Pharmacy | | Page 2

Unpatched and Unsupported Software Triggers Latest HIPAA Security Breach Resolution Agreement

December 11, 2014

Health care providers, health plans, health care clearinghouses (covered entities) and their business associates need to watch for and protect protected health information (PHI) against security exposures from unpatched or unsupported software and other weaknesses in their data security protections as part of their compliance obligations under the Security Rules of the Health Insurance Portability & Accountability Act (HIPAA).

The need to monitor and address data security threats associated with unpatched or unsupported software is demonstrated by the December 9, 2014 announcement by the U.S. Department of Health & Human Services (HHS) Office of Civil Rights (OCR) that Anchorage Community Mental Health Services (ACMHS) will pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program resulting from unpatched and unsupported software.

OCR opened an investigation against the five-facility, nonprofit provider of behavioral health care services to children, adults, and families in Anchorage, Alaska after receiving notification from ACMHS of a breach of unsecured electronic protected health information (ePHI) affecting 2,743 individuals due to malware compromising the security of its information technology resources.

According to the OCR announcement of the ACMHS Resolution Agreement with OCR, OCR’s investigation revealed that ACMHS had adopted sample Security Rule policies and procedures in 2005, but failed to follow these procedures. Moreover, OCR found that the reported security incident directly resulted of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software.

“Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis,” said OCR Director Jocelyn Samuels. “This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”

In an effort to promote awareness of the need to assess and monitor the security of ePHI by covered entities and business associates, OCR continues to encourage covered entities and business associates to conduct regular documented evaluations of the adequacy of their ePHI safeguards and systems. To aid in this process, OCR and the Office of the National Coordinator for Health Information Technology have created a Security Rule Risk Assessment Tool available here to assist organizations that handle PHI in conducting a regular review of the administrative, physical and technical safeguards they have in place to protect the security of the information. Since OCR points to the Tool as a resource, covered entities and business associates should anticipate that their failure to identify and address any deficiencies in the areas identified by the tools as a potentially serious compliance issue. As a result, covered entities and business associates likely will want to take steps to ensure that their records include documented review of the adequacy of the security safeguards identified in the Tool. At the same time, covered entities and their business associates should not assume that the Tool adequately covers all potential HIPAA Security Rule exposures. OCR has made clear in this and other Resolution Agreements that HIPAA’s Security Rule requires ongoing monitoring and assessment of the adequacy of security in response to changes in software or system, emerging threats and other developments.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Centers For Disease Control, Childrens Health Insurance Program, Disability Discrimination, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, FDA, Health Care, Health Care Fraud, Health Care Provider, Health Care Quality, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Hospital, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Medical Licensure, Medical Malpractice, OIG, Pandemic, Patient Empowerment, Pharmacy, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, Health Plans, HEAT, HIPAA, licensure, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Congress Sends Bill To Fast Track FDA Ebola Treatment Review & HHS Declaration Gives Ebola Treatment Manufacturers Special Immunity

December 11, 2014

As part of Washington’s late response to the Ebola outbreak crisis, the House and Senate in the past week have passed legislation that if signed by the President as expected will add Ebola and other filoviruses to the list of diseases eligible for fast track review by the Food and Drug Administration (FDA) under the FDA Priority Review Voucher Program (Program).

The FDA Program awards vouchers to sponsors of human drug applications that are approved to prevent or treat designated tropical diseases. A voucher entitles the holder to have a future human drug application acted upon by the FDA within six months.

The House on December 3, 2014 and the Senate on December 10, 2014 respectively passed the “FDA Priority Review Voucher Program Act,” (S.B. 2917/H.B. 5729) (the “Bill”) that will amend the Federal Food, Drug, and Cosmetic Act to add Ebola and other filoviruses to the list of diseases covered by the Program. The Bill also seeks to expedite FDA approval of Ebola and other designated disease treatments by:

Changing the process by which infectious diseases that do not significantly impact developed nations and disproportionately affect poor and marginalized populations can be designated as tropical diseases from rulemaking to order of the Secretary of Health and Human Services (HHS).
Allowing priority review vouchers to be transferred between sponsors of human drug applications any number of times.
Reducing from 365 days to 90 days the advance notice required before submitting a human drug application subject to a priority review voucher.

Congress sent the Bill to the President just one day after Department of Health & Human Services (HHS) Secretary Sylvia M. Burwell today announced a declaration under the Public Readiness and Emergency Preparedness (PREP) Act HHS says it hopes will “facilitate the development and availability of experimental Ebola vaccines in hopes of helping combat the current epidemic in West Africa and help prevent future outbreaks there.”

Fighting the disease in Africa has been the primary focus of the Obama Administration’s Ebola response. The December 9, 2014 HHS declaration provides immunity under United States law against legal claims related to the manufacturing, testing, development, distribution, and administration of three vaccines for Ebola virus disease. It does not, generally, provide immunity for a claim brought in a court outside the United States.

For many years, the U.S. has encouraged vaccine development by managing liability and compensation, starting with the National Childhood Vaccine Injury Act of 1986. The PREP Act was designed to facilitate the development of medical countermeasures to respond to urgent public health needs, including the development of critical vaccines like those to prevent the spread of Ebola. This U.S. declaration under the PREP act is part of a global dialogue to address these issues in the U.S., and other countries where the vaccine is being developed, manufactured and potentially used.

“My strong hope in issuing this PREP Act declaration in the United States is that other nations will also enact appropriate liability protection and compensation legislation,” said Secretary Burwell. “As a global community, we must ensure that legitimate concerns about liability do not hold back the possibility of developing an Ebola vaccine, an essential strategy in our global response to the Ebola epidemic in West Africa.”

HHS hopes the PREP Act declaration will strengthen the incentive to conduct research and spur development, manufacturing, and the potential use of the vaccines in large scale vaccination campaigns in West Africa. The PREP Act declaration provides legal protection under U.S. law for three vaccine candidates:

the GlaxoSmithKline’s Recombinant Replication Deficient Chimpanzee Adenovirus Type 3-Vectored Ebola Zaire Vaccine known as ChAd3-EBO-Z;
the BPSC1001 vaccine, known as rVSV-ZEBOV-GP, made by BioProtection Services Corporation, a subsidiary of Newlink Genetics; and
the Ad26.ZEBOV/MVA-BN-Filo vaccine manufactured by Janssen Corporation, subsidiary of Johnson & Johnson/Bavarian Nordic.

Similar PREP Act declarations have been issued, revised or renewed 14 times since the Act was signed in 2005. Past declarations have covered vaccines used in H5N1 pandemic influenza clinical trials in 2008, products related to the H1N1 influenza pandemic in 2009, and the development and manufacturing of antitoxins to treat botulism in 2008. For more information about the PREP Act, see here .

The Bill and the HHS PREP Act declaration are the latest efforts to provide what many health care providers see as a long overdue response to the Ebola outbreak in the wake of the diagnosis and subsequent death of an Ebola patient in Dallas lead to his death and the infection of nurses involved in his treatment, and a small number of other Ebola victims in the United States raised national awareness and concern.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related developments or other risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Centers For Disease Control, Childrens Health Insurance Program, Disability Discrimination, DME, Doctor, Durable Medical Equipment, E-Prescribing, Employee Benefits, FDA, Health Care, Health Care Fraud, Health Care Provider, Health Care Quality, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Inpatient Rehabilitation, Inpatient Rehabilitation Facility, Licensing, Medical Licensure, Medical Malpractice, OIG, Pandemic, Patient Empowerment, Pharmacy, Prescription Drugs, Privacy, Prospective Payment, Public Policy, Substance Abuse | Tagged: controlled substance, DEA, DOJ, Drug Testing, drugs, false claims act, Grants, Health Care, Health Care Compliance, Health Care Fraud, Health Plans, HEAT, HIPAA, licensure, Medicaid, Medical Board, pain management, pharmacist, pharmacy, physical therapy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

Preparing Privacy Compliance For Emergencies-Ebola Crisis Prompts HHS OCR To Share Guidance On HIPAA Privacy in Emergency Situations

November 11, 2014

The recent US Ebola scare provided an important reminder to health care providers, health insurers and health plans, health care clearinghouses, employers and others of the importance of understanding and preparing to deal with health care privacy and other challenges arising from epidemics and other emergencies. In response to the recent Ebola and other contagious disease outbreaks and just as U.S. health care and other business leaders are working to prepare for the biggest contagious disease time of the year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is reminding health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates that the privacy rules of the Health Insurance Portability & Accountability Act (HIPAA) requiring Covered Entities and their business associates to limit the use, access and disclosure of patient’s protected health information (PHI) continue to apply during emergency situations and help them understand when HIPAA allows them to share PHI in emergency situations in a new notice titled “HIPAA Privacy in Emergency Situations” (Guidance) published November 10, 2014. A business associate of a covered entity (including a business associate that is a subcontractor) also must continue to comply with HIPAA and may only make disclosures permitted by the Privacy Rule on behalf of a Covered Entity or another business associate to the extent authorized by its business associate agreement and consistent with HIPAA’s requirements.

Sharing Patient Information

The Guidance begins by reminding Covered Entities and their business associates that HIPAA’s Privacy Rule continues to apply in emergency situations and requires Covered Entities protect and prohibits their use, access or disclosure of patient’s protected health information except as allowed by HIPAA unless the patient authorizes the Covered Entity to disclose the PHI in accordance with HIPAA’s requirements for authorization set forth in 45 CFR 164.508.

The Guidance then goes on to discuss the following circumstances that the HIPAA Privacy Rule might allow Covered Entities to share PHI without getting patient authorization, subject to the reminder that in many cases, HIPAA will require that the Covered Entity limit the disclosure to the minimum necessary disclosure necessary for the allowable purpose and require other conditions to be fulfilled:

Treatment.

Under the Privacy Rule, covered entities may disclose, without a patient’s authorization, protected health information about the patient as necessary to treat the patient or to treat a different patient. Treatment includes the coordination or management of health care and related services by one or more health care providers and others, consultation between providers, and the referral of patients for treatment. See 45 CFR §§ 164.502(a)(1)(ii), 164.506(c), and the definition of “treatment” at 164.501.

Public Health Activities.

The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information that is necessary to carry out their public health mission. Therefore, the Privacy Rule permits covered entities to disclose needed protected health information without individual authorization:

To Or At The Direction Of A Public Health Authority.

The HIPAA Privacy Rule allows Covered Entities to share protected health information with Public Health Authorities authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury or disability like the Centers for Disease Control and Prevention (CDC) or a state or local health department. This would include, for example, the reporting of disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions. A “public health authority” is an agency or authority of the United States government, a State, a territory, a political subdivision of a State or territory, or Indian tribe that is responsible for public health matters as part of its official mandate, as well as a person or entity acting under a grant of authority from, or under a contract with, a public health agency. See 45 CFR §§ 164.501 and 164.512(b)(1)(i). For example, a covered entity may disclose to the CDC protected health information on an ongoing basis as needed to report all prior and prospective cases of patients exposed to or suspected or confirmed to have Ebola virus disease.

The HIPAA Privacy Rule also allows Covered Entities to share information at the direction of a public health authority:

To a foreign government agency that is acting in collaboration with the public health authority. See 45 CFR 164.512(b)(1)(i); and
To persons at risk of contracting or spreading a disease or condition if other law, such as state law, authorizes the covered entity to notify such persons as necessary to prevent or control the spread of the disease or otherwise to carry out public health interventions or investigations. See 45 CFR 164.512(b)(1)(iv)

Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification.

The HIPAA Privacy Rule allows a Covered Entity to share protected health information:

With a patient’s family members, relatives, friends, or other persons identified by the patient as involved in the patient’s care;
About a patient as necessary to identify, locate, and notify family members, guardians, or anyone else responsible for the patient’s care, of the patient’s location, general condition, or death including where necessary to notify family members and others, the police, the press, or the public at large. See 45 CFR 164.510(b).

The Guidance reminds Covered Entities, however, that the Privacy Rule requires the Covered Entity to get verbal permission from individuals or otherwise be able to reasonably infer that the patient does not object, when possible. If the individual is incapacitated or not available, the Guidance states Covered Entities may share information for these purposes if, in their professional judgment, doing so is in the patient’s best interest.

The Guidance also confirms that Covered Entities may share protected health information with disaster relief organizations authorized by law or by their charters to assist in disaster relief efforts like the American Red Cross for the purpose of coordinating the notification of family members or other persons involved in the patient’s care, of the patient’s location, general condition, or death. It is unnecessary to obtain a patient’s permission to share the information in this situation if doing so would interfere with the organization’s ability to respond to the emergency.

Imminent Danger

The Guidance also states that Covered Entities that are health care providers may share patient information with anyone as necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public – consistent with applicable law (such as state statutes, regulations, or case law) and the provider’s standards of ethical conduct. See 45 CFR 164.512(j).

Disclosures to the Media & Others Not Involved in the Care of the Patient/Notification

The Guidance also reminds Covered Entities of the importance of closely adhering to HIPAA’s rules when responding to information requests from the medial or others not involved in the care of a patient. The Guidance states that when the media or other other party not involved un the patient’s care asks the Covered Entity for information about a particular patient by name, a hospital or other health care facility may release limited facility directory information to acknowledge an individual is a patient at the facility and provide basic information about the patient’s condition in general terms (e.g., critical or stable, deceased, or treated and released) if the patient has not objected to or restricted the release of such information or, if the patient is incapacitated, if the disclosure is believed to be in the best interest of the patient and is consistent with any prior expressed preferences of the patient. See 45 CFR 164.510(a). In general, except in the limited circumstances authorized in the HIPAA Privacy Rule, affirmative reporting to the media or the public at large about an identifiable patient, or the disclosure to the public or media of specific information about treatment of an identifiable patient, such as specific tests, test results or details of a patient’s illness, may not be done without the patient’s written authorization (or the written authorization of a personal representative who is a person legally authorized to make health care decisions for the patient).

Minimum Necessary Restriction Requirement

The Guidance cautions Covered Entities and their business associates that for most disclosures, a Covered Entity generally must make reasonable efforts to limit the information disclosed to that which is the “minimum necessary” to accomplish the purpose. However, this minimum necessary requirement does not apply to disclosures to health care providers for treatment purposes.

Covered Entities may rely on representations from a public health authority or other public official that the requested information is the minimum necessary when making disclosures in response to request from those parties. For example, a covered entity may rely on representations from the CDC that the protected health information requested by the CDC about all patients exposed to or suspected or confirmed to have Ebola virus disease is the minimum necessary for the public health purpose.

Required Internal Restrictions On Use, Access & Disclosure

Internally, covered entities should continue to apply their role-based access policies to limit access to protected health information to only those workforce members who need it to carry out their duties. See 45 CFR §§ 164.502(b), 164.514(d).

Safeguarding Patient Information

Beyond limiting the use, access and disclosure of PHI, the Guidance also reminds Covered Entities and their business associates that even in emergency situations, HIPAA continues to require them to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures as well as to apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic PHI.

Limited Waiver

Although HHS has yet to take steps to trigger a limited waiver, the Guidance also reminds Covered Entities and their business associates that HHS has the power to do so, the effect of a limited waiver and the circumstances under which HHS could elect to apply a limited waiver to waive sanctions against a hospital for certain specific types of HIPAA violations while the waiver is in effect.

As the Guidance notes, the HIPAA Privacy Rule is not suspended during a public health or other emergency. Rather, the limited waiver rules only operates to permit the Secretary of HHS to waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act. The limited waiver only applies when the President declares an emergency or disaster and HHS declares a public health emergency. When and if these requirements are met, HHS may waive sanctions and penalties against a Covered Entity that is a hospital for failing to comply with the following HIPAA Privacy Rule provisions:

The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).
The requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a).
The requirement to distribute a notice of privacy practices. See 45 CFR 164.520.
The patient’s right to request privacy restrictions. See 45 CFR 164.522(a).
The patient’s right to request confidential communications. See 45 CFR 164.522(b).

If the Secretary issues such a waiver, Covered Entities and their business associates should keep in mind the waiver only applies to the list violations and only applies:

For so long as the waiver remains in effect;
In the emergency area and for the emergency period identified in the public health emergency declaration
To hospitals that have instituted a disaster protocol; and
For up to 72 hours from the time the hospital implements its disaster protocol.

When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.

Not Necessarily Just About HIPAA

HIPAA is not necessarily the only law that Covered Entities, business associates or others need to consider when deciding what to disclose during an emergency or otherwise. The HIPAA Privacy Rule applies to disclosures made by and Covered Entities, business associates employees, volunteers, and other members of a Covered Entity’s or Business Associate’s workforce. The Privacy Rule does not apply to disclosures made by entities or other persons who are not Covered Entities.

Beyond HIPAA, Covered Entities, their business associates or members of their workforce, employers, and other organizations also need to consider whether other federal or state laws, ethical rules, contracts or policies may restrict use or disclosure, safeguard, or take other steps to protect PHI or other information. For instance, other federal laws, state law, professional ethical rules, contracts, facility policies or procedures, or other restrictions often apply to health care provides, insurers, brokers, employers or others. Employers, health care organizations, insurers and others also need to be concerned about potential discrimination, common law and statutory privacy, retaliation, defamation and other exposures.

Prepare For Compliance Now

The recent experiences of various health care organizations intimately involved in caring for the Ebola patients highlights the importance of anticipating, preparing and conducting training, and having your workforce practice to prepare to deal with the special challenges of dealing with HIPAA and other legal responsibilities in advance of emergency events. When preparing for these events, Covered Entities and business associates need to take into account the need to comply operationally as well as to document and retain records of compliance. They should both should anticipate and prepare to respond to both typical inquiries as well as those from the media, public and others. They also should consider how various types of emergencies could create new privacy or security risks. For instance, in certain emergency situations, recordkeeping or other systems could be disrupted, impacting the ability retain and subsequently produce required documentation. Furthermore, Covered Entities also should prepare to manage the patient and public relations aspects of these events including adverse impressions that often arise when the media or others are disappointed at being denied information because of compliance obligations, from breaches or perceived breaches, or other similar events.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle

July 6, 2014

Health care providers, health plans, heath care clearinghouses and their business associates heed both the lesson about properly protecting protected health information and the more subtle lesson about the role of employees and other whistleblowers in bringing these violations to the attention of regulators contained in the latest Health Insurance Portability & Accountability Act (HIPAA) resolution agreement.

Late last month, the Department of Health & Human Services Office of Civil Rights (HHS) announced that complaints of a retiring physician over the mishandling of her patient records by Parkview Health System, Inc. (Parkview) prompted the investigation that lead Parkview to agree to pay $800,000 to settle charges that it violated HIPAA’s Privacy Rule.

The resolution agreement settles charges lodged by HHS based on an OCR investigation into the retiring physician’s allegations that Parkview violated the HIPAA Privacy Rule by failing to properly safeguard the records when it returned them to the physician following her retirement.

As a covered entity under the HIPAA Privacy Rule, HIPAA requires that Parkview appropriately and reasonably safeguard all protected health information in its possession, from the time it is acquired through its disposition.

In an investigation prompted by the physician’s complaint, OCR found that Parkview breached this responsibility in its handling of certain physician patient records in helping the physician to transition to retirement.

According to OCR, in September 2008, Parkview took custody of medical records pertaining to approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice.

Subsequently on June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue. OCR concluded this conduct violated the Privacy Rule.

To settle OCR’s charges that these actions violated HIPAA, OCR has agreed to pay the $800,000 resolution amount and to adopt and implement a corrective action plan requiring Parkview to revise their policies and procedures, train staff, and provide an implementation report to OCR.

The resolution agreement highlights the role that current or former physicians, employees or others can play in helping OCR to identify HIPAA violations. Health care providers and other covered entities and their business associates should take into account the likelihood that physicians on their own or other facility medical staffs, their employees and other participants in the care delivery system often may have and be motivated to report to government sensitive information about violations of HIPAA or other laws. Since HIPAA and most other laws prohibited covered entities from forbidding or retaliating against a person for objectiving to or reporting the concern and offer whistleblowers potential participation in the reporting and prosecution of violations, employees or other workforce members increasingly make the complaints bring violations to OCR and other regulators.

Whether from an internal employee complaint, a patient or competitor complaint or other source, HIPAA violations carry significant liability risks. The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates. In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes. Furthermore, enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same. When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need assistance in auditing or assessing, updating or defending your HIPAA, or other health or other employee benefit, labor and employment, compensation, privacy and data security, or other internal controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer at cstamer@solutionslawyer.net or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters. She also is recognized for her publications, industry leadership, workshops and presentations on privacy and data security and other human resources, employee benefits and health care concerns. Her many highly regarded publications on privacy and data security concerns include “Privacy Invasions of Medical Care-An Emerging Perspective.” ERISA Litigation Manual. BNA, 2003-2009; “Privacy & Securities Standards-A Brief Nutshell.” BNA Tax Management and Compliance Journal. February 4, 2005; “Cybercrime and Identity Theft: Health Information Security beyond HIPAA.” ABA Health eSource. May, 2005 and many others. She also regularly conducts training on HIPAA and other privacy and data security compliance and other risk management matters for a broad range of organizations including the Association of State and Territorial Healthcare Organizations (ASTHO), the Los Angeles County Health Department, a multitude of health plans and their sponsors, health care providers, the American Bar Association, SHRM, the Society for Professional Benefits Administrators and many others. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see www.CynthiaStamer.com or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

Leave a Comment » | Academic medicine, ASC, Childrens Health Insurance Program, Doctor, Electronic Medical Records, Employment, Federal Health Center, Federal Sentencing Guidelines, Genetic Information, GINA, Health Care, Health Care Provider, Health Plan, Health Plans, HIPAA, HITECH Act, Hospital, Hospital, Indian Health, Medicare Advantage, Mental Heatlh, OCR, Pharmacy, Physician, Privacy, Rural Health Care | Tagged: Civil Monetary Penalties, HIPAA, Mass General, OCR, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts

June 11, 2014

Health care providers, health plans and insurers, health care clearinghouses (collectively “Covered Entities”), their business associates, and others concerned about medical privacy regulations or protections should check out two new reports to Congress about breach notifications reported and other compliance data under the Health Insurance Portability & Accountability Act (HIPAA) by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). Reviewing this data can help Covered Entities and their business associates identify potential areas of exposures and enforcement that can be helpful to minimize their HIPAA liability as well as to expect OCR enforcement and audit inquiries.

Required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the two new reports discuss various details about HIPAA compliance for calendar years 2011 and 2012. They include the following:

Report to Congress on Breach Notifications, discussing the breach notification requirements and reports OCR received as a result of these breach notification requirements; and
Report to Congress on Compliance with the HIPAA Privacy and Security Rules, summarizing complaints received by OCR of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164 .
Covered entities and their business associates should review the finding reported as part of their compliance practices. Others concerned about medical or other privacy or data security regulations or events also may find the information in the reports of interest.

Under HIPAA, covered entities generally are prohibited from using, accessing or disclosing protected health information about individuals except as specifically allowed by HIPAA, In addition, HIPAA also requires Covered Entities to establish safeguards to protect protected health information against improper access, use or destruction, to afford certain rights to individuals who are the subjects of protected information, to obtain certain written assurances from service providers who are business associates before allowing those service providers to use, access or disclose protected health information when carrying out covered functions for the Covered Entity, and meet other requirements.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates. In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.

Enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the HITECH Act since March 26, 2013 and to have updated business associate agreements in place since September 23, 2013. Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

HIPAA Privacy Rule and Sharing Information Related to Mental Health published on
Spanish Language Model Notices of Privacy Practices published on 2/13/14
CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports published on 2/3/14; and
Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) published on 1/7/14.

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

For Help With Investigations, Policy Review & Updates Or Other Needs

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

Small Smiles Dental Centers Excluded As Federal Health Program Provider For 5 Years

April 4, 2014

Yesterday’s announcement of the exclusion of the operator and manager of the national dental chain, Small Smiles Dental Centers, from exclusion in Medicaid, Medicare and other federal health programs highlights the risks health care providers run by failing to comply with a Corporate Integrity Agreement.

Daniel R. Levinson, Inspector General of the U.S. Department of Health and Human Services, announced April 3, 2014 that the operator and manager of the Small Smiles Dental Centers, CSHM, LLC (formerly known as FORBA Holdings and Church Street Health Management (CSHM), has signed an Exclusion Agreement that bars CSHM from participating in Medicare, Medicaid, and all other Federal health care programs for 5 years. Small Smiles Dental Centers provides services primarily to children on Medicaid.

Mr. Levinson said that this exclusion “makes clear to the provider community that OIG closely monitors our CIAs, critically evaluates providers’ representations and certifications, and will pursue exclusion actions against providers that fail to abide by their integrity agreement obligations.”

According to the announcement, the exclusion is based on CSHM’s alleged material breaches of its Corporate Integrity Agreement (CIA) with the Office of Inspector General (OIG).

CSHM’s corporate predecessor entered into the CIA in 2010, as part of the resolution of a False Claims Act case involving allegations that the company had provided dental services to children on Medicaid that were medically unnecessary or failed to meet professionally recognized standards of care.

On March 7, 2014, OIG issued a Notice of Exclusion to CSHM based upon numerous material breaches of its obligations under the CIA. CSHM failed to report serious quality-of-care reportable events, take corrective action, or make appropriate notifications of those events to the State dental boards as required by the CIA, OIG found. CSHM also failed to implement and maintain key quality-related policies and procedures, comply with internal quality and compliance review requirements, properly maintain a log of compliance disclosures, and perform training as required by the CIA. Finally, CSHM submitted a false certification from its Compliance Officer regarding its compliance with CIA obligations.

This exclusion marks the culmination of a series of alleged failures by CSHM and its corporate predecessors to comply with its CIA. Under the CIA, an independent quality monitor conducted more than 90 site visits and reviews to monitor CSHM’s compliance. Since the 2010 settlement, OIG repeatedly cited CSHM and took actions to address those violations, promote improved compliance, and maintain access to care for an underserved population. These actions included imposing financial penalties and forcing the divestiture of one of the company’s clinics.

Despite these actions, CSHM remained in material breach of its CIA and OIG issued Notices of Intent to Exclude to the company in December 2013 and January 2014. In such cases, providers get the chance to show OIG that they have cured, or are in the process of curing, the material breaches. CSHM represented to OIG that it would cure the material breaches. However, through meetings with CSHM and its Board of Directors and review of its written submissions, OIG determined that CSHM had failed to cure the material breaches and proceeded with the exclusion.

CSHM disputed OIG’s determination that it was in material breach of the CIA. However, under the Exclusion Agreement, CSHM now has waived its objections to these findings.

To minimize immediate disruption of care to the hundreds of thousands of children treated at CSHM clinics and to enable an orderly, controlled shutdown of the company or divestiture of its assets, the exclusion takes effect September 30, 2014. CSHM waived its right to appeal this exclusion in any judicial forum.

Until the exclusion goes into effect on September 30, 2014, an independent monitor will continue to monitor the quality of care being provided to patients at CSHM clinics. CSHM is required to inform patients at least 30 days before closing a clinic. CSHM is also required to keep State Medicaid agencies abreast of developments and provide monthly status reports to OIG. Any divestiture of assets by CSHM must be through bona fide, arms-length transactions to an entity that is not related to or affiliated with CSHM.

Beyond the implications for Small Smiles Dental Centers, the announced exclusion carries important implications for other health care providers. First, of course, the exclusion means that Small Smiles Dental Centers and CSHM as excluded providers are ineligible for hiring by other providers participating in Medicare or other Federal Health Programs. Second, the exclusion also highlights the advisability for other providers covered by CIAs not only to see to comply with their CIA and in the event the OIG questions of the adequacy of that compliance to look for opportunities to work with OIG to rectify alleged concerns as cooperatively as possible unless a high degree of certainty that the provider can prove that OIG’s concerns are unfounded.

For More Information Or Assistance

Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Federal Health Program Exclusion, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

APDerm To Pay $150k To Settle 1st HIPAA Breach Rule Charges

December 27, 2013

A new settlement agreement announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows health plans, health care providers, health care clearinghouses and their business associates the perils of failing to properly implement the necessary policies and procedures to comply with the breach notification requirements added to the Health Insurance Portability & Accountability Act of 1996 (HIPAA) added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).

APDerm Settlement Overview

Private dermatology practice, Adult & Pediatric Dermatology, P.C., (APDerm) has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. The APDerm Settlement marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

According to its December 26, 2013 announcement of the settlement, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The APDerm settlement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. It joins the growing list of settlement or resolution agreements under HIPAA announced by OCR.

The APDerm also is notable both as it settles the first ever charges against a covered entity for failing to adopt required Breach Notification policies and procedures and the relatively most settlement payment required in comparison to other announced settlement. Other settlements have been significantly higher. For instance, OCR required that Blue Cross Blue Shield of Tennessee (BCBST) to pay $1.5 million to resolve HIPAA violations charges.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s audit, investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, evolving rules and technology, and other developments to determine if additional steps are necessary or advisable. For tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: Breach Notification, DOJ, Health Care, Health Care Fraud, HIPAA, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Reminder To Follow Confidentiality, Due Process When Conducting Peer Revew & Credentialing

December 16, 2013

Hospitals, physicians, health plans and others participating in credentialing and peer review activities need to use care to ensure that they and others involved in these matters understand and comply with the confidentiality requirements of the Health Care Quality Improvement Act and similar state laws.

Hospitals and their medical staffs, physician and other practice groups and other health care organizations commonly require or query the National Practitioner Data Bank (NPDB) established under HCQIA and other sensitive professional and personal when checking the backgrounds and credentials of physicians seeking admission to the medical staff, employment, staff privileges, participation in provider panels or other positions. These health care organizations and providers also frequently may receive inquiries from other health care providers or organizations seeking information about a provider who is applying for admission, employment or other status. Finally, medical staffs, practices and other health care organizations from time to time may conduct credentialing, peer review or other disciplinary activities, or quality assurance reviews that may involve the discussion of information about the conduct, quality, discipline or other credentials and qualifications of current or former physicians at their own or another health care organization.

The investigation or discipline of a physician and certain other information regarding potential performance or credentialing concerns about a physician or other health care worker often by necessity involves the receipt, sharing, or use of sensitive professional or personal information with credentialing, management, medical staff leadership or others involved in the investigation, review or process. When participating in any of these activities, all parties involved in the activities or providing input or participation in their conduct need to understand and be required to comply fully with all applicable confidentiality and privacy requirements. While participants in these processes often may feel great temptation to circumvent formal processes in the name of expediency, to share sensitive insight with special relationships or other inducements to cut corners on confidentiality, the participants in these activities and the organizations conducting the activities should take all necessary steps to ensure that the participants carefully comply with the confidentiality and privacy requirements and only obtain and share information as allowed by and in accordance with the procedures established by these rules.

The background check rules of the Fair Credit Reporting Act (FCRA) generally require that health care organizations, as well as other businesses, conducting background check or other investigations using third party data or investigators comply with the notice, consent and disclosures of the FCRA. Parties requesting or providing information as part of a credentialing, peer review or other investigation should ensure that the necessary disclosures, notices and consents have been obtained before requesting or sharing information. The fulfillment of these requirements should not be assumed as experience demonstrates that these requirements are commonly overlooked by many health care and other organizations engaged in these activities.

In addition to meeting the FCRA, HCQIA, most state peer review, and medical staff bylaws generally require that credentialing, peer review, quality assurance, and other performance and discipline activities be conducted in accordance with carefully prescribed rules, including specific requirements concerning the protection of the confidentiality of information about a provider. While relatively rare, violation of HCQIA’s confidentiality rules can create significant liability. For instance, after it self-disclosed conduct to the Department of Health & Human Services Office of Inspector General (OIG), The Queen’s Medical Center (QMC), Hawaii, agreed to pay $150,500 in civil money penalties for allegedly violating the NPDB in 2009.

Beyond the rare sanctions under HCQIA, failing to following the rules of HCQIA and state laws can undermine the defensibility of peer review and credentialing decisions by undermining the ability of participants in the process to rely upon the peer review privilege to protect deliberations and discussions conducted in connection with the peer review and credentialing process from discovery, as well as by providing evidence of bad faith, malice or other bad motivation or acts corrupted the process and determination. Beyond hurting the defensibility of the credentialing and peer review process, violations of confidentiality or other procedures often also give rise to antitrust, defamation, invasion of privacy, tortious interferences, and other damage claims by physicians who feel their ability to practice and reputations have been injured by alleged improper conduct in connection with a peer review, credentialing or quality assurance process.

Beyond avoiding giving rise to claims by the targeted physician or other health care provider, all participants in these processes also need to use care to properly protect any individually identifiable patient information. Records and information about a patient, his medical condition, payment history and other related patient data and information often involved in these activities typically qualifies as personal health information, the use, access, and disclosure of which is restricted by the Privacy Rules of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state common law, HIPAA and other medical records privacy and confidentiality laws. In addition to the specific requirements of HIPAA and other medical information privacy laws, patient financial information and certain other sensitive information also may be protected by a broad range of federal and state laws protecting personal financial and other sensitive personal information, contractual rights created by privacy policies of the organizations involved or other laws.

Conducting proper credentialing, peer review and quality assurance activities is a critical aspect of the hiring and oversight of physicians and others providing care. As important as these requirements are, health care providers and organizations participating in these activities need to remember that the physicians who are subjected to these requirements also enjoy confidentiality, due process and other legal protections, which can create significant liability when violated. Consequently, health care organizations, physicians and members of management, and other staff and participants should use care to follow the proper procedures to ensure that physician rights to confidentiality, due process and other protections are honored as these activities are conducted.

Using care when discussing these concerns is equally important for a physician or other health care provider who is the subject of an investigation, credentialing, peer review, quality assurance or other activity. While a physician whose personal or professional conduct or credentials are questioned understandably feels a strong urge to defend him or herself through a campaign of communication or other actions, physicians on the receiving end also need to follow the process and restrict their discussions.

Cynthia Marcotte Stamer, for additional information or representation.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: CMS, compensation, DOJ, E-Prescribing, Fee Schedule, Health Care, Health Care Fraud, Home Care, home health, medical expense, Medicare, Medicare Fraud, mileage reimbursement, Minimum Wage, nurses, OIG, Overtime, Physician, physician compensation, Physician Fee Schedule, Provider, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

CMS Gives Providers Facing Fee Schedule Reduction For Unsuccessful EPrescribing Can Request Review Until 2/28

December 16, 2013

Physicians and other eligible professionals and group practices (who self-nominated for the 2012 and/or 2013 Electronic Prescribing (eRx) group practice reporting option) who were unsuccessful electronic prescribers under the 2012 or 2013 eRx Incentive Program can expect to receive notification from the Centers for Medicare & Medicaid Services (CMS) plans that CMS will have their 2014 eRx payment adjusted to 98.0% of his or her otherwise applicable Medicare Part B physician fee schedule (PFS) allowed charges amount for the specified services for all charges with dates of service from January 1–December 31, 2014.

Providers receiving these notices may wish to request a review of this planned adjustment under an informal review process for the 2014 eRx payment adjustment implemented by CMS. An informal review may be requested if the eligible professional or group practice receives notification from CMS confirming they will be subject to the 2014 eRx payment adjustment or they did not meet the requirements to avoid the 2014 eRx payment adjustment. CMS will accept nformal review requests through February 28, 2014.

Eligible professionals and group practices should submit their eRx informal review request via email to the informal review mailbox at eRxInformalReview@cms.hhs.gov.

Complete instructions on how to request an informal review are available in the 2014 eRx Payment Adjustment Informal Review Made Simple educational document.

Physicians or other health care providers who have questions about these or other e-prescribing or reimbursement concerns may contact the author of this update, Cynthia Marcotte Stamer, for additional information or representation.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: CMS, compensation, DOJ, E-Prescribing, Fee Schedule, Health Care, Health Care Fraud, Home Care, home health, medical expense, Medicare, Medicare Fraud, mileage reimbursement, Minimum Wage, nurses, OIG, Overtime, Physician, physician compensation, Physician Fee Schedule, Provider, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Update Mileage Reimbursement Policies, Communications For IRS 2014 Mileage Rates

December 10, 2013

Health care organizations should review the updated optional standard mileage rates and maximum standard automobile costs for purposes of claiming certain automobile allowances during 2014 recently released by the Internal Revenue Service (IRS) to determine and make the necessary arrangements to communicate and implement any changes in the rates that their business plans to use to reimburse employees and others for mileage. In addition, health care organizations also may want to consider sharing information about the updates to medical expense mileage reimbursement rates and other aspects of those rules in newsletters or other marketing communications to help empower those patients and their families to understand and use the new rates and rules to properly claim deductions that their families qualify for on their 2014 tax return for mileage incurred traveling for medical care.

Notice 2013-80, which is scheduled for official publication in Internal Revenue Bulletin 2013-52 on December 23, 2013, provides the optional 2014 standard mileage rates for taxpayers to use in computing the deductible costs of operating an automobile for business, charitable, medical or moving expense purposes. This notice also provides the amount taxpayers must use in calculating reductions to basis for depreciation taken under the business standard mileage rate, and the maximum standard automobile cost that may be used in computing the allowance under a fixed and variable rate (FAVR) plan. The IRS released an advanced copy of the Notice on December 6, 2013.

Many health care organizations reimburse doctors, management, home health, sales and marketing or other employees and other service providers for mileage and other automobile expenses under policies that use these IRS standard rates to calculate the reimbursement amounts. Reimbursement of employees based on these rate is not required. Because reimbursements in excess of the standard rates can create income tax recordkeeping and reporting challenges for the employer, the employee or both, however, most businesses use standard mileage reimbursement rates set at or below the IRS optional standard rates. Businesses facing financial or other challenges may want to reevaluate whether to continue to reimburse mileage and if so, the rate of reimbursement to use to do so.

When communicating with employees about the businesses’ policies for reimbursing business and moving expense mileage, businesses should take care to ensure that employees understand differences in the mileage reimbursement rates that apply to different categories of expenses. As an added service to employees, many human resources departments also may want to consider alerting employees to consult their tax advisor or take other steps to properly understand and retain documentation of mileage not only for business expense reimbursement, but also medical and moving purposes. The availability of this information can be helpful to empower workers and their families to understand and take proper advantage of rules for deducting these expenses even when the employer or its health plan does not reimburse the employee for the expenses.

In addition to reimbursements for workers, businesses also should consider the potential effects of the adjustments in the IRS optional standard mileage rates on the amounts they may bill their customers for mileage expenses as well as the amount that they should expect that their vendors and service providers may bill the business for mileage expenses under contracts that provide for reimbursement of those expenses. Businesses whose contracts with vendors or customers provide for reimbursement of mileage expenses using rates based on the IRS’ optional standard mileage rates should evaluate the effect of the announced adjustments on those mileage obligations to ensure that mileage expenses are properly anticipated, billed and paid.

Beyond dealing with their own policies for reimbursement and billing for mileage, many health care organizations may want to consider sharing information about the 2014 medical mileage reimbursement rates announced by the IRS with patients and their families. Many patients and their families may qualify to claim deductions for mileage for medical travel under IRS rules, but may not be aware of the adjusted rates or the proper procedures for identifying and documenting their medical mileage. While often negligible for families who are not suffering major illness requiring extensive commuting or travel, patients with chronic or serious medical conditions often can benefit from claiming these deductions properly. Communicating the new rates and other tips for keeping records and claiming the mileage deduction could be a significant and valued service to aid these families.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: compensation, DOJ, Health Care, Health Care Fraud, Home Care, home health, Hospital, medical expense, Medicare Fraud, mileage reimbursement, Minimum Wage, nurses, OIG, Overtime, Physician, physician compensation, Provider, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Doc Sentenced to 15 Years for Health Care Fraud

November 16, 2013

Dr. Anthony Stevens Chase faces a 15 month sentence and must pay $360,293 in restitution after pleading guilty to two health care fraud counts.

On October 21, 2011, Jase pled guilty to two counts of health care fraud before Judge James J. Brady, for involvement in two nearly identical schemes to defraud Medicare.

The first conviction arose from Jase’s association Baton Rouge-based company Lobdale Medical Services, which was owned by Beatrice and Young Anyanwu. As part of the scheme to defraud, Sandra Parkman Thompson and others procured the names and personal information of Medicare beneficiaries in and around the New Orleans area and delivered these names to Jase, who then signed false and fraudulent prescriptions for power wheelchairs and other durable medical equipment for which the Medicare beneficiaries had no medical need. Thompson later delivered the fraudulent prescriptions to the Anyanwus, who submitted claims to Medicare through Lobdale Medical Services for the medically unnecessary equipment. The total billings to Medicare by Lobdale Medicare Services exceeded $1,000,000.

The second conviction arose from JASE’s involvement with a New Orleans-based durable medical equipment company known as Psalms 23-DME, which also paid Thompson to deliver prescriptions for wheelchairs and other durable medical equipment. Jase wrote prescriptions for beneficiaries whom he had never seen and who had no need for the equipment prescribed them. As a result, Psalms 23-DME billed Medicare for claims totaling $230,963 using JASE’s provider number.

Beatrice and Young Anyanwu pled guilty to the health care fraud scheme to defraud Medicare as well as the illegal remuneration conspiracy on August 14, 2012. Theywere sentenced February 1, 2013. Sandra Parkman Thompson was convicted after a jury trial on August 20, 2012. She was sentenced on March 14, 2013.

The investigation of Jase was conducted by the Department of Health and Human Services, Office of Inspector General, the Federal Bureau of Investigation, and the Louisiana Department of Justice. Announcing the sentence, acting U.S. Attorney Walt Green stated, “This case is a great example of how federal and state law enforcement work together on a daily basis to stamp out health care fraud by doctors and others who abuse our health care system in our state.”

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

DOL Extends Minimum Wage, Overtime Protections To Home Care Workers

September 18, 2013

Health care and other parties employing or otherwise engaging the services of home care workers should review and update their policies and practices for scheduling, tracking hours worked and paying these workers to ensure that they comply by January 1, 2015 with a new final rule announced by the U.S. Department of Labor’s Wage and Hour Division today (September 18, 2013). Today’s announcement of the regulatory changes means employers of home care workers can expect to see costs rise and also will join most other U.S. businesses that must worry about getting caught in minimum wage and overtime enforcement traps.

Under the new final rule, the Labor Department extends the Fair Labor Standards Act’s minimum wage and overtime protections to most of the nation’s direct care workers who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities beginning January 1, 2015.

The new final rule generally will require that the approximately two million home care workers such as home health aides, personal care aides, and certified nursing assistants will qualify for minimum wage and overtime. Employers engaging these services also generally will need to keep records and comply with other FLSA requirements with respect to these workers as well.

In anticipation of the rollout of these new protections, the Labor Department is kicking off a public outreach campaign to educate home care workers and their employers about the rule change. The Department will be hosting five public webinars during the month of October and has created a new, dedicated web portal here with fact sheets, FAQs, interactive web tools, and other materials.

The Labor Department’s focus on home workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks.

New Home Care Worker Rules Effective January 2015

The impending change in the treatment of home care workers is part of a larger commitment by the Obama Administration to both expansion and enforcement of the FLSA’s minimum wage and overtime provisions, and a specific program targeting employers in health care and related services industries.

The Obama Administration since taking office has conducted an aggressive campaign seeking to significantly increase the minimum wage under the FLSA and expand other protections. Along with this proactive regulatory agenda, the Obama Administration also specifically is aggressively targeting health care and other caregiver businesses in its enforcement and audit activities. See, e.g. Home health care company in Dallas agrees to pay 80 nurses more than $92,000 in back wages following US Labor Department investigation; US Department of Labor secures nearly $62,000 in back overtime wages for 21 health care employees in Pine Bluff, Ark.; US Department of Labor initiative targeted toward increasing FLSA compliance in New York’s health care industry; US Department of Labor initiative targeted toward residential health care industry in Connecticut and Rhode Island to increase FLSA compliance; Partners HealthCare Systems agrees to pay 700 employees more than $2.7 million in overtime back wages to resolve U.S. Labor Department lawsuit; US Labor Department sues Kentucky home health care provider to obtain more than $512,000 in back wages and damages for 22 employees; and Buffalo, Minn.-based home health care provider agrees to pay more than $150,000 in back wages following US Labor Department investigation.

Violation of wage and hour laws exposes health care and other employers to significant back pay awards, substantial civil penalties and, if the violation is found to be willful, even potential criminal liability. Because states all have their own wage and hour laws, employers may face liability under either or both laws. Coupled with these and other enforcement efforts against health and other caregiver businesses, today’s announcement reflects enforcement risks will continue to rise for employers of home care workers.

In light of the proposed regulatory changes and demonstrated willingness of the Labor Department and private plaintiffs to bring actions against employers violating these rules, health care and others employing home care workers should take well-documented steps to manage their risks. These employers should both confirm the adequacy of their practices under existing rules, as well as evaluate and begin preparing to respond to the proposed changes to these rules. In both cases, employers of home care or other health care workers are encouraged to critically evaluate their classification or workers, both with respect to their status as employees versus contractor or leased employees, as well as their characterization as exempt versus non-exempt for wage and hour law purposes. In addition, given the nature of the scheduled often worked by home care givers, their employers also generally should pay particular attention to the adequacy of practices for recordkeeping.

Enforcement Against Other Industries Shows Risks

Of course, the home care and health care industry are not the only industries that need to worry about FLSA enforcement. The Obama Administration is very aggressive in its enforcement of wage and hour and overtime laws generally. For instance, First Republic Bank recently paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions. The Labor Department announced the settlement resulting in the payment on November 27, 2012. The settlement resulted from an investigation by the Labor Department that found the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.

The FLSA requires that covered, nonexempt employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.

While the FLSA provides an exemption from both minimum wage and overtime pay requirements for individuals employed in bona fide executive, administrative, professional and outside sales positions, as well as certain computer employees, job titles do not determine the applicability of this or other FLSA exemptions. In order for an exemption to apply, an employee’s specific job duties and salary must meet all the requirements of the department’s regulations. To qualify for exemption, employees generally must meet certain tests regarding their job duties and be paid on a salary basis at not less than $455 per week.

Investigators found that First Republic Bank failed to consider the FLSA’s criteria that allow certain administrative and professional employees to be exempt from receiving overtime pay. In fact, the employees were entitled to overtime compensation at one and one-half times their regular rates for hours worked over 40 in a week. Additionally, the bank failed to include bonus payments in nonexempt employees’ regular rates of pay when computing overtime compensation, in violation of the act. Record-keeping violations resulted from the employer’s failure to record the number of hours worked by the misclassified employees.

“It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”

FLSA Violations Generally Costly; Enforcement Rising

The enforcement record of the Labor Department confirms that employers that improperly treat workers as exempt from the FLSA’s overtime, minimum wage and recordkeeping requirements run a big risk. The Labor Department and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers. Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay. In an effort to further promote compliance and enforcement of these rules, the Labor Department is using smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers. As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the Labor Department and private litigation.

Employers Should Strengthen Practices For Defensibility

To minimize exposure under the FLSA, employers should review and document the defensibility of their existing practices for classifying and compensating workers under existing Federal and state wage and hour laws and take other actions to minimize their potential liability under applicable wages and hour laws. Steps advisable as part of this process include, but are not necessarily limited to:

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

Because of the potentially significant liability exposure, employers generally will want to consult with qualified legal counsel before starting their risk assessment and assess risks and claims within the scope of attorney-client privilege to help protect the ability to claim attorney-client privilege or other evidentiary protections to help shelter conversations or certain other sensitive risk activities from discovery under the rules of evidence.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

1 Comment | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Employer, Fair Labor Standards Act, FLSA, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

55 Hospitals To Pay $35M+ To Settle FCA Claims Charges On Kyphoplasty Procedures

July 6, 2013

Whistleblowers Played A Big Role, Collectively Will Receive $5.5 Million From Settlement Proceeds

Fifty-five hospitals in 21 states will pay a total of more than $34 million to settle Justice Department allegations that the health care facilities submitted false claims to Medicare for a minimally-invasive procedure used to treat certain spinal fractures that often are due to osteoporosis known as “kyphoplasty.”

The settlement stems from charges by the Justice Department and Department of Health & Human Services (HHS) Office of Inspector General (OIG) that the settling hospitals frequently billed Medicare for performing kyphoplasty procedures on the more costly inpatient basis, rather than an outpatient basis, in order to increase their Medicare billings when the kyphoplasty could have been performed safely and effectively as an outpatient procedure without any need for a more costly hospital admission.

With the settlements announced July 1, the Justice Department says it has now reached settlements with more than 100 hospitals totaling approximately $75 million to resolve allegations that they mischarged Medicare for kyphoplasty procedures. Justice Department officials credited whistleblowers with helping it to identify the charged misconduct in virtually all of the cases. They collectively will receive an estimated $5.5 million of the total of $34 million to be paid under the settlements.

55 Settlements Impact Systems & Providers Across The Nation

According to the Justice Department’s July 1 announcement of the settlements, the settling facilities, and the amounts they have agreed to pay, include 23 hospitals affiliated with HCA Inc., Nashville, TN, who have agreed to pay a total of $7,145,842.72. These include:

Aventura Hospital & Medical Center, Aventura, FL
Capital Regional Medical Center, Tallahassee, FL
Coliseum Medical Center, Macon, GA
Coliseum Northside Hospital, Macon, GA
Conroe Regional Medical Center, Conroe, TX
Denton Regional Medical Center, Denton, TX
Doctors Hospital of Sarasota, Sarasota, FL
Edmond Regional Medical Center, Edmond, OK
Fawcett Memorial Hospital, Port Charlotte, FL
Fort Walton Beach Medical Center, Fort Walton Beach, FL
Garden Park Medical Center, Gulf Port, MS
JFK Medical Center, Atlantis, FL
Los Robles Regional Medical Center, Thousand Oaks, CA
North Florida Regional Medical Center, Gainesville, FL
Northlake Medical Center, Tucker, GA
Oklahoma University Medical Center, Oklahoma City, OK
Palmyra Medical Center, Albany, GA
Redmond Regional Medical Center, Rome, GA
Southwest Florida Regional Medical Center, Fort Myers, FL
St. Lucie Medical Center, Port Saint Lucie, FL
Summit Medical Center, Hermitage, TN
Sunrise Hospital & Medical Center, Las Vegas, NV
Wesley Medical Center, Wichita, KS

Also 6 hospitals affiliated with Lifepoint Hospitals, Inc., Brentwood, TN, have agreed to pay a total of $2,522,502.69. These include:

Andalusia Regional Hospital, Andalusia, AL
Jackson Purchase Medical Center, Mayfield, KY
Lake Cumberland Regional Hospital, Somerset, KY
Minden Medical Center, Minden, LA
Russellville Hospital, Russellville, AL
Western Plains Medical Complex, Dodge City, KS

Also, 5 hospitals affiliated with Trinity Health, Livonia, MI, have agreed to pay a total of $3,910,017.53. These include:

Mercy Medical Center, – Dubuque, Dubuque, IA
Mercy Medical Center – Sioux City, Sioux City, IA
St. Joseph Mercy Hospital, Pontiac, MI
Mercy Health Partners, Muskegon, MI
Mount Carmel New Albany Surgical Hospital, New Albany, OH

Justice Department officials also report that 4hospitals affiliated with Morton Plant Mease BayCare Health System, Clearwater, FL, have agreed to pay a total of $2,378,325.45. These include:

Morton Plant Hospital, Clearwater, FL
Morton Plant North Bay Hospital, New Port Richey, FL
Mease Dunedin Hospital, Dunedin, FL
Mease Countryside Hospital, Safety Harbor, FL

Justice Department officials also say 3 hospitals affiliated with Baptist Memorial Health Care Corporation, Memphis, TN, have agreed to pay a total of $691,168. These are:

Baptist Memorial Hospital-Golden Triangle, North Columbus, MS
Baptist Memorial Hospital-Collierville, Collierville, TN
Baptist Memorial Hospital-Memphis, Memphis, TN

In addition, Justice Department officials say 2 hospitals affiliated with Covenant Health, Knoxville, TN, have agreed to pay a total of $1,845,641.74. These are Parkwest Medical Center in Knoxville, TN and Methodist Medical Center of Oak Ridge in Oak Ridge, TN.

Meanwhile, 2 hospitals affiliated with Bayhealth Medical Center, Newark, DE, also reportedly have agreed to pay a total of $1,115,306.37. These are Bayhealth Kent General Hospital, Dover, DE and Bayhealth Milford Memorial Hospital, Milford, DE.

In addition to these hospitals, the following facilities have agreed to pay the following settlements:

Atrium Medical Center, Middletown, OH, has agreed to pay $4,232,992.50
Altru Health System, Grand Forks, ND, has agreed to pay $1,492,690
Cedars Sinai Medical Center, Los Angeles, CA, has agreed to pay $1,485,846
Des Peres Hospital, St. Louis, MO, has agreed to pay $900,000
Mount Sinai Medical Center, Miami, FL, has agreed to pay $1,846,194.00
New England Baptist Hospital, Boston, MA, has agreed to pay $374,814.48
St. Anne’s Hospital, Fall River, MA, has agreed to pay $552,745
The Queen’s Medical Center, Honolulu, HI, has agreed to pay $1,055,249.57
Trover Health System, Madisonville, KY, has agreed to pay $1,162,837
Wayne Memorial Hospital, Goldsboro, NC, has agreed to pay $1,250,000.

In addition to today’s settlement, the government previously settled with Medtronic Spine LLC, the corporate successor to Kyphon Inc., for $75 million to settle allegations that the company defrauded Medicare by counseling hospital providers to perform kyphoplasty procedures as inpatient rather than outpatient procedures.

According to Tom O’Donnell, Special Agent in Charge of the Office of Investigations of the HHS-OIG New York Regional Office, “The settlements related to kyphoplasty billing that have been reached with over 100 hospitals represent one of the largest and most successful multi-party health care investigations in the nation.”

While these settlements relate specifically to kyphoplasty procedures, they send a message impacting all procedures and practice areas that they risk OIG and/or Justice Department prosecution if procedures are performed in a most costly manner to increase reimbursement which is not medically necessary. Justice Department officials warned health care providers that Justice and OIG will act “Whenever hospitals knowingly overcharge Medicare, critically needed resources are wasted and health costs are driven up.”

Whistleblower Involvement Played Big Role

As in other recently announced settlement agreements, see e.g., Whistleblower Collects $2.7 M of $14.5M Sound Inpatient Physicians Overbilling Settlement, whistleblower involvement played a key role in helping OIG and Justice to identify and prosecute the alleged misconduct.

According to the Justice Department, all but four of the settling facilities announced today were named as defendants in a qui tam, or whistleblower, lawsuit brought under the False Claims Act, which permits private citizens to bring lawsuits on behalf of the United States and receive a portion of the proceeds of any settlement or judgment awarded against a defendant. The lawsuit was filed in federal district court in Buffalo, N.Y., by Craig Patrick and Charles Bates. Mr. Patrick is a former reimbursement manager for Kyphon, and Mr. Bates was formerly a regional sales manager for Kyphon in Birmingham, Ala. The whistleblowers will receive a total of approximately $5.5 million from the settlements.

Mitigate Risks With Effective Oversight of Both Documentation & Operations

As Acting Assistant Attorney General for the Civil Division Stuart F. Delery noted in the settlement announcement. “Physicians who participate in Medicare and other federal health care programs must document and bill for their services accurately and honestly.” With qui tam and other whistleblower participation, the Justice Department, HHS and other federal and state fraud investigators go beyond merely challenging whether the medical record documentation supports the charges billed to question whether the medical record itself accurately reflects the care in fact delivered by relying upon testimony of employees or other “insiders” often with an axe to grind against the provider.

To mitigate these exposures, health care providers clearly should work diligently both to ensure that their billing and other compliance programs accurately, honestly and completely document the care provided and code and bill for those services in accordance with the currently applicable federal program rules. While these compliance and risk management programs are indispensable components of any effective health care fraud compliance program, health care providers also should recognize that the effectiveness of their health care fraud and other compliance program also may depend on the effectiveness of their operational and workforce oversight and management. Along with effective billing and other fraud detection and compliance programs, providers also need effective medical quality and records documentation, provider and workforce performance and management, investigations and other management programs.

As a key element of these activities, providers should constantly be on watch for evidence of gaps between the medical and billing documentation and the factual realities looking at broad range of sources. Providers should target these activities to cover both specific medical documentation, coding and care, and other operational indicators that could show a problem. With qui tam and other whistleblower claims rising, however, providers should keep in mind that mere auditing of records and billing patterns alone often fails to uncover key evidence of potential concerns.

To help identify potential areas of scrutiny, providers should carefully monitor and examine the adequacy of their compliance and risk management agreements against corporate integrity agreements with other providers who have reached settlements with the Department of Justice, HHS Office of Inspector General or other agencies like the TranS1 Inc. Corporate Integrity Agreement .

Health care providers also should take into account a plethora of other potential indicators including but not limited to peer review and quality assurance data, deficient as well as inexplicably exceptional medical record or other record keeping documentation, hotline, exist interview and other workforce feedback, disagreements among providers in patterns of care, political and interpersonal differences, and a host of other indicators that could show a valid compliance concern or a developing hostility that could become the incentive for a whistleblower or other complaint. Providers should document these and other efforts to investigate, monitor and redress potential concerns In addition, providers also should guard against qui tam, retaliation and other claims by ensuring that their human resources, peer review, credentialing, background and other investigations, privacy and other operational activities are designed, documented to be both legally compliant and defensible.

For More Information Or Assistance

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Conditions of Participation, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: false claims act, HEAT, Hospitals, Medicaid Fraud, Medicare Fraud, Overbillng, Physicians, qui tam, Upcoding | Permalink
Posted by Cynthia Marcotte Stamer

Whistleblower Collects $2.7 M of $14.5M Sound Inpatient Physicians Overbilling Settlement

July 6, 2013

Former employee-turned Whistleblower Craig Thomas will collect $2.7 million out of the $14.5 million settlement that Sound Inpatient Physicians Inc. (SIP) will pay $14.5 million to settle allegations that it overbilled Medicare and other federal health care programs under a settlement announced by the Justice Department on July 3, 2013. The SIP announcement comes the same day the Justice Department announced medical device manufacturer TranS1 Inc., now known as Baxano Surgical Inc., will pay $6 million to resolve whistleblower-prompted FCA allegations that TranS1 Inc. caused health care providers to submit false claims to Medicare and other federal health care programs for minimally-invasive spine surgeries.

Both the SIP and TranS1 Inc. charges and settlement clearly show the ever-growing risk of Justice Department prosecution that providers face when billing Medicare or other government programs for care beyond the level delivered and documented in the medical record. The litigation and resulting settlement also show the too-often underappreciated rule that employees, vendors and other whistleblowing insiders increasingly play in the initiation and success of these prosecutions and how they impact the ability of providers charged with fraud to prove they have billed Medicare or other federal health plans accurately and honestly for services actually delivered in the manner documented in the record and in accordance with applicable Federal program rules.

To mitigate these exposures, health care providers both should strengthen their health care medical record documentation, billing and other fraud and compliance programs and their employee, vendor and other workforce relations and management processes.

Former SIP Employee’s Qui Tam Claim Prompted Suit

The settlement resolves charges that SIP fraudulently inflated billings to government programs brought in U.S. ex rel. Craig Thomas v. Sound Inpatient Physicians, Inc. and Robert A. Bessler, Civil Action No. C09-5301RBL (W.D. Wash.) that initially came to the government’s attention through a lawsuit filed by former SIP employee, Craig Thomas, under the qui tam, or whistleblower, provisions of the False Claims Act (FCA). The FCA allows private citizens to bring civil actions on behalf of the government and share in any recovery. Thomas will receive $2.7 million of the $14.5 million settlement for exposing Sound Physicians’ inflated claims.

In the lawsuit, the Justice Department alleged that SIP, a Tacoma, Washington-based employer of more than 700 hospitalists and post-acute physicians at 70 hospitals and a growing network of post-acute facilities in 22 states, between 2004 and 2012, knowingly submitted inflated claims to federal health benefits programs for its hospitalist employees for higher and more expensive levels of service than documented by hospitalists in patient medical records.

The SIP civil settlement illustrates the growing reliance on whistleblowers and other FCA tools by the Federal government in its rising campaign against false claims and other health care fraud by physicians, hospitals and other health care providers under the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative announced in May 2009 by Attorney General Eric Holder and Health and Human Services (HHS) Secretary Kathleen Sebelius. Since January 2009, the Justice Department claims to have recovered a total of more than $14.7 billion through FCA cases, with more than $10.7 billion of that amount recovered in cases involving fraud against federal health care programs.

TranS1 Inc. Whistleblower Gets $1M+ Out of $6M Settlement

Whistleblower claims also prompted the charges and settlement announced against medical device manufacturer TranS1 Inc. The Justice Department announced July 3 that TranS1 Inc. has agreed to pay the United States $6 million to resolve allegations under the FCA. Whistleblower Kevin Ryan, whose qui tam claim prompted the investigation that lead to the settlement will collect $1,020,000 from the settlement.

The settlement resolves Justice Department charges developed out of the qui tam action of a former employee that TranS1 knowingly caused health care providers to submit claims with incorrect diagnosis or procedure codes for minimally-invasive spine fusion surgeries using Trans1’s AxiaLIF System. That device was developed as alternative to invasive spine fusion surgeries. The United States alleges that TranS1 improperly counseled physicians and hospitals to bill for the AxiaLIF System by using incorrect and inaccurate codes intended for more invasive spine fusion surgeries. The Justice Department alleged that, as a result, health care providers received greater reimbursement than they were entitled to for performing the minimally-invasive AxiaLIF procedures.

The Justice Department also claimed TranS1 knowingly paid illegal remuneration to certain physicians for participating in speaker programs and consultant meetings intended to induce them to use TranS1 products, in violation of the Federal Anti-Kickback Statute, 42 U.S.C. § 1320a-7b(b), and thereby caused false claims to be submitted to federal health care programs. The Anti-Kickback Statute prohibits offering or paying remuneration to induce referrals of items or services covered by federally-funded programs and is intended to ensure that a physician’s medical judgments are not compromised by improper financial incentives and are based solely on the best interests of the patient.

In addition, the Justice Department alleged that TranS1 promoted the sale and use of its AxiaLIF System for uses that were not approved or cleared by the U.S. Food and Drug Administration, including use in certain procedures to treat complex spine deformity, and which were thus not covered by federal health care programs.

“A medical device manufacturer violates the law when it advises physicians and hospitals to report the wrong codes to federal health insurance programs in order to increase reimbursement rates,” said Rod J. Rosenstein, U.S. Attorney for the District of Maryland. “Health care providers are required to bill federal health care programs truthfully for the work they perform.”

As part of the settlement, TranS1 has agreed to enter into a corporate integrity agreement with the Office of Inspector General of the Department of Health and Human Services. That agreement provides for procedures and reviews to be put in place to avoid and promptly detect conduct similar to that which gave rise to this matter.

Mitigate Risks With Effective Oversight of Both Documentation & Operations

For More Information Or Assistance

About Solutions Law Press

OIG Urges CMS To Step Up Efforts To Recover “Overpayments”

July 2, 2013

The Department of Health & Human Services (HHS) Office of Inspector General (OIG) is recommending that the Centers for Medicare & Medicaid Services (CMS) step-up efforts to collect Medicare overpayments to providers currently considered uncollectable because the provider has failed to repay overpayments identified and demanded by CMS six or more months after CMS demands repayment. The recommendations made in OIG’s Medicare’s Currently Not Collectible Overpayments Report (Report) reflect the ever-growing emphasis of HHS on reducing Medicare and other federal program costs by aggressive enforcement of Medicare and other federal regulations against providers. While CMS has not concurred with all of OIG’s recommendations in the Report, providers can expect CMS to further tighten its overpayment processes in response to these and other OIG recommendations.

According to the Report, CMS identifies billions of dollars in alleged Medicare overpayments to health care providers each year. In fiscal year (FY) 2010, overpayments totaled $9.6 billion. While CMS identifies these amounts, the Report notes that CMS does not recover all overpayments. Under CMS current accounting policies, CMS classifies overpayments for which the provider has not repaid at least 6 months after the due date on the Medicare demand letter as “currently not collectible” (CNC). CMS does not report these CNC amounts in CMS’s annual financial statements because it considers these amounts unlikely to be recovered.

The Report summaries the results of an OIG study of these CNC amounts. In the study, OIG requested details from CMS about CNC overpayments in FY 2010 and summary financial data for FYs 2007 to 2010. CMS provided most of the data from its Healthcare Integrated General Ledger Accounting System (HIGLAS). OIG also surveyed CMS and all its claims processing contractors to identify (1) hindrances to debt collection and (2) strategies to reduce the number and dollar amount of overpayments that become CNC.

According to the Report, CMS reported $543 million in new CNC overpayments across all contractors in FY 2010. However, CMS provided detailed information on $69 million in CNC overpayments for only seven contractors. Citing contractor transitions, CMS did not provide detailed data for the remaining 32 contractors. For 54 percent of CNC overpayments associated with the seven contractors, the provider type was missing in HIGLAS. For the seven contractors, 97 percent of FY 2010 CNC overpayments were not recovered. According to contractors, inaccurate provider contact information delays or prevents some overpayment demand letters from reaching providers. In addition, CMS and contractors reported that expanding the types of provider identifiers used to recover payments could improve debt collection efforts.

Based on these findings, OIG recommended that CMS should:

Ensure the HIGLAS variable for provider type is populated for all overpayments,
Ensure that demand letters are mailed to the contacts and addresses identified by the provider, and
Use tax identification numbers and provider transaction access numbers in addition to national provider numbers for the collection of overpayments.

According to OIG, CMS partially concurred with the first recommendation, did not agree with our second recommendation, and concurred with our third recommendation. Accordingly, at minimum, providers should expect that CMS will step up use of tax identification and provider transaction access numbers in tracking down and collecting overpayments demanded by OIG.

The Report is just one of a plethora of activities that OIG, CMS and other HHS agencies, alone or in conjunction with the Department of Justice and other federal and state agencies are conducting in their campaign to control Medicare and other federal program costs by targeting provider reimbursements.With health care fraud and other billing audits and enforcement rising, hospitals and other health care providers should heed these reports as continuing reminders to tighten their billing practices to ensure defensibility in the event of an audit or other enforcement action.

For More Information Or Assistance

About Solutions Law Press

OCR Makes Technical Corrections To HIPAA Omnibus Final Rule; September 2013 Enforcement Deadline Looming

June 7, 2013

The Department of Health & Human Services Office of Civil Rights (OCR) is publishing Technical Corrections (Technical Corrections) to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notifications Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Rule) previously published on January 25, 2013. The Technical Corrections will appear in the June 7, 2013 Federal Register. Physicians, hospitals, clinics and other health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates should take into account the Technical Corrections as they rush to update business associate agreements, policies, practices, training and other HIPAA compliance to comply with the Omnibus Rule changes by the September 2013 deadline.

Technical Corrections To Omnibus Rule Released

OCR published the Omnibus Rule to implement changes to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (“the HIPAA Rules”) enacted by the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”) and section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008, as well as to address public comment received on the interim final Breach Notification Rule and to other changes to the HIPAA Rules. The Technical Corrections are scheduled for publication in the Federal Register on June 7, 2013.

The Technical Corrections correct various typographical errors and other oversights in the Omnibus Regulations as originally published. While many of these corrections have limited material impact, certain corrections do have substantive implications. For instance, by correcting errors in references to other provisions of the Omnibus Regulations, the Technical Corrections clarify that the authority of OCR to extend the time pursuant to § 160.508(c)(5) for violations before February 18, 2009 also applies to violations occurring on or after February 18, 2009, as there is for violations occurring prior to February 18, 2009.

Covered Entities and their business associates will need to review and take into account the Technical Corrections as they work to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the Omnibus Rule.

Get Moving To Update HIPAA Compliance For New Omnibus Rule Requirements As Amended By Technical Corrections

Covered Entities and their business associates have a lot to accomplish between now and September to update their business associates and comply with other changes made by the Omnibus Rule by its September 2013 deadline. Among other things, the Omnibus Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the way required by the Omnibus Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Liability & Enforcement Risks Heighten Need To Act To Review & Update Policies & Practices

The restated rules in the Omnibus Rule make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements. See, e.g., OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

Coupled with statements by OCR about its intolerance, the HONI and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

All Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For More Information Or Assistance

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls. Extensively published and a popular speaker on HIPAA and other data security matters, Ms. Stamer works extensively with health care providers, health plans, employers, insurance and financial services, technology and other clients on privacy, data seurity and other privacy and cybercrime concerns. She also serves as the Scribe for the ABA JCEB Agency Techical Sessions Meetings with the Office of Civil Rights which occur each May in Washington, D.C.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Acute Care, CMS, Hospital, Medicare, PPS, Prospective Payment, Skilled Nursing, SNF | Permalink
Posted by Cynthia Marcotte Stamer

National Provider Calls: Medicare Shared Savings Program Application Process — Register Now

May 24, 2013

Medicare Fee For Service (FFS) providers and others interested in participating in Accountable Care Organizations (ACOs) should consider participating in the two National Provider Calls that the Centers for Medicare & Medicaid Services (CMS) plans to host on the Medicare Shared Savings Program (Shared Savings Program) outlined in final regulations published October 20, 2011 of the Affordable Care Act.

On Thursday, June 20, CMS subject matter experts will provide an overview and updates to the Shared Savings Program application process for the January 1, 2014 start date. A question and answer session will follow the presentations.
On Thursday, July 18, CMS subject matter experts will be available to answer questions about the Shared Savings Program and application process for the January 1, 2014 start date.

The Shared Savings Program Application web page has important information, dates, and materials on the application process. CMS encourages call participants to review the application and materials before the call.

To receive call-in information, interested participants must register for the call on the CMS Upcoming National Provider Calls registration website. Registration will close at 12pm on the day of the call or when available space has been filled. Since CMS says it will make no exceptions, interested persons should plan to register as soon as possible.

Following the conference calls, CMS plans to post the presentation on the FFS National Provider Calls web page. In addition, a link to the slide presentation will be emailed to all registrants on the day of the call.

CMS says certain continuing education credit may be awarded for participation in certain CMS National Provider Calls. Visit the Continuing Education Credit Information web page to learn more.

For More Information Or Assistance

About Solutions Law Press

Former White House Cybersecurity Coordinator Schmidt, Stamer & Others Share Key HIPAA & Other Privacy & Data Security Insights 5/21 In LA

May 3, 2013

SLP Readers Get Discount: Go to
blocked::http://securitysummitla.eventbrite.com/” href=”http://securitysummitla.eventbrite.com/” data-mce-href=”http://securitysummitla.eventbrite.com/”://securitysummitla.eventbrite.com/ and enter Promotional Code: Health_Summit_125

Former White House Cybersecurity Coordinator Howard Schmidt and Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer are two of an impressive lineup of leaders scheduled to share key HIPAA & other privacy and data security compliance and risk management strategies at the Healthcare HITECH Privacy and Security Summit at the Fifth Annual Information Security Summit on May 21 in Los Angeles. The program offers essential insights for hospitals, physicians, and other health care providers, health plans and insurers, employers and other health plan sponsors, fiduciaries and administrators, their business associates and other business partners and others on what their organizations should do to cope with the rapidly changing and expanding privacy and data security obligations of HIPAA and other federal and state laws.

With the rapidly approaching and privacy and data breach penalties and enforcement rising, health care providers, health plans, health care clearinghouses and their business associates must get moving to update business associate contracts, policies and notices and processes to meet changing HIPAA rules while managing ongoing compliance and risks.

Former Cybersecurity Coordinator Schmidt Keynotes

The Healthcare HITECH Privacy and Security Summit will bring together leaders in Privacy and Security within government and private industry for a day of collaboration, networking and presentations by leading Privacy and Security professionals sharing who HIPAA covered entities and business associates need to know to comply with new HITECH rules and OCR investigations.

Stamer Speaks On Latest HIPAA Rules & Developments

Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer will help lay the foundation for the workshop by briefing participants on changes made to HIPAA rules by the new Omnibus HIPAA Rulemaking changes that the Office of Civil Rights (OCR) plans to start enforcing in September, 2013.

Armed with the latest insights from serving as the scribe for the ABA JCEB annual agency meeting with the Office of Civil Rights (OCR), Ms. Stamer, a practicing attorney and widely published author and speaker, will discuss required changes and other recommended steps and strategies that covered entities and their business associates should take to maintain HIPAA compliance and manage HIPAA and other related risks in light of the Omnibus HIPAA Rulemaking changes, new OCR guidance for health care providers about disclosures to avert threats to health or safety, recent audit and enforcement activities and other changing risks and responsibilities including:

The latest on OCR’s regulatory guidance, audit and investigation and enforcement rules, actions and strategies and their implications on covered entities and business associates;
Changes to breach notification rules and their implications on covered entities and their business associates;
Practical implications of new rules on who is covered and their responsibilities;
Required and recommended updates to policies, business associate and other agreements, privacy notices and other HIPAA compliance arrangements;
Effective training and other risk management strategies;
Planning for, investigating and mitigating PHI privacy breaches and other compliance concerns under new rules other selected events; and
Other selected strategies for coordinating HIPAA and other privacy and data breach responsibilities and risk management; and
Participant questions.

For a complete agenda, to register, to get details on sponsorship or for other information, see here.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Border Health, Childrens Health Insurance Program, Consumer Driven Health Care, Corporate Compliance, DME, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Breach Notification, Data Breach, Data Security PHI, HIPAA, personal financial information, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

CMS Proposes To Further Tighten Medicare Provider Enrollment Rules

May 1, 2013

The proposed rule would also strengthen certain provider enrollment provisions including allowing HHS to deny enrollment of providers affiliated with an entity that has unpaid Medicare debt, deny or revoke billing privileges for individuals with felony convictions, and revoke privileges for providers and suppliers who are abusing their billing privileges.

Since provider enrollment is the gateway to Medicare, CMS routinely evaluates its provider enrollment policies, and has implemented new safeguards as a result of the Affordable Care Act. In the February 2011 final screening rule (72 FR 5862). CMS identified additional changes in enrollment policy that would increase the integrity of the Medicare program. Now, CMS is proposing include the following provisions:

Add the ability to deny the enrollment of providers, suppliers and owners affiliated with an entity that has unpaid Medicare debt. This proposal would prevent individuals and entities from being able to incur substantial debt to Medicare, leave the Medicare program and then re-enroll as a new business to avoid repayment of the outstanding Medicare debt. We are proposing that CMS would only enroll individuals or entities if they repay the debt or enter into a repayment plan, if they are otherwise eligible for the program.
Deny enrollment or revoke the billing privileges of a provider or supplier if a managing employee has been convicted of certain felony offenses. This provision ensures that CMS can block or remove bad actors from the Medicare program to protect beneficiaries and safeguard the Medicare Trust Fund.
Permit CMS to revoke billing privileges of providers and suppliers that have a pattern or practice of billing for services that do not meet Medicare requirements. This proposal is intended to address providers and suppliers that regularly submit inaccurate claims in such a way that it poses a risk to the Medicare program.
Make the effective date of billing privileges consistent across certain provider and supplier types. Most practitioners and practitioner groups may only submit bills as of the filing date of their enrollment application. CMS is proposing to eliminate ambulance suppliers’ current ability to bill for up to a year prior to enrollment in the Medicare program. CMS is also proposing to require that ambulance providers and other provider and supplier types submit any claims within 60 days of revocation of billing privileges, consistent with the requirements for practitioners and practitioner groups.

For More Information Or Assistance

About Solutions Law Press

HHS Proposes Increasing Health Care Fraud Reporting Rewards To Up To $9.9 Million

May 1, 2013

The Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) plans to increase rewards paid to Medicare beneficiaries and others whose tips about suspected fraud lead to the successful recovery of funds to as high as $9.9 million. Secretary Kathleen Sebelius announced proposed regulations that would increase the penalties on April 24. In addition, a new funding opportunity released this month supports the expansion of Senior Medicare Patrol (SMP) activities to educate Medicare beneficiaries on how to prevent, detect and report Medicare fraud, waste and abuse.

The Obama Administration has made health care fraud prosecutions and settlement a key element of its health care cost containment plan. Over the last three years, the administration claims its enforcement efforts have recovered over $14.9 billion in fraud, some of which resulted from fraud reporting by individuals.

Summary Of The SMP Incentive Reward Program Proposals

The SMP is a national, volunteer-based program that empowers Medicare beneficiaries to prevent and report Medicare fraud, waste, and abuse. Since 1997, HHS reports more than 7,000 referrals have been made to CMS and the Office of the Inspector General (OIG) for investigation since 1998.

Under the proposed changes, CMS is proposing to increase the potential reward amount for information that leads to a recovery of Medicare funds from 10 percent to 15 percent of the final amount collected. HHS currently offers a reward of 10 percent up to $1,000 under the current incentive reward program. In changes are modeled on an IRS program that has returned $2 billion in fraud since 2003, HHS proposes to increase the portion of the recovery on which CMS will pay a reward up to the first $66 million recovered – this means an individual could receive a reward of $9.9 million if CMS recovers $66 million or more.

HHS began paying rewards to individuals who reported tips that led to the recovery of funds in 1998. According to HHS, to date, HHS has recovered approximately $3.5 million as a result of this program and paid just $16,000 for 18 rewards. The proposed changes are similar to the IRS whistleblower program that has resulted in recoveries of over $2 billion since 2003.

To expand the SMP program’s capacity to reach more Medicare beneficiaries, the Administration for Community Living issued a new funding opportunity. Each of the current 54 SMP projects is eligible for varying funding levels, up to a total of $7.3 million across the program.

HHS says thhese proposed changes will support the administration’s comprehensive approach to program integrity, including the work being done with the Health Care Fraud Prevention and Enforcement Action Team, a joint effort between HHS and the Department of Justice to fight health care fraud. The Obama Administration credits this joint effort with recovering a record $4.2 billion in taxpayer dollars in fiscal year 2012.

The proposed increase in the reward for blowing the whistle on health care fraud is intended to fuel further reports by beneficiaries, workers and others of suspected health care fraud. Health care providers should share any concerns about the proposed increase in the rewards as well as review and tighten their health care fraud prevention and risk management to defend against rising exposures.

For more details, read a fact sheet on the proposed rule available here for more details.

For More Information Or Assistance

About Solutions Law Press

CMS Proposes Changes To Accute Care Hospital & Skilled Nursing Facility Propective Payment Rules

May 1, 2013

Acute care hospitals and skilled nursing facilities participating in Medicare should review proposed changes to key Medicare reimbursement rules and act quickly to share feedback on any provisions of significant concern.

The Centers For Medicare & Medicaid Services (CMS) is proposing changes to its Prospective Payment Systems and other reimbursement key reimbursement rules for Hospitals and Skilled Nursing Facilities for Fiscal Year (FY) 2014. Advance copies of the proposed rules were made available May 1.

CMS’ proposed rules on Prospective Payment System and Consolidated Billing for Skilled Nursing Facilities for FY 2014 are scheduled for official publication on May 1, 2013.

CMS’ proposed rules on Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and Long Term Care Hospital Prospective Payment System, etc. are scheduled for official publication on May 10, 2013.

Acute care hospitals and skilled nursing facilities should evaluate the implications of the proposed changes and provide relevant feedback as necessary to CMS.

For More Information Or Assistance

About Solutions Law Press

OCR Shares New Tools to Educate Consumers and Providers about HIPAA Privacy and Security

April 30, 2013

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has developed an array of new tools to educate consumers and health care providers about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Many consumers are unfamiliar with their rights under the HIPAA Privacy Rule. With that in mind, OCR has posted a series of factsheets, also available in eight languages, to inform consumers about their rights under the HIPAA Privacy Rule. These materials are available on OCR’s website here.

The fact sheets compliment a set of seven consumer-facing videos released earlier this year on OCR’s YouTube channel. An additional video, The HIPAA Security Rule, has been designed for providers in small practices and offers an overview of how to establish basic safeguards to protect patient information and comply with the Security Rule’s requirements. The videos are available on the HHS OCR YouTube Channel at here.

OCR has also launched three modules for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules, available at Medscape.org:

Patient Privacy: A Guide for Providers at here;
HIPAA and You: Building a Culture of Compliance here; and
Examining Compliance with the HIPAA Privacy Rule here.

The Medscape modules offer free Continuing Medical Education (CME) credits for physicians and Continuing Education (CE) credits for health care professionals.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Amgen Settlement Highlights Anti-Kickback Exposures From Whistleblowers, Need For Effective Compliance & Risk Management

April 22, 2013

California-based biotechnology giant Amgen, Inc. has agreed to pay $24,9 Million to resolve Justice Department False Claims Act charges that the biotechnology giant violated the False Claims Act by paying illegal kickbacks to long-term care pharmacy providers to promote the sale of its Aranesp and other products. The settlement announced by the Justice Department on April 16, 2013 is the latest in a series of settlements resulting from efforts by Federal officials to target pharmaceutical and other providers for violating federal anti-kickback and other health care fraud laws brought by the Justice Department. See Amgen to Pay U.S. $24.9 Million to Resolve False Claims Act Allegations. It highlights the growing risk of civil prosecution that pharmaceutical companies face for offering or providing prohibited kickbacks, as well as the growing role of whistleblowers in civil prosecutions under the anti-kickback law.

Amgen Settlement Highlights

The Amgen Settlement Agreement resolves Federal allegations that Amgen paid illegal kickbacks to long-term care pharmacy providers Omnicare Inc., PharMerica Corporation and Kindred Healthcare Inc. in return for implementing “therapeutic interchange” programs designed to switch Medicare and Medicaid beneficiaries from a competitor drug to Aranesp, which Amgen manufactures.

The government alleged that the kickbacks took the form of performance-based rebates tied to market-share or volume thresholds. The government also charged that, as part of the therapeutic interchange program, Amgen distributed materials to consultant pharmacists and nursing home staff encouraging the use of Aranesp for patients who did not have anemia associated with chronic renal failure.

The Amgen Settlement Agreement resolves a civil lawsuit filed under the qui tam, or whistleblower, provision of the False Claims Act, which allows private citizens with knowledge of false claims to bring civil actions on behalf of the United States and share in any recovery. The False Claims Act suit in the U.S. District Court for the District of South Carolina is captioned United States ex rel. Kurnik v. Amgen Inc., et al.

When announcing the settlement, Justice Department officials emphasized federal officials’ commitment to pursuing pharmaceutical companies for paying illegal kickbacks to secure drug sales. “We will continue to pursue pharmaceutical companies that pay kickbacks to long-term care pharmacy providers to influence drug prescribing decisions,” said Stuart F. Delery, Acting Assistant Attorney General for the Justice Department’s Civil Division. “Patients in skilled nursing facilities deserve care that is free of improper financial influences.”

The Settlement Agreement and lawsuit that it resolves also show the key role that whistleblowers can play in these types of prosecutions. Qui tam and other fraud reports made by employees or other business partners have become a significant tool in the Federal government’s war against health care fraud. The Amgen Settlement and other recent prosecutions and settlement show that Federal officials are acting on this promise and that whistleblowers increasingly are helping them to do so.

As this trend continues, pharmaceutical companies and other health care providers subject to the anti-kickback and other health care fraud laws will need to review their existing and former practices to identify pre-existing and ongoing exposures, and decide what steps to take, if any, to mitigate these risks. In addition to considering what corrective actions, if any are needed generally, these organizations also should consider the workforce management and other internal controls that will help promote compliance with these policies and manage potential whistleblower and other liabilities.

In addition to working to promote compliance with the False Claims Act and other health care laws, pharmaceutical companies and health care providers need to implement strong internal investigation, audit, and employee and contractor management procedures to help self-discover and address potential compliance or other liability concerns. These processes and policies should involve but not be limited to hotlines and other processes for reporting suspected fraud or other misconduct. Most companies also should consider adopting and enforcing strong policies that require employees, contractors and other business partners to timely report and coöperate in the investigation and redress of potential health care fraud or other legal violations, should promptly investigate and redress as needed alleged noncompliance, and should retaliation against individuals making these reports in good faith.

For More Information Or Assistance

For help reviewing and updating your Stark Law, Anti-Kickback Statute, or other health care compliance, workforce, internal controls and risk management policies, practices or programs; assessing the strength of your organizations existing risk management and compliance controls under these laws or other healthcare laws and regulations; or in addressing other compliance or health care concerns, please contact Cynthia Marcotte Stamer via e-mail here or via telephone at 469.767.8872. To review and register to receive other helpful updates or for more information about Ms. Stamer and her experience, see here.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to get information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Anti-KickBack, Controlled Substances, Corporate Compliance, Evidence Based Medicine, false claims act, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Medicaid, Medicare, OIG, Pharmacy, Prescription Drugs, Reimbursement | Tagged: FDA, Federal Sentencing Guidelines, Food and Drug, GlaxoSmithKiine, Health Care, Health Care Fraud, Health Care Fraud Task Force, Pharma, Pharmaceudical | Permalink
Posted by Cynthia Marcotte Stamer

HHS Publishes Medicaid Expansion Final Regs, Invites Public Comment

April 1, 2013

The Department of Health & Human Services (HHS) has published its final rule with a request for comments that provides, effective January 1, 2014, the federal government will pay 100 percent of the cost of certain newly eligible adult Medicaid beneficiaries. These payments will be in effect through 2016, phasing down to a permanent 90 percent matching rate by 2020. The Affordable Care Act authorizes states to expand Medicaid to adult Americans under age 65 with income of up to 133 percent of the federal poverty level (approximately $15,000 for a single adult in 2012) and provides unprecedented federal funding for these states.

Under the Affordable Care Act, states that cover the new adult group in Medicaid will have 100 percent of the costs of newly eligible Americans paid for by the federal government in 2014, 2015, and 2016. The federal government’s contribution is then phased-down gradually to 90 percent by 2020, and remains there permanently. For states that had coverage expansions in effect prior to enactment of the Affordable Care Act, the rule also provides information about the availability of an increased FMAP for certain adults who are not newly eligible.

For the full text of the final rule, see http://www.ofr.gov/inspection.aspx.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Hospitals with 2012 CMS Adverse Complaint Inspection Reports in AHCJ Data Bank Should Prepare Response

March 27, 2013

Acute-care and critical access hospitals that had adverse complaint inspections in 2012 by the Centers for Medicare & Medicaid Services (CMS) may want to prepare to respond to press and public inquiries. The Association of Health Care Journalists (AHCJ) updated its website, healthcareinspectionreports.com, to include details about deficiencies cited during complaint inspections at acute-care and critical access hospitals throughout the United States since January 1, 2011 obtained from CMS.

Although AHCJ cautions in its website that the posted data should not be used to rank hospitals because of omissions and limitations in the data, hospitals with posted reports in the data bank should expect that the reports on their hospital may draw the attention of the media, patients, health plans and others.

AHCJ publishes the reports, which historically have not been easily accessible to the general public. AHCJ cautions that the data is not necessarily complete and should not be used to rank hospitals within a state. AHCJ says data on acute-care and critical hospital access hospitals is incomplete because CMS has just begun gathering this data and releasing it in electronic format. AHCJ also says some reports are missing narrative details. Beyond that, CMS acknowledges that other reports that should appear may not. It does not include results of routine inspections or those of psychiatric hospitals or long-term care hospitals. It also does not include hospital responses to deficiencies cited during inspections. Those can be obtained by filing a request with a hospital or the U.S. Centers for Medicare and Medicaid Services (CMS).AHCJ to make future iterations of this data more complete. At this time, this data should not be used to rank hospitals within a state or between states. It can be used to review issues identified at hospitals during recent inspections.

Subject to these limitations, an individual wishing to review the available data can click on a state on the map will retrieve a list of all hospitals with their violations grouped together.

In anticipation of potential media or public review and reaction to the AHCJ website posting, hospitals with adverse reports posted on the website should consider acting proactively. Hospitals should consult with counsel and their public relations team to plan and prepare a factually accurate response to the shared reports and other suitable mitigation activities.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: health care quality, Health Plans, Hospitals, Public Relations | Permalink
Posted by Cynthia Marcotte Stamer

OCR Invites Comments On Plans to Survey HIPAA Covered Entities Audited Under 2012 HIPAA Audit Program

March 25, 2013

The Department of Health & Human Services (HHS) Office of Civil Rights (OCR) wants to ask the 115 health plans, health care clearinghouses, and health care providers (covered entities) that OCR audited in 2012 for compliance with Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA) under its HIPAA Audit Program to share feedback about their experience. The planned survey announcement follows OCR’s recent released of restated HIPAA Privacy & Security Rules scheduled to take effect in September, 2013 and as OCR continues and expanding its HIPAA Audit Program in 2013. All together, the signs are clear that covered entities should update and strengthen their HIPAA compliance and risk management practices to withstand the tightened rules and enforcement.

OCR initiated the HIPAA Audit Program in 2012 to comply with Section 13411 of the Health Information Technology for Economic and Clinical Health Act’s requirement that it audit covered entity and business associate compliance with the HIPAA privacy, security, and breach notification rules. While it continues its HIPAA Audit Program in 2013, OCR also is evaluating the effectiveness of the HIPAA Audit Program audits in 2012.

To this end, OCR currently is conducting a review of the HIPAA Audit program to determine its efficacy in assessing the HIPAA compliance efforts of covered entities. As part of that review, OCR plans to ask covered entities audited under the HIPAA Audit Program in 2012 to complete an online survey about their experience. In anticipation of its conduct of the proposed surveys, OCR is inviting public comment on the burden to Covered Entities to complete the planned online survey, which OCR estimates will take two hours to complete through May 20, 2013. According to OCR, the survey will gather information on the effect of the audits on the audited entities and the entities’ opinions about the audit process. The online survey will be used to:

Measure the effect of the HIPAA Audit program on covered entities;
Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the audit report findings and recommendations;
Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests;
Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations; and
Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program.

OCR says it will use the information, opinions, and comments collected using the online survey to produce recommendations for improving the HIPAA Audit program.

For instructions to comment or more details, see here.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

On Health Reform Law’s 3rd Anniversary, Test Your Reform Knowledge

March 21, 2013

March 21, 2013 is the 3rd Anniversary of the Affordable Care Act. With the 2014 rollout of the next round of reforms approaching, the Kaiser Family Foundation invites you to take its latest interactive quiz to test your knowledge about what’s in – and what’s not in – the health reform law and encourage your friends and family to do the same. You can compare your knowledge with others and share your results on Facebook and Twitter. The quiz also includes links to more information about specific provisions of the law.

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Affordable Care Act, Health Care Reform | Permalink
Posted by Cynthia Marcotte Stamer

Maintaining Patient Problem List Under Meaningful Use Core Measure 3 To Support Patient Care

March 16, 2013

ONC is sharing resources to help health care providers see the value of and effectively incorporate and use active patient problem lists as part of the electronic health records systems (EHRs).

Meaningful Use Core Measure 3 calls for physicians and other eligible professionals to design their electronic health record systems to incorporate and maintain an up-to-date problem list of current and active diagnoses of patients.

The requirement reflects ONC’s determination that accurate active problem lists and the fast overview of patient history’s they provide are a “mainstay” of efficient and effective primary care. Effective active patient problem lists in EHRs make this information available to all clinic staff and the on-call team improves the efficiency and effectiveness of the care team.

To support this goal, the requirement that Meaningful Use Core Measure 3 calls for more than 80 percent of all unique patients seen by the eligible professional have at least one entry or an sign that no problems are known for the patient recorded as structured data.

Review the requirements of Core Measure 3 and access other tips and resources for developing and using effective patient problem lists in EHRs here.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

1 Comment | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: EHR, Health Care, Meaningful Use | Permalink
Posted by Cynthia Marcotte Stamer

CMS 2nd Recalculation Medicare Readmission Penalties In 6 Months Cuts Overall Penalties By $10M

March 15, 2013

The Centers for Medicare & Medicaid Services (CMS)for the second time in six months has corrected errors in its calculation of Medicare readmission penalties imposed against more than 1,000 hospitals imposed under the Medicare Hospital Readmission Reduction Program.

Under the Medicare Readmission Reduction Program, CMS is penalizing hospitals whose readmissions within 30 days following their discharge of heart attack, heart failure and pneumonia patients exceed the rate CMS expects based on their patient risks with the loss of up to 1 percent of their regular payments. This maximum penalty ramps is slated to rise to up to 2 percent in October and 3 percent in 2014.

While some hospital’s penalties went up and most went down, the net effect of the recalculation back to the program’s origination last October is a $10 million reduction in the overall penalties resulting in an adjusted total of $280 million for 2013.

An updated chart of the corrected readmission penalties prepared by Kaiser Health News is available here.

Part of new CMS “quality” provisions, the readmission penalties have prompted widespread concern by many hospital and other health care leaders as penalizing hospitals for readmissions beyond their control. Supports of the penalties say that the penalties can encourage hospitals to provide better quality and reduce costs by emphasizing appropriate discharge planning.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, Medicaid Fraud, Medicare, Medicare Fraud Task Force, readmissions penalty | Permalink
Posted by Cynthia Marcotte Stamer

Par Pharmaceutical Pays $45 Million For Illegal Off-Label Marketing Of Megace ES

March 11, 2013

New Jersey-based Par Pharmaceutical Companies Inc. (Par) must pay more than will pay $45 million to resolve their criminal and civil liability under its March 5, 2013 guilty plea to illegally promoting off-label uses of the prescription drug Megace ES in violation of Food and Drug Administration (FDA) rules and wrongfully promoting and billing Medicare for its use. The Par guilty plea followed a guilty plea by Par’s Chief Executive Officer Paul V. Campanelli earlier in the day in a New Jersey federal court.

Par also entered into a civil settlement that resolved three lawsuits filed under the whistleblower provisions of the False Claims Act, which let private parties to file suit on behalf of the United States and obtain part of the government’s recovery. The civil lawsuits filed in New Jersey are U.S. ex rel. McKeen and Combs v. Par Pharma ceutical, et al., U.S. ex rel. Thompson v. Par Pharmaceutical, et al., and U.S. ex rel. Elliott & Lundstrom v. Bristol-M yers Squibb, Par Pharma ceutical, et al. As part of today’s resolution, relators McKeen and Combs will receive $4.4 million. The actions provide another example of the growing role of whistleblowers to the success of federal health care fraud detection and enforcement efforts.

Par Criminal & Charges

The Federal Food, Drug and Cosmetic Act (FDCA) requires companies such as Par to specify the intended uses of a product in its new drug application to the FDA. Once approved, a drug may not be distributed in interstate commerce for unapproved or “off-label” uses until the company receives FDA approval for the new intended uses.

Par pleaded guilty to a federal a criminal misdemeanor violation of these rules by misbranding Megace ES in violation of the FDCA. Megace ES, a megestrol acetate drug product was approved by the FDA to treat anorexia, cachexia, or other significant weight loss suffered by patients with AIDS. Federal prosecutors charged that Megace ES distributed nationwide by Par was criminally misbranded because its FDA-approved labeling lacked adequate directions for use in the treatment of non-AIDS-related geriatric wasting, a use that was intended by Par but never approved by the FDA.

Federal Judge Judge Arleo fined Par $18 million and ordered $4.5 million in criminal forfeiture. Par also entered into a civil settlement agreement to settle associated civil liability.

The civil settlement agreement requires Par to pay $22.5 million to the federal government and various states to resolve claims arising from its off-label marketing. The civil settlement resolves allegations that Par, by promoting the sale and use of Megace ES for uses that were not FDA-approved and not covered by Federal health care programs, caused false claims to be submitted to these programs. The United States further alleged that Par deliberately and improperly targeted sales to elderly nursing home residents with weight loss, whether or not such patients suffered from AIDS, and launched a long-term care sales force to market to this population. During this marketing campaign, the government charged Par was aware of adverse side effects associated with the use of megestrol acetate in elderly patients, including an increased risk of deep vein thrombosis, toxic reactions in elderly patients with impaired renal function, and mortality. The United States alleged that Par made unsubstantiated and misleading representations about the superiority of Megace ES over generic megestrol acetate for elderly patients to encourage providers to switch patients from generic megestrol acetate to MegaceES, despite having conducted no well-controlled studies to support a claim of greater efficacy for Megace ES.

As part of plea agreement and corporate integrity agreements reached to resolve its civil and criminal charges, Par committed to the Department of Justice, the Department of Health & Human Services (HHS) and its Office of Inspector General. Par to implement several compliance measures and annually provide the U.S. Attorney’s Office and other agencies with certain reports.

The plea agreement and corporate integrity agreement include provisions that require Par to implement changes to the way it does business. The plea agreement and agreement prohibit Par from providing compensation to sales representatives or their managers based on the volume of sale of Megace ES, and in the corporate integrity agreement, based on the volume of Megace ES and any branded successor megestrol acetate drug.

The agreements also dictate individual accountability of Par’s board and executives. Under the agreement, Par is also required to change its executive compensation program to permit the company to recoup annual bonuses from covered executives if they, or their subordinates, engage in significant misconduct. Company executives may have to forfeit annual bonuses if they or their subordinates engage in significant misconduct, and sales representatives may not be paid incentive compensation for the drug involved in the case, or successor branded versions of that drug. For instance, the plea agreement requires Par give the Justice Department a sworn certification from its chief executive officer that the company has not unlawfully marketed any of its pharmaceutical products.

Par Prosecutions Part Of Larger Aggressive Health Care Fraud Enforcement

The Par civil and criminal charges were brought as part of the ongoing war against health care fraud conducted by federal and state officials. Its announcement is just one of high-profile health care fraud charges, settlements and convictions announced by the Justice Department in the first seven days of March. See, e.g., Health Care Clinic Director Pleads Guilty in Miami for Role in $63 Million Health Care Fraud Scheme; Orange County Doctor Convicted of Six Counts of Health Care Fraud in Multi-Million Dollar Scam involving Durable Medical Equipment; Manhattan U.S. Attorney Sues Park Avenue Medical Associates for Medicare Billing Fraud; Par Pharmaceuticals Pleads Guilty and Agrees to Pay $45 Million to Resolve Civil and Criminal Allegations Related to Off-Label Marketing; Doctor gets 50 Month Sentence for Health Care Fraud & Tax Evasion; and Nelson County, Kentucky Drug Store Owner Charged With Health Care Fraud and Wire Fraud.

Already a lead federal enforcement priority for more than a decade, the Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2012 (FY2012 Report) documents that DOJ and HHS health care fraud enforcement activities scored big in 2012, and that qui tam whistleblowers played a big part and shared big in the profits. See Federal Health Care Fraud & Abuse Recovery of $4.2 Billion In FY 2012 Shows Enforcement Risks Growing.

Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges. Along with a broad health care fraud enforcement and compliance programs, these efforts should include targeted efforts to prevent and manage fraud and other whistleblower claims by employees, business partners and others.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: FDA, Health Care Fraud, Medicaid Fraud, Medicare, Medicare Fraud Task Force, Off Label | Permalink
Posted by Cynthia Marcotte Stamer

Corpus Christi Radiology Group & Clinic $2.3 Million To Settle Health Care Fraud Charges

March 11, 2013

Children’s Physician Services of South Texas (CPSST) and Radiology Associates jointly will pay $2.3 million to settle claims they violated the False Claims Act and the Texas Medicaid Fraud Prevention Act between 2002 and 2007.

The CPSST & Radiology Associates Settlement as part of another busy week of health care fraud enforcement by the Justice Department. See, Health Care Clinic Director Pleads Guilty in Miami for Role in $63 Million Health Care Fraud Scheme; Orange County Doctor Convicted of Six Counts of Health Care Fraud in Multi-Million Dollar Scam involving Durable Medical Equipment; Manhattan U.S. Attorney Sues Park Avenue Medical Associates for Medicare Billing Fraud; Par Pharmaceuticals Pleads Guilty and Agrees to Pay $45 Million to Resolve Civil and Criminal Allegations Related to Off-Label Marketing; Doctor gets 50 Month Sentence for Health Care Fraud & Tax Evasion; and Nelson County, Kentucky Drug Store Owner Charged With Health Care Fraud and Wire Fraud. These and other growing health care fraud charges, settlements and convictions show the zealous enforcement by federal prosecutors is continuing. To guard against getting caught in the health care fraud hopper, health care providers must constantly look at current and past practices against emerging regulations and enforcement and take prompt steps to maintain compliance and minimize risks as they become clear.

CPSST & Radiology Associates Settlement Highlights

According to the March 5, 2013 announcement of United States Attorney Kenneth Magidson, the charges settled involved allegations that CPSST billed and received payment for Radiology Associates’ professional services and, without disclosing the payments, directed Radiology Associates to bill and receive payment for the same professional services. Magidson says that CPSST, a part of the Driscoll Health System, agreed to pay $1.5 million, while Radiology Associates, an independent physician group serving the Driscoll Health System, agreed to pay $800,000 to settle claims they billed and received payment twice for the professional reading and interpretation of genetic ultrasounds.

Medicare billing rules recognize two components for each ultrasound, a technical component and a professional component. The technical component refers to the actual taking of the ultrasound by a technician and the professional component refers to the reading and interpretation of the ultrasound images by a physician, usually a radiologist.

According to federal prosecutors, CPSST made arrangements to have Radiology Associates read and interpret the ultrasounds taken at CPSST. From Jan. 1, 2002, to June 1, 2007, Radiology Associates read and interpreted several thousand ultrasounds for CPSST. The understanding between the two providers was that CPSST would bill and receive payment solely for the technical component and Radiology Associates would bill and receive payment solely for the professional component. In reality, CPSST billed and received payment for both the technical and professional components without informing or disclosing this fact to Radiology Associates. Upon discovery of this fact, Radiology Associates informed CPSST about the double billing for the professional component, but CPSST denied billing for the professional component except for a few accidental and isolated occasions. Instead, CPSST instructed and directed Radiology Associates to continue to bill for the professional component and reaffirmed that CPSST would only bill for the technical component. Despite additional evidence of double billing, Radiology Associates ignored the evidence, accepted CPSST’s misrepresentations without question and continued to bill and receive payment for the professional component.

Government funded health care programs such as Medicare, Medicaid, TRICARE and the Federal Employees Health Benefits program agree to pay enrolled health care providers once for the technical and professional components of each ultrasound performed on a patient covered by theses health care programs. Health care providers enrolled and servicing patients covered by these government-funded health care programs are prohibited from billing and receiving payment twice for the ultrasound’s technical or professional component.

The settlement resolves allegations made against Radiology Associates, Children’s Physician Services of South Texas, Center for Genetic Services, and Raymond C. Lewandowski Jr. M.D. in a qui tam or whistleblower lawsuit filed in 2008 by a former revenue manager and coding compliance officer with Radiology Associates. Under the False Claims Act, private citizens can bring suit on behalf of the government and share in any amounts that are obtained through that legal action. In this case, the share will be between 15 – 25% of the proceeds of the overall settlement.

The investigation was conducted by the United States Department of Health and Human Services – Office of Inspector General and the Texas Attorney General’s Medicaid Fraud Control Unit and Civil Medicaid Fraud Division.

Strike Force & Other Zealous Health Care Fraud Enforcement Continues

The settlement and other fraud enforcement actions provide clear evidence of the risks health care providers and their management face if they are found to have participated in activities that federal or state health care fraud prosecutors view as violating health care fraud rules.

The FY2012 Report says DOJ opened 1,131 new criminal health care fraud investigations involving 2,148 potential defendants. Federal prosecutors had 2,032 health care fraud criminal investigations pending, involving 3,410 potential defendants, and filed criminal charges in 452 cases involving 892 defendants. A total of 826 defendants were convicted of health care fraud-related crimes during the year. Also in FY 2012, DOJ opened 885 new civil health care fraud investigations and had 1,023 civil health care fraud matters pending at the end of the fiscal year. In FY 2012, Federal Bureau of Investigation (FBI) health care fraud investigations resulted in the operational disruption of 329 criminal fraud organizations, and the dismantlement of the criminal hierarchy of more than 83 criminal enterprises engaged in health care fraud.

Meanwhile, HHS’ Office of Inspector General (HHS/OIG) excluded 3,131 individuals and entities in FY 2012. Among these were exclusions based on criminal convictions for crimes related to Medicare and Medicaid (912) or to other health care programs (287); for patient abuse or neglect (212); and as a result of licensure revocations (1,463). In addition, HHS/OIG imposed civil monetary penalties against, among others, providers and suppliers who knowingly submitted false claims to the Federal government. HHS/OIG also issued many audits and evaluations with recommendations that, when implemented, would correct program vulnerabilities and save program funds.

The enforcement actions announced by the Justice Department the first week of March, 2013 make clear federal prosecutors are gunning for even greater health care fraud enforcement success in 2013. See Health Care Clinic Director Pleads Guilty in Miami for Role in $63 Million Health Care Fraud Scheme; Orange County Doctor Convicted of Six Counts of Health Care Fraud in Multi-Million Dollar Scam involving Durable Medical Equipment; Manhattan U.S. Attorney Sues Park Avenue Medical Associates for Medicare Billing Fraud; Par Pharmaceuticals Pleads Guilty and Agrees to Pay $45 Million to Resolve Civil and Criminal Allegations Related to Off-Label Marketing; Doctor gets 50 Month Sentence for Health Care Fraud & Tax Evasion; and Nelson County, Kentucky Drug Store Owner Charged With Health Care Fraud and Wire Fraud.

Act To Manage Risks

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, Medicaid Fraud, Medicare, Medicare Fraud Task Force | Permalink
Posted by Cynthia Marcotte Stamer

Houston Ambulance Service Owner Convicted Of Health Care Fraud Faces Up To 70 Years

March 11, 2013

A Houston, Texas Federal jury on March 4, 2013 convicted the owner and operator of a Houston-area ambulance company, Olusola Elliott, of one count of conspiracy to commit health care fraud and six counts of health care fraud for submitting false and fraudulent claims to Medicare for ambulance services.

Elliott owned and operated Double Daniels LLC, a Texas entity that purportedly provided non-emergency ambulance services to Medicare beneficiaries in the Houston area. During the course of the scheme, the Justice Department charged that Elliott submitted and caused the submission of approximately $1,713,716 in fraudulent ambulance service claims to Medicare.

According to evidence presented at trial, Elliott and others conspired from April 2010 through December 2011 to unlawfully enrich themselves by submitting false and fraudulent claims to Medicare for ambulance services that were medically unnecessary and not provided. Evidence showed that Elliott falsified patient records in order to fraudulently bill Medicare for beneficiaries who were not in need of ambulance services. According to court documents, Elliot transferred the proceeds of the fraud to himself and others after Medicare payments were sent to Double Daniels.

Elliot is scheduled for sentencing on May 31, 2013, in Houston. The six health care fraud counts and the conspiracy count each carry a maximum potential penalty of 10 years in prison and a $250,000 fine

Federal prosecutors brought the charges as part of the Medicare Fraud Strike Force, supervised by the U.S. Attorney’s Office for the Southern District of Texas and the Criminal Division’s Fraud Section.

Strike Force & Other Zealous Health Care Fraud Enforcement Continues

The conviction is another reminder to health care providers, leaders and organizations of the advisability of tightening compliance practices and taking other steps to guard against ever-expanding health care fraud exposures. Even as the jury convicted Elliott, federal prosecutors finalizing a health care fraud settlement with another group of Texas providers. On March 5, 2013, the Justice Department announced that Children’s Physician Services of South Texas (CPSST) and Radiology Associates had agreed to pay more than $2 million collectively to settle claims they violated the False Claims Act and the Texas Medicaid Fraud Prevention Act between 2002 and 2007. Under the settlement, CPSST, a part of the Driscoll Health System, agreed to pay $1.5 million, while Radiology Associates, an independent physician group serving the Driscoll Health System, will pay $800,000 to settle claims they billed and received payment twice for the professional reading and interpretation of genetic ultrasounds. See, Corpus Christi Radiologist Group and Children’s Genetic Services Clinic Settle False Claims Act Allegations.

Act To Manage Risks

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, HEAT, Medicaid Fraud, Medicare, Medicare Fraud, Medicare Fraud Task Force | Permalink
Posted by Cynthia Marcotte Stamer

OSHA Safety Violations At Veterans’ Medical Center Reminder To Manage OSHA Compliance

March 1, 2013

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has issued seven notices of unsafe or unhealthful working conditions found at the Battle Creek Veterans Administration Medical Center, following a safety inspection conducted in July as part of OSHA’s Federal Agency Targeting Inspection Program. OSHA’s announcement of the citations highlights the need for all health care and other employers to manage safety compliance. The citations highlight the high enforcement and penalty risks that public and private health care providers risk by failing to comply with OSHA’s safety, recordkeeping and reporting requirements.

Health Industry Employers High Priority OSHA Enforcement Target

Under these OSHA requirements, all employers, including federal and private health industry employers, are responsible for knowing what hazards exist in their facilities and taking appropriate precautions by following OSHA standards so workers are not exposed to such hazards. Physician practices, hospitals and other health care providers in both the public and private sectors generally are subject to these federal requirements, as well as various state and federal environmental and patient safety requirements. Enforcement of compliance in the health care industry is a high priority for OSHA because of the high rates of occupational accident and injury among health industry workers. Federal agencies generally must comply with the same safety standards as private-sector employers.

OSHA prioritizes monitoring and enforcing occupational safety standards throughout the health care industry because of the high incidence of occupational accidents and illnesses among health care workers. According to OSHA, more workers are injured in the healthcare and social assistance industry sector than any other. This industry has one of the highest rates of work related injuries and illnesses and it continues to rise. In 2020, the healthcare and social assistance industry reported a 40% increase in injury and illness cases which continues to be higher than any other private industry sector – 806,200 cases (2020 Survey of Occupational Injuries and Illnesses, BLS). Over half of these cases (447,890) resulted in at least one day away from work. The total incidence rate for this sector was 5.5 cases per 100 FTE workers in 2020, compared to 3.8 per 100 FTE workers in 2019. Nursing assistants were amongst the occupations with the highest rates of musculoskeletal disorders of all occupations in 2020, with 15,360 cases. Musculoskeletal disorders made up 52% of all days away from work cases for nursing assistants. See here. In addition to the medical staff, large healthcare facilities employ a wide variety of trades that have health and safety hazards associated with them. These include mechanical maintenance, medical equipment maintenance, housekeeping, food service, building and grounds maintenance, laundry, and administrative staff. Because of these risks, OSHA has extensive occupational health and safety requirements for physician practices, hospitals, nursing homes, home health and other health industry employers and targeted audit and enforcement programs to enforce and promote compliance with these requirements. See here.

Violations are common and frequently result in citations, particularly in certain key areas. The most frequently cited areas affecting health industry employers include violations of the following standards:

Section 1910.132, General requirements.
Section1910.133, Eye and face protection.
Section 1910.134, Respiratory protection.
Section 1910 Subpart Z – Toxic and Hazardous Substances
Section 1910.1030, Bloodborne pathogens.
Section 1910.1047, Ethylene oxide.
Section 1910.1048, Formaldehyde.
Section 1910.1096, Ionizing radiation.
Section 1910.1200, Hazard Communication.
Section 1910.1450, Occupational exposure to hazardous chemicals in laboratories.

Battle Creek VA OSHA Safety Violations

In the case of the Battle Creek Veterans Administration Medical Center, OSHA says an inspection uncovered several repeat safety violations, as well as certain other serious safety violations. OSHA reports that three repeat safety violations involved failing to evaluate the workplace to identify if permit-required confined spaces were present and label such spaces with danger signs; failing to adequately guard automated laundry equipment to prevent employees from entering the work area, and failing to fully guard the belt and pulley of an air compressor. To issue notices for repeat violations, OSHA must have issued at least one other notice for the same violation at one of the agency’s establishments within the same standard industrial classification code, commonly known as the SIC code. OSHA previously has cited U.S. Department of Veterans Affairs facilities in Danville and North Chicago, Illinois, and Minneapolis, Minnesota for the same safety and health violations.

The serious safety violations found included three serious safety violations for unguarded floor openings in the general repair shop; failing to inspect powered industrial trucks prior to placing them in service, and failing to remove trucks from service in need of repair. Additionally, OSHA found a circuit breaker panel was not mounted correctly. OSHA issues a serious notice when it finds a substantial probability that death or serious physical harm could result from a hazard about which the employer knew or should have known.

Beyond the repeat and serious violations, OSHA reports it also found one other-than-serious violation for failing to close unused openings on electrical cabinets and junction boxes. An other-than-serious violation is one that has a direct relationship to job safety and health, but probably would not cause death or serious physical harm.

While the medical center and other federal agencies are required to comply with the same OSHA rules as private sector employers, the VA and other federal agencies don’t face the same liabilities when cited. OSHA cannot propose monetary penalties against another federal agency for failure to comply with OSHA standards.

Since private sector employers that don’t enjoy the VA’s immunity liability run much greater risks for failing to maintain workplace safety, including significant civil and in the case of a workplace death, potentially even criminal penalties, private sector hospitals and other organizations should exercise special care to ensure appropriate safety in their workplaces.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has nearly 35 years of experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Employer, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care, Health Care Fraud, hospita, Hospital, Medicaid Fraud, Medicare Fraud Task Force, OSHA, Safety | Permalink
Posted by Cynthia Marcotte Stamer

Federal Health Care Fraud & Abuse Recovery of $4.2 Billion In FY 2012 Shows Enforcement Risks Growing

March 1, 2013

A new report from the Department of Health & Human Services (HHS) and the U.S. Department of Justice (DOJ) joint Health Care Fraud and Abuse Control Program (HCFC) documents the growing exposures of health care providers to federal health care fraud enforcement actions.

The charges are provide yet another powerful reminder to health care providers, leaders and organizations of the advisability of tightening compliance practices and taking other steps to guard against ever-expanding health care fraud exposures. Already a lead federal enforcement priority for more than a decade, the Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2012 (FY2012 Report) documents that DOJ and HHS health care fraud enforcement activities scored big in 2012, and that qui tam whistleblowers played a big part and shared big in the profits.

Among other things, the FY2012 Report credits HCFC with producing $4.2 Billion in health care fraud judgments and settlements in Fiscal Year 2012 of which more than $284 million of the recovered monies were paid to relators under the qui tam provisions of the False Claims Act (FCA).

The FY2012 Report says the Medicare Trust Fund received more than $2.4 billion, including civil recoveries of $935 million, $1.4 billion in criminal fines, and $89.7 million in HHS Medicare program audit disallowances.

On the enforcement front, the FY2012 Report says DOJ opened 1,131 new criminal health care fraud investigations involving 2,148 potential defendants. Federal prosecutors had 2,032 health care fraud criminal investigations pending, involving 3,410 potential defendants, and filed criminal charges in 452 cases involving 892 defendants. A total of 826 defendants were convicted of health care fraud-related crimes during the year. Also in FY 2012, DOJ opened 885 new civil health care fraud investigations and had 1,023 civil health care fraud matters pending at the end of the fiscal year. In FY 2012, Federal Bureau of Investigation (FBI) health care fraud investigations resulted in the operational disruption of 329 criminal fraud organizations, and the dismantlement of the criminal hierarchy of more than 83 criminal enterprises engaged in health care fraud.

Act To Manage Risks

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, Durable Medical Equipment, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health Plans, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Health Care Fraud, HEAT, Medicaid Fraud, Medicare, Medicare Fraud, Medicare Fraud Task Force | Permalink
Posted by Cynthia Marcotte Stamer

Medical Device Excise Tax Rules Supplemented

December 9, 2012

Medical device manufacturers heads up! The Internal Revenue Service (IRS) has adopted interim rules for relating to the excise tax on medical devices imposed by § 4191 (the “medical device excise tax”) of the Internal Revenue Code (the “Code”).

Section 4191, enacted by section 1405 of the Health Care and Education Reconciliation Act of 2010 in conjunction with the Patient Protection and Affordable Care Act (the Affordable Care Act) enacted a new excise tax on the sale of certain medical devices. The excise tax imposed by Code section 4191 is 2.3% of the price for which the taxable medical device is sold. The medical device excise tax is codified in chapter 32, subtitle D of the Code (“chapter 32”), which pertains to excise taxes imposed on the sale or use of taxable articles by manufacturers, producers, and importers (commonly referred to as “manufacturers excise taxes”). See § 48.0-2(a)(4)(i) of the Manufacturers and Retailers Excise Tax Regulations (Regulations). The Code defines the term “manufacturer” to include a “producer” and an “importer”.

On December 7, 2012, the Internal Revenue Service (IRS) and the Treasury Department issued TD 9604, containing final regulations under § 4191. The final regulations did not address certain issues that the IRS and the Treasury Department continue to study. These issues included the determination of price under § 4216(b); the tax treatment of medical software licenses; the taxability of donated medical devices; and the taxability of medical convenience kits.

The IRS recently followed up by issuing Notice 2012-77. Notice 2012-77 available here contains the IRS’ rules about:

How to determine price for purposes of the medical device excised tax under Code section 4216(b);
Donated taxable medical devices;
Licensing of taxable medical devices;
The tax treatment of medical convenience kits;
Transition relief to medical device manufacturers from the failure to deposit penalties imposed by § 6656; and
Invites comments from taxpayers about its rules.

As these rules take effect January 1, 2013, device manufacturers should review the new guidance and update their procedures to provide for timely determination and payment of any required device taxes. In addition, device manufacturers also will need to kep an eye out for potential changes in the rules. The IRS and the Treasury Department have said they may issue additional published guidance on these issues in the future.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters. Recent examples on health care compliance and risk management matters include:

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Affordable Care Act, DME, medical device, medical device excise tax, Tax | Permalink
Posted by Cynthia Marcotte Stamer

Updated 2013 ACA Prescription Drug Fee Calculation & Payment Rules Released; 12/18 Deadline To File Form 8947

December 4, 2012

December 17, 2012 is the deadline for covered entities to file a Form 8947 as part if its reporting and payment of the Form 8947The Internal Revenue Service (IRS) Notice 2012-74 sets forth the instructions for calculation and reporting branded prescription drug fee for the 2013 fee year under Section 9008 of the Patient Protection and Affordable Care Act, as amended by section 1404 of the Health Care and Education Reconciliation Act of 2010 (Affordable Care Act).

The Act imposes an annual fee on covered entities engaged in the business of manufacturing or importing branded prescription drugs. The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51 published on August 18, 2011 provide the method for calculating each covered entity’s annual fee and the fee year for purposes of these rules and how the fee must be reported and paid. See 76 Fed. Reg. 51245. These regulations also define terms for the administration of the fee.

Notice 2012-74/s instructions on the 2013 prescription drug fee discusses:

The submission of Form 8947, “Report of Branded Prescription Drug Information,”
The time and manner for notifying covered entities of their preliminary fee calculation;
the time and manner for covered entities to submit error reports for the dispute resolution; process; and
The time for the IRS to notify covered entities of their final fee calculation.

12/18/12 Deadline to File Form 8947

One of the deadlines for this process is rapidly approaching. Section 51.3T provides that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.

Notice 2012-74 sets the deadline for a covered entity that chooses to submit Form 8947 for 2013 at December 17, 2012.

Preliminary Fee Calculation

For the 2013 fee year, the IRS will mail each covered entity a paper notice of its preliminary fee calculation by April 1, 2013. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to § 51.4T.

A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by March 15, 2013. This request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by April 1, 2013.

Submitting Error Reports For The Dispute Resolution Process

For the 2013 fee year, a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 16, 2013. When the IRS mails each covered entity a notice of its preliminary fee calculation by April 1, 2013, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM to the IRS in a timely fashion.

Final Fee Calculation & Payment

The IRS will notify each covered entity of its final fee calculation for 2013 by August 31, 2013. In accordance with § 51.8T(c), each covered entity must pay this fee by September 30, 2013.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy and other technology, risk management and compliance-related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: CMS, Health Care Fraud, Health Care Fraud Task Force, Health Care Reimbursement, HHS, Hospitals, Inpatient, Medicare, OIG, outpatient, Physicians | Permalink
Posted by Cynthia Marcotte Stamer

Hospitals Urged To Tighten Inpatient & Outpatient Admission Records As OIG Audits Hospitals for New vs. Established Patients,

November 29, 2012

Hospitals should act quickly to adopt appropriate compliance policies and tighten outpatient and inpatient admissions recordkeeping and associated billing activities to minimize exposures signaled by audits announced by the Department of Health & Human Services (HHS) Office of Inspector General (OIG).

OIG reportedly is auditing inpatient and outpatient hospital claims for new and established patients to identify potential overcharges by some hospital-based outpatient clinics that may have resulted from treating established patients as if they were new patients. OIG’s Office of Audit Services reportedly sent letters to some hospitals in October, asking about a handful of claims for new patient visits that OIG suspects the hospital should have billed as established patient visits. In addition to requesting specific information about line items on the claims and their internal controls for billing new versus established patients and provide descriptions of written policies and procedures governing the facilities classification of new versus established patients and internal controls for detecting errors.

Medicare typically pays more for new versus established patients since CMS implemented the outpatient prospective payment system in 2000. Since 2008, CMS rules have specified that patients who visit the hospital outpatient clinic within three years are established patients, and after that they are new, with Medicare paying more for the latter. See(73 Fed. Reg. 68502, 68679 (November 18, 2009). Data mining technology increasingly used by CMS and other federal fraud investigators facilities the ability of Medicare and others to identify errors in coding and billing resulting from misclassication of existing patients as new.

Many hospitals may be exposed under this requirement for a variety of reasons including failure to appropriately track and coordinate inpatient and outpatient admission data, defaults built into recordkeeping systems and omissions to timely update practices or training. In contrast to the risk of overbilling from incorrectly treating patients as new, hospitals that bill all patients as established to overcome inadequacies in their ability to track new versus established patients often leave money on the table unnecessarily by foregoing added reimbursement that the facility otherwise would qualify for it could reliably identify new patients.

While strengthening coding and billing to ward of risks, may debate the appropriateness of CMS’ new versus existing patient distinction outside the physician office context. Critics contend that unlike in the physician office context, the level of care or resources delivered for a new patient compared to a patient who previously visited the hospital doesn’t generally differ. Parties with these concerns should continue to ensure appropriate compliance with existing rules while providing input and feedback to CMS and other regulators about their concerns with the policy’s suitability.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy and other technology, risk management and compliance-related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: CMS, Health Care Fraud, Health Care Fraud Task Force, Health Care Reimbursement, HHS, Hospitals, Inpatient, Medicare, OIG, outpatient, Physicians | Permalink
Posted by Cynthia Marcotte Stamer

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

November 29, 2012

The Department of Health & Human Services Office of Inspector General is recommending the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) act to improve the effectiveness of its oversight and management of the Medicare electronic health record (EHR) incentive program. The recommendations are likely to impact on the requirements that hospitals and other professionals will be required to meet to get and keep EHR program incentive payments. Consequently, hospitals, physicians and other providers and their technology and other systems advisors and vendors should carefully watch and respond to changes that these two agencies implement in response to the OIG feedback.

According to an OIG study reported here, the CMS estimates that it will pay $6.6 billion in EHR incentive payments to providers under the program between 2011 and 2016. Many hospitals, physician organizations and other providers are making substantial investments in EHR and related technologies in reliance of expectation of receiving program incentive payments. Accordingly, parties hoping to qualify for incentive programs need to watch closely the actions that the agencies take in response to this OIG input or otherwise that impacts on qualification and audits.

OIG Study & Findings

OIG’s early assessment of CMS’s oversight of the Program found that because professionals and hospitals self-report data to prove fulfillment of program requirements, CMS’s efforts to verify these data will help make sure the integrity of Medicare EHR incentive payments.

The recommendation comes from an OIG study reviewing CMS’s oversight of professionals’ and hospitals’ self-reported meaningful use of certified EHR technology in 2011, the first year of the program. OIG evaluated self-reported information against program requirements. It also looked at CMS’s audit planning documents, regulations and guidance for the program and conducted structured interviews with CMS staff on CMS’s oversight.

Based on this evaluation, OIG foundCMS faces obstacles to overseeing the Medicare EHR incentive program that leave the program vulnerable to paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements. OIG says CMS has not yet implemented strong prepayment safeguards, and has limited ability to safeguard incentive payments postpayment. OIG also reports that the ONC requirements for EHR reports may contribute to CMS’s oversight obstacles.

OIG Recommended Corrective Action

Based on its study, OIG is recommending that CMS take the following actions.

Obtain and review supporting documentation from selected professionals and hospitals prior to payment to verify the accuracy of their self‑reported information and
Issue guidance with specific examples of documentation that professionals and hospitals should maintain to support their compliance.

CMS did not agree with our first recommendation, stating that prepayment reviews would increase the burden on practitioners and hospitals and could delay incentive payments. Despite this CMS feedback, OIG nevertheless is continuing to recommend that CMS conduct prepayment reviews to improve program oversight. CMS concurred with our second recommendation.

OIG also recommended that ONC take the following actions:

Require that certified EHR technology be capable of producing reports for yes/no meaningful use measures where possible and
Improve the certification process for EHR technology to make sure applicants provide accurate EHR reports.

ONC concurred with both recommendations.

Recommended Provider Action

Hospitals and providers looking to take advantage of the HER incentive payments should carefully monitor the developments resulting from these recommendations and take proper actions to stay compliant with evolving requirements as they move forward.

Along with monitoring these responses, providers participating in the incentive program also need to stay abreast of other developments. For instance, last month, ONC announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files). See 2014 Edition Draft Test Procedures webpage. Additional waves of test methods are impending. ONC says it expects the final set of Test Methods to be available for use in early 2013.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

You can get more information about her experience here.

Other Recent Updates & Resources

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Affordable Care Act, CMS, EHR, Electronic Health Records, Health Care, health care IT, Health Care Provider, Health Plans, HIPAA, OIG, ONC, PHI, Physicians, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

ONC Changes Start Time, Releases Agenda For 11/13 Virtual Workshop On Health IT Test Standards

November 9, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 9, 2012) announced a preliminary agenda of topics and the procedures that health care providers and other interested parties wishing to participate in a public virtual workshop on the ONC Health Information Technology (IT) Certification Program and 2014 Edition Test Methods that ONC plans to host on Tuesday, November 13, 2012 from 8:15 AM-4:30PM EST.

The announced commencement time is 45 minutes earlier than the originally announced 9:00 AM start time that ONC had announced as the start time for the workshop in November 8 announcements.

To review the preliminary agenda for the workshop, see http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-methods.

According to today’s ONC announcement, parties wishing to participate in the virtual workshop should register for ONC Certification Technical Workshop on Nov 13, 2012 8:15 AM EST at https://attendee.gotowebinar.com/register/2114316126469925632 . ONC says that successful registrants will receive a confirmation email containing information about joining the webinar.

The planned workshop follows ONC’s anno0uncement of the release for review of the latest in a series of electronic medical records Test Standards that ONC has issued recently in its march to implement its mandate. ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification. ONC typically allows a two week period of public review and comment from the date posted for public review and comment on each Wave.

In keeping with this process, ONC is inviting interested persons to submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Affordable Care Act, EHR, Electronic Health Records, Health Care, health care IT, Health Care Provider, Health Plans, HIPAA, ONC, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

November 8, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 8, 2012) announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files). To review the 2014 Edition draft Test Methods, visit the 2014 Edition Draft Test Procedures webpage. As a follow up to this announcement, ONC is inviting interested parties to participate in a public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13^th, 9AM-4:30PM EST.

The Test Procedures announced today are the latest in a series ONC has issued recently. ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification. ONC typically allows a two week period of public review and comment from the date posted for public review and comment on each Wave.

ONC says it expects the final set of Test Methods to be available for use in early 2013.

To help interested parties stay informed about the Test Messages, ONC also announced today it will host a virtual public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13^th, 9AM-4:30PM EST. According to ONC, the topics to be covered include 2014 Test Procedures, Test Tools, Test Data, ONC Timeline, and the Certified Health IT Product List (CHPL). ONC says additional details regarding access and agenda will be forthcoming. Watch the ONC website.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Affordable Care Act, EHR, Electronic Health Records, Health Care, health care IT, Health Care Provider, Health Plans, HIPAA, ONC, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

September 17, 2012

Physician practices and other health care providers, health plans, health care clearinghouses and their business associates have yet another $1 million plus reminder of the importance of taking proper steps to secure electronic protected health information and take other steps required to comply with the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively referred to as “MEEI”) will pay the U.S. Department of Health and Human Services’ (HHS) $1.5 million and take a series of corrective actions to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule under the resolution agreement available here (“Resolution Agreement”) announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) on September 17, 2012.

MEEI Resolution Agreement

The Resolution Agreement settles charges that resulted from an OCR investigation commenced in response to a HIPAA breach report submitted by MEEI reporting the theft of an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects. The laptop information included patient prescriptions and clinical information.

OCR’s investigation indicated that MEEI failed to take necessary steps to comply with certain requirements of the HIPAA Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices , and adopting and implementing policies and procedures to address security incident identification, reporting, and response. OCR’s investigation indicated that these failures continued over an extended period of time, demonstrating a long-term organizational disregard for the requirements of the Security Rule.

To settle the charges, MEEI will pay a $1.5 million settlement to OCR. In addition, the Resolution Agreement also requires MEEI to adhere to a corrective action plan which includes reviewing, revising and maintaining policies and procedures to ensure compliance with the Security Rule, and retaining an independent monitor who will conduct assessments of MEEI’s compliance with the corrective action plan and render semi-annual reports to HHS for a 3-year period.

High Dollar Resolution Agreements Increasingly Common

The MEEI Resolution Agreement follows on the resolution agreement previously announced this year with Arizona-based Phoenix Cardiac Surgery, P.C. (PCS). That resolution agreement required PCS to pay $100,000 and take corrective action to implement policies and procedures to safeguard the protected health information of its patients to settle OCR charges PCS violated HIPAA.

Health care providers and other HIPAA-covered entities should heed the MEEI, PSC and other recent settlements as the latest signal of the risks that health care providers and other covered entities run by failing to adequately implement and administer appropriate HIPAA compliance practices.

Following the announcement by OCR last month that Blue Cross Blue Shield of Tennessee (BCBST) would pay $1,500,000 to resolve HIPAA violations charges, and the latest in a series of Resolution Agreements announced by OCR in recent years, the PCS highlights the willingness to sanction health care providers and other covered entities of all sizes. “The case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, director of OCR. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

Like the PCS, BCBST and other announced resolution agreements, the MEEI Resolution Agreement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures. For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here or contact Ms Stamer here or at (469) 767-8872.

[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Breach Notification, Health Care, Health Insurance Portability & Accountability Act, HIPAA, OCR, Office of Civil Rights, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

ONC Releases First Wave of EHR Test Procedures; More To Come

September 14, 2012

On September 7th the ONC published the first wave of draft Test Procedures and applicable test data files for the 2014 Edition Elelctronic Health Record (EHR) certification criteria for public review and comment. ONC will release additional Test Procedures in waves on a weekly or bi-weekly basis. Each set of draft test procedures will undergo a two week period of public review and comment from the date posted. You can now provide input on Wave One 2014 draft Test Procedures. Visit the site for detailed information on the 2014 Test Procedure development process at http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-procedures.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Affordable Care Act, EHR, Electronic Health Records, Health Care, health care IT, Health Care Provider, Health Plans, HIPAA, ONC, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

September 14, 2012

Along with its stepped up enforcement and new audit programs, the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) is working to promote and encourage better voluntary compliance by physician and other health care providers by releasing a new interactive security and privacy training game to help educate healthcare providers and their staffs to make more informed decisions regarding privacy and security of health information. Using a game format, the game asks users to respond to privacy and security challenges often faced in a typical medical practice.

With the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) stepping up enforcement and sanctions for health care providers, health plans, health care providers and their businesses associates (covered entities) that violate the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules and OCR now auditing HIPAA compliance, covered entities should self-audit within the scope of attorney-client privilege and tighten as necessary existing policies, practices and documentation to comply with evolving requirements of HIPAA and other laws requiring the protection of protected health information (PHI), personal financial information and sensitive data.

As the HIPAA Privacy, Security and Breach Rules include mandates that covered entities train members of their workforce, the new game could be a helpful component for health care providers as part of their organization’s training efforts.

The mounting list of settlement agreements – most of which have required settlement payments of more than $1 million – that OCR has announced show the growing exposures that covered entities face when violating HIPAA. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. These settlements and sanctions prove the importance of covered entities strengthening their HIPAA compliance and adopting other suitable safeguards to keep up HIPAA compliance and minimize HIPAA and other exposures that can arise if PHI, personal financial information and other sensitive data. For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Health Care, Health Plans, HIPAA, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

July 19, 2012

A new guide from the Agency for Healthcare Research and Quality (AHRQ) titled An Interactive Preventive Care Record (IPHR): A Handbook for Using Patient-Centered Personal Health Records to Promote Prevention provides practical steps for healthcare professionals to follow when deploying IPHRs as components of electronic health records. AHRQ and other government and private health care technology advocates hope that the IPHR will help boost and promote care delivery practices that promote health and wellness among patient populations.

AHRQ touts the resource as a guidebook of targeted advice for practice leaders, informatics staff, and practice personnel on selection, implementation and maintenance of electronic health records and practices to help them work as a team to promote full utilization of IPHRs.

To get the handbook, see here.

For More Information Or Assistance

For help reviewing and updating your health care compliance, workforce, internal controls and risk management policies, technology, operations, practices or programs; assessing the strength of your organizations existing operations, risk management and compliance controls under these laws or other healthcare regulatory or operational issues or concerns, please contact Cynthia Marcotte Stamer via e-mail here or via telephone at 469.767.8872. To review and register to receive other helpful updates or for more information about Ms. Stamer and her experience, see here.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to get information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | Controlled Substances, Evidence Based Medicine, FDA, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Pharmacy, Prescription Drugs, Reimbursement | Tagged: FDA, Federal Sentencing Guidelines, Food and Drug, GlaxoSmithKiine, Health Care, Health Care Fraud, Health Care Fraud Task Force, Pharma, Pharmaceudical | Permalink
Posted by Cynthia Marcotte Stamer

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

July 11, 2012

A False Claims Act settlement announced last week with Arizona-based urgent care chain NextCare Inc. provides another illustration of the growing exposure that qui tam and other reports of illegal practices by employees, contractors and other business partners create for health care and other companies.

Last week, Justice Department officials announced that NextCare Inc agreed to pay $10 million to settle federal and state allegations that it submitted false claims initially raised in a lawsuit filed against NextCare Inc. by former NextCare employee Lorin Cohen.

The settlement resolves allegations that NextCare violated the False Claims Act by:

Submitting false claims to Medicare, TRICARE, the Federal Employees Health Benefits Program, and the Medicaid programs of Colorado, Virginia, Texas, North Carolina and Arizona, by billing for unnecessary allergy, H1N1 virus and respiratory panel testing and
Upcoding when billing for urgent care medical services.

As a condition of the settlement, NextCare Inc. will become subject to a five-year Corporate Integrity Agreement with HHS-OIG.

Investigated and prosecuted as part of the Federal government’s highly touted HEAT initiative, the Nextcare Inc. settlement emphasize both the strong commitment by the Department of Justice and HHS to find a prosecute Medicare and Medicaid financial fraud and the growing importance of qui tam actions and other insider reports of legal violations to the success of these actions.

Qui tam and other fraud reports made by employees or other business partners have become a significant tool in the Federal government’s war against health care fraud. Under the False Claims Act, private citizens acting as relators can bring suit on behalf of the United States and share in the recovery. Ms. Cohen will receive $1.614 million as her share of the recovery.

Through the False Claims Act alone, the Justice Department has recovered more than $7.7 billion since January 2009 in cases involving fraud against federal health care programs. The Justice Department’s total recoveries in False Claims Act cases since January 2009 are over $11.3 billion.

In response to the Nextcare Inc. settlement and other enforcement actions, health care providers should strengthen both their health care compliance and employment management processes. In addition to working to promote compliance with the False Claims Act and other health care laws, health care providers need to implement strong internal investigation, audit, and employee and contractor management procedures to help self-discover and address potential compliance or other liability concerns.

As part of these efforts, health care providers generally should not only provide hotlines for reporting suspected fraud or other misconduct. Many health care providers also can benefit by adopting and enforcing strong policies that require employees, contractors and other business partners to timely report and cooperate in the investigation and redress of potential health care fraud or other legal violations, should promptly investigate and redress as needed alleged noncompliance, and should retaliation against individuals making these reports in good faith. GSK and other enforcement actions show that Federal officials are acting on this promise.

For More Information Or Assistance

For help designing, enforcing or defending your organization’s health care compliance, workforce and risk management policies, practices or programs; assessing the strength of your organizations existing risk management and compliance controls under these laws or other healthcare laws and regulations; or in addressing other compliance or health care concerns, please contact Cynthia Marcotte Stamer via e-mail here or via telephone at 469.767.8872. To review and register to receive other helpful updates or for more information about Ms. Stamer and her experience, see here.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to get information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

Pharmas Face New Pressure To Put Patients Before Profits After GlaxoSmithKline Record $3 Billion Health Care Fraud, FDCA Conviction & Settlement

July 11, 2012

Pharmaceutical companies will need to carefully study and consider how to react to “groundbreaking” business practice reforms global health care giant GlaxoSmithKline LLC (“GSK”) has agreed to implement as part of the record $3 billion criminal and civil agreement resolving federal health care fraud and drug marketing charges following its July 2, 2012 guilty plea in U.S. v. GlaxoSmithKline PLC Complaint. Justice Department and Food & Drug Administration (FDA) officials have signaled they expect industry businesses to “follow suit” by adopting business practice reforms that GSK has agreed to implement in the five year Corporate Integrity Agreement it entered into as part of collection of criminal plea agreements and accompanying civil settlements that is resulting in the largest combined federal and state health care fraud recovery in a single global resolution against a pharmaceutical company in the history of the United States. Meeting this expectation will require most pharmaceutical companies to significantly change research and marketing, compensation and other workforce management, board governance and other fundamental business practices well-beyond the reforms already being implemented in response to the past decade’s enforcement war against the industry.

Snapshot of U.S. v. GlaxoSmithKline PLC Civil & Criminal Charges & Settlement

After GSK plead guilty on July 2, 2012 to criminal charges it illegally marketed three drugs, the Federal Court in Massachusetts on July 5, 2012 approved a Justice Department sentencing recommendation that incorporated the settlement agreement. In recommending approval of the settlement agreement, the Justice Department told the Court GSK’s commitment to ‘put patients before profits’ by make sweeping reforms to its marketing and other business practices justified approving the settlement agreement in lieu of imposition of probation or other sanctions.

To resolve the criminal charges, GSK agreed to pay a criminal fine of $956,814,400, and criminal forfeiture in the amount of $43,185,600, for a total amount of $1 billion. Along with its criminal guilty plea, GSK also agreed to pay amount additional $2 billion to the U.S as restitution to the federal health care programs and other civil payments and implement an unprecedented list of business practice changes that will revolutionize its sales, marketing and drug efficacy study practices.

GSK Misdemeanor Guilty Plea

On July 2, 2012, GSK plead guilty to three misdemeanor violations of the Food, Drug and Cosmetic Act (FDCA):

Regarding Paxil, GSK plead guilty to distribution of a misbranded drug due to false and misleading labeling, in violation of 21 U.S.C. §§ 331(a), 333(a)(1) & 352(a);
Regarding Wellbutrin, GSK plead guilty to distribution of a misbranded drug due to inadequate directions for use, in violation of 21 U.S.C. §§ 331(a), 333(a)(1) & 352(f)(1); and
Regarding Avandia, GSK will plead guilty to failure to report data to the FDA, in violation of 21 U.S.C. §§ 331(e), 333(a)(1) & 355(k)(1).

The misdemeanor guilty pleas resolved Justice Department criminal charges GSK engaged is a series of serious violations of federal law in the marketing of Paxil, Wellbutrin and Avandia.

GSK $2 Billion Civil Settlement Payments

The criminal sentence approved by the Court is part of a broader series of criminal, civil and administrative agreements reached between GSK and federal officials.

The civil and administrative agreements included in the package deal include three civil settlements that resolve health care fraud and qui tam claims arising from GSK’s marketing, sales and health program billings relating to various drugs.

Under the civil settlement agreement, GSK will make sweeping business practice reforms specified in a corporate integrity agreement as well as pay $2 billion in civil damages to federal and state health care programs, which is the largest civil recovery from a drug company in a single global resolution.

Under the settlement package negotiated to resolve these civil claims, GSK has agreed to pay $2 billion in civil damages. The $2 billion of civil damages include:

$1,043,000,000 in civil damages to resolve allegations relating to false claims arising from the off-label promotion and kickback allegations relating to Paxil, Wellbutrin, Advair, Lamictal, Zofran, Flovent, Imitrex, Lotronex and Valtrex;
$657,000,000 in civil damages to resolve allegations relating to misrepresentations about Avandia;
$300,000,000 in civil damages to resolve allegations relating to false reporting of best prices.

The settlement package actually includes three civil settlement agreements.

One civil settlement resolves allegations relating to false claims to federal health care programs resulting from marketing and promotion practices, including off-label marketing of Paxil, Wellbutrin, Advair, Lamictal and Zofran for uses that were not approved as safe and effective by the Food and Drug Administration and paid kickbacks to doctors to induce them to prescribe Advair, Flovent, Imitrex, Lotronex, Paxil, Wellbutrin, and Valtrex and other drugs, critically undermining the doctors’ independent clinical judgment.
A second civil settlement resolves allegations that GSK promoted Avandia to physicians and other health care providers with false and misleading representations, causing false claims to be submitted to federal health care programs in the marketing and sale of Avandia.
A third settlement resolves allegations that GSK reported false best prices to the Department of Health and Human Services and as a result underpaid quarterly rebates owed under the Medicaid Drug Rebate Program. Under federal law, pharmaceutical companies are required to give Medicaid the best price on medications that they offer to any customer. The Justice Department contends that GSK improperly “bundled sales” arrangements that included steep discounts known as “nominal prices” and yet failed to take such contingent arrangements into account when calculating and reporting its best prices to HHS.

Whistleblower Claims Played A Role, Resolved By Settlement

A review of the settlement emphasize both the strong commitment by the Department of Justice and HHS to find a prosecute Medicare and Medicaid financial fraud and the growing importance of qui tam actions and other insider reports of legal violations to the success of these actions.

Qui tam and other fraud reports made by employees or other business partners have become a significant tool in the Federal government’s war against health care fraud. Under the False Claims Act, private citizens acting as relators can bring suit on behalf of the United States and share in the recovery. Furthered in part by a series of qui tam claims, whistleblower suits clearly played a role in many of the GSK charges.

The off-label civil settlement also resolves allegations set forth in the following lawsuits filed against GSK under the qui tam, or whistleblower, provisions of the federal False Claims Act, 31 U.S.C. § 3730:

U.S. ex rel. Thorpe et al. v. Smith Kline Beecham Inc. and GlaxoSmithKline PLC d/b/a GlaxoSmithKline, Civil Action No. 11-10398 (D. Mass, transferred from D. Colo.) (filed 1/1/03);
U.S. ex rel. Gerahty et al. v. GlaxoSmithKline PLC and SmithKline Beecham Corp. d/b/a GlaxoSmithKline, (D. Mass.), Civil Action Number 03-10641 (D. Mass.) (filed 4/7/03);
U.S. ex rel. Graydon v. GlaxoSmithKline PLC, Civil Action No. 11-10741 (D. Mass.) (filed 6/5/09);
U.S. ex rel. LaFauci v. GlaxoSmithKline PLC, Civil Action No. 11-10921 (D. Mass.) (filed 8/7/09).

Get more details here.

Corporate Integrity Agreement Requires GSK To “Put Patients Before Profits” Thru “Groundbreaking” Business Practice Reforms

Pharmaceutical industry businesses should view with grave concern the statements made by Carmen Ortiz, U.S. Attorney for the District of Massachusetts in announcing agreement that with Federal officials “hope the rest of the pharmaceutical industry follows suit” in “putting patients before profits” by adopting the “groundbreaking” business practice reforms set forth in the a five-year Corporate Integrity Agreement with the Office of Inspector General of the Department of Health and Human Services. Given the ongoing aggressive investigation and enforcement of federal drug and health care fraud laws by the Justice Department and Food and Drug Administration and the Justice Department’s stated hope that the rest of the pharmaceutical industry will adopt similar reforms to those GSK has committed to implement in connection with its sentence, pharmaceutical companies will want to carefully examine the “groundbreaking” marketing and other business practice reforms that GSK has committed to implement for insights about what federal prosecutors and regulators expectation expect companies involved in the industry to do to reform their marketing, research and other practices.

In encouraging the Court to approve a total of $1 billion of criminal penalties as the sanction for the criminal charges, Justice Department officials argued GSK’s commitment under the related civil resolution agreement to make “groundbreaking” business practice reforms to ensure better behavior by its sales force, and to ensure full, fair and accurate reporting of scientific data from GSK studies justified the penalty in lieu of probation or other sanctions.

The Justice Department officials announcing the settlement enhanced accountability, increased transparency and wide- ranging monitoring activities conducted by both internal and independent external reviewers. Specifically, among other things, the agreement requires:

Abolishment of incentive sales compensation; instead, the sales force will be compensated based on business acumen, customer engagement, and scientific knowledge of GSK products;
Clawback of up to 3 years of annual performance pay (annual bonus and long term incentives) for executives discovered to be involved in significant misconduct;
Publication of all GSK human research studies, not just those with positive outcomes for GSK drugs;
Publication of final clinical trial protocols to allow outside researchers to meaningfully analyze the results of GSK studies;
Removal of commercial influence on the determination of which GSK studies will be conducted; instead, studies will be conducted on scientific merit;
Removal of commercial influence on the determination of which GSK studies will be published and when; instead, studies will be published when the study is complete, not to create a buzz around a drug;
Annual certifications by the GSK’s Board of Directors that the GSK compliance program is effective, and by GSK’s U.S. President that the compliance measures continue and reportable incidents have been properly reported.

GSK & Other Prosecutions Reflect Need To Tighten Compliance

Pharmaceutical companies take seriously the need to maintain compliance and tighten marketing and other procedures to promote their ability to defend against the growing risk of federal prosecution signaled by the GSK and other enforcement actions.

In announcing the GSK settlement, Justice Department officials touted the GSK case as demonstrating its “continuing commitment to ensuring that the messages provided by drug manufacturers to physicians and patients are true and accurate and that doctors’ decisions as to what drugs are prescribed to sick patients are based on best medical judgments, not false and misleading claims or bad science.”

The GSK and other enforcement actions show that Federal officials are acting on this promise. Even before announcing the $3 billion resolution with GSK, the Justice Department and other federal officials accumulated an impressive and growing record of successful investigation and prosecutions. The Justice Department health care fraud union in Boston that lead the GSK prosecution over the past three years already had recovered more than $5.5 billion in settlements, judgments, fines, restitution, and forfeiture in health care fraud cases under the False Claims Act and the Food, Drug and Cosmetic Act before it announced the GSK settlement. Coupled with the overall increase in fraud and FDCA enforcement against pharmaceutical industry providers specifically and health care providers generally nationwide, the GSK decision makes clear that pharmaceutical and other health industry clients need to prepare to withstand ever-tightening expectations and rising enforcement.

In response to the GSK settlement and guilty plea, pharmaceutical companies will need to review their existing and former practices to identify pre-existing and ongoing exposures, and decide what steps to take, if any, to mitigate these risks. In addition to considering what, if any, of the reforms outlined in the GSK Corporate Integrity Agreement to implement and how, these organizations also should consider the workforce management and other internal controls that will help promote compliance with these policies and manage potential whistleblower and other liabilities.

In addition to working to promote compliance with the False Claims Act and other health care laws, pharmaceutical companies and health care providers need to implement strong internal investigation, audit, and employee and contractor management procedures to help self-discover and address potential compliance or other liability concerns. These processes and policies should involve but not be limited to hotlines and other processes for reporting suspected fraud or other misconduct. Most companies also should consider adopting and enforcing strong policies that require employees, contractors and other business partners to timely report and cooperate in the investigation and redress of potential health care fraud or other legal violations, should promptly investigate and redress as needed alleged noncompliance, and should retaliation against individuals making these reports in good faith.

For More Information Or Assistance

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to get information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Director of Texas Office of e-Health Coodination To Discuss Texas HIE Strategy in 3/14 HHS Sponsored Teleconference

March 14, 2012

On Wednesday, March 14, 2012 at 1 p.m. EDT, National eHealth Collaborative’s NeHC University will host Stephen Palmer, Director of the Office of e-Health Coordination at the Texas Health and Human Services Commission, to describe the HIE strategy being pursued by the state of Texas. Palmer will be joined by Kem McClelland of the Integrated Care Collaboration, Tony Gilman of the Texas Health Services Authority, and Bryan White of the North Texas Accountable Healthcare Partnership to showcase the Texas strategy in action and detail the progress that has been made on the ground.

To participate register and join NeHC University’s Spotlight on the Texas Statewide HIE Strategy.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Breach Notification, business associate, Health Care, Health Plan, HIPAA, HITECH Act, OCR | Permalink
Posted by Cynthia Marcotte Stamer

$1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report

March 13, 2012

Resolution Agreement Also 1^st Announced With Health Plan

Health care providers, health plans and other covered entities beware and prepare! Reporting a large breach under the HITECH Act breach notification rules will trigger a Department of Health & Human Services (HHS) Office of Civil Rights (OCR) investigation into whether OCR should impose civil monetary penalties against the reporting covered entity under the Privacy and Security Rules of the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Blue Cross Blue Shield of Tennessee (BCBST) has agreed to pay OCR $1,500,000 and to take certain other actions specified in a corrective action plan to avoid civil monetary penalties for charges of HIPAA violations. The BCBST Resolution Agreement is particularly significant, both as:

The first reported enforcement action directly resulting from the filing by a covered entity of a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule; and
The first reported resolution agreement reached with a covered entity that is a health plan.

These notable enforcement firsts show the HITECH Breach Notification Rule’s significance as an OCR HIPAA enforcement tool, the heightened exposure to an OCR opening a HIPAA civil monetary penalty (CMP) investigation following a report, as well as the willingness of OCR to sanction health plans as well as other covered entities that breach HIPAA’s Privacy or Security Rules.

BCBST Investigation Began In Response to HITECH Act Breach Notification Rule Report

The OCR investigation that lead to the BCBST settlement began in response to BCBST making a report required under the Breach Notification Rule of the theft of 57 unencrypted computer hard drives from a leased facility in Tennessee, which contained the protected health information (PHI) of over 1 million individuals. Read more details here.

The Breach Notification Rule enacted as part of amendments to HIPAA under the HITECH Act requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more to HHS and the media as well as an annual consolidated report of smaller breaches to HHS.[1] Along with the Breach Notification Rules, the HITECH Act also increased the civil monetary penalties (CMPs) that covered entities like BCBST can incur for HIPAA violations. When it imposed its first ever CMP last year, OCR imposed a $4.3 million CMP against Cignet Health of Prince George’s County, Md. (Cignet).

In an apparent effort to impose a potentially larger CMP assessment arising from the investigation of its breach report, BCBST greed to pay $1,500,000 and adopt other corrective actions detailed in a corrective action plan.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The BCBST Resolution Agreements, like the Cignet CMP and other high dollar Resolution Agreements OCR has announced against various health care providers highlight the significance of the HITECH Act amendments to HIPAA’s enforcement and CMP rules, as well as the significance of its Breach Notification Rule as a tool in OCR’s investigation and enforcement efforts.

“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ right to private and secure health information.”

The BCBST Resolution Agreement provides yet another reminder to covered entities and their business associates of the need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures. Fortips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

For additional resources and publications training materials by Ms. Stamer, see here.

[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Breach Notification, business associate, Health Care, Health Plan, HIPAA, HITECH Act, OCR | Permalink
Posted by Cynthia Marcotte Stamer

North Texas Medical Supply Company Owner Indicted For Health Care Fraud Now Also Charged With Immigration Fraud

December 27, 2011

A Plano, Texas man already indicted for health care fraud now also faces federal immigration fraud related changes. Justice Department officials announced the additional charges against Okey F. Nwagbara, (Nwagbara) on December 20, 2011. Although Nwagbara’s alleged actions reflect potential criminal misconduct in many areas, health care providers should keep in mind that the health care fraud task force participants are targeting health care fraud of all types, including those my health care providers not engaged in other types of criminal misconduct. As a result, all health care providers should tighten their health care billing and other practices to defend against possible scrutiny as part of the federal or state government’s widening fraud audit and investigation efforts.

Nwagbara Indicted For Health Care Fraud In October, 2011

Nwagbara 45 already is awaiting trial later in Spring, 2012 on health care fraud charges announced in October, 2011. According to the Justice Department, a North Texas grand jury indicted Nwagbara along with Jerry C. Bullard, 55, Mesquite, Texas, in October, 2011 on felony charges related to a health care fraud scheme they allegedly ran that defrauded Medicare of more than $500,000.

According to the Justice Department, Nwagbara is the owner/operator of Advanced MedEquip and Supplies Limited, located at 331 Melrose Drive in Richardson, Texas. Bullard is a former employee of Medistat Group Associates, P.A., an association of health care providers located in Desoto, Texas.

The October health care fraud indictment charges Nwagbara and Bullard each with one count of conspiracy to commit health care fraud and six substantive counts of health care fraud. The indictment alleges that from June 2008 through March 2010, Nwagbara and Bullard conspired together to defraud Medicare by submitting more than $500,000 in claims to the Medicare program for enternal nutrition DME, when in fact such DME was not medically necessary and in many cases, not provided.

According to the health care fraud indictment, Bullard worked in the Durable Medical Equipment (DME) section of Medistat where he was in charge of handling physicians’ prescriptions for equipment. Bullard and Nwagbara had a kickback arrangement and Bullard placed orders for DME with Nwagbara’s company, Advanced.

The indictment claims Bullard, using a Medistat physician’s name, would sign prescriptions, DME information forms and certificates of medical necessity for Medicare beneficiaries falsely indicating, among other things, that a beneficiary had a feeding tube when in fact, the beneficiary did not.

The enteral nutrition products which were billed to Medicare are consumed by a patient through a feeding tube. The associated feeding supply kits include tubing and syringes. The indictment claims that both the enteral formula and the kits that Advanced billed to Medicare were not medically necessary because the beneficiaries were not receiving nutrition through a feeding tube, the indictment claims. Instead, beneficiaries were receiving flavored nutritional supplements such as Ensure® and Glucerna® that would be consumed orally. Medicare does not reimburse orally ingested nutritional supplements.

In addition, the health care fraud indictment alleges that Nwagbara supplied only a fraction of the enternal products for which he billed Medicare and many of the beneficiaries never received the feeding supply kits for which he also billed Medicare.

The health care fraud case is being investigated by the Dallas Health Care Fraud Prevention and Enforcement Action Team (HEAT) Strike Force, which includes the U.S. Department of Health and Human Services – Office of Inspector General, the FBI and the Texas Attorney General’s Medicaid Fraud Control Unit. Prior to the announcement of the other charges, his trial on the health care fraud charges was scheduled for March, 2012. It is not clear whether the new charges will delay these proceedings.

New Immigration Charges

On December 20, 2011, the Justice Department announced that a North Texas grand jury now also has indicted Nwagbara for making misrepresentations in immigration and naturalization documents that misled the government and prevented the government from examining material facts that may have prevented his naturalization according to a December 20, 2011 Justice Department announcement.

According to the December 20, 2011 announcement by U.S. Attorney Sarah R. Saldaña, the immigration charges resulted from investigative work by the Dallas Health Care Fraud Strike Force, in concert with U.S. Immigration and Customs Enforcement’s Homeland Security Investigations and U.S. Citizenship and Immigration Services.

The new immigration indictment alleges that Nwagbara entered into a fraudulent marriage and provided false statements to obtain citizenship. On January 30, 2008, he made false statements on his application for naturalization that included:

Verifying that he had been married to and living with the same U.S. citizen for the last three years, when he was not living with his U.S. citizen spouse;
Indicating that he had no children, when in fact he had two children; and
Indicating that he had never previously claimed to be a U.S. citizen, when in fact, he falsely stated on a mortgage application in January 2006 that he was a U.S. citizen.

According to Saldaña, the immigration related indictment charges Nwagbara with three counts of making a false statement in an immigration document and three counts of unlawful procurement of naturalization. If convicted, each count carries a maximum statutory sentence of 10 years in federal prison and a $250,000 fine. Furthermore, should Nwagbara be convicted of unlawfully procuring his naturalization, his status as a U.S. citizen will be revoked by court order.

The Justice Department announcements reminds readers that an indictment is an accusation by a federal grand jury, and a defendant is entitled to the presumption of innocence unless proven guilty.

Health Care Fraud Charges Part of Ongoing National Anti-Health Care Fraud Campaign

The Medicare Fraud Strike Force operations are part of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), a joint initiative between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. The joint Department of Justice-HHS Medicare Fraud Strike Force is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing. Since its announcement, the Strike Force has used the combined resources of agents from the FBI, HHS-Office of Inspector General (HHS-OIG), multiple Medicaid Fraud Control Units, and other state and local law enforcement agencies to investigate and prosecute a rising number of organizations and individuals throughout the industry for alleged violations of Federal health care fraud prohibitions. In their September 7, 2011 announcement, HHS and DOJ credited Strike Force Operations in nine locations with resulting in charges against more than 1,140 defendants who the government charged collectively falsely billed the Medicare program for more than $2.9 billion.

In addition, the HHS Centers for Medicare and Medicaid Services, working in conjunction with the HHS-OIG, are using a wide range of new and old tools in their campaign against what they perceive as fraudulent providers and to deter other perceived aggressiveness by health care providers and organizations. See e.g., U.S. to use software to crack down on Medicare, Medicaid, CHIP fraud; Health Care Fraud Enforcement Packs New Heat; OIG Shares Key Insights On When Owners, Officers & Managers Face OIG Program Exclusion Based On Health Care Entity Misconduct; OIG Launch of Health Care Fraud “Most Wanted” List Sign of Enforcement Risks; CMS Delegated Lead Responsibility For Development of New Affordable Care Act-Required Medicare Self-Referral Disclosure Protocol; HHS announces Rules Implementing Tools Added By Affordable Care Act to Prevent Federal Health Program Fraud.

The effectiveness of these Federal efforts to deter, find and prosecute false claims and other perceived abuses of Federal health care law has been significantly strengthened since Congress passed the Patient Protection & Affordable Care Act (Affordable Care Act). Among other things, ACA empowered HHS to:

Suspend payments to providers and suppliers based on credible allegations of fraud in Medicare and Medicaid;
Impose a temporary moratorium on Medicare, Medicaid, and CHIP enrollment on providers and suppliers when necessary to help prevent or fight fraud, waste, and abuse without impeding beneficiaries’ access to care.
Strengthen and build on current provider enrollment and screening procedures to more accurately assure that fraudulent providers are not gaming the system and that only qualified health care providers and suppliers are allowed to enroll in and bill Medicare, Medicaid and CHIP;
Terminate providers from Medicaid and CHIP when they have been terminated by Medicare or by another state Medicaid program or CHIP;
Require provider compliance programs, now required under the Affordable Care Act, that will ensure providers are aware of and comply with CMS program requirements.

Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to prepare their organization to respond and defend against potential investigations or charges.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients. She helps health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as to handle public policy and government relations, peer review and credentialing, performance and discipline, training, internal investigation, litigation and enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on health care fraud, privacy, and other rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

You can learn more information about Ms. Stamer’s health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Health Care, Health Care Fraud, Hospital, Medicare Fraud, OIG, Physician | Permalink
Posted by Cynthia Marcotte Stamer

DOL Proposes Tighter Overtime, Minimum Wage Rules For Home Care Workers, Continues Scrutiny Of Health Care Employers

December 15, 2011

The U.S. Department of Labor Wage and Hour Division (WHD) plans to propose new rules that would provide minimum wage and overtime protections for nearly two million workers who provide in-home care services for the elderly and infirm. WHD’s focus on home health workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks. Additionally, health industry and other employers concerned about the potential cost or other implications of the proposed regulatory changes also should consider submitting comments to the WHD by the February comment deadline.

On December 15, 2011 the WHD announced that it will publish a Notice of Proposed Rulemaking [1] (NPRM) to revise the companionship and live-in worker regulations under the Fair Labor Standards Act (FLSA):

To more clearly define the tasks that may be performed by an exempt companion;
To limit the companionship exemption to companions employed only by the family or household using the services; and
To provide that third party employers, such as in-home care staffing agencies, could not claim the companionship exemption or the overtime exemption for live-in domestic workers, even if the employee is jointly employed by the third party and the family or household.

When Congress expanded protections to “domestic service” workers in 1974, it exempted casual babysitters and companions for the aged and inform from both the minimum wage and overtime pay requirements of the FLSA and exempted live-in domestic workers from the overtime pay requirement only. While WHD has left regulations governing this exemption substantially unchanged since first issued in 1975, it now believes the in-home care service industry. workers employed by in-home care staffing agencies are not the workers that Congress envisioned in enacting the companionship exemption (i.e., neighbors performing elder sitting).

As a result of these determines, WHD is moving to modify its existing rules to broaden protections for professionally employed home care workers as well as outreaching to inform employers and workers about the requirements that it perceives employers of these workers must meet.

The proposed tightening of regulations for home health workers follows a general toughening by WHD of its regulation and enforcement of wage and hour laws in the health care industry. See, e.g. Home health care company in Dallas agrees to pay 80 nurses more than $92,000 in back wages following US Labor Department investigation; US Department of Labor secures nearly $62,000 in back overtime wages for 21 health care employees in Pine Bluff, Ark.; US Department of Labor initiative targeted toward increasing FLSA compliance in New York’s health care industry; US Department of Labor initiative targeted toward residential health care industry in Connecticut and Rhode Island to increase FLSA compliance; Partners HealthCare Systems agrees to pay 700 employees more than $2.7 million in overtime back wages to resolve U.S. Labor Department lawsuit; US Labor Department sues Kentucky home health care provider to obtain more than $512,000 in back wages and damages for 22 employees; and Buffalo, Minn.-based home health care provider agrees to pay more than $150,000 in back wages following US Labor Department investigation.

Coupled with these and other enforcement efforts against health industry employers, WHD’s announcement of plans to tighten rules for home care givers. In connection with its announcement of the planned regulatory changes, for instance, WHD highlighted the following guidance about the wage and hour rules that employers of home care workers can anticipate being required to meet when employing these workers:

In light of the proposed regulatory changes and demonstrated willingness of WHD and private plaintiffs to bring actions against employers violating these rules, health care and others employing home care workers should take well-documented steps to manage their risks. These employers should both confirm the adequacy of their practices under existing rules, as well as evaluate and begin preparing to respond to the proposed modifications to these rules. In both cases, employers of home care or other health care workers are encouraged to critically evaluate their classification or workers, both with respect to their status as employees versus contractor or leased employees, as well as their characterization as exempt versus non-exempt for wage and hour law purposes. In addition, given the nature of the scheduled frequently worked by home care givers, their employers also generally should pay particular attention to the adequacy of practices for recordkeeping.

For More Information Or Assistance

Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register

Leave a Comment » | Academic medicine, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, false claims act, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Medicaid, Medicare Advantage, Mental Heatlh, Money Laundering, OIG, Pharmacy, Physician, Reimbursement, Stark | Tagged: DOJ, Health Care, Health Care Fraud, Home Care, home health, Hospital, Medicare Fraud, Minimum Wage, nurses, OIG, Overtime, Physician, Wage and Hour | Permalink
Posted by Cynthia Marcotte Stamer

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Health Industry Employers High Priority OSHA Enforcement Target

Battle Creek VA OSHA Safety Violations

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update