Providers, Health Plans Should Confirm Copy Charges Comply With New OCR HIPAA Guidance

May 26, 2016

Healthcare providers, health plans, healthcare clearinghouses (Covered Entities) and their business associates should verify that their copying charges and other policies and practices for responding to requests of individuals for copies and other access to protected health information (PHI) comply with the Privacy and Security Rules (Privacy Rule) of the Health Insurance Portability & Accountability Act of 1996 (HIPAA) as construed in a new Frequently Asked Question (FAQ published May 24, 2016 as follow up to two other sets of guidance about HIPAA assess rights published by the Department of Health & Human Services Office of Civil Rights (OCR) since January, 2016.

New OCR Guidance Sheds New Light On HIPAA Access Rule Requirements

The OCR FAQ titled New Clarification – Up to $6.50 Flat Rate Option published May 24, 2016 is the third in a series of guidance materials OCR discussing OCR’s interpretation of individuals’ core right under HIPAA to access and obtain a copy of their PHI from Covered Entities since January, 2016 (the “Access Rule”).   With  OCR Enforcement Data already showing Access Rule violations among the top 5 issues in cases investigated by OCR every year since HIPAA took effect in 2003, Covered Entities can expect OCR to include Access Rule violations among the Privacy Rule violations OCR likely will target as it continues to ramp up its HIPAA audit, investigation and enforcement efforts.

As part of its sweeping requirements concerning the use, access, protection and disclosure of PHI, the Access Rule provisions of the Privacy Rule generally require Covered Entities to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more “designated record sets” maintained by or for the Covered Entity or its business associate.  This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the Covered Entity to transmit a copy to a designated person or entity of the individual’s choice as long as the Covered Entity or a business associate on its behalf maintains the PHI, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the Covered Entity, another provider, the patient, etc.).

With its publication of the New Clarification FAQ on May 24, 2016, OCR now has published three pieces of guidance (the Access Guidance) about its interpretation of the Access Rule since January, 2016 that it hopes will promote greater understanding of and compliance with the Access Rule by Covered Entities:

  • In January, OCR published a comprehensive Fact Sheet (Fact Sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient;
  • On March 1, OCR published a second set of FAQs accessible here addressing when Covered Entities may charge individuals to provide requested copies of their PHI, how Covered Entities must calculate these fees, when Covered Entities must send an individual’s PHI to a third party designated by the individual in its request for copies, and other issues relating to access rights guaranteed by the Privacy Rule; and
  • On May 24, 2016 OCR clarified this prior Access Guidance by publishing another FAQ titled New Clarification – Up to $6.50 Flat Rate Option .

Collectively, the Access Guidance addresses a broad range of questions and issues about the responsibilities of Covered Entities under the Access Rule including what PHI Covered Entities must provide as well as detailed guidance about when and how much Covered Entities can charge individuals for requested copies of their PHI or summaries of their PHI.  Since the OCR Access Guidance may restrict the charge that health care providers or other Covered Entities can charge for copies or other access more than applicable state law rules,  Covered Entities need to verify their practices comply with OCR’s Access Guidance in addition to any applicable state law rules.  The Access Guidance makes clear that OCR expects Covered Entities and their business associates to ensure that their charges for copying or providing other access to PHI guaranteed by the Privacy Rule complies with this Access Guidance even if that practice does not violate applicable state law.

Are You Charging Too Much? Charges For Copies of PHI Must Meet OCR Privacy Rule Guidance 

Concerning charges for copies of PHI requested by an individual, Privacy Rule § 164.524(c)(4) permits a Covered Entity to impose a reasonable, cost-based fee if the individual requests a copy of the PHI (or agrees to receive a summary or explanation of the information) provided that the Covered Entity properly and timely notifies the individual of the cost and properly determines the cost in accordance with OCR guidance.

Many physicians or other health care providers that use electronic health records (EHRs) certified to allow individuals to access their PHI in the system may be unaware that OCR views the availability of electronic access from the EHR affects the health care provider’s ability to charge for copies of requested PHI.  OCR’s position is that the Privacy Rule prohibits a Covered Entity from charging an individual for requested copies of PHI when the request is fulfilled by the individual accessing the requested PHI using the View, Download, and Transmit functionality of the provider’s certified electronic health record.

Assuming the request for access or copies is not fulfilled through download from an HER, the Access Guidance indicates q Covered Entity must use one of three potentially applicable OCR-approved methods to calculate the fee the Covered Entity charges an individual for copies of PHI or an agreed upon summary provided that the method used takes into account only labor costs for copying or producing an agreed upon summary as defined by OCR.:

  • The “Actual Cost” Method;
  • The “Average Cost” Method; or
  • For electronic copies of PHI maintained electronically, the “Flat Fee” Method.

Charging a flat fee not to exceed $6.50 is an option available to those entities that do not want to go through the process of calculating actual or average costs for requests for electronic copies of PHI under either the Actual Cost or Average Cost Methods.  However, by its terms, the “Flat Fee” Method is only an allowable for Covered Entities to use to avoid calculating actual or average allowable costs when a Covered Entity is providing electronic copies of PHI maintained electronically (and presumably when the access request is not fulfilled through download from an EHR).  When applicable, the Flat Fee Method allows a Covered Entity to charge a flat fee for all requests for electronic copies of PHI maintained electronically, provided the fee does not exceed $6.50, inclusive of all labor, supplies, and any applicable postage.  The New Clarification – Up to $6.50 Flat Rate Option clarifies that use of the Flat Rate Method is permitted not required when a Covered Entity  provides copies of PHI maintained electronically other through download directly from a certified EHR. Covered Entities that wish to charge more than the $6.50 flat rate allowed under the Flat Rate Option retain the right, if the facts and evidence warrant, to use either the Actual Cost Method or Average Cost Method to calculate the fee for providing electronic records electronically within the boundaries of what is permissible under the Privacy Rule.

Where the Flat Fee Method is inapplicable or the Covered Entity elects not to use it, the Covered Entity must use either the Actual Cost Method or the Average Cost Method to calculate the fee in accordance with OCR’s rules.

Under the “Actual Cost Method,” a Covered Entity may calculate actual labor costs to fulfill the request, as long as the labor included is only for copying (and/or creating a summary or explanation if the individual chooses to receive a summary or explanation) and the labor rates used are reasonable for such activity. The Covered Entity may add to the actual labor costs any applicable supply (e.g., paper, or CD or USB drive) or postage costs. Covered Entities that charge individuals actual costs based on each individual access request still must be prepared to inform individuals in advance of the approximate fee that may be charged for providing the individual with a copy of her PHI. An example of an actual labor cost calculation would be to time how long it takes for the workforce member of the Covered Entity (or business associate) to make and send the copy in the form and format and manner requested or agreed to by the individual and multiply the time by the reasonable hourly rate of the person copying and sending the PHI. What is reasonable for purposes of an hourly rate will vary depending on the level of skill needed to create and transmit the copy in the manner requested or agreed to by the individual (e.g., administrative level labor to make and mail a paper copy versus more technical skill needed to convert and transmit the PHI in a particular electronic format);

Under the “Average Cost” Method, in lieu of calculating labor costs individually for each request, a Covered Entity can develop a schedule of costs for labor based on average labor costs to fulfill standard types of access requests, as long as the types of labor costs included are the ones which the Privacy Rule permits to be included in a fee (e.g., labor costs for copying but not for search and retrieval) and are reasonable. Covered Entities may add to that amount any applicable supply (e.g., paper, or CD or USB drive) or postage costs.    This standard rate can be calculated and charged as a per page fee only in cases where the PHI requested is maintained in paper form and the individual requests a paper copy of the PHI or asks that the paper PHI be scanned into an electronic format. However OCR’s guidance states that OCR does not consider per page fees for copies of PHI maintained electronically to be reasonable for purposes of 45 CFR 164.524(c)(4);

Whether using the Actual Cost Method or the Average Cost Method, a Covered Entity must only take into account only “reasonable labor costs associated only with the: (1) labor for copying the PHI requested by the individual, whether in paper or electronic form; and (2) labor to prepare an explanation or summary of the PHI, if the individual in advance both chooses to receive an explanation or summary and agrees to the fee that may be charged.

OCR’s guidance makes clear that the reasonability of the charges for labor must reflect the technology available for providing this access.  In this respect, OCR’s guidance states that a Covered Entity cannot charge a fee under HIPAA for individuals to access the PHI from a health care provider’s EHR technology that has been certified as being capable of making the PHI accessible.   OCR’s position is that where a Covered Entity fulfills an individual’s HIPAA access request by allowing the individual to access the requested PHI using the View, Download, and Transmit functionality of the provider’s certified electronic health record (CEHRT), an individual requests or agrees to access her PHI available through the View, Download, and Transmit functionality of the CEHRT, there are no labor costs and no costs for supplies to enable such access.

To the extent that access is not provided through an CEHRT, the fee a Covered Entity charges an individual to provide copies of requested PHI or an agreed upon summary may include only the cost of:

  • Copying the PHI; and
  • Preparation of an explanation or summary of the PHI, if agreed to by the individual.

As interpreted by OCR, labor for copying includes only labor for creating and delivering the electronic or paper copy in the form and format requested or agreed upon by the individual, once the PHI that is responsive to the request has been identified, retrieved or collected, compiled and/or collated, and is ready to be copied.  For example, labor for copying may include labor associated with the following, as necessary to copy and deliver the PHI in the form and format and manner requested or agreed to by the individual:

  • Labor for copying the PHI requested by the individual, whether in paper or electronic form;
  • Supplies for creating the paper copy or electronic media (e.g., CD or USB drive) if the individual requests that the electronic copy be provided on portable media;
  • Postage, when the individual requests that the copy, or the summary or explanation, be mailed; and
  • Creating and executing a mailing or e-mail with the responsive PHI.

See 45 CFR 164.524(c)(4).

The Access Guidance states the fee may not include costs associated with verification; documentation; searching for and retrieving the PHI; maintaining systems; recouping capital for data access, storage, or infrastructure; outsourcing the function of responding to individual requests for PHI copies or other costs not listed above even if such costs are authorized by State law.  See 45 CFR 164.524(c)(4).

Of course, in any case, OCR’s guidance makes clear that regardless of how a entity chooses to calculate its fee to copy PHI, the Privacy Rule requires that the Covered Entity inform the requesting individual in advance of the approximate fee that may be charged for providing the copy requested and otherwise comply with the Privacy Rule as interpreted by OCR’s latest guidance concerning providing individuals access to PHI and other requirements.

Documented, Timely Action Needed To Mitigate OCR Audit, Investigation & Enforcement Risks

Beyond operationally complying with the Access Guidance, Covered Entities and their business associates generally will want to update their policies, practices and training to position themselves to defend their calculation of any charges made for copies provided in response to a request for access protected by the Privacy Rule and other compliance with the requirements of that rule and the otherwise applicable provisions of HIPAA as well as include monitoring and enforcement of these requirements as part of their ongoing HIPAA compliance efforts.

These and other HIPAA compliance efforts are particularly critical in light of the expanding audit, investigation and enforcement activities of OCR under the Privacy Rule.  OCR’s publication of the Access Guidance coincides with a surge in OCR’s HIPAA audit, investigation and enforcement activities.

OCR’s publication of the new Access Guidance comes as OCR is ramping up its interpretation, oversight and enforcement of HIPAA generally.  See, Brace For OCR HIPAA Audits & Enforcement; Update Privacy Practices For New OCR HIPAA Enforcement, Security & Records Access Guidance.  While continuing to offer guidance like the Access Guidance and other tools to encourage and help Covered Entities and their business to understand and comply with the Privacy Rule, OCR also increasingly now uses the expanded penalties and authority created by the HITECH Act to punish Covered Entities for violating Privacy Rule requirements.  HITECH Act amendments, among other things, broadened the duties of OCR to audit, investigate and sanction HIPAA violations as well as tightened various requirements of the Privacy Rules.

The risks to Covered Entities from violating the Privacy Rules are significant and growing.  Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities and their business associates face heightened risks that violations of HIPAA will trigger liability to pay a Civil Monetary Penalty (CMP) to OCR or other sanctions.  The two, multimillion dollar CMPs now imposed by OCR against two different Covered Entities caught violating the Privacy Rules only reflect a small part of OCR’s CMP enforcement.  Equally or perhaps more significant are the growing stream of high dollar settlement payments that an ever-growing list of Covered Entities to resolve OCR Privacy Rule violation charges that otherwise also might result in OCR’s assessment of a CMP against them.  See, e.g. $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use; Provider Pays $750K To Settle HIPAA Business Associate Rule Breach Charges; North Memorial Hit With $3.9M HIPAA Fine For HIPAA Violations;  OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000; Lehey Pays $850K After Unencrypted Laptop Stolen.

These already substantial enforcement risks are likely to rise as OCR begins auditing the compliance of selected Covered Entities as part of its recently announced 2016 audit program.  As a result of audit requirements enacted as part of the HITECH Act, Covered Entities now need to be prepared to demonstrate the adequacy of their HIPAA compliance in case their organization becomes targeted for audit under OCR’s 2016 audit program.  Even if not selected for audit, however, Covered Entities and their business associates still face the risk that a complaint filed with OCR will trigger an OCR investigation of their practices for providing copies or other access or other compliance with the Privacy Rules.  In light of the growing aggressiveness of OCR’s enforcement, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply. Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.  Consequently, Covered Entities and their business associates should move quickly to review and update their practices, communications and training to comply with this new Access Guidance as well as other guidance, enforcement and other developments that might impact the adequacy of their existing practices under the Privacy Rule generally.  Because of the risk that any review or investigation of the adequacy of its practices or complaints under the Privacy Rule will involve sensitive information or analysis, Covered Entities and their business associates are cautioned to consider the advisability of arranging for this analysis and review to be conducted within the scope of attorney-client privilege under the guidance of legal counsel experienced with the Privacy Rules and other related legal concerns.

 About The Author

Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.

Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.

As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients, on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see www.CynthiaStamer.com, email Ms. Stamer cstamer@solutionslawyer.net or telephone her at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.SolutionsLawPress.com such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.  ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved.

 

 

 


HHS Proposes Stage 3 Meaningful Use EHR Incentive Programs & 2015 Edition Health IT Certification Criteria Rules

March 20, 2015

The U.S. Department of Health and Human Services, Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) on March 20, 2015 announced the release of the Stage 3 notice of proposed rulemaking for the Medicare and Medicaid Electronic Health Records (EHRs) Incentive Programs and 2015 Edition Health IT Certification Criteria which the Agencies believe will improve the way electronic health information is shared and ultimately improve the way care is delivered and experienced.

Under the Health Information Technology for Economic and Clinical Health Act, doctors, health care professionals and hospitals, including critical access hospitals, can qualify for Medicare and Medicaid incentive payments when they adopt and meaningfully use health IT technology certified by ONC. Since the programs began in 2011, more than 433,000 eligible professionals and eligible hospitals have received an incentive payment representing about 60 percent of eligible professionals in either the Medicare or Medicaid programs and about 95 percent of eligible hospitals.

The Meaningful Use Stage 3 proposed rule issued by CMS specifies new criteria that eligible professionals, eligible hospitals, and critical access hospitals must meet to qualify for Medicaid EHR incentive payments. The rule also proposes criteria that providers must meet to avoid Medicare payment adjustments (Medicaid has no payment adjustments) based on program performance beginning in payment year 2018. The rule gives more flexibility and simplifies requirements for providers by focusing on advanced use of electronic health records and eliminating requirements that are no longer relevant.  The Stage 3 proposed rule’s scope is generally limited to the requirements and criteria for meaningful use in 2017 and subsequent years. CMS is considering additional changes to meaningful use beginning in 2015 through separate rulemaking. Learn more here.

The 2015 Edition Health IT Certification Criteria proposed rule aligns with the path toward interoperability – the secure, efficient, and effective sharing and use of health information –identified in ONC’s draft shared Nationwide Interoperability Roadmap. The proposed rule builds on past editions of adopted health IT certification criteria, and includes new and updated IT functionality and provisions that the Agencies believe support the EHR Incentive Programs care improvement, cost reduction, and patient safety across the health system.

“This Stage 3 proposed rule does three things: it helps simplify the meaningful use program, advances the use of health IT toward our vision for improving health delivery, and further aligns the program with other quality and value programs,” said Dr. Patrick Conway, M.D., M.Sc., CMS acting principal deputy administrator and chief medical officer. “And, in an effort to make reporting easier for health care providers, we will be proposing a new meaningful use reporting deadline soon.”

“ONC’s proposed rule will be an integral component in the shared nationwide effort to achieve an interoperable health system,” said Karen DeSalvo, M.D., M.P.H, M.Sc., national coordinator for health IT. “The certification criteria we have proposed in the 2015 Edition will help achieve that vision through provisions that consider the range of health IT users and uses across the care continuum, including those focused on interoperable standards, data portability, improved transparency, privacy and security capabilities, and increased oversight through ONC’s Health IT Certification Program.”

The Stage 3 proposed rule may be viewed here and the comment period ends on May 29, 2015. The 2015 Edition proposed rule may be viewed here and the comment period ends on May 29, 2015. The Draft 2015 Edition Certification Test Procedures may be viewed at HealthIT.gov, and the comment period ends on June 30, 2015.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Board Certified in Labor & Employment Law, and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available hereYou also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Examples of some of these recent health care related publications include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Former Center Texas Medical Center CFO Faces 5 Years After Guilty Plea To EHR Incentive Fraud Reminder To Manage Incentive Compliance

November 18, 2014

The prosecution and resulting November 12, 2014 guilty plea of former Shelby Regional Medical Center Chief Financial Officer Joe White to making false statements when applying for electronic health record (EHR) incentives highlights another growing fraud exposure risk that health care organizations and their leaders need to manage arising from applications or other claims made in seeking EHR or other incentives or grants.

White presently faces sentencing to up to five years in prison after pleading guilty to making a false statement in an application for EHR incentives he signed on behalf of Center, Texas-based Shelby Regional Medical Center.  White plead guilty to the charge before U.S. Magistrate Judge John D. Love on November 12, 2014.

The charges against White stemmed from an application he made on behalf of the medical center for EHR incentives.  According to information presented by the U.S. Department of Justice in court, White was the Chief Financial Officer for the medical center owned and operated by Dr. Taqriq Mahmood. White oversaw the implementation of EHRs for the hospital and was responsible for attesting to the meaningful use of electronic health records in order to qualify to receive incentive payments under Medicare’s Electronic Health Record (EHR) Incentive Program.  The Justice Department charged that on November 20, 2012, White knowingly made a false statement to Medicare falsely representing that the hospital was a meaningful user of electronic health records, when the hospital did not meet the meaningful use requirements.  As a result, the medical center received $785,655.00 in EHR incentives from Medicare.  A federal grand jury indicted White on February 6, 2014.  He faces up to five years in prison when sentenced.  The sentencing date is not set yet.
White’s prosecution and guilty plea is one of several actions that highlight the growing exposure that health care organizations and their leaders face to criminal and civil prosecution for fraud or other misconduct in seeking or collecting federal incentives or grants.

Federal and state officials responsible for administering the massive influx of grants and incentives to health care providers and others authorized under the Patient Protection and Affordable Care Act, the Stimulus Bill and other legislation now are auditing and investigating fraud or other compliance concerns and acting aggressively to prosecute organizations and individuals criminally, civilly or both for fraudulent or other abuse of the rules.  The White criminal conviction, for instance, follows the October, 2014 civil complaint and simultaneous settlement of theFalse Claims Act civil suit,   US ex rel. v. Columbia U. and ICAP complaint-in-intervention  and its resolution through the simultaneously filed US ex rel. v. Columbia U. and ICAP stipulation and order (“Settlement”) involving the Trustees Of Columbia University In The City Of New York (“Columbia University”), and ICAP (formerly known as the International Center For Aids Care And Treatment Programs) (collectively, “Columbia”).  In that suit, federal officials charged Columbia University with improperly defrauding the federal government in violation of the False Claims Act in federal grants that Columbia University obtained to fund ICAP’s AIDS- and HIV-related work. The United States’ Complaint-in-Intervention (the “Complaint”) alleged that Columbia University, as the grant administrator on behalf of ICAP, received millions of dollars in federal grants and, pursuant to the rules applicable to such grants, was required for nearly 200 of ICAP’s employees located in New York City to use a suitable means of verifying that the employees had actually performed the work charged to a particular grant. The Complaint alleges that Columbia was well aware that this was not being done, yet continued wrongly to charge many federal grants for work that was not devoted to the projects they funded.   According to the Justice Department, Colombia failed to ensure that these reports were created or verified by the more than 200 individuals for which grant monies were sought. Instead, Columbia’s Finance Department provided information for these reports even though the employees of that department had limited or no knowledge of which grants the individuals actually worked on. In addition, the lawsuit charged that the effort reports were certified as correct by the principal investigators on the grants without using suitable means to verify the accuracy of the reports. Instead of taking the appropriate steps to determine whether the reports were accurate, the principal investigators would certify large batches of the reports, without making any inquiry into whether the allocation of work among the grants was accurate. Moreover, ICAP’s management was well aware of the inaccuracies of the effort reporting system.  According to the complaint, these omissions resulted in Columbia charging grants for work that was not performed on the project being funded by that grant. For instance, an ICAP Finance Analyst stated that he spent approximately 15-20% of his time on MCAP in fiscal year 2010, but his effort report falsely listed his MCAP effort, and related salary charges, as 85%. Likewise, in fiscal year 2010, an ICAP Subcontracts Manager’s effort report listed her effort as 100% MCAP, but the Subcontracts Manager actually worked on three other grants, in addition to MCAP, that year. The time submitted for many other employees was similarly mischarged.  The complaint also charged that ICAP also charged federal grants for time spent on activities that are not chargeable to any federal grants, such as competitive grant proposal writing. For example, an ICAP Grants Manager spent a significant amount of her time writing competitive grant proposals, but her effort report showed that all of her time was charged to grants, with as much as 92% of her time charged to MCAP in some years.

In the Settlement, Columbia admitted failing to use a suitable means of verifying whether the salary and wage charges that ICAP applied to specific federal grants were based on an employee’s actual effort for that grant. Columbia also admitted that as a result, certain effort reports contained inaccurate information, and for a number of years ICAP mischarged certain federal grants for work that was not allocable to those agreements. Columbia also agreed to pay $9,020,073 to resolve the Government’s claims.

The White criminal prosecution and conviction and the Colombia civil prosecution and settlement are two of a growing list of reminders to health care, educational and other organizations receiving Department of Health & Human Services or other federal grants or incentives as a critical reminder to review and tighten as necessary their federal grant and other incentive program compliance and documentation to ensure that it can withstand an audit or other scrutiny by federal officials.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

November 29, 2012

The Department of Health & Human Services Office of Inspector General is recommending the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) act to improve the effectiveness of its oversight and management of the Medicare electronic health record (EHR) incentive program.  The recommendations are likely to impact on the requirements that hospitals and other professionals will be required to meet to get and keep EHR program incentive payments.  Consequently, hospitals, physicians and other providers and their technology and other systems advisors and vendors should carefully watch and respond to changes that these two agencies implement in response to the OIG feedback.

According to an OIG study reported here, the CMS estimates that it will pay $6.6 billion in EHR incentive payments to providers under the program between 2011 and 2016.  Many hospitals, physician organizations and other providers are making substantial investments in EHR and related technologies in reliance of expectation of receiving program incentive payments.  Accordingly, parties hoping to qualify for incentive programs need to watch closely the actions that the agencies take in response to this OIG input or otherwise that impacts on qualification and audits.

OIG Study & Findings

OIG’s early assessment of CMS’s oversight of the Program found that because professionals and hospitals self-report data to prove fulfillment of program requirements, CMS’s efforts to verify these data will help make sure the integrity of Medicare EHR incentive payments.

The recommendation comes from an OIG study reviewing CMS’s oversight of professionals’ and hospitals’ self-reported meaningful use of certified EHR technology in 2011, the first year of the program.  OIG evaluated self-reported information against program requirements.  It also looked at CMS’s audit planning documents, regulations and guidance for the program and conducted structured interviews with CMS staff on CMS’s oversight.

Based on this evaluation, OIG foundCMS faces obstacles to overseeing the Medicare EHR incentive program that leave the program vulnerable to paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements.  OIG says CMS has not yet implemented strong prepayment safeguards, and has limited ability to safeguard incentive payments postpayment. OIG also reports that the ONC requirements for EHR reports may contribute to CMS’s oversight obstacles.

OIG Recommended Corrective Action

Based on its study, OIG is recommending that CMS take the following actions.

  • Obtain and review supporting documentation from selected professionals and hospitals prior to payment to verify the accuracy of their self‑reported information and
  • Issue guidance with specific examples of documentation that professionals and hospitals should maintain to support their compliance. 

CMS did not agree with our first recommendation, stating that prepayment reviews would increase the burden on practitioners and hospitals and could delay incentive payments.  Despite this CMS feedback, OIG nevertheless is continuing to recommend that CMS conduct prepayment reviews to improve program oversight. CMS concurred with our second recommendation.

OIG also recommended that ONC take the following actions: 

  • Require that certified EHR technology be capable of producing reports for yes/no meaningful use measures where possible and
  • Improve the certification process for EHR technology to make sure applicants provide accurate EHR reports. 

ONC concurred with both recommendations.

Recommended Provider Action

Hospitals and providers looking to take advantage of the HER incentive payments should carefully monitor the developments resulting from these recommendations and take proper actions to stay compliant with evolving requirements as they move forward.

Along with monitoring these responses, providers participating in the incentive program also need to stay abreast of other developments.  For instance, last month, ONC announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files).  See 2014 Edition Draft Test Procedures webpage. Additional waves of test methods are impending.  ONC says it expects the final set of Test Methods to be available for use in early 2013. 

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Changes Start Time, Releases Agenda For 11/13 Virtual Workshop On Health IT Test Standards

November 9, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 9, 2012) announced a preliminary agenda of topics and  the procedures that health care providers and other interested parties wishing to participate in  a public virtual workshop on the ONC Health Information Technology (IT) Certification Program and 2014 Edition Test Methods that ONC plans to host on Tuesday, November 13, 2012 from 8:15 AM-4:30PM EST.   

The announced commencement time is 45 minutes earlier than the originally announced 9:00 AM start time that ONC had announced as the start time for the workshop in November 8 announcements.

To review the preliminary agenda for the workshop, see http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-methods.

According to today’s  ONC announcement, parties wishing to participate in the virtual workshop should  register for ONC Certification Technical Workshop on Nov 13, 2012 8:15 AM EST at https://attendee.gotowebinar.com/register/2114316126469925632 .  ONC says that successful registrants will receive a confirmation email containing information about joining the webinar. 

The planned workshop follows ONC’s anno0uncement of the release for review of the latest in a series of electronic medical records Test Standards that ONC has issued recently in its march to implement its mandate.    ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification.   ONC  typically allows  a two week period of public review and comment from the date posted for public review and comment on each Wave.  

In keeping with this process, ONC is inviting interested persons to  submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013. 

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

November 8, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 8, 2012) announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files). To review the 2014 Edition draft Test Methods, visit the 2014 Edition Draft Test Procedures webpage.   As a follow up to this announcement, ONC is inviting interested parties to participate in a public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13th, 9AM-4:30PM EST.

The Test Procedures announced today are the latest in a series ONC has issued recently.    ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification.   ONC  typically allows  a two week period of public review and comment from the date posted for public review and comment on each Wave.  

In keeping with this process, ONC is inviting interested persons to  submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013. 

To help interested parties stay informed about the Test Messages, ONC also announced today it will host a virtual public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13th, 9AM-4:30PM EST.  According to ONC, the topics to be covered include 2014 Test Procedures, Test Tools, Test Data, ONC Timeline, and the Certified Health IT Product List (CHPL).   ONC says additional details regarding access and agenda will be forthcoming.  Watch the ONC website.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Releases First Wave of EHR Test Procedures; More To Come

September 14, 2012

On September 7th the ONC published the first wave of draft Test Procedures and applicable test data files for the 2014 Edition Elelctronic Health Record (EHR) certification criteria for public review and comment. ONC will release additional Test Procedures in waves on a weekly or bi-weekly basis. Each set of draft test procedures will undergo a two week period of public review and comment from the date posted. You can now provide input on Wave One 2014 draft Test Procedures. Visit the site for detailed information on the 2014 Test Procedure development process at http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-procedures.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Touts Research On Health IT Benefits In Health Affairs Article

March 20, 2011

Researchers from the Office of the National Coordinator for Health Information Technology (ONC) and other Department of Health & Human Services (HHS) leaders are touting new studies they say show the benefits of investing in health information technology (health IT).

Under the Health Information Technology for Economic and Clinical Health Act (HITECH), part of the American Recovery and Reinvestment Act of 2009, as much as $27 billion Medicare and Medicaid incentive payments will be available to eligible professionals, eligible hospitals, and critical access hospitals when they adopt certified EHR technology and successfully demonstrate “meaningful use” of the technology in ways that improve quality, safety, and effectiveness of patient-centered care.

On March 8, 2011, ONC researches reported results of a comprehensive review of recent studies it says show the effects of health IT on key aspects of health care on the ONC website and in Health Affairs.   

According to Donald Berwick, M.D., administrator of the Centers for Medicare & Medicaid Services, the study supports the investments that the HITECH Act makes in health IT. “These new findings are very significant in helping to confirm that our Nation has made the right choice in moving aggressively toward adoption of health information technology,” said Dr. Berwick. “These new findings are very significant in helping to confirm that our Nation has made the right choice in moving aggressively toward adoption of health information technology.”

The review included articles published from July 2007 up to February 2010, following up on earlier reviews of articles from 1995 to 2004 and from 2004 to 2007. This latest review initially surveyed more than 4,000 peer-reviewed articles, of which 154 were found qualified for the parameters of the study, a number similar to the previous efforts.  In addition to quality and efficiency of care, the authors categorized additional outcomes including access to care, preventive care, care process, patient safety, and provider or patient satisfaction.

According to the authors, a current review of 154 peer-reviewed studies from July 2007 to February 2010 found:

  • More than 92 percent reached positive overall conclusions on the effects of health IT;
  • 30 percent found mixed but predominantly positive results; and
  • Ten articles were found to have negative or mixed-negative results.

ONC reports that the review also reflected a new balance of evidence between HIT “leader” organizations and other entities, especially smaller medical practices. In previous years, much evidence has come from the “leaders.” The current review shows increased evidence of benefits for others as well.

Examples of positive results highlighted by ONC in its reports include:

  • One study found that at three New York City dialysis centers, patient mortality decreased by as much as 48 percent while nurse staffing decreased by 25 percent in the three years following implementation of electronic health records (EHRs).
  • In an inpatient study, a clinical decision support tool designed to decrease unnecessary red blood cell transfusions reduced both transfusions and costs, with no increase in patient length-of-stay or mortality.
  • Another study addressing HIT in 41 Texas hospitals found that hospitals with more advanced HIT had fewer complications, lower mortality and lower costs than hospitals with less advanced HIT.

ONC researchers report that negative findings in the study were most often associated with provider or staff satisfaction related to difficulties in the process of transitioning from paper-based to electronic-based records and care. The researchers conclude these findings “highlight the need for studies that document the challenging aspects of implementing HIT more specifically and how these challenges might be addressed,” such as through strong leadership or staff participation when adopting and implementing HIT.

Reflecting on the findings, Surgeon General Regina Benjamin, M.D., said, “My own personal experience in switching my practice from paper to EHRs showed that the change requires some initial effort; however, it did not interrupt work flow in the clinic. The results are better care for patients and new opportunities for the physician and staff to improve quality outcomes.” Dr. Benjamin switched to EHRs in her Gulf Coast Alabama family practice after two hurricanes and a fire destroyed the clinic’s paper records.

At the Agency for Healthcare Research and Quality, where research into health informatics has been supported since 1968, agency Director Carolyn Clancy, M.D., called attention to the importance of rapid information feedback and current evidence as the Nation pursues HIT implementation. “As we have known, and this new review of the available literature shows, HIT holds tremendous potential to improve health care quality. It is important that we continue to use experience from the field and scientific evidence to guide our efforts to improve the quality and safety of health care for all Americans.”

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns/ She also regularly designs and presents risk management, compliance and other training for health care providers, professional associations and others including highly popular programs on “Sex Drugs & Rock ‘N Role: Managing Personal Misconduct in Health Care,” “Managing Physician Performance” and others..   Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

 

©2011 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


CMS & ONC To Co-Host 7/22 ONC Certification & Medicare/Medicaid EHR Incentive Program Audio Training

July 20, 2010

The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) will co-host an Audio Training on the Final Rules for ONC Certification and Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs on July 22, 2010 from 2:00-3:30 pm EST. 

During the training, the Agencies plan to discuss: 

  • Benefits of HIT
  • Summary of the final rules
  • ONC temporary certification process
  • ONC initial set of standards and implementation specifications
  • Medicare and Medicaid EHR Incentives Programs including the initial definition of meaningful Use

To join the audio training, dial 1-877-251-0301 and enter the Conference ID pass code: 87841621 

Materials will be made available prior to the training at the following web address here.  

For more information about CMS EMR incentives, see here.   

The author of this update, attorney Cynthia Marcotte Stamer, has extensive experience advising and assisting health care providers, health plans and insurers, and other health and insurance industry clients with HIPAA, EMR and other privacy and data security, reimbursement, compliance, public policy, regulatory, staffing, and other operations and risk management matters. Ms. Stamer also regularly conducts training on these and other health industry technology, compliance, management and operations matters.  You can get more information about her health industry experience here.  If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.  

Other Recent Developments 

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title: 

For More Information 

We hope that this information is useful to you. If you need assistance evaluating or responding to the Health Care Reform Law or health care compliance, risk management, transactional, operational, reimbursement, or public policy concerns, please contact the author of this update, Cynthia Marcotte Stamer, at (469) 767-8872, cstamer@Solutionslawyer.net.  

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. A popular lecturer and widely published author on health industry and human resources matters, Ms. Stamer continuously advises health industry clients about health industry and other related concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here

©2010 Solutions Law Press. All rights reserved.


HIT Policy Committee’s Nationwide Health Information Network Workgroup Meets December 16, 2009

December 1, 2009

The Office of the National Coordinator for Health Information Technology (ONC) HIT Policy Committee’s Nationwide Health Information Network Workgroup will hold a public meeting on December 16, 2009.  The meeting is scheduled from 10 a.m. to 5 p.m./Eastern Time at the OMNI Shoreham Hotel, 2500 Calvert Street, NW., Washington, DC. Members of the public care invited to participate live, via telephone, or Webcast.  For details about options for participation, instructions to present input, and other details, see here.

For More Information

We hope that this information is useful to you.  If you need assistance with these or other health care public policy, regulatory, compliance, risk management, workforce and other staffing, transactional or operational concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters.  You can review other recent health care and related resources and additional information about the health industry and other experience of Ms. Stamer here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here and/or by participating in the SLP Health Care Risk Management & Operations Group on LinkedIn.  To unsubscribe, e-mail here.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


%d bloggers like this: