Doc Caught Submitting Conflicting Patient Records to Private Payer Versus Medicare Criminally Sentence, Pays Civil Settlement

July 23, 2013

The  recent criminal sentencing and civil settlement of Illinois physician Dr. Mahmoud Yassin highlights the growing- but too often appreciated exposure of physicians and other health care providers and their billing or other management who submit conflicting claims data to private and government claims or otherwise permit in false  falsely bill or participate in the cover-up of fraudulent or other improper billings to payers.  The Yassin sentencing is notable both because Yassin incurred criminal liability for obstruction based on his presentation of altered patient records to a private payer and and civil liability for  making false claims to Medicare and others.

Yassin was sentenced July 22, 2013 to serve 30 days in prison and 3 years of probation and to pay  a fine of $10,000, a special assessment of $100, and restitution to Blue Cross Blue Shield of Illinois in the amount of $19,615.17 in federal district court in Benton, Illinois for Obstructing a Criminal Health Care Fraud Investigator.  The felony obstruction conviction stemmed from charges that on March 2, 2012, when a FBI agent, having served a subpoena for patient records on Dr. Yassin, gave an altered patient progress note  that showed an in-office examination previously claimed to an insurance carrier, but which had not taken place.

In a separate civil settlement with the United States Attorney’s Office regarding false claims to Medicare, Dr. Yassin also previously has paid double damages for $87,348.64. The restitution and civil false claims settlement were based on claims for in person office visits in which the patient either failed to show up for an appointment or only was spoken to by telephone.

The Yassin prosecution demonstrates the importance of providers getting their records and billings straight when billing both private payers and government payers.  While most  health care providers recognize  the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ), many  don’t recognize their exposure from private payer billings or the potential interaction between private and government claims investigations  Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.  Furthermore, federal fraud investigators and private payers increasingly are working together on the investigation and redress of false billing and other aggressive practices.  These and other risks mean that providers cannot afford to be unprepared when asked to respond to investigations like one that lead to the Yassin conviction, recoupment or other audit and enforcement actions  See,  Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings.   Rather, physicians and other health care clinics must be ready to prove and defend their billings to public and private payers.  In both cases, these preparations should ensure that records accurately and completely document the care provided, that the coding and billing applied is reflective of actual care and consistent with existing reimbursement, and otherwise defensible.  As demonstrated by Yassin, inconsistencies between records presented to different payers should be avoided.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Improper Billing Of Private Payers Increasing Source Of Liability & Risk For Providers

July 8, 2013

Physicians or other health care providers now have even more to worry about when a Medicare or other federal program audit reveals overpayments – repayment demands from commercial insurers and self-insured health plans, who are secondary payers.  Federal officials and private payers alike increasingly are coming after providers to recover overpayments or other inappropriate billings identified through audits or other investigations.  In the face of these actions, providers should use care to ensure that their billing and compliance programs appropriately manage and monitor the defensibility of claims billed to private payers as well as those to Medicare or other government programs.

Most  health care providers recognize  the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ).

Unfortunately, many health care providers don’t recognize that overbilling private payers can carry similar risks and liabilities.  Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.

While CMS, OIG and DOJ tend to emphasize Medicare and other federal program recoveries in media releases about their overbilling and health care fraud enforcement efforts, careful review of these actions increasingly shows that these enforcement actions often also cover overbilling of private health plans uncovered in connection with the underlying  Medicare or other federal program overpayment audit or investigation.   For instance, upcoding and other false billing of claims was the basis of the federal criminal health care fraud prosecution of the Chief Executive Officer of a small, rural Texas health care clinic.  Texas Clinic CEO Sentence Highlights Risks Of Upcoding. See, also Pharmas Face New Pressure To Put Patients Before Profits After GlaxoSmithKline Record $3 Billion Health Care Fraud & FDCA Settlement.

Unfortunately, many providers have failed to recognize and adequately respond to these and other clear indicators of their exposure to fraud, recoupment and other enforcement actions from sloppy or otherwise improper billings to private insurers and self insured plans.  With health care reform increasingly focusing on reducing health care expenditures in the private as well as public arena, already existing federal and state enforcement against providers for improper billing of private payers will inevitably grown.

Taking into account these and other trends toward stepped up enforcement against aggressive billing by providers of private insurance or self-insured plans, physicians and other providers should not be surprised or unprepared to respond to recoupment or other audit and enforcement actions like that recently reported by Nina Youngstrom in AIS Health about the recoupment demands by commercial insurers against a Kansas health care clinic based on the Medicare audit findings of overpayments. See,  Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings.   Rather, physicians and other health care clinics must be ready to prove and defend their billings to private payers as well as Medicare and other government payers.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


WellPoint To Ban Coverage Rescissions Before Affordable Care Act Fall 2010 Deadline

April 28, 2010

WellPoint, Inc. will suspend the practice of rescinding patients’ coverage May 1, 2010, months in advance of this Fall’s deadline for insurers stop this practice established by the Affordable Care Act. The nation’s largest health insurer announced here its plans to implement the change in its practices regarding individual market rescissions on April 27, 2010.  

Beginning this Fall, the Affordable Care Act will prohibit insurance companies from rescinding policies, except in cases of fraud or intentional misrepresentation of material fact. Wellpoint’s termination of individual policy rescissions announced this week comes months ahead of the effective deadline for terminating rescissions contained in the legislation.  The ban against rescissions is one of a number of new federal restrictions on health insurers and group health plans enacted as part of the Affordable Care Act scheduled to take effect this Fall.  Wellpoint previously announced it also would change its dependent coverage policies to extend the period that a dependent child can remain on his parent’s coverage to age 26 before the deadline required by the Affordable Care Act.

WellPoint’s announcement comes after Health & Human Services Secretary Kathleen Sebelius sent a letter on April 22 urging the company to immediately stop the practice of rescinding coverage for patients who become ill.  Wellpoint recently drew criticism from Secretary Sebelius and others for targeting breast cancer victims for rescission of their policies.  Secretary Sebelius’ initial letter to WellPoint can be found here or at here.

For Assistance With Health Industry Concerns

If your organization needs advice or assistance with the proposed regulation, preparing or submitting comments on the regulation or with other health care matters, contact Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here

Vice President of the North Texas Health Care Compliance Professionals Association, Exempt Organization Vice-Coordinator of the Southern States IRS TEGE Council, a Council Member of the ABA Joint Committee On Employee Benefits Council, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, the former Board Compliance Chair of the National Kidney Foundation of North Texas and former Board President of the Richardson Development Center for Children (now Warren Center), Ms. Stamer has more than 22 years experience advising health industry clients about health care operations, regulatory and compliance, reimbursement, staffing, risk management, public policy and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact Cynthia Marcotte Stamer, at (469) 767-8872 or to cstamer@solutionslawyer.net. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


TSHHRAE Provides Health Industry Managers Employment Law Update & Other Timely Management Training At April Barnstorm 2010: Creating Effective Leaders Programs

March 23, 2010

Get Details & Registration Information here!

A Legal Update on Employment Law presentation by Attorney Cynthia Marcotte Stamer is among 5 hours of “Barnstorm 2010: Creating an Effective Leaders-Tools of the Trade” management training that the Texas Society for Healthcare Human Resources Administration and Education (TSHHRAE) will be hosting for health industry human resources and other managers in five Texas cities between April 26 and April 30, 2010. 

Interested health industry human resources and other managers can elect to participate in TSHHRAE’s Barnstorm 2010 management training at the following dates and locations:  

  • April 26 – Weslaco, Knapp Medical Center
  • April 28 – Sweetwater, Rolling Plains Memorial Hospital
  • April 28 – Brenham, Trinity Medical Center
  • April 29 – Lubbock, University Medical Center
  • April 30 – Odessa, Medical Center Hospital

Update on Employment Law Program Highlights

Ms. Stamer’s Legal Update on Employment Law Program will address:

  • Recent changes in FMLA, Military Leave, wage and hour, ADA & other disability, COBRA, GINA, HIPAA and other selected federal & Texas employment laws and regulations;
  • Rising government enforcement of EEOC, HIPAA, wage & hour, worker classification, and other laws and regulations;
  • Recent developments and increases in retaliation claims;
  • Recent cases related to supervision; and
  • Other selected developments impacting health industry human resources management.

Other Barnstorm 2010 Program Highlights and Details

In addition to the Legal Update on Employment Law that Ms. Stamer is scheduled to present, the Barnstorm Program also will feature presentations on:

  • Leadership in 2010
  • Dealing with Poor Performers; and
  • Cultivating a Superstar

For registration and other information about the Barnstorm Program, see here.

About Ms. Stamer

Nationally and internationally recognized for more than 22 years of work with health industry and other organizations, publications, workshops and presentations and leadership on health industry and other labor and employment, staffing and credentialing, employee benefits, performance management and discipline, regulatory compliance and internal controls, risk management, and public policy matters, Ms. Stamer is Chair of the Curran Tomko Tarski Labor & Employment & Health Care Practice Groups, Vice President of the North Texas Health Care Compliance Professionals Association, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is.  The publisher of Solutions Law Press HR & Benefits Update, the Solutions Law Press Health Care Update, and Solutions Law Press Health Care Privacy & Technology Update and a former legal columnist for MD News, Ms. Stamer also is a popular speaker and author of these topics.  She regularly speaks and conducts training for the ABA, American Health Lawyers Association (AHLA), Health Care Compliance Association, Institute of Internal Auditors, Harris County Medical Society, the Medical Group Management Association, SHRM, Southwest Benefits Association and many other organizations.  Publishers of her many highly regarded writings on health industry and human resources matters include the Bureau of National Affairs, Aspen Publishers, ABA, AHLA, Spencer Publications, World At Work, SHRM, Business Insurance, James Publishing and many others.  You can review other highlights of Ms. Stamer’s health care experience here, and employment experience hereHer insights on these and other matters appear in Managed Care Executive, Modern Health Care, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, MDNews, Kentucky Physician, and many other national and local publications.

If you need assistance with health industry human resources or other management, concerns, wish to inquire about compliance, risk management or training, or need legal representation on other matters please contact Cynthia Marcotte Stamer at cstamer@cttlegal.com or 214.270.2402. 

Other Resources

If you found this information of interest, you also may be interested in reviewing other updates and publications by Ms. Stamer including:

For More Information

We hope that this information is useful to you.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


Medicare Ends Fox Insurance Company Drug Plan Contract As CMS Turns Up Heat on Medicare Advantage & Part D Plan Enforcement & Oversight

March 16, 2010

By Cynthia Marcotte Stamer

The Centers for Medicare & Medicaid Services (CMS) terminated its Medicare Part D prescription drug coverage contract with Fox Insurance Company (Fox) on March 9, 2010.    The action highlights CMS’s growing scrutiny and enforcement of Medicare requirements against Medicare Part D, Medicare Advantage Plans and other federal health care program contractors.

CMS terminated the Fox contract after CMS found the failure by Fox’s plan and services to meet Medicare’s requirements to provide enrollees with prescription drugs according to recognized standards of care jeopardized the health and safety of Fox enrollees.   When announcing the contract termination, CMS reported that an on-sight review by CMS showed that Fox committed a series of violations, including improperly denying its enrollees coverage of critical HIV, cancer, and seizure medications. CMS issued an enrollment and marketing sanction to Fox on Feb. 26, 2010, because the organization was not following Medicare’s rules for providing prescription drug coverage to its enrollees.   According to CMS, an onsite audit conducted between March 2 and March 4 showed that Fox’s problems persisted and that Fox continued to subject its enrollees to obstacles in getting sustaining medicines or other needed medications.  Among other things, CMS found Fox:

  • Failed to provide access to Medicare prescription drugs benefits by imposing unapproved prior authorization and step therapy criteria that made it more difficult for beneficiaries to get drugs that are protected by law;
  • Failed to meet the plan’s appeals deadlines; and
  • Did not comply with Medicare regulations requiring enrollees to be transitioned to new drugs at the beginning of the new plan year.
  • Failed to notify enrollees about prior authorization and step therapy determinations as required by Medicare.

CMS also found that many of the obstacles were in place to limit access to high-cost drugs, which could have led to enrollees’ clinical needs not being met.

In many cases, CMS reported that Fox required enrollees to have unnecessary and invasive medical procedures before they were able to obtain drugs. Finding that Fox was unable to satisfactorily address these compliance concerns and furnish medicines to its Medicare enrollees, CMS immediately terminated the Fox contract.

At the time of the termination, more than 123,000 Medicare beneficiaries were enrolled in Fox plans. Beginning March 10, 2010, CMS indicated that LI-NET, a Medicare run program administered by Humana, would replace the Medicare Part D coverage of  enrollees affected by the Fox contract termination on an interim basis. Fox enrollees will be able to choose a new Medicare prescription drug plan through May 1, 2010. Current enrollees who do not choose a plan will be enrolled into a new plan by Medicare. CMS is sending letters explaining the actions taken by CMS to enrollees and has established a 1-800 number to receive questions.

The action against Fox is part of an ongoing series of oversight, disciplinary and enforcement actions by CMS against Medicare Advantage and other federal health care program participants.  These programs and CMS’ oversight and enforcement of federal programs are drawing increasing Congressional scrutiny in connection with Congressional health care reform efforts. Amid this heightened scrutiny, Medicare Part D and Medicare Advantage Plans; health care providers, administrative services providers and others contracting with these plans and others involved with this programs should take appropriate action to maintain compliance, tighten their contracts with and oversight of actions of partners and vendors performing critical functions; review complaint reporting, investigation and response processes and procedures; and strengthen other practices to minimize exposures to audit or other enforcement actions.

For Assistance With Medicare Managed Care or Other Matters

If your organization needs advice or assistance about Medicare Part D or other Medicare Advantage contracting or other requirements or about other health plan or health care matters, consider contacting the author of this article, Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail here

Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee and an ABA Joint Committee on Employee Benefits Council member,  Ms. Stamer has more than 22 years experience advising health plans, health care providers, and other health industry and insurance clients.  Her experience includes specific experience assisting Medicare, Medicaid and other health plan sponsors, administrators,  or administrative services providers about contracting, compliance, coverage and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer also conducts compliance and other training on Medicare Advantage and other contract and compliance matters, as well as a broad range of other health industry related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on health industry matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent updates available online by clicking on the article title:

You can review other recent health plan, health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here; e-mailing this information to cstamer@cttlegal.com; or registering to participate in the distribution of these and other Solutions Law Press updates here. For important information concerning this communication click here.   

To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website

February 25, 2010

By Cynthia Marcotte Stamer

The Department of Health and Human Services Office of Civil Rights (OCR) has begun posting on its website the names and certain information about health care providers, health insurers,  employer and other health plans, health care clearinghouses and their business associates (Covered Entities) reporting to OCR “breaches” of “unsecured protected health information” (UPHI) under new breach notice rules added by the Health Information Technology for Economic and Clinical Health Act (HITECH Act).

Covered Entities should anticipate the posting of the breach information and other HITECH Act breach notices coupled with amendments to the medical privacy and security requirements of the Health Insurance Portability & Accountability Act (HIPAA) effective since February 17, 2010, will heighten enforcement risks and public sensitivities about medical information privacy safeguards.  As failing to comply with the amended rules effective February 17, 2010 can trigger obligations under the Breach Regulations and other significant liability exposures, Covered Entities should act quickly to manage these emerging risks.

Covered Entity Breach Notification Requirements

The initial list of Covered Entities reporting  breaches of UPHI affecting 500 or more individuals posted by OCR on February 22, 2010 discloses the Covered Entity’s name and State, the approximate number of individuals affected, the date and type of breach and the location of the breached information. OCR’s posting of this information is required under the HITECH Act breach notification requirements as part of its implementation and enforcement of new breach notification requirements added to HIPAA by Section 13402(e)(3) of the HITECH Act.

The HITECH Act amended HIPAA to require Covered Entities to require Covered Entities provide notification to individuals, OCR and others when certain breaches of UPHI happen.  The implementing interim “Breach Notification For Unsecured Protected Health Information” regulations (Breach Regulation) published by OCR here require Covered Entities subject to HIPAA to notify affected individuals, OCR and in some cases the media within specified periods following a “breach” of UPHI occurring on or after September 23, 2009 unless the Covered Entity can demonstrate that the breach qualified as exempt from the breach notification obligation under the Breach Regulations.

Covered Entities generally should consider the need to provide breach notification under the Breach Regulation whenever electronic or non-electronic protected health  information which is not adequately encrypted or destroyed to qualify as “secured” under the breach rules is used, accessed or disclosed in violation of HIPAA.  

Since the potential need to provide breach notification is triggered by an impermissible use, access or disclosure of UPHI, up-to-date maintenance, monitoring and enforcement is at the heart of compliance with the Breach Regulation as well as HIPAA generally.

You can review the currently posted list of Covered Entities that have reported breaches on the OCR website here.  Learn more about the Breach Regulation requirements here

Broader & Stricter Medical Privacy Mandates Effective 2/17/210

The new breach notification requirements are part of a series of changes made to HIPAA under the HITECH Act that are increasing the responsibilities and liability exposures of Covered Entities. On February 17, 2010, Covered Entities and their business associates also became subject to tighter federal requirements for the use, access, protection and disclosure of protected health information under amendments to HIPAA’s Privacy & Security Standards enacted in the HITECH Act. When the HITECH Act was signed into law on February 17, 2009, Covered Entities also became subject to expanded sanctions and remedies for HIPAA violations.

To comply with the HITECH Act changes to HIPAA effective on February 17, 2010, most Covered Entities and their business associates generally will need to update their written policies, operational procedures, technical safeguards, privacy notices, vendor and other agreements, training, and other management procedures in several respects. For more details, see here.

While the HITECH Act gave Covered Entities and business associates a year to complete the necessary arrangements to comply with these HITECH Act changes, many Covered Entities and business associates have not adequately implemented the necessary arrangements. To mitigate these exposures, Covered Entities and their business associates should act quickly to review and update their policies, procedures, training, business associate and other services agreements, and other practices and procedures, as well as to implement the training, oversight, and other management necessary to comply with the HITECH Act changes and to mitigate other HIPAA risks.

Exposures Significant & Growing

HIPAA-associated exposures for Covered Entities are significant and growing. Timely action to comply with the amended HIPAA requirements and Breach Regulations is important to avoid triggering the breach notification requirements; to prevent loss of public trust and reputation;  and to minimize exposures to legal actions, administrative complaints and sanctions and the  investigation, defense and correction costs likely to result when a Covered Entity violates or is accused of violating HIPAA or otherwise mishandling medical or other personal information. 

Even before the HITECH Act changes became effective, federal regulators were stepping up HIPAA enforcement. The HITECH Act amendments further increase the risk that Covered Entities violating HIPAA face investigation and sanction. The HITECH Act amendments increase the likelihood that Covered Entities violating HIPAA will get caught and will face some form of damage or penalty assessment.  Heightened awareness of UPHI breaches resulting from HITECH Act mandated breach notifications are likely to fuel new HIPAA-related complaints, charges and demands.  Covered Entities, workforce members who wrongfully access protected health information now face potential civil penalties,  criminal prosecution, civil lawsuits and other actions. Allowing state attorneys general to bring suit adds more manpower to the enforcement team.   Furthermore, the wrongful use, access or disclosure of protected health information or other confidential information also increasingly is the basis of civil or criminal actions brought under a variety of other federal and state laws.

New Risks Created By HITECH Act Amendments

Heightened HIPAA exposures stem in part from the HITECH Act’s amendments to HIPAA’s remedy provisions.  Among other things, the HITECH Act amended HIPAA to:

  • Allow a State Attorney General to sue Covered Entities that commit HIPAA violations after February 16, 2009 for damages caused to state citizens;
  • Expand the mandate by OCR to investigate violations and audit compliance with HIPAA;
  • Require OCR to impose civil sanctions against Covered Entities and business associates involved in violations of HIPAA in accordance with tightened standards added to HIPAA by the HITECH Act;
  • Revise the criminal sanctions that the Department of Justice can seek against Covered Entities and others for violations of HIPAA; and
  • Amend HIPAA to make clear that workforce members and others improperly using, accessing or disclosing protected health information in violation of HIPAA can face criminal prosecution.

State Attorney General Lawsuit Exposures

Covered Entities must be concerned about the potential that a state Attorney General may bring civil suit to remedy damages caused to state citizens by a breach of HIPAA.  In certain situations, the HITECH Act empowers a state attorney general to sue Covered Entities for damages if their HIPAA violations harm state citizens. Statutory damages equal to the sum of the number of violations multiplied by 100 up to a maximum of $25,000 per calendar year plus attorneys fees and costs are authorized.

A HIPAA civil lawsuit demonstrates the willingness of at least some states to exercise the new authority to sue Covered Entities. On January 13, 2010 Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc. (Health Net) for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers endangered by the security breach.   The first attorney general enforcement action brought based on amendments made to HIPAA under the HITECH Act, Connecticut charges that Health Net violated HIPAA by failing to safeguard protected medical records and financial information on almost a half million Health Net enrollees in Connecticut then allowing this information to remain exposed for at least six months before notifying authorities and consumers. The suit also names UnitedHealth Group Inc. and Oxford Health Plans LLC, who have acquired Health Net. 

Stepped Up Federal Enforcement

Even before the HITECH Act amendments, OCR and Department of Justice increased HIPAA investigation and enforcement.  The Department of Justice has obtained a variety of criminal convictions against violators of HIPAA.  See, e.g., 2 New HIPAA Criminal Actions Highlight Risks From Wrongful Use/Access of Health InformationMeanwhile, OCR also is emphasizing HIPAA enforcement.  In February, 2009, OCR announced that CVS Pharmacies, Inc. would pay $2.25 million to resolve HIPAA charges.  This announcement followed OCR’s announcement in July, 2008 that Providence Health Care would pay $100,000 to resolve HIPAA violation charges.  OCR also has taken HIPAA enforcement actions against a broad range of other Covered Entities. See more details hereWhile not resulting in the significant payments involved in CVS or Providence, all Covered Entities involved in these and other enforcement actions or investigations have incurred significant legal and other defense costs, loss of community trust, or both.

In addition to these HIPAA-specific exposures, wrongful use, access or disclosure of medical information also can expose Covered Entities, members of their workforce and others improperly using, accessing or disclosing protected health information to liability under other federal or state laws.  Federal and state prosecutors may and increasingly do bring criminal or civil actions against organizations or individuals for improperly accessing or using medical or other personal information under a variety of other federal or state laws .  See e.g., Cybercrime & Identity Theft: Health Information Security Beyond HIPAA; NY AG Cuomo Announcement of 1st Settlement For Violation of NY Security Breach Notification Law; Woman Who Revealed AIDs Info Gets A Year

State Civil Lawsuits

Covered Entities also need to prepare to defend HIPAA-related conduct in state civil actions.  Individual plaintiffs increasingly used alleged HIPAA violations in state privacy, negligence, retaliation, wrongful discharge or other lawsuits.  State courts have allowed private plaintiffs to use the obligations imposed by HIPAA as the basis of a Covered Entity’s duty for purposes of certain state law lawsuits.  In  Sorensen v. Barbuto, 143 P.3d 295 (Utah Ct. App. 2006), for example, a Utah appeals court ruled a private plaintiff could use HIPAA standards to establish that a physician owed a duty of confidentiality to his patients for purposes of maintaining a state law damages claim.  Similarly, the Court in Acosta v. Byrum, 638 S.E. 2d 246 (N.C. Ct. App. 2006) ruled that a plaintiff could use HIPAA to establish the “standard of care” in a negligence lawsuit. Meanwhile, disgruntled employees or other business partners performing services for  Covered Entities also increasingly are pointing to HIPAA as the basis for their retaliation or wrongful discharge claims. See, e.g.,  Retaliation For Filing HIPAA Complaint Recognized As Basis For State Retaliatory Discharge Claim. Read more here

Coupled with the HITECH Act changes, these and other enforcement actions signal growing potential hazards for Covered Entities that  fail to properly manage their HIPAA compliance obligations and risks. To help guard against these exposures, Covered Entities should act quickly to strengthen their HIPAA defenses by updating policies, contracts, practices, security, training, oversight, documentation and management.

Covered Entities & Business Associates Urged To Act Promptly To Manage Mitigating Expanded HIPAA Risks & Obligations

Faced with these expanding obligations and exposures, Covered Entities should prepare for the need to defend the adequacy of their HIPAA compliance efforts on paper and in operation. As part of these efforts, Covered Entities should consider:

  • Reviewing the adequacy of the practices, policies and procedures of the Covered Entities, business associates, and others that may come into contact with protected health information within the scope of attorney-client privilege taking into consideration the Corrective Action Plan, published OCR noncompliance and enforcement statistics, their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable;
  • Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility;
  • Renegotiating and enhancing service provider agreements to detail the specific compliance obligations of each party; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; to clarify rights of indemnification; and other related relevant matters;
  • Improving technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information;
  • Conducting well-documented training as necessary to ensure that members of the Covered Entity’s workforce understand and are prepared to comply with the expanded requirements of HIPAA, can detect potential breaches or other compliance concerns, and understand and are prepared to follow appropriate procedures for reporting and responding to suspected violations;
  • Tracking actual and near miss violations and making adjustments to policies, practices, training, safeguards and other compliance components as necessary to deter future concern
  • Establishing and providing well-documented monitoring of compliance;
  • Establishing and providing well-documented timely investigation and redress of reported violations or other compliance concerns;
  • Establishing contingency plans for responding in the event of a breach;
  • Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and  requirements;
  • Preparing and maintaining a well-documented record of compliance activities; and
  • Pursuing other appropriate strategies to enhance the Covered Entity’s ability to demonstrate its compliance commitment both on paper and in operation.

For Assistance With Compliance Or Other Concerns

The author of this article,  Ms. Stamer has extensive experience advising and assisting health care practitioners and other businesses and business leaders to establish, administer, investigate and defend health care fraud and other compliance and internal control policies and practices to reduce risk under federal and state health care and other laws. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact the author of this article, Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com, 214.270.2402 or another Curran Tomko Tarski LLP attorney of your choice.  You can get more information about the CTT Health Care Practice  and more specifics about Ms. Stamer’s health industry experience here.

Ms. Stamer is nationally known for her work, training and presentations, and publications on privacy and security of health and other sensitive information in health and managed care, employment, employee benefits, financial services, education and other contexts. 

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 22 years experience advising clients, conducting workshops and other training, and providing policy advice about health care, privacy, data security, and other matters. She advises health care providers, health insurers and administrators, employer and other health plan sponsors, employee benefit plan fiduciaries, schools, financial services providers, governments and others about privacy and data security, health care, insurance, human resources, ERISA, technology, and other legal and operational concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry privacy, data security and other technology, regulatory and operational risk management matters. A widely published author on privacy, data security, health care and other related matters, Ms. Stamer is the author of “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA,” and a host of other highly regarded publications. Her insights on health care, health insurance, human resources and related matters appear in the Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Helpful Resources & Other Information

If you found these updates of interest, you also be interested in one or more of the following other recent articles:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2010 Cynthia Marcotte Stamer.  All rights reserved. 


2010 Medicare Part B Monthly Premium Rate, Annual Part B Deductible & Actuarial RatesAnnounced

October 27, 2009

The Centers for Medicare & Medicaid Services recently announced that the monthly premiums, actuarial rates for aged (age 65 and over) and disabled (under age 65) beneficiaries enrolled in Part B of the Medicare Supplementary Medical Insurance (SMI) program that will apply for calendar year 2010. 

The rates announced here in the Federal Register on October 22, 2009 are as follows:

  • The monthly actuarial rates for 2010 are $221.00 for aged enrollees and $270.40 for disabled enrollees. The standard monthly Part B premium rate for 2010 is $110.50, which is up from the 2009
  • standard premium rate of $96.40.)
  • The Part B deductible for 2010 is set at $155.00 for all Part B beneficiaries.

A beneficiary who has to pay an income-related monthly adjustment may have to pay a total monthly premium of roughly 35, 50, 65 or 80 percent of the total cost of Part B coverage.

For More Information

We hope that this information is useful to you.  If you need assistance with these or other health care public policy, regulatory, compliance, risk management, workforce and other staffing, transactional or operational concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters.  You can review other recent health care and related resources and additional information about the health industry and other experience of Ms. Stamer here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here and/or by participating in the SLP Health Care Risk Management & Operations Group on LinkedIn.  To unsubscribe, e-mail here.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


HIT Committee To Meet October 14 In Washington, D.C.

September 29, 2009

The next meeting of the HIT Standards Committee of the Office of the National Coordinator for Health Information Technology (ONC) will be held on October 14, 2009, from 9 a.m. to 3 p.m./Eastern Time at the Omni Shoreham Hotel, 2500 Calvert Street, NW., Washington, DC. The hotel telephone number is 202-234-0700. Interested members of the public are invited to attend. 

Created under the American Recovery and Reinvestment Act of 2009 (ARRA), the HIT Standards Committee is charged with making recommendations to the Office of National Coordinator for Health Information Technology (ONC) on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information consistent with the implementation of the Federal Health IT Strategic Plan, and in accordance with policies developed by the HIT Policy Committee.   Even as Congress debates further reforms, the activities of the HIT Committee and other components of the ONC are key actors in the continuing efforts of the Obama Administration to promote health care efficiency by reengineering health care technology.

During a previous meeting on August 20, 2009, the HIT Committee finalized certain recommendations concerning meaningful use of electronic medical records, clinical quality, and privacy and security of protected health information, which are available for review here.

According to the ONC announcement regarding the upcoming meeting in today’s (September 29, 2009) Federal Register available here, the Committee plans during the meeting to:

  • Discuss reports from its Clinical Operations, Clinical Quality, and Privacy and Security Workgroups
  • Take testimony from invited experts in the field of security as it relates to health information technology

Interested persons may present data, information, or views, orally or in writing, on issues pending before the committee. Written submissions may be made to the contact person on or before October 6, 2009. Oral comments from the public will be scheduled between approximately 2:30 p.m. to 3 p.m. Time allotted for each presentation may be limited. If the number of speakers requesting to comment is greater than can be reasonably accommodated during the scheduled open public hearing session, ONC will take written comments after the meeting until close of business.

ONC hopes to make background material available to the public at least two (2) business days prior to the meeting. However, if ONC is unable to post the background material on its Web site before the meeting, it will make that material publicly available at the location of the advisory committee meeting, and post the background material on ONC’s web site after the meeting here.

The designated person to contact for additional information is Jonathan Ishee, Office of the National Coordinator, HHS, 200 Independence Ave, SW., Room 729-G, Washington, DC 20201, 202-205-8493, Fax: 202-690-6079, e-mail: jonathan.ishee@hhs.gov.

If you need assistance preparing or presenting comments to the HIT Standards Committee or with monitoring or responding to other health care IT, privacy and data security, regulatory, operational, public policy or other health care concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Chair and Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail at CStamer@CTTLegal.com.

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Solution Law Press Updates available online by clicking on the applicable article title below:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here, registering to receive updates in blog form here or e-mailing this information to support@solutionslawyer.net.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


Baucus’ America’s Healthy Future Act of 2009 Calls For Significant Tightening of Tax Exemption Rules

September 21, 2009

Senate Finance Set To Begin Markup Session Proposal September 22 – Repeal of Rebuttable Presumption Rule In Reasonable Compensation Rules, Other Tightening of Requirements Threatened

With Senate Finance Committee meetings to mark up Chairman Max Baucus’ health care reform proposal as outlined in his 220-page “Chairman’s Mark of America’s Healthy Future Act of 2009” (the “Baucus Proposal”) scheduled to begin tomorrow (September 22, 2009), tax-exempt health care and other non-profit organizations should evaluate carefully proposed amendments that could impact their tax-exempt status or related obligations in addition to the widely-discussed proposal to create “Consumer Operated and Oriented Plans (CO-OPs).

Markup Scheduled To Begin Tuesday

The Senate Committee on Finance plans on Tuesday, September 22, 2009 to hash out how to convert into proposed legislation the health care reform proposal outlined in the “Chairman’s Mark America’s Healthy Future Act of 2009” introduced by Committee Chairman Max Baucus on September 16, 2009, the text of which may be reviewed here.

Since no text of the proposed legislation itself has been released yet, it is impossible to fully evaluate the specific nature and implications of the Baucus Proposal.  While this week’s planned Senate Finance Committee mark up will further clarify these matters, a review of the description of changes proposed by Chairman Baucus in the Baucus Proposals nevertheless provides significant insight of what health care organizations can expect to be discussed and, in all likelihood incorporated into the draft legislation ultimately proposed.  Accordingly, tax-exempt health care organizations should carefully evaluate and act promptly to share their input with members of the Senate Finance Committee and other members of Congress about a series of proposed amendments that would impact their tax-treatment and other responsibilities.

Proposal To Tighten Tax-Exemption & Reporting

Requirements For Tax-Exempt Hospitals

While the Senate Finance Committee as of yet has not released text of the proposed legislation itself, a review of the description of changes proposed by Chairman Baucus in the Baucus Proposals and other subsequently proposed amendments to the Baucus Proposal reveal plans to materially change the tax-exemption qualification, governance and reporting requirements for tax-exempt hospitals beyond the proposal to create CO-OPs.  Among other things, the Baucus Proposal calls for the Internal Revenue Code § 50!(c)(3) and its related provisions to be amended to require:

  • The hospital to conduct or participate in and share with the public a community-needs analysis with input from a broad cross section of the community at least once every 3 years and thereafter to report on its implementation, including explaining where applicable why identified needs were unaddressed.  These additional requirements would supplement rather than replace existing community benefit standards already generally applicable to charitable entities
  • The hospital to provide non-discriminatory emergency care
  • The hospital to have, implement and widely disseminate a written financial assistance policy  defining among other things:
    • The rules for determining who qualifies for financial assistance
    • How the hospital determines amounts to be billed to patients in manner that provides for patient discounts to be based on Medicare rates, “best” commercial rates or other approved statutory measures rather than “chargemaster rates”
    • Require hospital to notify patients of the financial assistance policy on admission, on bills and in telephone calls of its financial assistance policy before initiating various collection actions or reporting the account to a credit rating agency
  • The hospital make its audited financial statements (and where applicable, the consolidated financial report of any entity of which it is a part) available widely
  • The Internal Revenue Service (IRS) to conduct a SEC-type review of each 501(c)(3) hospital’s community benefit activities at least once every three years based on data reported on Schedule H of the Form 990
  • The IRS and the Department of Health and Human Services (HHS)  to report annually to Congress on community benefit activities of non-governmental tax-exempt hospitals, charity care, bad debt, and unreimbursed costs of government programs (means-tested and non-means-tested) incurred by tax-exempt, taxable, and governmental hospitals.

In addition to the proposed amendments included in the Baucus Proposal as originally introduced, health care organizations also will need a close eye on discussions and proposals to amend the Baucus Proposal to further modify the tax-exemption requirements for tax-exempt hospitals and other health care organizations.  For instance, late last week, Ranking Member Senator Chuck Grassley submitted a proposal to amend the Baucus Proposal to further tighten requirements for tax-exempt health care organizations:

  • For the stated purpose of avoiding wasteful legal challenges to the management and governance questions on the revised Form 990, to specifically grant statutory authority to the Internal Revenue Service to ask management and governance questions on the Form 990; and
  • To make it easier for the Internal Revenue Service to challenge as unreasonable compensation payments made by tax-exempt entities by shifting the burden to the taxpayer of proving the reasonability of compensation and removing the burden currently borne by the Internal Revenue Service of going forward with the evidence on comparability.  This would be accomplished by overruling the rebuttable presumption of reasonableness currently set forth in Treasury Regulation § 53.4958-6 of the intermediate sanctions rules and replacing it with a requirement that public charities due diligence demonstrate that their compensation payments meet the 3 current elements of the presumption:
    • Review by an authorized body made of members without a conflict of interest
    • Use of appropriate data as to comparability and
    • Adequate and contemporaneous documentation. This amendment is expected to raise revenue, according to the summary.

With these provisions already targeting their tax-exempt status, tax-exempt hospitals and other non-profits and others likely to surface as the legislative discussion proceeds, tax-exempt health care and other organizations should keep a close eye on proposed tax provisions of the Baucus Proposal and other related proposals.

CO-Ops As Health Coverage Alternative

Much more widely discussed is the Chairman’s CO-OP proposal.  The Baucus Proposal calls for the creation of a new vehicle to provide an alternative source of health care coverage called  “CO-Ops.”  As contemplated by the Baucus Proposal, CO-Ops would be associations controlled by a beneficiary board unrelated to existing organizations providing health insurance as of July 16, 2009.  Subject to their meeting non-inurement and other common existing requirements for charitable status as well as other conditions, CO-Ops would be able to apply for tax-exempt status as well as federal funding.

New Taxes and Fees On Insurers & Others

The Baucus Proposal proposes to finance its health care reforms through a variety of mechanisms including, excise taxes and penalties on employers and individuals that fail to purchase the government specified health care package, taxes on premiums paid for health insurance coverage in excess of certain specified annual limits, the imposition of certain premium taxes and “sector fees” on healthcare insurers (with some exceptions possible under certain circumstances for certain 501(c)(3) and (c)(4) HMOs not providing commercial-type insurance within the meaning of Section 501(m)).

Other Baucus Proposal Highlights

In its current summary form, the 220-page Baucus Proposal includes a host of other sweeping reforms, which are certain to be further expanded and refined during this week’s scheduled Senate Finance Committee markup session.  Many of these other proposed reforms were highlighted in an overview of the Baucus Proposal published hereYou can join the discussion of these and other proposed health care forms and exchange updates and other resources about health care reform and related concerns by registering to participate in the Coalition For Responsible Health Care Policy Group on Linkedin.

 

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Solution Law Press Health Care Updates available online by clicking on the article title below:

For More Information

We hope that this information is useful to you.  If you need assistance with these or other health care public policy, regulatory, compliance, risk management, workforce and other staffing, transactional or operational concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters. 

Ms. Stamer has extensive experience in these and other health industry related representation.  You can review other recent health care and related resources and additional information about the health industry and other experience of Ms. Stamer here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here, or e-mailing this information to cstamer@cttlegal.com, and/or by participating in the SLP Health Care Risk Management & Operations Group on LinkedIn.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


Two Recent Criminal Prosecutions For HIPAA Privacy Rule Violations Signal Rising Criminal Enforcement Risks

September 8, 2009

Register here  To Participate In September 9 or September 17 Briefings on New HIPAA Data Breach Rules

September 8, 2009

Two recent separate criminal actions against hospital workers for wrongfully accessed medical records in violation of the medical privacy provisions of the Health Insurance Portability & Accountability Act of 1996, as amended (HIPAA) are the latest reminders to health care providers, health plans, health care clearinghouses, their business associates and members of their workforce that the criminal provisions of the HIPAA Privacy Rules have teeth. 

Palmetto General Hospital Employee And Accomplice Indicted For Stealing Patient Records As Part Of Fraud

 In Miami-Dade County, federal felony charges are pending against Jacquettia L. Brown, 29, and Tear Renee Barbary, 25, prosecution on for offenses relating to the theft of patient profile records from Palmetto General Hospital to further a fraud scheme.

A seven-count Indictment announced by the Department of Justice on May 26, 2009 charges Brown and Barbary with conspiracy to commit access device fraud in violation of Title 18, United States Code, Section 1029(b)(2), and criminal violations of HIPAA. In addition, Brown is charged with aggravated identity theft, in violation of Title 18, United States Code, Section 1028A(a)(1).  If convicted, the defendants face a statutory maximum of five (5) years’ imprisonment on Count 1, and a statutory maximum of ten (10) years’ imprisonment as to each of Counts 2, 3, and 7. As to Counts 4-6, Brown faces a two (2) year mandatory prison sentence per count. 

According to the Indictment, Brown, a medical records employee of Palmetto General Hospital, took records containing personal profile information of Palmetto General Hospital patients. Defendant Brown and Barbary then used the stolen personal information to further a credit card fraud conspiracy. The patient profile records that Brown stole included personal identifying information, such as patients’ names, birthdates, Social Security numbers, addresses, driver’s license numbers, and next of kin contacts. Brown used the stolen identifying information to obtain patients’ credit card account numbers. She gave patient profile records and credit card account numbers to Barbary, who used the information to make unauthorized credit card purchases. When law enforcement officials disrupted the scheme, Brown was in possession of 41 patient profile records and Barbary was in possession of six patient profile records.

Curiosity Check of Medical Records Results In Arkansas Doctor, 2 Former Hospital Employees Guilty Plea To HIPAA Violation

Three Arkansas health care workers could be sentenced to up to 1 year in prison, a fine of not more than $50,000, or both after pleading guilty in July, 2009 to misdemeanor violations of the health information privacy provisions of HIPAA for accessing a patient’s record without any legitimate purpose.

United States Magistrate Judge Henry L. Jones, Jr. accepted the guilty pleas of Dr. Jay Holland, age 56, of Little Rock, Arkansas; Sarah Elizabeth Miller, age 28, of England Arkansas; and Candida Griffin, age 34 of Little Rock, Arkansas after each admitted to accessing patient records to satisfy their own curiosity.

Dr. Holland, Medical Director of Select Specialty Hospital, located on the 6 floor of the St. Vincent Infirmary Medical Center (SVIMC), admitted that after watching news reports on television, he logged on to the SVIMC patient records from his computer at home and accessed a patient’s files to determine if the news reports were accurate. He admitted he accessed the file because he was curious even though he had had HIPAA training and understood he was violating HIPAA when he accessed the file. SVIMC suspended Dr. Holland’s privileges for two weeks and required him to complete on-line HIPAA training.

Sarah Elizabeth Miller, formerly an account representative at SVIMC, Sherwood Campus, was responsible for checking patients in and out of the clinic and for processing patient billing. In order to perform her duties, she had access to the SVIMC patient records program which includes all locations, not just that of the Sherwood clinic. Miller admitted that on October 20 and 21, 2008, she accessed a patient’s files approximately 12 times out of curiosity. She admitted that she accessed the records without any legitimate purpose. Records show that Miller was trained on HIPAA privacy laws by SVIMC. SVIMC fired Miller from her position.

Candida Griffin was the emergency room unit coordinator at SVIMC. Her responsibilities were to order patient tests, perform data entry into electronic patient files for patients and perform other secretarial functions in the emergency room. Griffin admitted that on October 20, 2008, she was told by the charge nurse to set-up an alias for a particular patient admitted to the emergency room. On October 21, 2008, after the patient had been moved to ICU, Griffin admitted that she became curious about the patient’s status and accessed the medical chart to find out if the patient was still living. Although Griffin did not inform anyone about accessing the chart, hospital records show that the patient’s records were accessed three times that day by Ms. Griffin. SVIMC records show that Griffin was trained on HIPAA privacy laws. SVIMC fired Griffin from her position.

Pursuant to plea agreements with the United States, Holland, Miller and Griffin pleaded guilty to a misdemeanor a violation of the health information privacy provisions of HIPAA based on their accessing a patient’s record without any legitimate purpose. Each faces a maximum penalty of 1 year imprisonment, a fine of not more than $50,000, or both. A sentencing date has not yet been set, but is expected within the next few weeks.

Criminal Referral and Enforcement Continues

Together with the HIPAA-related criminal convictions of in 2008 of David Gibson, Ferando Ferrer, Jr. and Andrea Smith discussed here, these new Arkansas and Florida criminal actions document the willingness of Justice Department attorneys to investigate and prosecute certain criminal violations.  Because they involved the theft of health information for use in furtherance of other health care fraud schemes, many have viewed as predictable and understandable the prosecution of Gibson, Ferrer, Brown and Barbary.  In contrast, the willingness of Jane W. Duke, United States Attorney for the Eastern District of Arkansas, to prosecute criminally the wrongful access by the SVIMC health care workers and Andrea Smith in the absence of other health care fraud motives challenges the perception widely held among certain segments of the health care and health plan industry that the criminal provisions of HIPAA have little teeth.  Since U.S. Attorney Duke pursued both the SVIMC and Smith prosecutions, it remains to be seen whether other U.S. Attorneys will be equally willing to pursue prosecution of HIPAA violations in the absence of evidence of other federal health care crimes.  

Less speculative is the growing readiness of the Department of Health & Human Services Office of Civil Rights to pursue civil remedies for HIPAA violations.  On February 18, 2009, for instance, OCR and the Federal Trade Commission (“FTC”) issued a joint announcement (the “Announcement”) ordering CVS Pharmacy, Inc., the nation’s largest retail pharmacy chain, to pay the U.S. government a $2.25 million settlement and to take other corrective action to ensure that it does not violate the privacy rights patients under HIPAA when disposing of patient information such as identifying information on pill bottle labels.  In a coordinated action, CVS Caremark Corp., the parent company of the pharmacy chain, also signed a consent order and agreed to a settlement with the FTC to settle potential violations of the FTC Act.  The investigation resulting in the settlement marks the first instance where the OCR formally coordinated on investigation and resolution of a case with the FTC. 

Coming as new data breach notification requirements for HIPAA-covered entities are set to take effect on September 23, 2009, these and other stepped up oversight and enforcement activities make it critical that all health care providers, health plans, health care clearinghouses and their business associates need to update their policies and practices, tighten their compliance and data breach monitoring processes, and strengthen their internal controls, compliance in preparation for defending their actions under the newly strengthened Privacy Rules.  Covered entities and their business associates more than ever must ensure their ability to demonstrate to federal regulators the effectiveness of their HIPAA compliance efforts by both adopting the written policies and procedures required by HIPAA and continuously monitoring and administering these safeguards.  Covered entities should consider reviewing the adequacy of their current HIPAA Privacy and Security compliance practices taking into consideration the Corrective Action Plan, published OCR noncompliance and enforcement statistics, their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

If you need assistance with auditing, updating or defending your organizations HIPAA and other privacy and data security practices, please contact Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail at CStamer@CTTLegal.com.

Register Now For Upcoming September Health Industry Update Programs

If you found this information of interest, you also may be interested in one of the following upcoming health industry programs to be presented by Ms. Stamer during September:

  • HITECH ACT Health Data Security & Breach Update on September 9, 2009 hosted live or via teleconference by Curran Tomko Tarski LLP 
  • How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination — What You Should Be Doing To Be Prepared for the New, Stepped Up Enforcement Actions on September 10, 2009 hosted via teleconference by Health Resources Publishing
  • Health Information Security & Data Breach Under HITECH Act on September 17, 2009 hosted via teleconference by the Health Care Compliance Association

To register or for other details about these and other upcoming programs and presentations by Ms. Stamer and other Curran Tomko Tarski members, see here.

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Curran Tomko Tarski LLP Latest in Health Care Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Edwin J. Tomko at (214) 270-1405 or another Curran Tomko Tarski LLP Partner of your choice. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to cstamer@cttlegal.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


HHS Issues Interim Final Requiring Health Care Provider, Health Plans & Other Covered Entities To Give Breach Notifications When Certain Personal Health Information Breached Beginning In September; Register to Participate In September 10th Briefing on New Rules In Person or Via Telephone

August 20, 2009

The U.S. Department of Health and Human Services (HHS) yesterday (August 19, 2009) issued “breach notification” regulations requiring health care providers, health plans and other covered entities (Covered Entities) under the personal health information privacy and security rules of the Health Insurance Portability & Accountability  (HIPAA) to notify affected individuals following a “breach” of “unsecured” protected health information. Scheduled for publication in the Federal Register on August 24, 2009, the new breach notification regulations are part of a series of new rules that implement new electronic personal health information data security and data breach notification requirements for Covered Entities added to HIPAA under the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law on February 17, 2009 as part of American Recovery and Reinvestment Act of 2009 (ARRA).  Covered entities must begin complying with the new rules no later than September 24, 2009.

Curran Tomko Tarski, LLP Health Practice leader Cynthia Marcotte Stamer will conduct a briefing on these new protected health information data security and data breach rules on Thursday, September 10, 2009 from Noon to 1:30 P.M. Central Time. For a registration fee of $45.00, registrants will have the option to participate via teleconference or in person at the offices of Curran Tomko Tarski LLP, 2001 Bryan Street, Suite 2050, Dallas Texas 75201.  For more information, e-mail here.

 HITECH Act Data Breach and Unsecured PHI Rules

The new data breach notification rules are part of a series of recent HIPAA enacted under the HITECH Act to strengthen the federal rules requiring HIPAA covered entities to safeguard electronic and certain other protected health information. Enhanced data security and data breach rules added as part of these HITECH Act amendments obligate  covered entities and business associates to provide certain notifications following a breach of “unsecured”  “protected health information” within the meaning of HIPAA, as amended.  “Unsecured protected health information” is defined as protected health information that is not secured through the use of a technology or methodology specified by the HHS Secretary.

The new data breach regulations implement the HITECH Act requirement that Covered Entities and their business associates notify affected individuals, the Secretary of HHS, and in some cases, the media, of a breach and the form, manner, and timing of that notification.  For purposes of the HITECH Act, electronic protected health information is considered “unsecured” unless the covered entity has satisfied certain minimum standards for the protection of that data established pursuant to the HITECH Act.  HHS and the Federal Trade Commission previously issued certain initial guidance concerning the HITECH Act standards for determining when electronic personal health information qualifies as secure.  To help further define when electronic health information is treated as “unsecured” and therefore subject to the breach notification requirements, the data breach rules also update and clarify the previously issued existing HHS guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals published earlier this year by HHS to for purposes of determining when protected health information will be considered “unsecured” for purposes of the HITECH Act data breach rules.  Entities subject to the HHS and FTC regulations that secure health information as specified by the guidance through encryption or destruction are relieved from having to notify in the event of a breach of such information.  

The HHS interim final regulations are effective September 24, 2009, which is the date 30 days after the date they will be published on the Federal Register and include a 60-day public comment period. To review the interim final data breach regulations, see here.  To review the HITECH Act Breach Notification Guidance and Request for Information, see here.

For More Information

The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health care providers, payors and their business associates about HIPAA and other privacy and data security matters, as well as a diverse range of health care policy, regulatory, compliance, risk management and operational concerns. 

Past chair of the American Bar Association Health Law Section Managed Care & Insurance Section, Martindale Hubble AV-rated and recognized in International Who’s Who of Professionals, Ms. Stamer continuously advises health care providers, health care payers and administrators, employers, governments and others about health care, insurance, human resources, privacy and data security, technology, and other legal and operational concerns.  A popular lecturer and widely published author on privacy and data security and other related health care and health plan matters, Ms. Stamer also writes and speaks extensively on health and managed care industry privacy, data security and other technology, regulatory and operational risk management matters.  She currently serves as the Editor in Chief of the forthcoming 2010 edition of the Information Security Guide to be published by the American Bar Association Information Security Committee in 2010.  Examples of her other works include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA,” and a host of others.  Her insights on health care, health insurance, human resources and related matters appear in the Atlantic Information Service Privacy Report, The Wall Street Journal, Business Insurance, the Dallas Morning News, Managed Healthcare, Health Leaders, and a various other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

We hope that this information is useful to you.  If you need assistance monitoring, evaluating or responding to these or other proposed health care or other regulatory reforms or with other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270-2402, cstamer@cttlegal.com or your other favorite Curran Tomko Tarski LLP Partner.

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, registering to receive these updates here.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Solutions Law Press Health Care Update publication available here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please register to receive this Solutions Law Press Health Care Update here and be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

©2009 Cynthia Marcotte Stamer.  All rights reserved. 


House Democratic Leaders Work To Resolve Differences In Committee Versions of Health Care Reform Legislation and Build Public Support During August Recess

August 5, 2009

Democratic Leaders in the House of Representatives plan to hammer out differences three versions of the America’s Affordable Health Choices Act (H.R. 3200) as separately passed by three key House Committees in July before House members return from their August recess in hopes of bringing the agreed to version of H.R. 3200 to the full house in September.  Regardless of which version ultimately emerges, the enactment of H.R. 3200 would result in sweeping new regulation and federal control over health care providers, health care payers, employers, and individuals.

After negotiating a last minute pre-August recess deal with certain Blue Dog Democrat Committee members, the House Energy and Commerce Committee on July 31, 2009 passed its version of H.R. 3200, the America’s Affordable Health Choices Act (H.R. 3200). The version of H.R. 3200 passed by the House Energy and Commerce Committee incorporates a series of amendments to the language of H.R. 3200 as originally introduced.  For instance, this version of H.R. 3200 provides incentives for states to adopt certain tort reforms, provides for a public plan option that would reimburse physicians based on negotiated rates rather Medicare rates, and would allow states to offer both state-based heath insurance exchanges and health insurance co-ops. To review H.R. 3200 as amended by the House Energy and Commerce Committee, see here.

The approval by the Energy and Commerce Committee of its version of H.R. 3200 follows the July 17, 2009 approval by the House Ways and Means Committee and Education and Labor Committee of their own versions of H.R. 3200.  For details on the version of H.R. 3200 approved by the House Ways and Means Committee, see here.  For details on the version of H.R. 3200 approved by the House Education and Labor Committee, see here

Leading House Democrats have announced their intention to work to resolve differences between these three versions of H.R. 3200 as passed by these Committees during August recess in hopes of  bringing the agreed to version of H.R. 3200 to a vote  of the full House of Representatives in September.

Meanwhile, House members from both parties also generally are using the August recess as an opportunity to reconnect with local constituents on health care reform and other core issues.

For More Information

The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns.  You can get more information about her health industry experience here.  

We hope that this information is useful to you.  If you need assistance monitoring, evaluating or responding to these or other proposed health care or other regulatory reforms or with other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270-2402, cstamer@cttlegal.com or your other favorite Curran Tomko Tarski LLP Partner.

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, registering to receive these updates here.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Solutions Law Press Health Care Update publication available here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please register to receive this Solutions Law Press Health Care Update here and be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

©2009 Cynthia Marcotte Stamer.  All rights reserved. 


Reassignment of HIPAA Security Rule Enforcement Signals Growing Seriousness About Enforcing HIPAA

August 4, 2009

The Department of Health & Human Services (HHS) today (August 3, 2009) transferred authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to the Office for Civil Rights (OCR).  Prior to this announcement, responsibility for interpretation and enforcement of the Security Rule rested with the Centers for Medicare & Medicaid Services (CMS).  The change reflects the growing seriousness of HHS and others about enforcing federal privacy and data security mandates for health information.  HHS anticipates the transfer of authority will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.

HHS has the authority for administration and enforcement of the federal standards for health information privacy called for in HIPAA. The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. OCR has been responsible for enforcement of the Privacy Rule since 2003. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule.

Through a separate delegation, CMS continues to have authority for administration and enforcement of the HIPAA Administrative Simplification regulations, other than privacy and security of health information.

The transfer of Security Rule enforcement authority comes as guidance about new data breach rules for electronic protected health information is impending.  This impending guidance relates to  the implementation of new breach notification rules for covered entities and their business associates concerning their obligation to use of technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals, as required by amendments to HIPAA enacted under the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA) last February.  OCR officials have stated that they are working to publish the next set of regulations regarding these new breach notifications before the end of August, 2009. 

In addition to adding the breach notification requirements, the HITECH Act also tightened the HIPAA mandates in several other respects.  Among other things, it amended HIPAA to:

  • Broaden the applicability of the HIPAA’s Privacy Rules and penalties to include business associates;
  • Clarify that HIPAA’s criminal sanctions apply to employees or other individuals that wrongfully use or access PHI held by a covered entity;
  • Increase criminal and civil penalties for HIPAA Privacy Rules violators;
  • Allow State Attorneys General to bring civil damages actions on behalf of certain state citizens who are victims of HIPAA Privacy and Security Rule violations;
  • Modify certain HIPAA use and disclosure and accounting requirements and risks;
  • Prohibits sales of PHI without prior consent;
  • Tighten certain other HIPAA restrictions on uses or disclosures;
  • Tighten certain HIPAA accounting for disclosure requirements;
  • Clarify the definition of health care operations to excludes certain promotional communications; and
  • Expand the Business Associates Agreement Requirements.

These and other developments make it imperative HIPAA covered entities and their business associates take prompt action to immediately review and update their data security and privacy practices to guard against growing liability exposures under HIPAA and other federal and state laws. Covered entities must update policies and practices to avoid these growing liabilities. Business associates that have not already done so also must appoint privacy officers and adopt and implement privacy and data security policies and procedures fully compliant with HIPAA and other applicable federal and state rules, including amendments enacted as part of the American Recovery and Reinvestment Act of 2009 signed into law on February 17, 2009.

 

For more information about today’s announcement, see here.  See here for the initial guidance and request for comments issued by HHS regarding these new security standards.

For More Information

We hope that this information is useful to you.  If you need assistance with health care privacy and data security, technology, or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270-2402, cstamer@cttlegal.com or your other favorite Curran Tomko Tarski LLP Partner.  Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health care privacy and data security and related matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to cstamer@cttlegal.com.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

©2009 Cynthia Marcotte Stamer.  All rights reserved. 


Where To Read & Share Your Feedback About The Health Care Reform Legislation

August 1, 2009

As the health care reform policy debate continues, Americans increasingly are asking where to read the text of the health care reform legislation that members of Congress are debating and how to share their input. 

 While numerous alternatives presently are pending before Congress, much of recent discussion and debate has focused around one of the following bills:

  • H.R. 3200: America’s Affordable Health Choices Act of 2009,  introduced in the House by Rep Dingell, John D. on July 14, 2009  the text of which as originally introduced may be reviewed  here.  It has been the focus of significant mark up negotiation through out July before the following House Energy and Commerce, House Ways & Means, and House Education & Labor Committees; and
  • S. __, the Affordable Health Choices Act approved by the Senate Committee on Health, Education, Labor and Pensions, the text of which as approved may be reviewed here.

When reviewing these bills, Americans should keep in mind that members of Congress are engaged in ongoing negotiations about the specific provisions and language of these bills, as well as other legislation.  Official developments generally may be monitored here.

Many American businesses and individuals also are asking about how and where to share their views, how to organize others to do the same and other questions about getting the word out. Here a some quick ideas. We encourage others to share. 

  • The Coalition For Patient Empowerment and the Coalition for Responsible Health Care Reform linkedin group are two one of many resources where individuals are sharing information about these matters. 
  • Concerned individuals should share their views both by faxing, e-mailing or telephoning key decisionmakers in Congress, as well as joining and participating in activities of other individuals and groups that share their concerns.  Contact and get involved with this and other groups that share your concerns.
  • Contact the offices of your Congressional representatives in the House and Senate as well as other members of Congress that support your views and ask them about other groups and ways that you can share your views. They will welcome your input and involvement.
  •  If you are aware of or involved in a group that shares your views, we encourage you to share it on the Coalition for Responsible Health Care Reform linkedin group.  If you or others are planning a town hall or other health care reform meeting, use this or other linked in groups to spread the word.
  • If you are interested in volunteering to plan events in your region, let us know.   

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, and registering to receive these updates here.

When communicating, consider targeting your messages to members of Congress whose votes are likely to be impacted by your communications. 

For instance, with both the House and Senate in the majority in Congress, Democrats generally have greater control over what legislation moves forward.  The Democratic Leadership of the House and Sentate generally can get legislation passed by their members as long as they can maintain consensus among the members of their parties.  In connection with the health care reform proposals, however, cost and other considerations have made maintaining a consensus more difficult than on other legislation.  Certain fiscally moderate members of the Democratic Party have expressed concern about the expense and other aspects of their Leadership proposed health care reform proposals.  These Democrats in Congress generally the members of Congress whose votes are most likely to be impacted by public input and feedback generally and from voters in their districts and contributors specifically. 

In the House of Representatives, these members likely are the “Blue Dog Democrats.”  Read about Blue Dog Democrats here.    

The fiscal conservatism of Blue Dog Democrats makes them more likely to listen to concerns about the cost and other concerns relating to the health care reform bills touted by the Democrat Leadership in the House and Senate.  In fact, many Blue Dog Democrats already are speaking out about their concerns about the cost and other aspects of the Bill. 

Contact from voters and contributors in their districts and others could make a major difference in the ability that the House Democrat Leadership needs to pass their Bill.  Immediately contacting these members and getting others – particularly voters and contributors in the districts that elect these members – is one of the most important steps that concerned Americans can do to position their concerns to be heard.   

For most concerned voters, telephone or fax contact is the best means to convey these messages.  To minimize spam, most members only accept e-mail submitted through their website links.  Security concerns can delay receipt of written correspondence for weeks.

For persons interested in making their voices heard and sharing information with others who wish to do the same, the following contact information may be of interest:

The number of the Capital Switchboard is 202-224-3121.

The Blue Dog Leadership Team and there telephone and fax numbers are:

Rep. Stephanie Herseth Sandlin (SD), Blue Dog Co-Chair for Administration, Telephone: 202.225.2801 , Fax: 202.225.5823

Rep. Baron Hill (IN-09), Blue Dog Co-Chair for Policy,Telephone: 202-225-4031, Fax: (202) 226-6866

Rep. Charlie Melancon (LA-03), Blue Dog Co-Chair for Communications, Telephone: 202-225-4031, Fax: (202) 226-3944

Rep. Heath Shuler (NC-11), Blue Dog Whip, Telephone:  202-225-6401, Fax: (202) 226-6422

The Blue Dog Members and their telephone numbers are :

  • Altmire, Jason (PA-04),(202)225-2565
  • Arcuri, Mike (NY-24), (202)225-3665
  • Baca, Joe (CA-43),(202)225-6161
  • Barrow, John (GA-12), (202) 225-2823
  • Berry, Marion (AR-01), (202) 225-4076
  • Bishop, Sanford (GA-02), (202) 225-3631
  • Boren, Dan (OK-02), (202) 225-2701
  • Boswell, Leonard (IA-03), (202) 225-3806
  • Boyd, Allen (FL-02), (202) 225-5235
  • Bright, Bobby (AL-02), (202) 225-2901
  • Cardoza, Dennis (CA-18), (202) 225-6131
  • Carney, Christopher (PA-10), (202) 225-3731
  • Chandler, Ben (KY-06), (202) 225-4706
  • Childers, Travis (MS-01), (202) 225-4306
  • Cooper, Jim  (TN 5th), (202) 225-4311
  • Costa, Jim  (CA 20th), (202) 225-3341
  • Cuellar, Henry  (TX 28th), (202)  225-1640
  • Dahlkemper, Kathleen A. (PA 3rd), (202) 225-5406
  • Davis, Lincoln (TN 4th),(202) 225-6831
  • Donnelly, Joe  (IN 2nd), (202) 225-3915
  • Ellsworth, Brad  (IN 8th), (202) 225-4636
  • Giffords, Gabrielle  (AZ 8th), (202) 225-2542
  • Gordon, Bart  (TN 6th), (202) 225-4231
  • Griffith, Parker  (AL 5th), (202) 225-4801
  • Harman, Jane  (CA 36th), (202) 225-8220
  • Herseth Sandlin, Stephanie  (SD At Large), (202) 225-2801
  • Hill, Baron P.  (IN 9th), (202) 225-5315
  • Holden, Tim  (PA 17th), (202) 225-5546
  • Kratovil, Frank Jr. (MD 1st), (202) 225-5311
  • McIntyre, Mike  (NC 7th), (202) 225-2731
  • Marshall, Jim  (GA 8th), (202) 225-6531
  • Matheson, Jim  (UT 2nd), (202) 225-3011
  • Melancon, Charlie  (LA 3rd), (202) 225-4031
  • Michaud, Michael H. (ME 2nd), (202) 225-6306
  • Minnick, Walt  (ID 1st), (202) 225-6611
  • Mitchell, Harry E.  (AZ 5th), (202) 225-2190
  • Moore, Dennis  (KS 3rd), (202) 225-2865
  • Murphy, Patrick J.  (PA 8th), (202) 225-4276
  • Nye, Glenn C.  (VA 2nd), (202) 225-4215
  • Peterson, Collin C.  (MN 7th), (202) 225-2165
  • Pomeroy, Earl  (ND At Large), (202) 225-2611
  • Ross, Mike  (AR 4th), (202)  225-3772
  • Salazar, John T.  (CO 3rd), (202) 225-4761
  • Sanchez, Loretta  (CA 47th), (202) 225-2965
  • Schiff, Adam B.  (CA 29th), (202) 225-4176
  • Scott, David  (GA 13th), (202) 225-2939
  • Shuler, Heath  (NC 11th), (202) 225-6401
  • Space, Zachary T. (OH 18th), (202) 225-6265
  • Tanner, John S.  (TN 8th), (202) 225-4714
  • Taylor, Gene  (MS 4th), (202) 225-5772
  • Thompson, Mike  (CA 1st), (202) 225-3311
  • Wilson, Charles (OH-06), (202) 225-5705

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, registering to receive these updates here The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns.  You can get more information about her health industry experience here.  

If you need assistance evaluating or formulating comments on the proposed reforms contained in the House Bill or on other health industry matters please contact Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com, 214.270.2402 or your other favorite Curran Tomko Tarski LLP attorney. 

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Solutions Law Press Health Care Update publication available here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please register to receive this Solutions Law Press Health Care Update here and be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


Blue Dog Democrats Hold Key Voice On House Democrats Proposed Health Care Reform Plan; Contact Numbers Here

July 20, 2009

Health care providers and others concerned about the  “American’s Affordable Health Care Choices Act of 2009” health care reform proposal introduced by the House Democratic Leadership should target their input on the Democrats in Congress most likely to listen to those concerns. In the House of Representatives, these members likely are the “Blue Dog Democrats” in the House.  Read about Blue Dog Democrats here.    

The fiscal conservatism of Blue Dog Democrats makes them more likely to listen to concerns about the cost and other concerns relating to the health care reform bills touted by the Democrat Leadership in the House and Senate.  In fact, many Blue Dog Democrats already are speaking out about their concerns about the cost and other aspects of the Bill. 

Contact from voters and contributors in their districts and others could make a major difference in the ability that the House Democrat Leadership needs to pass their Bill.  Immediately contacting these members and getting others – particularly voters and contributors in the districts that elect these members – is one of the most important steps that concerned Americans can do to position their concerns to be heard.   

For most concerned voters, telephone or fax contact is the best means to convey these messages.  To minimize spam, most members only accept e-mail submitted through their website links.  Security concerns can delay receipt of written correspondence for weeks.

For persons interested in making their voices heard and sharing information with others who wish to do the same, the following contact information may be of interest:

The number of the Capital Switchboard is 202-224-3121.

The Blue Dog Leadership Team and there telephone and fax numbers are:

Rep. Stephanie Herseth Sandlin (SD), Blue Dog Co-Chair for Administration, Telephone: 202.225.2801 , Fax: 202.225.5823

Rep. Baron Hill (IN-09), Blue Dog Co-Chair for Policy,Telephone: 202-225-4031, Fax: (202) 226-6866

Rep. Charlie Melancon (LA-03), Blue Dog Co-Chair for Communications, Telephone: 202-225-4031, Fax: (202) 226-3944

Rep. Heath Shuler (NC-11), Blue Dog Whip, Telephone:  202-225-6401, Fax: (202) 226-6422

The Blue Dog Members and their telephone numbers are :

Altmire, Jason (PA-04),(202)225-2565

Arcuri, Mike (NY-24), (202)225-3665

Baca, Joe (CA-43),(202)225-6161

Barrow, John (GA-12), (202) 225-2823

Berry, Marion (AR-01), (202) 225-4076

Bishop, Sanford (GA-02), (202) 225-3631

Boren, Dan (OK-02), (202) 225-2701

Boswell, Leonard (IA-03), (202) 225-3806

Boyd, Allen (FL-02), (202) 225-5235

Bright, Bobby (AL-02), (202) 225-2901

Cardoza, Dennis (CA-18), (202) 225-6131

Carney, Christopher (PA-10), (202) 225-3731

Chandler, Ben (KY-06), (202) 225-4706

Childers, Travis (MS-01), (202) 225-4306

Cooper, Jim  (TN 5th), (202) 225-4311

Costa, Jim  (CA 20th), (202) 225-3341

Cuellar, Henry  (TX 28th), (202)  225-1640

Dahlkemper, Kathleen A. (PA 3rd), (202) 225-5406

Davis, Lincoln (TN 4th),(202) 225-6831

Donnelly, Joe  (IN 2nd), (202) 225-3915

Ellsworth, Brad  (IN 8th), (202) 225-4636

Giffords, Gabrielle  (AZ 8th), (202) 225-2542

Gordon, Bart  (TN 6th), (202) 225-4231

Griffith, Parker  (AL 5th), (202) 225-4801

Harman, Jane  (CA 36th), (202) 225-8220

Herseth Sandlin, Stephanie  (SD At Large), (202) 225-2801

Hill, Baron P.  (IN 9th), (202) 225-5315

Holden, Tim  (PA 17th), (202) 225-5546

Kratovil, Frank Jr. (MD 1st), (202) 225-5311

McIntyre, Mike  (NC 7th), (202) 225-2731

Marshall, Jim  (GA 8th), (202) 225-6531

Matheson, Jim  (UT 2nd), (202) 225-3011

Melancon, Charlie  (LA 3rd), (202) 225-4031

Michaud, Michael H. (ME 2nd), (202) 225-6306

Minnick, Walt  (ID 1st), (202) 225-6611

Mitchell, Harry E.  (AZ 5th), (202) 225-2190

Moore, Dennis  (KS 3rd), (202) 225-2865

Murphy, Patrick J.  (PA 8th), (202) 225-4276

Nye, Glenn C.  (VA 2nd), (202) 225-4215

Peterson, Collin C.  (MN 7th), (202) 225-2165

Pomeroy, Earl  (ND At Large), (202) 225-2611

Ross, Mike  (AR 4th), (202)  225-3772

Salazar, John T.  (CO 3rd), (202) 225-4761
Sanchez, Loretta  (CA 47th), (202) 225-2965

Schiff, Adam B.  (CA 29th), (202) 225-4176
Scott, David  (GA 13th), (202) 225-2939

Shuler, Heath  (NC 11th), (202) 225-6401

Space, Zachary T. (OH 18th), (202) 225-6265

Tanner, John S.  (TN 8th), (202) 225-4714

Taylor, Gene  (MS 4th), (202) 225-5772

Thompson, Mike  (CA 1st), (202) 225-3311

Wilson, Charles (OH-06), (202) 225-5705

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, registering to receive these updates here The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns.  You can get more information about her health industry experience here.  

If you need assistance evaluating or formulating comments on the proposed reforms contained in the House Bill or on other health industry matters please contact Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com, 214.270.2402 or your other favorite Curran Tomko Tarski LLP attorney. 

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on our electronic Solutions Law Press Health Care Update publication available here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please register to receive this Solutions Law Press Health Care Update here and be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


%d bloggers like this: