entities should update and strengthen their HIPAA compliance and risk management practices to withstand the tightened rules and enforcement.

OCR initiated the HIPAA Audit Program in 2012 to comply with Section 13411 of the Health Information Technology for Economic and Clinical Health Act’s requirement that it audit covered entity and business associate compliance with the HIPAA privacy, security, and breach notification rules. While it continues its HIPAA Audit Program in 2013, OCR also is evaluating the effectiveness of the HIPAA Audit Program audits in 2012.

To this end, OCR currently is conducting a review of the HIPAA Audit program to determine its efficacy in assessing the HIPAA compliance efforts of covered entities. As part of that review, OCR plans to ask covered entities audited under the HIPAA Audit Program in 2012 to complete an online survey about their experience. In anticipation of its conduct of the proposed surveys, OCR is inviting public comment on the burden to Covered Entities to complete the planned online survey, which OCR estimates will take two hours to complete through May 20, 2013. According to OCR, the survey will gather information on the effect of the audits on the audited entities and the entities’ opinions about the audit process. The online survey will be used to:

Measure the effect of the HIPAA Audit program on covered entities;
Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the audit report findings and recommendations;
Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests;
Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations; and
Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program.

OCR says it will use the information, opinions, and comments collected using the online survey to produce recommendations for improving the HIPAA Audit program.

For instructions to comment or more details, see here.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

On Health Reform Law’s 3rd Anniversary, Test Your Reform Knowledge

March 21, 2013

March 21, 2013 is the 3rd Anniversary of the Affordable Care Act. With the 2014 rollout of the next round of reforms approaching, the Kaiser Family Foundation invites you to take its latest interactive quiz to test your knowledge about what’s in – and what’s not in – the health reform law and encourage your friends and family to do the same. You can compare your knowledge with others and share your results on Facebook and Twitter. The quiz also includes links to more information about specific provisions of the law.

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Affordable Care Act, Health Care Reform | Permalink
Posted by Cynthia Marcotte Stamer

Maintaining Patient Problem List Under Meaningful Use Core Measure 3 To Support Patient Care

March 16, 2013

ONC is sharing resources to help health care providers see the value of and effectively incorporate and use active patient problem lists as part of the electronic health records systems (EHRs).

Meaningful Use Core Measure 3 calls for physicians and other eligible professionals to design their electronic health record systems to incorporate and maintain an up-to-date problem list of current and active diagnoses of patients.

The requirement reflects ONC’s determination that accurate active problem lists and the fast overview of patient history’s they provide are a “mainstay” of efficient and effective primary care. Effective active patient problem lists in EHRs make this information available to all clinic staff and the on-call team improves the efficiency and effectiveness of the care team.

To support this goal, the requirement that Meaningful Use Core Measure 3 calls for more than 80 percent of all unique patients seen by the eligible professional have at least one entry or an sign that no problems are known for the patient recorded as structured data.

Review the requirements of Core Measure 3 and access other tips and resources for developing and using effective patient problem lists in EHRs here.

For More Information Or Assistance

About Solutions Law Press

1 Comment | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: EHR, Health Care, Meaningful Use | Permalink
Posted by Cynthia Marcotte Stamer

CMS 2nd Recalculation Medicare Readmission Penalties In 6 Months Cuts Overall Penalties By $10M

March 15, 2013

The Centers for Medicare & Medicaid Services (CMS)for the second time in six months has corrected errors in its calculation of Medicare readmission penalties imposed against more than 1,000 hospitals imposed under the Medicare Hospital Readmission Reduction Program.

Under the Medicare Readmission Reduction Program, CMS is penalizing hospitals whose readmissions within 30 days following their discharge of heart attack, heart failure and pneumonia patients exceed the rate CMS expects based on their patient risks with the loss of up to 1 percent of their regular payments. This maximum penalty ramps is slated to rise to up to 2 percent in October and 3 percent in 2014.

While some hospital’s penalties went up and most went down, the net effect of the recalculation back to the program’s origination last October is a $10 million reduction in the overall penalties resulting in an adjusted total of $280 million for 2013.

An updated chart of the corrected readmission penalties prepared by Kaiser Health News is available here.

Part of new CMS “quality” provisions, the readmission penalties have prompted widespread concern by many hospital and other health care leaders as penalizing hospitals for readmissions beyond their control. Supports of the penalties say that the penalties can encourage hospitals to provide better quality and reduce costs by emphasizing appropriate discharge planning.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, Medicaid Fraud, Medicare, Medicare Fraud Task Force, readmissions penalty | Permalink
Posted by Cynthia Marcotte Stamer

Hospital’s Disability Discrimination Settlement 4th In 5 Weeks For Justice Department

March 13, 2013

Health Care Providers Must Strengthen Disability Compliance & Risk Management

Health care providers beware! The Obama Administration is targeting health care providers that violate the Americans with Disabilities Act (ADA) and Section 504 of the Rehabilitation Act of 1973 (Rehab Act) and other federal disability discrimination laws.

On March 13, 2013, the Justice Department announced that Glenbeigh Hospital (Glenbeigh) of Rock Creek, Ohio is the fourth health care provider in five weeks to agree to a settlement with the Justice Department resolving disability discrimination charges brought under its Barrier Free Health Care Initiative (Initiative). The Glenbeigh settlement is one of a growing list of disability discrimination settlements and judgements against health care providers brought by the Justice Department, the Department of Health & Human Resources Office of Civil Rights and other federal agencies.

Barrier Free Health Care Initiative Targets Health Care Providers For Disability Discrimination

Launched on the 22^nd anniversary of the ADA in July 2012, the Initiative is a partnership of the Civil Rights Division and 40 U.S. Attorney’s offices across the nation, that targets ADA and other disability discrimination law enforcement efforts on a critical area for individuals with disabilities.

Part of a broader enforcement initiative of the Obama Administration to enforce and expand federal protections for individuals with disabilities, the Initiative seeks to protect patients with disabilities against illegal disability discrimination by prosecuting health care providers under the ADA and the Rehab Act.

Section 504 of the Rehab Act requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. The public accommodation provisions of the ADA, for instance, generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities. The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

Glenbeigh ADA Disability Discrimination Settlement

According to the Justice Department, Glenbeigh has agreed to a settlement resolving charges it violated the ADA by denying admission to someone because of HIV. The fourth ADA disability discrimination settlement addressing HIV discrimination by a medical provider reached by the Justice Department in six weeks, the settlement requires Glenbeigh to pay $32,500 to the complainant, $5,000 in civil penalties, train its staff on the ADA and develop and implement an anti-discrimination policy.

The settlement resolves Justice Department charges that engaged in prohibited disability discrimination in violation of the ADA by unlawfully refusing to admit someone with HIV into its alcohol treatment program because of the side effects of his HIV medication. Glenbeigh’s alcohol treatment program consists of helping patients through the physical aspects of recovery, as well as providing counseling and incorporating spiritual healing. The Justice Department determined Glenbeigh cannot show that treating the complainant would have posed a direct threat to the health or safety of others.

In announcing the Glenbeigh settlement, the Justice Department warned other providers against illegal disability discrimination against individuals with HIV or other disabilities.

“Ensuring access to medical care for people with HIV requires that those in the medical field make medical decisions that are not based on fears or stereotypes,” said Thomas E. Perez, Assistant Attorney General for the Civil Rights Division. “The ADA does not tolerate HIV discrimination and neither will the Justice Department.”

Glenbeigh Settlement Part of Larger Disability Enforcement Trend

Settlements like Glenbeigh’s are growing increasingly common as the Initiative picks up steam. As part of a broader emphasis on the enforcement of disability and other federal discrimination laws by the Obama Administration, Federal agencies are making investigation and prosecution of suspected disability discrimination by health industry and other organizations a priority.

In the past five weeks, the Justice Department announced similar agreements with Woodlawn Family Dentistry, the Castlewood Treatment Center, and the Fayetteville Pain Center to address HIV discrimination. These new settlements add to a growing list of Justice Department disability discrimination enforcement actions against health care providers. Along side a growing list of disability discrimination settlements and prosections, the Justice Department has a website dedicated to disabilities law enforcement, which includes links to settlements, briefs, findings letters, and other materials.

The Justice Departments campaign against disability discrimination by health care providers is supported and enhanced by the concurrent efforts of OCR. Along side the Justice Department’s efforts, OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with the Rehab Act and the ADA well as various other federal nondiscrimination and civil rights laws. Through its own antidiscrimination campaign, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. See, e.g. Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled. Meanwhile, both the Justice Department and OCR also are encouraging victims of discrimination to enforce their rights through private action through educational outreach to disabled and other individuals protected by federal disabilities and other civil rights laws to make them aware of and to encourage them to act to enforce these rights.

Providers Should Act To Manage Patient-Related Disability Discrimination Risks

Prosecutions and settlements like the Glenbeigh settlements show the need for health care providers and other public and private organizations to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the Justice Department, OCR, the Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits. Hospitals, health care clinics, physicians and other health care providers should take steps to guard against joining the growing list of health care providers caught in the enforcement sights of the Initiative by reviewing and updating practices, policies, training and oversight to ensure that their organizations can prevent and defend against charges of disability discrimination.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

In light of the expanding readiness of the Justice Department, OCR, HUD, EEOC and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and help businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. ©2013 Cynthia Marcotte Stamer, P.C. All rights reserved.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Par Pharmaceutical Pays $45 Million For Illegal Off-Label Marketing Of Megace ES

March 11, 2013

New Jersey-based Par Pharmaceutical Companies Inc. (Par) must pay more than will pay $45 million to resolve their criminal and civil liability under its March 5, 2013 guilty plea to illegally promoting off-label uses of the prescription drug Megace ES in violation of Food and Drug Administration (FDA) rules and wrongfully promoting and billing Medicare for its use. The Par guilty plea followed a guilty plea by Par’s Chief Executive Officer Paul V. Campanelli earlier in the day in a New Jersey federal court.

Par also entered into a civil settlement that resolved three lawsuits filed under the whistleblower provisions of the False Claims Act, which let private parties to file suit on behalf of the United States and obtain part of the government’s recovery. The civil lawsuits filed in New Jersey are U.S. ex rel. McKeen and Combs v. Par Pharma ceutical, et al., U.S. ex rel. Thompson v. Par Pharmaceutical, et al., and U.S. ex rel. Elliott & Lundstrom v. Bristol-M yers Squibb, Par Pharma ceutical, et al. As part of today’s resolution, relators McKeen and Combs will receive $4.4 million. The actions provide another example of the growing role of whistleblowers to the success of federal health care fraud detection and enforcement efforts.

Par Criminal & Charges

The Federal Food, Drug and Cosmetic Act (FDCA) requires companies such as Par to specify the intended uses of a product in its new drug application to the FDA. Once approved, a drug may not be distributed in interstate commerce for unapproved or “off-label” uses until the company receives FDA approval for the new intended uses.

Par pleaded guilty to a federal a criminal misdemeanor violation of these rules by misbranding Megace ES in violation of the FDCA. Megace ES, a megestrol acetate drug product was approved by the FDA to treat anorexia, cachexia, or other significant weight loss suffered by patients with AIDS. Federal prosecutors charged that Megace ES distributed nationwide by Par was criminally misbranded because its FDA-approved labeling lacked adequate directions for use in the treatment of non-AIDS-related geriatric wasting, a use that was intended by Par but never approved by the FDA.

Federal Judge Judge Arleo fined Par $18 million and ordered $4.5 million in criminal forfeiture. Par also entered into a civil settlement agreement to settle associated civil liability.

The civil settlement agreement requires Par to pay $22.5 million to the federal government and various states to resolve claims arising from its off-label marketing. The civil settlement resolves allegations that Par, by promoting the sale and use of Megace ES for uses that were not FDA-approved and not covered by Federal health care programs, caused false claims to be submitted to these programs. The United States further alleged that Par deliberately and improperly targeted sales to elderly nursing home residents with weight loss, whether or not such patients suffered from AIDS, and launched a long-term care sales force to market to this population. During this marketing campaign, the government charged Par was aware of adverse side effects associated with the use of megestrol acetate in elderly patients, including an increased risk of deep vein thrombosis, toxic reactions in elderly patients with impaired renal function, and mortality. The United States alleged that Par made unsubstantiated and misleading representations about the superiority of Megace ES over generic megestrol acetate for elderly patients to encourage providers to switch patients from generic megestrol acetate to MegaceES, despite having conducted no well-controlled studies to support a claim of greater efficacy for Megace ES.

As part of plea agreement and corporate integrity agreements reached to resolve its civil and criminal charges, Par committed to the Department of Justice, the Department of Health & Human Services (HHS) and its Office of Inspector General. Par to implement several compliance measures and annually provide the U.S. Attorney’s Office and other agencies with certain reports.

The plea agreement and corporate integrity agreement include provisions that require Par to implement changes to the way it does business. The plea agreement and agreement prohibit Par from providing compensation to sales representatives or their managers based on the volume of sale of Megace ES, and in the corporate integrity agreement, based on the volume of Megace ES and any branded successor megestrol acetate drug.

The agreements also dictate individual accountability of Par’s board and executives. Under the agreement, Par is also required to change its executive compensation program to permit the company to recoup annual bonuses from covered executives if they, or their subordinates, engage in significant misconduct. Company executives may have to forfeit annual bonuses if they or their subordinates engage in significant misconduct, and sales representatives may not be paid incentive compensation for the drug involved in the case, or successor branded versions of that drug. For instance, the plea agreement requires Par give the Justice Department a sworn certification from its chief executive officer that the company has not unlawfully marketed any of its pharmaceutical products.

Par Prosecutions Part Of Larger Aggressive Health Care Fraud Enforcement

The Par civil and criminal charges were brought as part of the ongoing war against health care fraud conducted by federal and state officials. Its announcement is just one of high-profile health care fraud charges, settlements and convictions announced by the Justice Department in the first seven days of March. See, e.g., Health Care Clinic Director Pleads Guilty in Miami for Role in $63 Million Health Care Fraud Scheme; Orange County Doctor Convicted of Six Counts of Health Care Fraud in Multi-Million Dollar Scam involving Durable Medical Equipment; Manhattan U.S. Attorney Sues Park Avenue Medical Associates for Medicare Billing Fraud; Par Pharmaceuticals Pleads Guilty and Agrees to Pay $45 Million to Resolve Civil and Criminal Allegations Related to Off-Label Marketing; Doctor gets 50 Month Sentence for Health Care Fraud & Tax Evasion; and Nelson County, Kentucky Drug Store Owner Charged With Health Care Fraud and Wire Fraud.

Already a lead federal enforcement priority for more than a decade, the Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2012 (FY2012 Report) documents that DOJ and HHS health care fraud enforcement activities scored big in 2012, and that qui tam whistleblowers played a big part and shared big in the profits. See Federal Health Care Fraud & Abuse Recovery of $4.2 Billion In FY 2012 Shows Enforcement Risks Growing.

Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges. Along with a broad health care fraud enforcement and compliance programs, these efforts should include targeted efforts to prevent and manage fraud and other whistleblower claims by employees, business partners and others.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: FDA, Health Care Fraud, Medicaid Fraud, Medicare, Medicare Fraud Task Force, Off Label | Permalink
Posted by Cynthia Marcotte Stamer

Corpus Christi Radiology Group & Clinic $2.3 Million To Settle Health Care Fraud Charges

March 11, 2013

Children’s Physician Services of South Texas (CPSST) and Radiology Associates jointly will pay $2.3 million to settle claims they violated the False Claims Act and the Texas Medicaid Fraud Prevention Act between 2002 and 2007.

The CPSST & Radiology Associates Settlement as part of another busy week of health care fraud enforcement by the Justice Department. See, Health Care Clinic Director Pleads Guilty in Miami for Role in $63 Million Health Care Fraud Scheme; Orange County Doctor Convicted of Six Counts of Health Care Fraud in Multi-Million Dollar Scam involving Durable Medical Equipment; Manhattan U.S. Attorney Sues Park Avenue Medical Associates for Medicare Billing Fraud; Par Pharmaceuticals Pleads Guilty and Agrees to Pay $45 Million to Resolve Civil and Criminal Allegations Related to Off-Label Marketing; Doctor gets 50 Month Sentence for Health Care Fraud & Tax Evasion; and Nelson County, Kentucky Drug Store Owner Charged With Health Care Fraud and Wire Fraud. These and other growing health care fraud charges, settlements and convictions show the zealous enforcement by federal prosecutors is continuing. To guard against getting caught in the health care fraud hopper, health care providers must constantly look at current and past practices against emerging regulations and enforcement and take prompt steps to maintain compliance and minimize risks as they become clear.

CPSST & Radiology Associates Settlement Highlights

According to the March 5, 2013 announcement of United States Attorney Kenneth Magidson, the charges settled involved allegations that CPSST billed and received payment for Radiology Associates’ professional services and, without disclosing the payments, directed Radiology Associates to bill and receive payment for the same professional services. Magidson says that CPSST, a part of the Driscoll Health System, agreed to pay $1.5 million, while Radiology Associates, an independent physician group serving the Driscoll Health System, agreed to pay $800,000 to settle claims they billed and received payment twice for the professional reading and interpretation of genetic ultrasounds.

Medicare billing rules recognize two components for each ultrasound, a technical component and a professional component. The technical component refers to the actual taking of the ultrasound by a technician and the professional component refers to the reading and interpretation of the ultrasound images by a physician, usually a radiologist.

According to federal prosecutors, CPSST made arrangements to have Radiology Associates read and interpret the ultrasounds taken at CPSST. From Jan. 1, 2002, to June 1, 2007, Radiology Associates read and interpreted several thousand ultrasounds for CPSST. The understanding between the two providers was that CPSST would bill and receive payment solely for the technical component and Radiology Associates would bill and receive payment solely for the professional component. In reality, CPSST billed and received payment for both the technical and professional components without informing or disclosing this fact to Radiology Associates. Upon discovery of this fact, Radiology Associates informed CPSST about the double billing for the professional component, but CPSST denied billing for the professional component except for a few accidental and isolated occasions. Instead, CPSST instructed and directed Radiology Associates to continue to bill for the professional component and reaffirmed that CPSST would only bill for the technical component. Despite additional evidence of double billing, Radiology Associates ignored the evidence, accepted CPSST’s misrepresentations without question and continued to bill and receive payment for the professional component.

Government funded health care programs such as Medicare, Medicaid, TRICARE and the Federal Employees Health Benefits program agree to pay enrolled health care providers once for the technical and professional components of each ultrasound performed on a patient covered by theses health care programs. Health care providers enrolled and servicing patients covered by these government-funded health care programs are prohibited from billing and receiving payment twice for the ultrasound’s technical or professional component.

The settlement resolves allegations made against Radiology Associates, Children’s Physician Services of South Texas, Center for Genetic Services, and Raymond C. Lewandowski Jr. M.D. in a qui tam or whistleblower lawsuit filed in 2008 by a former revenue manager and coding compliance officer with Radiology Associates. Under the False Claims Act, private citizens can bring suit on behalf of the government and share in any amounts that are obtained through that legal action. In this case, the share will be between 15 – 25% of the proceeds of the overall settlement.

The investigation was conducted by the United States Department of Health and Human Services – Office of Inspector General and the Texas Attorney General’s Medicaid Fraud Control Unit and Civil Medicaid Fraud Division.

Strike Force & Other Zealous Health Care Fraud Enforcement Continues

The settlement and other fraud enforcement actions provide clear evidence of the risks health care providers and their management face if they are found to have participated in activities that federal or state health care fraud prosecutors view as violating health care fraud rules.

The FY2012 Report says DOJ opened 1,131 new criminal health care fraud investigations involving 2,148 potential defendants. Federal prosecutors had 2,032 health care fraud criminal investigations pending, involving 3,410 potential defendants, and filed criminal charges in 452 cases involving 892 defendants. A total of 826 defendants were convicted of health care fraud-related crimes during the year. Also in FY 2012, DOJ opened 885 new civil health care fraud investigations and had 1,023 civil health care fraud matters pending at the end of the fiscal year. In FY 2012, Federal Bureau of Investigation (FBI) health care fraud investigations resulted in the operational disruption of 329 criminal fraud organizations, and the dismantlement of the criminal hierarchy of more than 83 criminal enterprises engaged in health care fraud.

Meanwhile, HHS’ Office of Inspector General (HHS/OIG) excluded 3,131 individuals and entities in FY 2012. Among these were exclusions based on criminal convictions for crimes related to Medicare and Medicaid (912) or to other health care programs (287); for patient abuse or neglect (212); and as a result of licensure revocations (1,463). In addition, HHS/OIG imposed civil monetary penalties against, among others, providers and suppliers who knowingly submitted false claims to the Federal government. HHS/OIG also issued many audits and evaluations with recommendations that, when implemented, would correct program vulnerabilities and save program funds.

The enforcement actions announced by the Justice Department the first week of March, 2013 make clear federal prosecutors are gunning for even greater health care fraud enforcement success in 2013. See Health Care Clinic Director Pleads Guilty in Miami for Role in $63 Million Health Care Fraud Scheme; Orange County Doctor Convicted of Six Counts of Health Care Fraud in Multi-Million Dollar Scam involving Durable Medical Equipment; Manhattan U.S. Attorney Sues Park Avenue Medical Associates for Medicare Billing Fraud; Par Pharmaceuticals Pleads Guilty and Agrees to Pay $45 Million to Resolve Civil and Criminal Allegations Related to Off-Label Marketing; Doctor gets 50 Month Sentence for Health Care Fraud & Tax Evasion; and Nelson County, Kentucky Drug Store Owner Charged With Health Care Fraud and Wire Fraud.

Act To Manage Risks

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, Medicaid Fraud, Medicare, Medicare Fraud Task Force | Permalink
Posted by Cynthia Marcotte Stamer

Houston Ambulance Service Owner Convicted Of Health Care Fraud Faces Up To 70 Years

March 11, 2013

A Houston, Texas Federal jury on March 4, 2013 convicted the owner and operator of a Houston-area ambulance company, Olusola Elliott, of one count of conspiracy to commit health care fraud and six counts of health care fraud for submitting false and fraudulent claims to Medicare for ambulance services.

Elliott owned and operated Double Daniels LLC, a Texas entity that purportedly provided non-emergency ambulance services to Medicare beneficiaries in the Houston area. During the course of the scheme, the Justice Department charged that Elliott submitted and caused the submission of approximately $1,713,716 in fraudulent ambulance service claims to Medicare.

According to evidence presented at trial, Elliott and others conspired from April 2010 through December 2011 to unlawfully enrich themselves by submitting false and fraudulent claims to Medicare for ambulance services that were medically unnecessary and not provided. Evidence showed that Elliott falsified patient records in order to fraudulently bill Medicare for beneficiaries who were not in need of ambulance services. According to court documents, Elliot transferred the proceeds of the fraud to himself and others after Medicare payments were sent to Double Daniels.

Elliot is scheduled for sentencing on May 31, 2013, in Houston. The six health care fraud counts and the conspiracy count each carry a maximum potential penalty of 10 years in prison and a $250,000 fine

Federal prosecutors brought the charges as part of the Medicare Fraud Strike Force, supervised by the U.S. Attorney’s Office for the Southern District of Texas and the Criminal Division’s Fraud Section.

Strike Force & Other Zealous Health Care Fraud Enforcement Continues

The conviction is another reminder to health care providers, leaders and organizations of the advisability of tightening compliance practices and taking other steps to guard against ever-expanding health care fraud exposures. Even as the jury convicted Elliott, federal prosecutors finalizing a health care fraud settlement with another group of Texas providers. On March 5, 2013, the Justice Department announced that Children’s Physician Services of South Texas (CPSST) and Radiology Associates had agreed to pay more than $2 million collectively to settle claims they violated the False Claims Act and the Texas Medicaid Fraud Prevention Act between 2002 and 2007. Under the settlement, CPSST, a part of the Driscoll Health System, agreed to pay $1.5 million, while Radiology Associates, an independent physician group serving the Driscoll Health System, will pay $800,000 to settle claims they billed and received payment twice for the professional reading and interpretation of genetic ultrasounds. See, Corpus Christi Radiologist Group and Children’s Genetic Services Clinic Settle False Claims Act Allegations.

Act To Manage Risks

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, HEAT, Medicaid Fraud, Medicare, Medicare Fraud, Medicare Fraud Task Force | Permalink
Posted by Cynthia Marcotte Stamer

Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled

March 5, 2013

Health care providers dealing with patients with hearing, language, cognitive, or other disabilities are reminded to use care to provide interpreters or other accommodations when necessary to care for disabled or other language limited patients by a settlement announced with Genesis HealthCare (Genesis).

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today that Genesis has reached an agreement to settle OCR charges that it violated Section 504 of the Rehabilitation Act of 1973 (Act) by failing to provide an interpreter for a language impaired patient. The latest in a growing list of enforcement actions by OCR against health care providers for failing to provide interpreters or other accommodations for disabled, English-as-a-second-language, or other language impaired patients, it reminds health care providers of the importance of providing appropriate interpreter or other accommodations needed to enable patients to properly understand and participate in their care. The announcement comes as HHS is releasing new resources reminding health care providers and others of the need to provide appropriate language access resources to these and other patients and their caregivers with language challenges.

Genesis Settlement

As interpreted by OCR, the Act requires that health care and other facilities covered by the Act take appropriate steps to ensure effective communications with patients when delivering health care or other services.

The settlement follows an OCR investigation of a complaint that Genesis, one of the largest providers of senior care violated the Act by failing to provide a qualified interpreter to a resident at its skilled nursing facility in its Randallstown, Maryland. Genesis operates more than 400 skilled nursing centers and assisted/senior living communities across 29 states.

According to OCR, an OCR investigation conducted under the Act found Genesis center staff at the facility harmed the health care and overall health status of the patient by not providing a qualified interpreter, evaluations of his care and discussions on the effects of his numerous medications and the risks caused by not following recommended treatments and prescription protocols. OCR charged the Genesis staff improperly relied on written notes and gestures to communicate with the resident—even while conducting a comprehensive psychiatric evaluation of him. OCR concluded that a qualified sign language interpreter was necessary for the patient and staff to be able to communicate effectively with each other regarding treatment.

Under the settlement terms, all 400 Genesis skilled nursing facilities must comply with the terms and conditions of the settlement. The settlement also requires Genesis to form an auxiliary aids and services hotline; create an advisory committee to provide guidance and direction on how to best communicate with the deaf and hard of hearing community; designate a monitor to conduct a self-assessment and get feedback from deaf and hard of hearing individuals and advocates and conduct outreach to promote awareness of hearing impairments and services that are available for deaf and hard of hearing individuals. In addition Genesis will pay monetary penalties for noncompliance with any terms of the agreement.

In announcing the settlement, OCR Director emphasized OCR’s commitment to enforcing the Act’s nondiscrimination provisions. “This patient’s care was unnecessarily and significantly compromised by the stark absence of interpreter services,” said Rodriguez. “My office continues its enforcement activities and work with providers, particularly large health care systems like Genesis, to make certain that compliance with nondiscrimination laws is a system wide obligation.”

The settlement follows two enforcement actions by OCR in early February to ensure deaf and hard of hearing individuals living in New York and Washington, D.C., have equal access to programs and services provided by local government agencies. Like the settlement announced today, both of those actions arose from complaints that individuals were denied interpreters. In those cases, the needed interpreters were sign language interpreters in Cattaraugus County Department of Aging (CCDOA) in New York and the District of Columbia Children and Family Services Agency (DCCFSA). OCR conducted investigations under the Actand Title II of the Americans with Disabilities Act of 1990, which require that covered entities ensure effective communication for persons with disabilities. Those actions resulted in the CCDOA voluntary resolution agreement, and the DCCFSA settlement agreement.

HHS Shares Language Access Resources

HHS views the availability of appropriate langauge accommodations as key to providing quality of care. The effort includes persons facing not only disabilities impacting communications, but others with language barriers. In support of its efforts to promote the availability and use of appropriate langauge accommodations, HSS recently shared its 2013 Language Access Plan (HHS LAP) for ensuring access to the Department’s programs and activities to people with limited English proficiency (LEP). The LEP reflects HHS’ awareness that America’s population reflects diverse communications needs. Nearly 20 percent of the population (55 million people) speaks a language other than English at home, 63 percent of hospitals treat LEP patients daily or weekly and more than 15 languages are frequently encountered by at least 20 percent of hospitals.

In accordance with Executive Order 13166, Improving Access to Services for Persons with Limited English Proficiency, the HHS LAP establishes the Department’s policy and strategy for serving persons with LEP and its commitment to the language access principals which state that people with LEP should have meaningful access to federally funded programs, activities, services and benefits. The plan available here urther serves as a blueprint for HHS Divisions to develop their own agency-specific language access plans. The HHS LAP is organized into ten cross-cutting elements with specific actions steps for HHS agencies to include in their respective agency-specific plans. The ten elements include:

ELEMENT 1: Assessment: Needs and Capacity
ELEMENT 2: Oral Language Assistance Services
ELEMENT 3: Written Translations
ELEMENT 4: Policies and Procedures
ELEMENT 5: Notification of the Availability of Language Assistance at no Cost
ELEMENT 6: Staff Training
ELEMENT 7: Assessment: Access and Quality
ELEMENT 8: Stakeholder Consultation (New Element)
ELEMENT 9: Digital Information (New Element)
ELEMENT 10: Grant Assurance and Compliance (New Element)

Hospitals and other health care providers should use these elements as guidelines for meeting the needs for language limited populations and patients, as well as to help structure the elements for assessment and accommodation of persons with disabilities impacting the abiity to communicate.

Enforcement Exposures Rising

The settlement and Director Rodriguez’s statements should alert health care providers and other public and private organizations of the need to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the U.S. Department of Justice, Department of Health & Human Services Office of Civil Rights (OCR), Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits.

As part of a broader emphasis on the enforcement of disability and other federal discrimination laws by the Obama Administration, Federal agencies are making investigation and prosecution of suspected disability discrimination by health industry and other organizations a priority. OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with Section 504 of the Rehabilitation Act of 1973 (Section 504) and the ADA well as various other federal nondiscrimination and civil rights laws.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

Most health care and other U.S. businesses fully appreciate the growing disability discrimination exposures in employment but often are less aware of or ready to manage their responsibilities under the ADA public accommodation rules or other laws.

Employment Discrimination Under ADA

Title I of the ADA prohibits employers from discriminating against individuals on the basis of disability in various aspects of employment. The ADA’s provisions on disability-related inquiries and medical examinations show Congress’s intent to protect the rights of applicants and employees to be assessed on merit alone, while protecting the rights of employers to make sure that individuals in the workplace can efficiently do the essential functions of their jobs. An employer generally violates the ADA if it requires its employees to undergo medical examinations or submit to disability-related inquiries that are not related to how the employee performs his or her job duties, or if it requires its employees to disclose over broad medical history or medical records. Title I of the ADA also generally requires employers to make reasonable accommodations to employees’ and applicants’ disabilities as long as this does not pose an undue hardship or the employer the employer otherwise proves employing a person with a disability with reasonable accommodation could not end significant safety concerns. Employers generally bear the burden of proving these or other defenses. Employers are also prohibited from excluding individuals with disabilities unless they show that the exclusion is consistent with business necessity and they are prohibited from retaliating against employees for opposing practices contrary to the ADA.

Violations of the ADA can expose businesses to substantial liability. Violations of the employment provisions of the ADA may be prosecuted by the EEOC or by private lawsuits and can result in significant judgments. Employees or applicants that can prove they were subjected to prohibited disability discrimination under the ADA generally can recover actual damages, attorneys’ fees, and up to $300,000 of exemplary damages (depending on the size of the employer).

ADA Public Accommodation & Other Federal Discrimination

In addition to the well-known and expanding employment discrimination risks, public and private health care and housing providers also increasingly face disability discrimination exposures under various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws that the Obama Administration views as high enforcement priorities.

Section 504 requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance. The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

As a result of its stepped up enforcement of the ADA, Section 504 and other civil rights and nondiscrimination rules, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. While OCR continues to wage this enforcement battle in the programs it administers, the Departments of Justice, Housing & Urban Development, Education, Labor and other federal agencies also are waging war against what the Obama Administration perceives as illegal discrimination in other areas. Along side their own enforcement activities, OCR and other federal agencies are maintaining a vigorous public outreach to disabled and other individuals protected by federal disabilities and other civil rights laws intended to make them aware of and to encourage them to act to enforce these rights. To be ready to defend against the resulting risk of claims and other enforcement actions created by these activities, health care, housing and other U.S. providers and businesses need to tighten compliance and risk management procedures and take other steps to prepare themselves to respond to potential charges and investigations.

Enforcement of Discrimination & Other Civil Rights Laws Obama Administration Priority Putting Public & Private Providers At Risk

A growing list of ADA and other disability discrimination law enforcement actions against private and public health care and housing providers, state and local governments and other businesses under the Obama Administration make it increasingly critical that health care organizations and other businesses manage disability discrimination risk both in their employment practices and their other business operations.

As for employment discrimination, violators of these and other federal discrimination prohibitions applicable to the offering and delivery of services and products also face exposure to large civil damage awards to private plaintiffs as well as federal program disqualification, penalties and other federal agency enforcement. Unfortunately, while most businesses and governmental leaders generally are sensitive to the need to maintain effective compliance programs to prevent and redress employment discrimination, the awareness of the applicability and non-employment related disability and other discrimination risk management and compliance lags far behind.

When considering these potential exposures, many private health care organizations mistakenly assume that OCR’s enforcement actions are mostly a problem for state and local government agencies because state and local agencies and service providers frequently in the past have been the target of OCR discrimination charges. As demonstrated by the ADA exposures are high for both public and private providers, however. OCR , the Department of Justice and other federal and state agencies can and do investigate and prosecute a lot of public and private physicians, hospitals, insurers and other private health care and other federal program participants.

Consequently, disability discrimination management requires more than employment discrimination management. The Obama Administration also has trumpeted its commitment to the aggressive enforcement of the public accommodation provisions of the ADA and other federal disability discrimination laws. In June, 2012, for instance, President Obama himself made a point of reaffirming his administration’s “commitment to fighting discrimination, and to addressing the needs and concerns of those living with disabilities.”

As part of its significant commitment to disability discrimination enforcement, the Civil Rights Division at the Justice Department has aggressively enforced the public accommodation provisions of the ADA and other federal disability discrimination laws against state agencies and private businesses that it perceives to have improperly discriminated against disabled individuals. For instance, the Justice Department entered into a landmark settlement agreement with the Commonwealth of Virginia, which will shift Virginia’s developmental disabilities system from one heavily reliant on large, state-run institutions to one focused on safe, individualized, and community-based services that promote integration, independence and full participation by people with disabilities in community life. The agreement expands and strengthens every aspect of the Commonwealth’s system of serving people with intellectual and developmental disabilities in integrated settings, and it does so through a number of services and supports. The Justice Department has a website dedicated to disabilities law enforcement, which includes links to settlements, briefs, findings letters, and other materials. The settlement agreements are a reminder that private businesses and state and local government agencies alike should exercise special care to prepare to defend their actions against potential disability or other Civil Rights discrimination challenges. All organizations, whether public or private need to make sure both that their organizations, their policies, and people in form and in action understand and comply with current disability and other nondiscrimination laws. When reviewing these responsibilities, many state and local governments and private businesses may need to update their understanding of current requirements. Statutory, regulatory or enforcement changes have expanded the scope and applicability of disability and various other federal nondiscrimination and other laws and risks of charges of discrimination.

Invest in Prevention To Minimize Liability Risks

For More Information Or Assistance

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Disability, Discrimination, Health Care, Interpreter, OCR, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

OSHA Safety Violations At Veterans’ Medical Center Reminder To Manage OSHA Compliance

March 1, 2013

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has issued seven notices of unsafe or unhealthful working conditions found at the Battle Creek Veterans Administration Medical Center, following a safety inspection conducted in July as part of OSHA’s Federal Agency Targeting Inspection Program. OSHA’s announcement of the citations highlights the need for all health care and other employers to manage safety compliance. The citations highlight the high enforcement and penalty risks that public and private health care providers risk by failing to comply with OSHA’s safety, recordkeeping and reporting requirements.

Health Industry Employers High Priority OSHA Enforcement Target

Under these OSHA requirements, all employers, including federal and private health industry employers, are responsible for knowing what hazards exist in their facilities and taking appropriate precautions by following OSHA standards so workers are not exposed to such hazards. Physician practices, hospitals and other health care providers in both the public and private sectors generally are subject to these federal requirements, as well as various state and federal environmental and patient safety requirements. Enforcement of compliance in the health care industry is a high priority for OSHA because of the high rates of occupational accident and injury among health industry workers. Federal agencies generally must comply with the same safety standards as private-sector employers.

OSHA prioritizes monitoring and enforcing occupational safety standards throughout the health care industry because of the high incidence of occupational accidents and illnesses among health care workers. According to OSHA, more workers are injured in the healthcare and social assistance industry sector than any other. This industry has one of the highest rates of work related injuries and illnesses and it continues to rise. In 2020, the healthcare and social assistance industry reported a 40% increase in injury and illness cases which continues to be higher than any other private industry sector – 806,200 cases (2020 Survey of Occupational Injuries and Illnesses, BLS). Over half of these cases (447,890) resulted in at least one day away from work. The total incidence rate for this sector was 5.5 cases per 100 FTE workers in 2020, compared to 3.8 per 100 FTE workers in 2019. Nursing assistants were amongst the occupations with the highest rates of musculoskeletal disorders of all occupations in 2020, with 15,360 cases. Musculoskeletal disorders made up 52% of all days away from work cases for nursing assistants. See here. In addition to the medical staff, large healthcare facilities employ a wide variety of trades that have health and safety hazards associated with them. These include mechanical maintenance, medical equipment maintenance, housekeeping, food service, building and grounds maintenance, laundry, and administrative staff. Because of these risks, OSHA has extensive occupational health and safety requirements for physician practices, hospitals, nursing homes, home health and other health industry employers and targeted audit and enforcement programs to enforce and promote compliance with these requirements. See here.

Violations are common and frequently result in citations, particularly in certain key areas. The most frequently cited areas affecting health industry employers include violations of the following standards:

Section 1910.132, General requirements.
Section1910.133, Eye and face protection.
Section 1910.134, Respiratory protection.
Section 1910 Subpart Z – Toxic and Hazardous Substances
Section 1910.1030, Bloodborne pathogens.
Section 1910.1047, Ethylene oxide.
Section 1910.1048, Formaldehyde.
Section 1910.1096, Ionizing radiation.
Section 1910.1200, Hazard Communication.
Section 1910.1450, Occupational exposure to hazardous chemicals in laboratories.

Battle Creek VA OSHA Safety Violations

In the case of the Battle Creek Veterans Administration Medical Center, OSHA says an inspection uncovered several repeat safety violations, as well as certain other serious safety violations. OSHA reports that three repeat safety violations involved failing to evaluate the workplace to identify if permit-required confined spaces were present and label such spaces with danger signs; failing to adequately guard automated laundry equipment to prevent employees from entering the work area, and failing to fully guard the belt and pulley of an air compressor. To issue notices for repeat violations, OSHA must have issued at least one other notice for the same violation at one of the agency’s establishments within the same standard industrial classification code, commonly known as the SIC code. OSHA previously has cited U.S. Department of Veterans Affairs facilities in Danville and North Chicago, Illinois, and Minneapolis, Minnesota for the same safety and health violations.

The serious safety violations found included three serious safety violations for unguarded floor openings in the general repair shop; failing to inspect powered industrial trucks prior to placing them in service, and failing to remove trucks from service in need of repair. Additionally, OSHA found a circuit breaker panel was not mounted correctly. OSHA issues a serious notice when it finds a substantial probability that death or serious physical harm could result from a hazard about which the employer knew or should have known.

Beyond the repeat and serious violations, OSHA reports it also found one other-than-serious violation for failing to close unused openings on electrical cabinets and junction boxes. An other-than-serious violation is one that has a direct relationship to job safety and health, but probably would not cause death or serious physical harm.

While the medical center and other federal agencies are required to comply with the same OSHA rules as private sector employers, the VA and other federal agencies don’t face the same liabilities when cited. OSHA cannot propose monetary penalties against another federal agency for failure to comply with OSHA standards.

Since private sector employers that don’t enjoy the VA’s immunity liability run much greater risks for failing to maintain workplace safety, including significant civil and in the case of a workplace death, potentially even criminal penalties, private sector hospitals and other organizations should exercise special care to ensure appropriate safety in their workplaces.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has nearly 35 years of experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Employer, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care, Health Care Fraud, hospita, Hospital, Medicaid Fraud, Medicare Fraud Task Force, OSHA, Safety | Permalink
Posted by Cynthia Marcotte Stamer

Federal Health Care Fraud & Abuse Recovery of $4.2 Billion In FY 2012 Shows Enforcement Risks Growing

March 1, 2013

A new report from the Department of Health & Human Services (HHS) and the U.S. Department of Justice (DOJ) joint Health Care Fraud and Abuse Control Program (HCFC) documents the growing exposures of health care providers to federal health care fraud enforcement actions.

The charges are provide yet another powerful reminder to health care providers, leaders and organizations of the advisability of tightening compliance practices and taking other steps to guard against ever-expanding health care fraud exposures. Already a lead federal enforcement priority for more than a decade, the Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2012 (FY2012 Report) documents that DOJ and HHS health care fraud enforcement activities scored big in 2012, and that qui tam whistleblowers played a big part and shared big in the profits.

Among other things, the FY2012 Report credits HCFC with producing $4.2 Billion in health care fraud judgments and settlements in Fiscal Year 2012 of which more than $284 million of the recovered monies were paid to relators under the qui tam provisions of the False Claims Act (FCA).

The FY2012 Report says the Medicare Trust Fund received more than $2.4 billion, including civil recoveries of $935 million, $1.4 billion in criminal fines, and $89.7 million in HHS Medicare program audit disallowances.

On the enforcement front, the FY2012 Report says DOJ opened 1,131 new criminal health care fraud investigations involving 2,148 potential defendants. Federal prosecutors had 2,032 health care fraud criminal investigations pending, involving 3,410 potential defendants, and filed criminal charges in 452 cases involving 892 defendants. A total of 826 defendants were convicted of health care fraud-related crimes during the year. Also in FY 2012, DOJ opened 885 new civil health care fraud investigations and had 1,023 civil health care fraud matters pending at the end of the fiscal year. In FY 2012, Federal Bureau of Investigation (FBI) health care fraud investigations resulted in the operational disruption of 329 criminal fraud organizations, and the dismantlement of the criminal hierarchy of more than 83 criminal enterprises engaged in health care fraud.

Act To Manage Risks

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, HEAT, Medicaid Fraud, Medicare, Medicare Fraud, Medicare Fraud Task Force | Permalink
Posted by Cynthia Marcotte Stamer

OCR, FTC Enforcement & Guidance Signals Need To Tighten Mobile Device & Application Security

February 23, 2013

Thinking about or using mobile devices and applications in your heath care, health plan, or related operations or struggling to meet the demands of employees, patients, plan members or others to allow use of these tools? Be sure that you’ve taken appropriate steps to design, implement and manage legal responsibilities and risks associated with the development and use of these tools.

While the popularity, accessibility and cost-effectiveness of mobile devices and applications provides a strong incentive for health plans, health care providers, their business associates, workforce members and customers to use mobile devices and applications, the use of these technologies and applications to collect, access, or use personal health care, financial, or other sensitive information presents special challenges and risks. Unfortunately, as the use of these tools proliferates, federal officials are increasingly concerned that the data security protections afforded by many of the devices and applications in use on these highly popular smart phone, tablet and other mobile devices and applications is highly lacking. See FTC Settlement With Mobile Device & App Developer Shows Developers & Businesses Need To Manage Mobile App & Data Security.

As federal regulators and law enforcement responds to growing concerns about cyber security and other risks, heath care, health plan and other businesses, their employees, customers, and other business partners jumping on the mobile device and application bandwagon, health, application bandwagon, and the device and application developers developing and offering these tools must take appropriate steps to manage the personal health, financial, and other sensitive information and data that these tools use, create, access or disclose.

The Health Insurance Portability & Accountability Act (HIPAA) generally requires that health care providers, health plans, health care clearinghouses and their businesses associates safeguard personal health care information or “PHI” and restrict its use, access and disclosure in accordance with the extensive and highly detailed requirements of the Privacy, Security and Breach Notification Regulations of the Department of Health & Human Services Office of Civil Rights (OCR).

OCR’s collection of several multi-million dollar settlements as well as its statements in its recent restated HIPAA regulations and other OCR guidance make clear that OCR views HIPAA as imposing significant responsibilities upon covered entities and their business associates to safeguard and restrict access to PHI on mobile devices and applications. OCR’s Long-Anticipated Omnibus HIPAA Privacy, Security, Breach Notification & Enforcement Rule Tightens Privacy Requirements, Require Action; Breaches resulting from the loss or theft of unencrypted ePHI on mobile or other computer devices or systems has been a common basis of investigation and sanctions since that time, particularly since the Breach Notification rules took effect. OCR Pops Idaho Hospice In 1st HIPAA Breach Settlement Affecting < 500 Patients; Providence To Pay $100000 & Implement Other Safeguards; OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. These actions and statements of OCR provide a clear warning to HIPAA-covered entities and their business associates to expect significant consequences for failing to properly encrypt and safeguard ePHI used, accessed or disclosed on mobile devices and applications.

Of course, HIPAA shouldn’t be the only standard considered when health care providers, health plans or their business partners and vendors design and use mobile applications. In addition to HIPAA’s requirements on PHI, health care providers, health plans, health care clearinghouses, and their business partners also generally can expect that mobile devices and applications used in connection with their operations by patients, customers, employees or others also may use access, collect or disclose credit card, financial and a broad range of other sensitive information required to be protected under federal laws like the Fair & Accurate Credit Transactions Act (FACTA) or other Federal Trade Commission (FTC) Rules, state data security, data breach, identity theft or other privacy rules or both. Depending on the nature of the data and the circumstances of the unanticipated use or disclosure, invasion of privacy or other common or statutory laws also may come into play.

With the use of these applications by consumers and business proliferates, Congress, OCR, the FTC, state regulators and others are upping the responsibilities and the liability of businesses that fail to appropriately consider and implement security in their mobile devices and applications. Following on OCR’s restatement of its HIPAA regulations, the Obama Administration’s announcement of new cyber security initiatives, and a plethora of other federal and state regulatory and enforcement actions against businesses for data security missteps, the FTC recently launched a campaign to ensure that companies secure the software and devices mobile device and application providers provide consumers.

Earlier this month, the FTC introduced Mobile App Developers: Start with Security, a new business guide that encourages app developers to aim for reasonable data security.

On June 4, 2013, the FTC also plans to host a public forum on malware and other mobile security threats in order to examine the security of existing and developing mobile technologies and the roles that various members of the mobile ecosystem can play in protecting consumers.

Along side this educational outreach, the FTC also is moving to punish businesses that fail to act responsibly to protect sensitive data. This trend is illustrated by the FTC’s announcement this week of its first settlement with a mobile device manufacturer.

FTC Charges Against HTC America

This week, the FTC announced that mobile device giant HTC American, Inc. will to settle FTC charges that the company failed to take reasonable steps to secure the software it developed for its smart phones and tablet computers and introduced security flaws that placed sensitive information about millions of consumers at risk.

A leading mobile device manufacturer in the United States, HTC America develops and manufactures mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems. HTC America has customized the software on these devices in order to differentiate itself from competitors and to comply with the requirements of mobile network operators.

In its first-ever complaint against a mobile device or application developer, the FTC charged HTC America failed to incorporate and administer appropriate safeguards for personal financial and other sensitive data accessed and used in these applications when designing or customizing the software on its mobile devices. Among other things, the complaint alleged that HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties.

To illustrate the consequences of these alleged failures, the FTC’s complaint details several vulnerabilities found on HTC America’s devices, including the insecure implementation of two logging applications – Carrier IQ and HTC Loggers – as well as programming flaws that would allow third-party applications to bypass Android’s permission-based security model.

Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent. The FTC alleged that malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries about doctor’s appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the user’s geolocation information and the contents of the user’s text messages.

Moreover, the FTC complaint alleged that the user manuals for HTC Android-based devices contained deceptive representations, and that the user interface for the company’s Tell HTC application was also deceptive. In both cases, the security vulnerabilities in HTC Android-based devices undermined consent mechanisms that would have otherwise prevented unauthorized access or transmission of sensitive information.

HTC America Settlement

The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. Under the settlement agreement, HTC American must:

Fix vulnerabilities found in millions of HTC devices;
Establish a comprehensive security program designed to address security risks during the development of HTC devices; and
Undergo independent security assessments every other year for the next 20 years.

HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers’ devices. Many consumers have already received the required security updates. The FTC is encouraging consumers using HTC America applications to apply the updates as soon as possible.

The FTC Commission vote to accept the consent agreement package containing the proposed consent order for public comment was 3-0-2, with Chairman Jon Leibowitz not participating and Commissioner Maureen Ohlhausen recused. The FTC will publish a description of the consent agreement package in the Federal Register shortly.

In accordance with FTC procedures, the settlement agreement will be subject to public comment through March 22, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically or in paper form using instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113 (Annex D), 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

Act To Manage Mobile Application Device & Security

Given the expanding awareness, expectations and enforcement of OCR, FTC and others, health care, health plan and other industry participants deciding whether and when to use, or allow others to use mobile devices or applications to access data or carry out other activities and the mobile device or other technology developers and providers offering products or services to these organizations must get serious about security.

These and other related activities send a clear message that health care, health insurance mobile device and application users and developers must incorporate and administer appropriate processes and safeguards to protect PHI, personal financial and other sensitive data. In response to these developments, industry mobile device and application developers and the health care, health insurance and other businesses must consider carefully before deploying or allowing others to deploy or use these tools in relation to data within their operations or systems. Before and when using or permitting customers, business partners, employees or others to use tools, these organizations must ensure the adequacy of the design and security safeguards for their devices, software and applications, as well as their disclaimers and associated consumer disclosures and consents. Because of the special legal and operational expectations for these organizations, health care, health insurance and other industry provides must resist pressure to allow the use of these tools unless and until they can verify that these legal and operational requisites are fulfilled.

For More Information Or Assistance

If you found this article of interest, you also may be interested in other recent Solutions Law Press, Inc. articles by Ms. Stamer including:

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: EHRhealth-care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Unfair Labor Practice Settlements Reminds Hospitals To Handle Union Activities Carefully

February 7, 2013

The National Labor Relations Board’s announcement of its approval of settlement agreements between two UPMC hospitals and the Service Employees International Union (SEIU) reminds hospital and other health industry employers to exercise care when dealing with union organizing and other activities protected by the National Labor Relations Act (NLRA) and other federal labor laws.

The settlements relate to unfair labor practices charges the SEIU filed with the NLRB in response to actions taken by the hospital during the early stages of an organizing campaign before the union even had filed a petition for an election. Among other things, the SEIU complained that the hospitals violated the NLRB by terminating or otherwise punishing workers for supporting the union. The union also charged that the hospitals overly broad solcial medial, solicitation and code of conduct rules improperly interfered with the organizing rights of workers protected by the NLRA.

In the settlement agreements, UPMC Presbyterian Shadyside agreed to offer reinstatement and backpay to two employees who were discharged after supporting the union, and to reimburse two other employees who lost wages due to a suspension and other actions. The employer also agreed to rescind overly-broad policies related to social media, solicitation rules and a code of conduct at all UPMC facilities, to post Notices to Employees in multiple break rooms in four Pittsburgh hospitals, and to train supervisors to avoid future unlawful behavior.One remaining charge related to the use of company e-mail by employees to communicate about the union was not resolved and will proceed to trial before an Administrative Law Judge. The trial date is tentatively set for February 20.

Under the Obama Administration, the NLRB in recent years has shown aggressive support for unions and their organizing and collective bargaining activities. As part of these activities and in response to the emergence of social media and other electronic communications, the NLRA increasingly has challenged the use of broad policies restricting the use of Facebook or other social media, e-mail or other similar communications by workers when it is perceived these policies punish or chill worker’s ability to communicate or organized concerning terms and conditions of employment. As these and other commonly challenged practices are widely used within the health care industry, health industry employers are urged to take proper steps to review their policies and their administration to minimize exposure to these and other unfair labor practice challenges.

For More Information Or Assistance

If you need assistance managing your workforce, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas and Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

If you found this article of interest, you also may be interested in other recent Solutions Law Press, Inc. articles by Ms. Stamer including:

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, Hospital, Labor, NLRA, NLRB, unfair labor practice | Permalink
Posted by Cynthia Marcotte Stamer

New Children’s Electronic Health Record Format Shared

February 7, 2013

The Department of Health and Human Service (HHS) hopes a new electronic health record (EHR) format for documenting medical care for children developed by the Agency for Healthcare Research and Quality (AHRQ)with support from the Centers for Medicare and Medicaid Services (CMS) will help developers create better EHRs for use by health care providers caring for children.

According to AHRQ, the children’s EHR format establishes a” blueprint” for EHRs to better meet the needs of health care providers and pediatric patients by combining what CMS and AHRQ consider the “best-practices in clinical care, information technology, and insights from experts in children’s health.” Developed to address commonly occuring problems in functionality, data elements and other challenges arising when traditional EHRs have been used to document pediatric care, AHRQ hopes the new format will guides EHR developers in understanding the requirements for functionality, data standards, usability and interoperability of an EHR system to more optimally support the provision of health care to children – especially those enrolled in Medicaid or the Children’s Health Insurance Program (CHIP) as well as provide guidance for EHR system purchasers and policy makers in assessing functionality of EHRs. For more information or to access the format, see here.

For More Information Or Assistance

If you found this article of interest, you also may be interested in other recent Solutions Law Press, Inc. articles by Ms. Stamer including:

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: EHRhealth-care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

“CHNAs, 501(r), Governance & Other Tax Challenges Facing Exempt Organizations” Topic of 2/19 NTHCPA Study Group

February 7, 2013

Solutions Law Press, Inc. is happy to share information on the following program of interest to health care compliance professionals.

NORTH TEXAS HEALTHCARE COMPLIANCE PROFESSIONALS ASSOCIATION

Invites Members and Guests to Our Next Group Luncheon

“CHNAs, 501(r), Governance & Other Tax Challenges Facing Exempt Organizations”

Featuring

Nancy Evetts

Mid-America Healthcare Provider Sector & Tax-Exempt Tax Practice Leader

Brooke Kitchen

Tax Manager, Health Care Provider & Tax Exempt Organizations Practice

Tuesday, February 19, 2013
11:30 a.m. to 1:30 p.m.

Dallas Ft. Worth Hospital Council Offices

250 Decker Drive, Irving, TX 75062-2706

RSVP here by Noon on February 8, 2012

Complimentary Luncheon Underwritten By Cynthia Marcotte Stamer, P.C.

Register Early As Space Is Limited

Stay In Touch. Check Out Our New Newsletter, the NTHCPA News, here

The North Texas Healthcare Compliance Professionals Association (NTHCPA) invites members and other interested health care compliance professionals to join us on Tuesday, February 19, 2013 from 11:30 a.m. to 1:30 p.m. for our February Study Group Luncheon featuring Deloitte’s Mid-America Healthcare Provider Sector & Tax-Exempt Tax Practice Leader Nancy Evetts and Tax Manager, Health Care Provider & Tax Exempt Organizations Practice Regional Resource Brooke Kitchen, speaking on “CHNAs, 501(r), Governance & Other Tax Challenges Facing Exempt Organizations.”

About the Program

The financial and operational impacts of regulation and legislative oversight in the health care industry are pervasive and constantly changing. No less intrusive are the challenges organizations face every day from a tax perspective. This program will focus on some of these challenges as a result of recent legislation, including health care reform and fiscal cliff agreement, and current Internal Revenue Service (“IRS”) activity. Included in the discussion will be the additional requirements for certain hospitals under Internal Revenue Code Section 501(r) – CHNAs, financial assistance policies, charges, and billing and collections – effects of the fiscal cliff agreement on employers, and relevant areas of Internal Revenue Service activity, including audit focus, regulations, announcements and PLRs. Woven throughout the discussion will be the IRS’ focus on governance.

Registration & Meeting Details

The meeting scheduled from 11:30 a.m. to 1:30 p.m. on February 19, 2013 at the offices of the Dallas Ft Worth Hospital Council, 250 Decker Drive, Irving, TX 75062-2706 will feature a complimentary luncheon underwritten by Cynthia Marcotte Stamer, P.C. for those who timely R.S.V.P. Networking and lunch service will begin at 11:30. Our program will begin at Noon.

There is no charge to participate in the meeting. However space is limited and available only on a first come, first serve basis. To ensure your spot and help us to arrange for adequate space and refreshments for this meeting, R.S.V.P. here as soon as possible and no later than Noon on February 8, 2012 to reserve your spot. Walk in guests will be accommodated on a space-available basis only.

About The Speakers

With over 34 years of experience in public accounting, Nancy Evetts is Deloitte Tax LLP’s Mid-America regional tax leader for the healthcare provider sector and tax exempt tax practice. She has worked with large, integrated for-profit and not-for-profit health systems, as well as universities and related research facilities and joint ventures. Her work with exempt organizations has included issues on governance, private inurement, tax compliance reporting, unrelated business income, and alternative investments.

Nancy is a frequent speaker, both internally and externally, on topics of interest to tax exempt organizations. She earned her M.S. in Accountancy from the University of Houston in 1978 and her B.A. in German from the University of Houston in 1974. She is a member of the AICPA, TSCPA, HFMA, TEGE Gulf Coast Council and has served on not-for-profits boards. She is currently on the board of Catholic Charities of the Archdiocese of Galveston Houston.

Joining Nancy is Brooke Kitchen, a tax manager with Deloitte Tax LLP and a regional tax technical resource in the health care provider sector and tax exempt organizations practice. Over the course of her six years with Deloitte Tax LLP, Brooke has served many health care and other tax-exempt organizations, taxable corporations, flow-through entities, and individual clients. Brooke has been an internal and external speaker on health care and tax exempt topics including a recent presentation at the University of Houston and also at the local Houston chapter annual tax update for the AWSCPA where she discussed effects of the Patient Protection and Affordable Care Act. Brooke is an instructor for Deloitte’s national training on health care provider and not-for-profit tax issues, and is a Form 990 technology development leader in our national health care industry practice. She earned her B.A. in Accountancy from the University of Houston and is a member of the AICPA and TSCPA.

Mark Your Calendars & Save The Date

The NTHCPA has an exciting series of future programs planned for upcoming months. Mark your calendars and save the date to participate in these upcoming NTHCPA Meetings and programs:

March 19, 2013

Best Practices for Conflict of Interest Management Programs

Robert Michalski, Baylor Healthcare System Chief Compliance Officer

Bonnie Ann Sexton, Baylor Health Care System Director of Compliance, Ethics and Operations

Thanks to Cynthia Marcotte Stamer, P.C.!

The NTHCPA thanks the law firm of Cynthia Marcotte Stamer, P.C. for its generous underwriting support of the February 19, 2013 luncheon. The law firm of Cynthia Marcotte Stamer, P.C. provides risk management, compliance, regulatory and public policy advocacy, operations, privacy, peer review and other staffing, employee benefits, and a broad range of other general and special counsel services for a broad range of public and private hospitals, physician organizations, skilled nursing facilities, managed care and quality organizations, health IT, health industry suppliers consulting and other service providers, and other health industry clients. Founder and Managing Shareholder Cynthia Marcotte Stamer has more than 25 years experience helping health industry clients manage the legal and operational challenges of operating under federal and state health care, tax, managed care and insurance, health care fraud and reimbursement, employment, credentialing and peer review, HIPAA and other information privacy, and other regulatory and public policy concerns. A Fellow in the Texas & American Bar Association, former National Kidney Foundation of North Texas Board Compliance Chair, former Board President of the Richardson Development Center (now Warren Center), Vice-President of the NTHCPA, past-Chair of the ABA Health Law Section Managed Care & Insurance IG, former Gulf States IRS TEGE Council Exempt Organizations Coordinator, and Executive Director of Project COPE: The Coalition on Patient Empowerment, Ms. Stamer also is widely recognized for her extensive health industry publications, training, speaking and service in the leadership in a broad range of health industry, professional, civic and other non-profit organizations For more information, see www.cynthiastamer.com or contact Cynthia at 469.767.8872.

About the NTHCPA

NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles. The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.

Would you or someone you know like to join the NTHCPA, get notice of upcoming meetings or events and network on relevant professional developments with other health care professionals? Stay on top of information about upcoming meetings and share and dialogue with other NTHCPA members about health care compliance challenges and developments by participating in our meetings and events, joining our Linked In Group here and checking out the NTHCPA News here. To be added to our invitation list, we also encourage interested persons to make sure we have your current contact information by registering for the meeting or sending your current contact information including name, title, company, preferred mailing address, e-mail, and telephone number to Vice-President Cynthia Marcotte Stamer here.

Sponsorship and Other Involvement Opportunities

Would you like to show your support for the NTHCPA by sponsoring the luncheon or hosting a social hour? Want to help plan upcoming meetings? Suggest a speaker or topic? Help with the newsletter or website? Serve on the steering committee or get more involved in other ways? Get more information about membership or involvement with the NTHCPA? Send your inquiry by e-mail here.

This communication may be considered a marketing communication for certain purposes. If you wish to update your e-mail for purposes of or would prefer not to receive future e-mail concerning meetings or other activities of the North Texas Healthcare Compliance Professionals Association or other marketing and promotional mailings from it, please send an email with the word “unsubscribe” in its subject heading here.

NTHCPA invites you to share this invitation with others who might be interested in this topic or other NTHCPA.

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Doctor, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Reform | Permalink
Posted by Cynthia Marcotte Stamer

Justice Department Disability Discrimination With Pain Clinic Shows Provider ADA Exposures

January 31, 2013

Hospitals, health care clinics, physicians and other health care providers should heed the settlement announced by the Justice Department announced today (January 31, 2013) with the Fayetteville Pain Center as a reminder of the importance of ensuring that their organizations can prove their care and other operations fulfill the Americans With Disabilities Act (ADA) nondiscrimination and accommodation requirements.

The public accommodation provisions of the ADA generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities. The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances.

The Fayetteville Pain Center settlement arose as part of the Justice Department’s ADA enforcement effort as part of its Barrier-Free Health Care Initiative. The settlement resolves allegations that the Fayetteville Pain Center violated the ADA by refusing to treat a woman because she has HIV.

The complainant, a woman with HIV who was suffering from back pain as a result of a car accident, visited the Fayetteville Pain Center in Fayetteville, North Carolina seeking treatment. According to the complaint, the woman was unable to get medical treatment because the doctor at the Fayetteville Pain Center refused to treat a person with HIV.

Under the settlement, the Fayetteville Pain Center must pay $10,000 to the complainant and $5,000 to the United States in civil penalties, train its staff on the ADA, and develop and implement an anti-discrimination policy. To read more about the Settlement, see here.

Enforcement Exposures Rising

The Justice Department’s Fayetteville Pain Center prosecution and settlement should remind health care providers and other public and private organizations of the need to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the U.S. Department of Justice, Department of Health & Human Services Office of Civil Rights (OCR), Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

Employment Discrimination Under ADA

Title I of the ADA prohibits employers from discriminating against individuals on the basis of disability in various aspects of employment. The ADA’s provisions on disability-related inquiries and medical examinations show Congress’s intent to protect the rights of applicants and employees to be assessed on merit alone, while protecting the rights of employers to make sure that individuals in the workplace can efficiently do the essential functions of their jobs. An employer generally violates the ADA if it requires its employees to undergo medical examinations or submit to disability-related inquiries that are not related to how the employee performs his or her job duties, or if it requires its employees to disclose overbroad medical history or medical records. Title I of the ADA also generally requires employers to make reasonable accommodations to employees’ and applicants’ disabilities as long as this does not pose an undue hardship or the employer the employer otherwise proves employing a person with a disability with reasonable accommodation could not end significant safety concerns. Employers generally bear the burden of proving these or other defenses. Employers are also prohibited from excluding individuals with disabilities unless they show that the exclusion is consistent with business necessity and they are prohibited from retaliating against employees for opposing practices contrary to the ADA.

ADA Public Accommodation & Other Federal Discrimination

Enforcement of Discrimination & Other Civil Rights Laws Obama Administration Priority Putting Public & Private Providers At Risk

When considering these potential exposures, many private health care organizations mistakenly assume that OCR’s enforcement actions are mostly a problem for state and local government agencies because state and local agencies and service providers frequently in the past have been the target of OCR discrimination charges. As demonstrated by the ADA exposures are high for both public and private providers, however. OCR , the Department of Justice and other federal and state agencies can and do investigate and prosecute a wide variety of public and private physicians, hospitals, insurers and other private health care and other federal program participants.

Invest in Prevention To Minimize Liability Risks

For More Information Or Assistance

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

7 Arrested, Charged In Detroit-Area Home Health Care Fraud Takedown

January 18, 2013

January 17, 2013; U.S. Department of Justice

Seven Arrested, Charged with $22 Million Detroit-area Home Health Care Fraud Scheme

Six Detroit-area residents and one Chicago-area resident were arrested on January 17, 2012 by federal agents on charges arising from the ongoing investigation into an alleged $22 million home health care fraud scheme that the indictment charges operated out of four Oakland County, Michigan home health agencies claiming to provide in-home health service, Royal Home Health Care Inc., Prestige Home Health Services Inc., Platinum Home Health Services Inc. and Empirical Home Health Care Inc. (the “Agencies”). The defendants arrested are Detroit-area residents Muhammad Aamir, Usman Butt, Hemal Bhagat, Syed Shah, Tariq Tahir, and Raquel Ellington, and Chicago-area resident Tayyab Aziz (the “Defendants”).

According to the Justice Department, the arrests and Medicare payment suspensions stem from charges brought in an 18-count indictment returned January 15, 2013, which alleges that the Defendants participated in a Medicare fraud scheme operating out of the Agencies. The indictment alleges Medicare paid the agencies approximately $22 million for fraudulently reported services since August 2008. See Aamir, Muhammed et al. (Prestige) Indictment. In addition to the arrests, law enforcement agents suspended Medicare payments to the Agencies associated with the alleged scheme.

According to the indictment, Aamir and Butt owned and operated Prestige; Butt, Bhagat and Shah owned and operated Royal; and Aamir owned and operated Platinum and Empirical. The indictment alleges that of the Agencies allegedly claimed to provide home health therapy services to Medicare beneficiaries that were unnecessary and/or were never performed. The indictment also alleges that Tahir and Ellington recruited Medicare beneficiaries, paying them kickbacks for their Medicare information and signatures on documents that detailed physical therapy and/or skilled nursing services that were either never rendered or not medically necessary. The indictment also charges Aamir, Butt, Bhagat, Shah, Tahir and Ellington with conspiring to pay kickbacks to Tahir and Ellington for their recruiting work and Butt, Bhagat, Shah and Aziz with allegedly conspiring to launder the proceeds of the scheme.

Based on the alleged conduct, the indictment charges each of the Defendants with conspiracy to commit health care fraud. All but Aziz are also charged with health care fraud and with conspiracy to violate the Anti-Kickback Statute. Butt, Bhagat, Shah and Aziz are additionally charged with conspiracy to commit money laundering.

A conviction on the charges is likely to carry heavy penalities. The charges of health care fraud conspiracy and health care fraud each carry a maximum potential penalty of 10 years in prison and a $250,000 fine. The charge of conspiracy to violate the Anti-Kickback Statute carries a maximum potential penalty of five years in prison and a $25,000 fine. The charge of conspiracy to commit money laundering carries a maximum potential penalty of 20 years in prison and a $500,000 fine.

The arrests and indictments reflect the continuing and growing government commitment to, coordination and sophistication in the investigation and prosecution of health care crimes by health care providers in the federal war on what officials view as health care fraud. The Obama Administration has made investigation and prosecution of health care fraud laws a key element of its strategy to manage U.S. health care program costs. Recently enacted changes in the False Claims Act and other laws are making it easier for federal prosecutors to successfully prosecute these and other health care fraud cases.

Since their inception in March 2007, the the HEAT health care fraud task force operations in nine locations have lead to charges against more than 1,480 defendants who Federal officals claim collectively have falsely billed the Medicare program for more than $4.8 billion. In addition, the HHS Centers for Medicare and Medicaid Services, working in conjunction with the HHS-OIG, are taking steps to exclude and impose other remedies against health care providers that it perceives engage in fraud or other aggressive billing or other practices.These and other stepped up oversight and enforcement activities make it critical that all health industry organizations strengthen their internal controls, compliance and audit activities as well as be prepared to defend their actions against the rising tide of federal and state oversight and enforcement.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA or other health industry, regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

If you need help with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

Leave a Comment » | Corporate Compliance, Doctor, false claims act, FDA, Federal Sentencing Guidelines, Health Care, Health Care Fraud, Health Care Provider, Hospital, Medicare, OIG, Physician, Reimbursement | Tagged: Corporate Compliance, Doctor, false claims act, FDA, Federal Sentencing Guidelines, Fraud, Health Care, Health Care Provider, Health Care Reimbursement, HHS, Hospital, Off-label marketing, Pharma, Pharmaceudical, Prescription Drugs | Permalink
Posted by Cynthia Marcotte Stamer

OCR’s Long-Anticipated Omnibus HIPAA Privacy, Security, Breach Notification & Enforcement Rule Tightens Privacy Requirements, Require Action

January 17, 2013

Health care providers and their business associates have work to do. Health care providers, health plans, health care clearinghouses and their business associates will need to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the omnibus restatement of the Department of Health & Human Services (“HHS”) Office of Civil Rights (“OCR”) of its of its regulations (the “2013 Regulations”) implementing the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Rulemaking announced January 17, 2013 may be viewed here.

Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates (“Covered Entities”) restrict and safeguard individually identifiable health care information (“PHI”) of individuals and afford other protections to individuals that are the subject of that information. The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that OCR found desirable based on its experience administering and enforcing the law over the past decade.

Among other things, the 2013 Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Enforcement Risks Signal Neeed To Review & Update Policies & Practices Promptly

The restated rules in the 2013 Regulations make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements.

The commitment of OCR to enforcement most recently was demonstrated by its recent settlement with Hospice of North Idaho (HONI). On January 2, 2013, OCR announced HONI will pay OCR $50,000 to settle potential HIPAA violations that occurred in connection with the theft of an unencrypted laptop computer containing ePHI. The HONI settlement is the first settlement involving a breach of ePHI affecting fewer than 500 individuals.

While the HONI settlement marks the first settlement on a small breach, this is not the first time OCR has sought sanctions against a covered entity for data breaches involving the loss or theft of unencrypted data on a Laptop, storage device or other computer device. Rather, OCR continues to rollout a growing list of enforcement actions demonstrating the potential risks of HIPAA violations are significant and growing. OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

OCR Gives Providers Guidance On HIPAA Safety Disclosures

January 17, 2013

The Office of Civil Rights has issued a letter to health care providers to ensure that they are aware of their ability under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to take action, consistent with their ethical standards or other legal obligations, to disclose necessary information about a patient to law enforcement, family members of the patient, or other persons, when they believe the patient presents a serious danger to himself or other people. For more information, see: http://www.hhs.gov/ocr/office/lettertonationhcp.pdf. The guidance comes on the same day that OCR published its long awaited omnibus restatement of the HIPAA Privacy, Security, Breach Notification Guidance, and Enforcement Regulations.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

A Fellow in the American College of Employee Benefit Counsel, State Bar of Texas and American Bar Association, Vice President of the North Texas Health Care Compliance Professionals Association, the Former Chair of the ABA RPTE Employee Benefit & Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Council Representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer serves as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights on HIPAA and other data privacy and security concerns appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve in 2013 as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here. She also has extensive public policy and regulatory experience with these and other matters domestically and internationally. A former member of the Executive Committee of the Texas Association of Business and past Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Ms. Stamer served as a primary advisor to the Government of Bolivia on its pension privatization law, and has been intimately involved in federal, state, and international workforce, health care, pension and social security, tax, education, immigration, education and other legislative and regulatory reform in the US and abroad. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer ar www.cynthiastamer.com or contact Ms. Stamer directly at (469) 767-8872 or cstamer@solutionslawyer.net.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources.

Leave a Comment » | E-Prescribing, Health Care, Health Care Provider, Uncategorized | Tagged: HIPAA | Permalink
Posted by Cynthia Marcotte Stamer

Justice Department Settles FACE Act Lawsuit Against Abortion Protester

January 12, 2013

The Justice Department yesterday announced it settled claims against protestor David Hamilton for violations of the Freedom of Access to Clinical Entrances (FACE) Act. Under the terms of the agreement Hamilton will pay $2,500 in compensatory damages to the victim of Hamilton’s use of force outside the EMW Women’s Surgical Center in Louisville, Kentucky. The United States and Hamilton came to the agreement at a settlement conference held January 7, 2013, in Louisville. Yesterday, the United States sent Hamilton’s attorney a joint stipulation of dismissal to be filed with the court as soon as Hamilton tenders payment.

The agreement settles a lawsuit the United States filed against Hamilton for his alleged violation of the FACE Act, which makes it unlawful for any person to use force to intentionally injure, intimidate, or interfere with, or attempt to injure, intimidate, or interfere with, anyone because that person is or has been obtaining or providing reproductive health services. The United States’ complaint alleged that on Jan. 30, 2010, Hamilton, a regular protester, grabbed and pushed a volunteer escort at the center. At the time of the incident, the victim was attempting to escort a patient to the front entrance of the center. The complaint alleged that Hamilton’s actions constituted a use of force that intimidated and interfered with individuals who were attempting to obtain and provide reproductive health services at the center.

The FACE Act limits statutory compensatory damages to $5,000. The $2,500 Hamilton agreed to pay will go to the victim in accordance with the terms of the statute. Hamilton no longer resides in the Louisville area.

The prosecution and settlement reflects the Obama Administration’s interest in protecting and promoting abortion and other reproductive rights. “It is absolutely crucial that those individuals who desire reproductive health services be able to obtain them in an environment that is free of interference, intimidation and fear,” said Thomas E. Perez, Assistant Attorney General for the Civil Rights Division. “By continuing to enforce the Freedom of Access to Clinical Entrances Act, we are helping to ensure that they are able to do so.”

For Representation, Training & Other Resources

If you need help monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician, Reproductive Rights | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

ONC-Authorized Certification Bodies & Accredited Testing Labs Scope Expansion for 2014 Edition Testing & Certification

January 12, 2013

The Office of the National Coordinator for Health Information Technology (ONC) is pleased to announce that ONC-Authorized Certification Bodies (ACBs) in the ONC HIT Certification Program are now authorized to test and certify EHR products in accordance with the 2014 Edition Standards and Certification Criteria, as outlined in the Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology Final Rule. For additional information on the Accredited Testing Laboratories (ATLs) scope expansion, see www.nist.gov/nvlap. For more information on the ONC HIT Certification Program, see http://www.healthit.gov/certification.

For Representation, Training & Other Resources

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

Leave a Comment » | Academic medicine, DEA, DME, Doctor, Electronic Health Records, Electronic Medical Records, Health Care, Health Care Provider, Health Care Quality, Health IT, HIPAA, HITECH Act, Hospital, Meaningful Use, OCR, Physician | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

OCR Pops Idaho Hospice In 1st HIPAA Breach Settlement Affecting < 500 Patients

January 3, 2013

$50K Settlement Shows Small Breach Reports Carry Enforcement Risk

Properly encrypt and protected electronic protected health information (ePHI) on laptops and in other mediums! That’s the clear message of the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) in its announcement of its first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule involving a breach of ePHI of fewer than 500 individuals by a HIPAA-covered entity, Hospice of North Idaho (HONI).

In announcing the settlement against HONI, OCR sent a clear message that OCR stands ready to penalize these health care providers, health plans, healthcare clearinghouses and their businesses associates (covered entities) when their failure to properly secure and protect ePHI on laptops or in other systems results in a breach of ePHI even when the breach affects fewer than 500 individuals.

OCR Director Leon Rodriguez reiterated OCR’s expectation that covered entities will properly encrypt ePHI on mobile or other devices in OCR’s announcement of the HONI settlement. “This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.” said OCR Director Leon Rodriguez. “Encryption is an easy method for making lost information unusable, unreadable and undecipherable.”

HONI Settlement For Small Breach Notification

On January 2, 2013, OCR announced HONI will pay OCR $50,000 to settle potential HIPAA violations that occurred in connection with the theft of an unencrypted laptop computer containing ePHI. The HONI settlement is the first settlement involving a breach of ePHI affecting fewer than 500 individuals. Read the full HONI Resolution Agreement here.

OCR opened an investigation after HONI reported to HHS that an unencrypted laptop computer containing ePHI of 441 patients had been stolen in June 2010. HONI team members regularly use Laptops containing ePHI their field work. Over the course of the investigation, OCR discovered that HONI had not conducted a risk analysis to safeguard ePHI or have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule. Since the June 2010 theft, HONI has taken extensive additional steps to improve their HIPAA Privacy and Security compliance program.

HIPAA Security & Breach Notification For ePHI

The HONI settlement is notable because it marks the first time OCR has sanctioned a covered entity as a result of an OCR investigation stemming from the covered entity’s report of a breach of unsecured protected health information involving fewer than 500 individuals under new breach notification rules added to HIPAA in 2009.

Under the originally enacted requirements of HIPAA, covered entities and their business associates are required to restrict the use, access and disclosure of protected health information and establish and administer various other policies and safeguards in relation to protected health information. Additionally, the Security Rules require specific encryption and other safeguards when covered entities collect, create, use, access, retain or disclose ePHI.

The Health Information Technology for Economic and Clinical Health (HITECH) Act amended HIPAA, among other things to tighten certain HIPAA requirements, expand its provisions to directly apply to business associates, as well as covered entities and to impose specific breach notification requirements. The HITECH Act Breach Notification Rule requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more (Large Breach) to the Secretary of HHS and the media within 60 days after the discovery of the breach. Smaller breaches affecting less than 500 individuals (Small Breach) must be reported to the Secretary on an annual basis. Since the Breach Notification Rule took effect, OCR’s announced policy has been to investigate all Large Breaches and such investigations have resulted in settlements or other corrective action in relation to various Large Breaches. Until now, however, OCR has not made public any resolution agreements requiring settlement payments involving any Small Breaches.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

While the HONI settlement marks the first settlement on a small breach, this is not the first time OCR has sought sanctions against a covered entity for data breaches involving the loss or theft of unencrypted data on a Laptop, storage device or other computer device. In fact, OCR’s first resolution agreement – reached before Congress added the HIPAA Breach Notification Rules to HIPAA – stemmed from such a breach. Providence To Pay $100000 & Implement Other Safeguards. Breaches resulting from the loss or theft of unencrypted ePHI on mobile or other computer devices or systems has been a common basis of investigation and sanctions since that time, particularly since the Breach Notification rules took effect. See, e.g., OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach. Coupled with statements by OCR about its intolerance, the HONI and other settlements provide a strong warning to covered entities to properly encrypt ePHI on mobile and other devices.

Furthermore, the HONI settlement also adds to growing evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. See OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In the face of rising enforcement and fines, OCR’s initiation of HIPAA audits and other recent developments, covered entities and their business associates should tighten privacy policies, breach and other monitoring, training and other practices to reduce potential HIPAA exposures in light of recently tightened requirements and new enforcement risks.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if additional steps are necessary or advisable.

New OCR HIPAA Mobile Device Educational Tool

While OCR enforcement of HIPAA has significantly increased, compliance and enforcement of the encryption and other Security Rule requirements of HIPAA are a special focus of OCR.

To further promote compliance with the Breach Notification Rule as it relates to ePHI on mobile devices, OCR and the HHS Office of the National Coordinator for Health Information Technology (ONC) recently kicked off a new educational initiative, Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information. The program offers health care providers and organizations practical tips on ways to protect their patients’ health information when using mobile devices such as laptops, tablets, and smartphones. For more information, see here. For more information on HIPAA compliance and risk management tips, see here.

For Representation, Training & Other Resources

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Health Industry Employers High Priority OSHA Enforcement Target

Battle Creek VA OSHA Safety Violations

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

$50K Settlement Shows Small Breach Reports Carry Enforcement Risk

Share this:

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update