Doc Caught Submitting Conflicting Patient Records to Private Payer Versus Medicare Criminally Sentence, Pays Civil Settlement

July 23, 2013

The  recent criminal sentencing and civil settlement of Illinois physician Dr. Mahmoud Yassin highlights the growing- but too often appreciated exposure of physicians and other health care providers and their billing or other management who submit conflicting claims data to private and government claims or otherwise permit in false  falsely bill or participate in the cover-up of fraudulent or other improper billings to payers.  The Yassin sentencing is notable both because Yassin incurred criminal liability for obstruction based on his presentation of altered patient records to a private payer and and civil liability for  making false claims to Medicare and others.

Yassin was sentenced July 22, 2013 to serve 30 days in prison and 3 years of probation and to pay  a fine of $10,000, a special assessment of $100, and restitution to Blue Cross Blue Shield of Illinois in the amount of $19,615.17 in federal district court in Benton, Illinois for Obstructing a Criminal Health Care Fraud Investigator.  The felony obstruction conviction stemmed from charges that on March 2, 2012, when a FBI agent, having served a subpoena for patient records on Dr. Yassin, gave an altered patient progress note  that showed an in-office examination previously claimed to an insurance carrier, but which had not taken place.

In a separate civil settlement with the United States Attorney’s Office regarding false claims to Medicare, Dr. Yassin also previously has paid double damages for $87,348.64. The restitution and civil false claims settlement were based on claims for in person office visits in which the patient either failed to show up for an appointment or only was spoken to by telephone.

The Yassin prosecution demonstrates the importance of providers getting their records and billings straight when billing both private payers and government payers.  While most  health care providers recognize  the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ), many  don’t recognize their exposure from private payer billings or the potential interaction between private and government claims investigations  Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.  Furthermore, federal fraud investigators and private payers increasingly are working together on the investigation and redress of false billing and other aggressive practices.  These and other risks mean that providers cannot afford to be unprepared when asked to respond to investigations like one that lead to the Yassin conviction, recoupment or other audit and enforcement actions  See,  Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings.   Rather, physicians and other health care clinics must be ready to prove and defend their billings to public and private payers.  In both cases, these preparations should ensure that records accurately and completely document the care provided, that the coding and billing applied is reflective of actual care and consistent with existing reimbursement, and otherwise defensible.  As demonstrated by Yassin, inconsistencies between records presented to different payers should be avoided.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Improper Billing Of Private Payers Increasing Source Of Liability & Risk For Providers

July 8, 2013

Physicians or other health care providers now have even more to worry about when a Medicare or other federal program audit reveals overpayments – repayment demands from commercial insurers and self-insured health plans, who are secondary payers.  Federal officials and private payers alike increasingly are coming after providers to recover overpayments or other inappropriate billings identified through audits or other investigations.  In the face of these actions, providers should use care to ensure that their billing and compliance programs appropriately manage and monitor the defensibility of claims billed to private payers as well as those to Medicare or other government programs.

Most  health care providers recognize  the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ).

Unfortunately, many health care providers don’t recognize that overbilling private payers can carry similar risks and liabilities.  Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.

While CMS, OIG and DOJ tend to emphasize Medicare and other federal program recoveries in media releases about their overbilling and health care fraud enforcement efforts, careful review of these actions increasingly shows that these enforcement actions often also cover overbilling of private health plans uncovered in connection with the underlying  Medicare or other federal program overpayment audit or investigation.   For instance, upcoding and other false billing of claims was the basis of the federal criminal health care fraud prosecution of the Chief Executive Officer of a small, rural Texas health care clinic.  Texas Clinic CEO Sentence Highlights Risks Of Upcoding. See, also Pharmas Face New Pressure To Put Patients Before Profits After GlaxoSmithKline Record $3 Billion Health Care Fraud & FDCA Settlement.

Unfortunately, many providers have failed to recognize and adequately respond to these and other clear indicators of their exposure to fraud, recoupment and other enforcement actions from sloppy or otherwise improper billings to private insurers and self insured plans.  With health care reform increasingly focusing on reducing health care expenditures in the private as well as public arena, already existing federal and state enforcement against providers for improper billing of private payers will inevitably grown.

Taking into account these and other trends toward stepped up enforcement against aggressive billing by providers of private insurance or self-insured plans, physicians and other providers should not be surprised or unprepared to respond to recoupment or other audit and enforcement actions like that recently reported by Nina Youngstrom in AIS Health about the recoupment demands by commercial insurers against a Kansas health care clinic based on the Medicare audit findings of overpayments. See,  Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings.   Rather, physicians and other health care clinics must be ready to prove and defend their billings to private payers as well as Medicare and other government payers.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


WellPoint To Ban Coverage Rescissions Before Affordable Care Act Fall 2010 Deadline

April 28, 2010

WellPoint, Inc. will suspend the practice of rescinding patients’ coverage May 1, 2010, months in advance of this Fall’s deadline for insurers stop this practice established by the Affordable Care Act. The nation’s largest health insurer announced here its plans to implement the change in its practices regarding individual market rescissions on April 27, 2010.  

Beginning this Fall, the Affordable Care Act will prohibit insurance companies from rescinding policies, except in cases of fraud or intentional misrepresentation of material fact. Wellpoint’s termination of individual policy rescissions announced this week comes months ahead of the effective deadline for terminating rescissions contained in the legislation.  The ban against rescissions is one of a number of new federal restrictions on health insurers and group health plans enacted as part of the Affordable Care Act scheduled to take effect this Fall.  Wellpoint previously announced it also would change its dependent coverage policies to extend the period that a dependent child can remain on his parent’s coverage to age 26 before the deadline required by the Affordable Care Act.

WellPoint’s announcement comes after Health & Human Services Secretary Kathleen Sebelius sent a letter on April 22 urging the company to immediately stop the practice of rescinding coverage for patients who become ill.  Wellpoint recently drew criticism from Secretary Sebelius and others for targeting breast cancer victims for rescission of their policies.  Secretary Sebelius’ initial letter to WellPoint can be found here or at here.

For Assistance With Health Industry Concerns

If your organization needs advice or assistance with the proposed regulation, preparing or submitting comments on the regulation or with other health care matters, contact Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here

Vice President of the North Texas Health Care Compliance Professionals Association, Exempt Organization Vice-Coordinator of the Southern States IRS TEGE Council, a Council Member of the ABA Joint Committee On Employee Benefits Council, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, the former Board Compliance Chair of the National Kidney Foundation of North Texas and former Board President of the Richardson Development Center for Children (now Warren Center), Ms. Stamer has more than 22 years experience advising health industry clients about health care operations, regulatory and compliance, reimbursement, staffing, risk management, public policy and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact Cynthia Marcotte Stamer, at (469) 767-8872 or to cstamer@solutionslawyer.net. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


TSHHRAE Provides Health Industry Managers Employment Law Update & Other Timely Management Training At April Barnstorm 2010: Creating Effective Leaders Programs

March 23, 2010

Get Details & Registration Information here!

A Legal Update on Employment Law presentation by Attorney Cynthia Marcotte Stamer is among 5 hours of “Barnstorm 2010: Creating an Effective Leaders-Tools of the Trade” management training that the Texas Society for Healthcare Human Resources Administration and Education (TSHHRAE) will be hosting for health industry human resources and other managers in five Texas cities between April 26 and April 30, 2010. 

Interested health industry human resources and other managers can elect to participate in TSHHRAE’s Barnstorm 2010 management training at the following dates and locations:  

  • April 26 – Weslaco, Knapp Medical Center
  • April 28 – Sweetwater, Rolling Plains Memorial Hospital
  • April 28 – Brenham, Trinity Medical Center
  • April 29 – Lubbock, University Medical Center
  • April 30 – Odessa, Medical Center Hospital

Update on Employment Law Program Highlights

Ms. Stamer’s Legal Update on Employment Law Program will address:

  • Recent changes in FMLA, Military Leave, wage and hour, ADA & other disability, COBRA, GINA, HIPAA and other selected federal & Texas employment laws and regulations;
  • Rising government enforcement of EEOC, HIPAA, wage & hour, worker classification, and other laws and regulations;
  • Recent developments and increases in retaliation claims;
  • Recent cases related to supervision; and
  • Other selected developments impacting health industry human resources management.

Other Barnstorm 2010 Program Highlights and Details

In addition to the Legal Update on Employment Law that Ms. Stamer is scheduled to present, the Barnstorm Program also will feature presentations on:

  • Leadership in 2010
  • Dealing with Poor Performers; and
  • Cultivating a Superstar

For registration and other information about the Barnstorm Program, see here.

About Ms. Stamer

Nationally and internationally recognized for more than 22 years of work with health industry and other organizations, publications, workshops and presentations and leadership on health industry and other labor and employment, staffing and credentialing, employee benefits, performance management and discipline, regulatory compliance and internal controls, risk management, and public policy matters, Ms. Stamer is Chair of the Curran Tomko Tarski Labor & Employment & Health Care Practice Groups, Vice President of the North Texas Health Care Compliance Professionals Association, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is.  The publisher of Solutions Law Press HR & Benefits Update, the Solutions Law Press Health Care Update, and Solutions Law Press Health Care Privacy & Technology Update and a former legal columnist for MD News, Ms. Stamer also is a popular speaker and author of these topics.  She regularly speaks and conducts training for the ABA, American Health Lawyers Association (AHLA), Health Care Compliance Association, Institute of Internal Auditors, Harris County Medical Society, the Medical Group Management Association, SHRM, Southwest Benefits Association and many other organizations.  Publishers of her many highly regarded writings on health industry and human resources matters include the Bureau of National Affairs, Aspen Publishers, ABA, AHLA, Spencer Publications, World At Work, SHRM, Business Insurance, James Publishing and many others.  You can review other highlights of Ms. Stamer’s health care experience here, and employment experience hereHer insights on these and other matters appear in Managed Care Executive, Modern Health Care, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, MDNews, Kentucky Physician, and many other national and local publications.

If you need assistance with health industry human resources or other management, concerns, wish to inquire about compliance, risk management or training, or need legal representation on other matters please contact Cynthia Marcotte Stamer at cstamer@cttlegal.com or 214.270.2402. 

Other Resources

If you found this information of interest, you also may be interested in reviewing other updates and publications by Ms. Stamer including:

For More Information

We hope that this information is useful to you.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


Medicare Ends Fox Insurance Company Drug Plan Contract As CMS Turns Up Heat on Medicare Advantage & Part D Plan Enforcement & Oversight

March 16, 2010

By Cynthia Marcotte Stamer

The Centers for Medicare & Medicaid Services (CMS) terminated its Medicare Part D prescription drug coverage contract with Fox Insurance Company (Fox) on March 9, 2010.    The action highlights CMS’s growing scrutiny and enforcement of Medicare requirements against Medicare Part D, Medicare Advantage Plans and other federal health care program contractors.

CMS terminated the Fox contract after CMS found the failure by Fox’s plan and services to meet Medicare’s requirements to provide enrollees with prescription drugs according to recognized standards of care jeopardized the health and safety of Fox enrollees.   When announcing the contract termination, CMS reported that an on-sight review by CMS showed that Fox committed a series of violations, including improperly denying its enrollees coverage of critical HIV, cancer, and seizure medications. CMS issued an enrollment and marketing sanction to Fox on Feb. 26, 2010, because the organization was not following Medicare’s rules for providing prescription drug coverage to its enrollees.   According to CMS, an onsite audit conducted between March 2 and March 4 showed that Fox’s problems persisted and that Fox continued to subject its enrollees to obstacles in getting sustaining medicines or other needed medications.  Among other things, CMS found Fox:

  • Failed to provide access to Medicare prescription drugs benefits by imposing unapproved prior authorization and step therapy criteria that made it more difficult for beneficiaries to get drugs that are protected by law;
  • Failed to meet the plan’s appeals deadlines; and
  • Did not comply with Medicare regulations requiring enrollees to be transitioned to new drugs at the beginning of the new plan year.
  • Failed to notify enrollees about prior authorization and step therapy determinations as required by Medicare.

CMS also found that many of the obstacles were in place to limit access to high-cost drugs, which could have led to enrollees’ clinical needs not being met.

In many cases, CMS reported that Fox required enrollees to have unnecessary and invasive medical procedures before they were able to obtain drugs. Finding that Fox was unable to satisfactorily address these compliance concerns and furnish medicines to its Medicare enrollees, CMS immediately terminated the Fox contract.

At the time of the termination, more than 123,000 Medicare beneficiaries were enrolled in Fox plans. Beginning March 10, 2010, CMS indicated that LI-NET, a Medicare run program administered by Humana, would replace the Medicare Part D coverage of  enrollees affected by the Fox contract termination on an interim basis. Fox enrollees will be able to choose a new Medicare prescription drug plan through May 1, 2010. Current enrollees who do not choose a plan will be enrolled into a new plan by Medicare. CMS is sending letters explaining the actions taken by CMS to enrollees and has established a 1-800 number to receive questions.

The action against Fox is part of an ongoing series of oversight, disciplinary and enforcement actions by CMS against Medicare Advantage and other federal health care program participants.  These programs and CMS’ oversight and enforcement of federal programs are drawing increasing Congressional scrutiny in connection with Congressional health care reform efforts. Amid this heightened scrutiny, Medicare Part D and Medicare Advantage Plans; health care providers, administrative services providers and others contracting with these plans and others involved with this programs should take appropriate action to maintain compliance, tighten their contracts with and oversight of actions of partners and vendors performing critical functions; review complaint reporting, investigation and response processes and procedures; and strengthen other practices to minimize exposures to audit or other enforcement actions.

For Assistance With Medicare Managed Care or Other Matters

If your organization needs advice or assistance about Medicare Part D or other Medicare Advantage contracting or other requirements or about other health plan or health care matters, consider contacting the author of this article, Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail here

Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee and an ABA Joint Committee on Employee Benefits Council member,  Ms. Stamer has more than 22 years experience advising health plans, health care providers, and other health industry and insurance clients.  Her experience includes specific experience assisting Medicare, Medicaid and other health plan sponsors, administrators,  or administrative services providers about contracting, compliance, coverage and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer also conducts compliance and other training on Medicare Advantage and other contract and compliance matters, as well as a broad range of other health industry related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on health industry matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent updates available online by clicking on the article title:

You can review other recent health plan, health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here; e-mailing this information to cstamer@cttlegal.com; or registering to participate in the distribution of these and other Solutions Law Press updates here. For important information concerning this communication click here.   

To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website

February 25, 2010

By Cynthia Marcotte Stamer

The Department of Health and Human Services Office of Civil Rights (OCR) has begun posting on its website the names and certain information about health care providers, health insurers,  employer and other health plans, health care clearinghouses and their business associates (Covered Entities) reporting to OCR “breaches” of “unsecured protected health information” (UPHI) under new breach notice rules added by the Health Information Technology for Economic and Clinical Health Act (HITECH Act).

Covered Entities should anticipate the posting of the breach information and other HITECH Act breach notices coupled with amendments to the medical privacy and security requirements of the Health Insurance Portability & Accountability Act (HIPAA) effective since February 17, 2010, will heighten enforcement risks and public sensitivities about medical information privacy safeguards.  As failing to comply with the amended rules effective February 17, 2010 can trigger obligations under the Breach Regulations and other significant liability exposures, Covered Entities should act quickly to manage these emerging risks.

Covered Entity Breach Notification Requirements

The initial list of Covered Entities reporting  breaches of UPHI affecting 500 or more individuals posted by OCR on February 22, 2010 discloses the Covered Entity’s name and State, the approximate number of individuals affected, the date and type of breach and the location of the breached information. OCR’s posting of this information is required under the HITECH Act breach notification requirements as part of its implementation and enforcement of new breach notification requirements added to HIPAA by Section 13402(e)(3) of the HITECH Act.

The HITECH Act amended HIPAA to require Covered Entities to require Covered Entities provide notification to individuals, OCR and others when certain breaches of UPHI happen.  The implementing interim “Breach Notification For Unsecured Protected Health Information” regulations (Breach Regulation) published by OCR here require Covered Entities subject to HIPAA to notify affected individuals, OCR and in some cases the media within specified periods following a “breach” of UPHI occurring on or after September 23, 2009 unless the Covered Entity can demonstrate that the breach qualified as exempt from the breach notification obligation under the Breach Regulations.

Covered Entities generally should consider the need to provide breach notification under the Breach Regulation whenever electronic or non-electronic protected health  information which is not adequately encrypted or destroyed to qualify as “secured” under the breach rules is used, accessed or disclosed in violation of HIPAA.  

Since the potential need to provide breach notification is triggered by an impermissible use, access or disclosure of UPHI, up-to-date maintenance, monitoring and enforcement is at the heart of compliance with the Breach Regulation as well as HIPAA generally.

You can review the currently posted list of Covered Entities that have reported breaches on the OCR website here.  Learn more about the Breach Regulation requirements here

Broader & Stricter Medical Privacy Mandates Effective 2/17/210

The new breach notification requirements are part of a series of changes made to HIPAA under the HITECH Act that are increasing the responsibilities and liability exposures of Covered Entities. On February 17, 2010, Covered Entities and their business associates also became subject to tighter federal requirements for the use, access, protection and disclosure of protected health information under amendments to HIPAA’s Privacy & Security Standards enacted in the HITECH Act. When the HITECH Act was signed into law on February 17, 2009, Covered Entities also became subject to expanded sanctions and remedies for HIPAA violations.

To comply with the HITECH Act changes to HIPAA effective on February 17, 2010, most Covered Entities and their business associates generally will need to update their written policies, operational procedures, technical safeguards, privacy notices, vendor and other agreements, training, and other management procedures in several respects. For more details, see here.

While the HITECH Act gave Covered Entities and business associates a year to complete the necessary arrangements to comply with these HITECH Act changes, many Covered Entities and business associates have not adequately implemented the necessary arrangements. To mitigate these exposures, Covered Entities and their business associates should act quickly to review and update their policies, procedures, training, business associate and other services agreements, and other practices and procedures, as well as to implement the training, oversight, and other management necessary to comply with the HITECH Act changes and to mitigate other HIPAA risks.

Exposures Significant & Growing

HIPAA-associated exposures for Covered Entities are significant and growing. Timely action to comply with the amended HIPAA requirements and Breach Regulations is important to avoid triggering the breach notification requirements; to prevent loss of public trust and reputation;  and to minimize exposures to legal actions, administrative complaints and sanctions and the  investigation, defense and correction costs likely to result when a Covered Entity violates or is accused of violating HIPAA or otherwise mishandling medical or other personal information. 

Even before the HITECH Act changes became effective, federal regulators were stepping up HIPAA enforcement. The HITECH Act amendments further increase the risk that Covered Entities violating HIPAA face investigation and sanction. The HITECH Act amendments increase the likelihood that Covered Entities violating HIPAA will get caught and will face some form of damage or penalty assessment.  Heightened awareness of UPHI breaches resulting from HITECH Act mandated breach notifications are likely to fuel new HIPAA-related complaints, charges and demands.  Covered Entities, workforce members who wrongfully access protected health information now face potential civil penalties,  criminal prosecution, civil lawsuits and other actions. Allowing state attorneys general to bring suit adds more manpower to the enforcement team.   Furthermore, the wrongful use, access or disclosure of protected health information or other confidential information also increasingly is the basis of civil or criminal actions brought under a variety of other federal and state laws.

New Risks Created By HITECH Act Amendments

Heightened HIPAA exposures stem in part from the HITECH Act’s amendments to HIPAA’s remedy provisions.  Among other things, the HITECH Act amended HIPAA to:

  • Allow a State Attorney General to sue Covered Entities that commit HIPAA violations after February 16, 2009 for damages caused to state citizens;
  • Expand the mandate by OCR to investigate violations and audit compliance with HIPAA;
  • Require OCR to impose civil sanctions against Covered Entities and business associates involved in violations of HIPAA in accordance with tightened standards added to HIPAA by the HITECH Act;
  • Revise the criminal sanctions that the Department of Justice can seek against Covered Entities and others for violations of HIPAA; and
  • Amend HIPAA to make clear that workforce members and others improperly using, accessing or disclosing protected health information in violation of HIPAA can face criminal prosecution.

State Attorney General Lawsuit Exposures

Covered Entities must be concerned about the potential that a state Attorney General may bring civil suit to remedy damages caused to state citizens by a breach of HIPAA.  In certain situations, the HITECH Act empowers a state attorney general to sue Covered Entities for damages if their HIPAA violations harm state citizens. Statutory damages equal to the sum of the number of violations multiplied by 100 up to a maximum of $25,000 per calendar year plus attorneys fees and costs are authorized.

A HIPAA civil lawsuit demonstrates the willingness of at least some states to exercise the new authority to sue Covered Entities. On January 13, 2010 Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc. (Health Net) for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers endangered by the security breach.   The first attorney general enforcement action brought based on amendments made to HIPAA under the HITECH Act, Connecticut charges that Health Net violated HIPAA by failing to safeguard protected medical records and financial information on almost a half million Health Net enrollees in Connecticut then allowing this information to remain exposed for at least six months before notifying authorities and consumers. The suit also names UnitedHealth Group Inc. and Oxford Health Plans LLC, who have acquired Health Net. 

Stepped Up Federal Enforcement

Even before the HITECH Act amendments, OCR and Department of Justice increased HIPAA investigation and enforcement.  The Department of Justice has obtained a variety of criminal convictions against violators of HIPAA.  See, e.g., 2 New HIPAA Criminal Actions Highlight Risks From Wrongful Use/Access of Health InformationMeanwhile, OCR also is emphasizing HIPAA enforcement.  In February, 2009, OCR announced that CVS Pharmacies, Inc. would pay $2.25 million to resolve HIPAA charges.  This announcement followed OCR’s announcement in July, 2008 that Providence Health Care would pay $100,000 to resolve HIPAA violation charges.  OCR also has taken HIPAA enforcement actions against a broad range of other Covered Entities. See more details hereWhile not resulting in the significant payments involved in CVS or Providence, all Covered Entities involved in these and other enforcement actions or investigations have incurred significant legal and other defense costs, loss of community trust, or both.

In addition to these HIPAA-specific exposures, wrongful use, access or disclosure of medical information also can expose Covered Entities, members of their workforce and others improperly using, accessing or disclosing protected health information to liability under other federal or state laws.  Federal and state prosecutors may and increasingly do bring criminal or civil actions against organizations or individuals for improperly accessing or using medical or other personal information under a variety of other federal or state laws .  See e.g., Cybercrime & Identity Theft: Health Information Security Beyond HIPAA; NY AG Cuomo Announcement of 1st Settlement For Violation of NY Security Breach Notification Law; Woman Who Revealed AIDs Info Gets A Year

State Civil Lawsuits

Covered Entities also need to prepare to defend HIPAA-related conduct in state civil actions.  Individual plaintiffs increasingly used alleged HIPAA violations in state privacy, negligence, retaliation, wrongful discharge or other lawsuits.  State courts have allowed private plaintiffs to use the obligations imposed by HIPAA as the basis of a Covered Entity’s duty for purposes of certain state law lawsuits.  In  Sorensen v. Barbuto, 143 P.3d 295 (Utah Ct. App. 2006), for example, a Utah appeals court ruled a private plaintiff could use HIPAA standards to establish that a physician owed a duty of confidentiality to his patients for purposes of maintaining a state law damages claim.  Similarly, the Court in Acosta v. Byrum, 638 S.E. 2d 246 (N.C. Ct. App. 2006) ruled that a plaintiff could use HIPAA to establish the “standard of care” in a negligence lawsuit. Meanwhile, disgruntled employees or other business partners performing services for  Covered Entities also increasingly are pointing to HIPAA as the basis for their retaliation or wrongful discharge claims. See, e.g.,  Retaliation For Filing HIPAA Complaint Recognized As Basis For State Retaliatory Discharge Claim. Read more here

Coupled with the HITECH Act changes, these and other enforcement actions signal growing potential hazards for Covered Entities that  fail to properly manage their HIPAA compliance obligations and risks. To help guard against these exposures, Covered Entities should act quickly to strengthen their HIPAA defenses by updating policies, contracts, practices, security, training, oversight, documentation and management.

Covered Entities & Business Associates Urged To Act Promptly To Manage Mitigating Expanded HIPAA Risks & Obligations

Faced with these expanding obligations and exposures, Covered Entities should prepare for the need to defend the adequacy of their HIPAA compliance efforts on paper and in operation. As part of these efforts, Covered Entities should consider:

  • Reviewing the adequacy of the practices, policies and procedures of the Covered Entities, business associates, and others that may come into contact with protected health information within the scope of attorney-client privilege taking into consideration the Corrective Action Plan, published OCR noncompliance and enforcement statistics, their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable;
  • Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility;
  • Renegotiating and enhancing service provider agreements to detail the specific compliance obligations of each party; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; to clarify rights of indemnification; and other related relevant matters;
  • Improving technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information;
  • Conducting well-documented training as necessary to ensure that members of the Covered Entity’s workforce understand and are prepared to comply with the expanded requirements of HIPAA, can detect potential breaches or other compliance concerns, and understand and are prepared to follow appropriate procedures for reporting and responding to suspected violations;
  • Tracking actual and near miss violations and making adjustments to policies, practices, training, safeguards and other compliance components as necessary to deter future concern
  • Establishing and providing well-documented monitoring of compliance;
  • Establishing and providing well-documented timely investigation and redress of reported violations or other compliance concerns;
  • Establishing contingency plans for responding in the event of a breach;
  • Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and  requirements;
  • Preparing and maintaining a well-documented record of compliance activities; and
  • Pursuing other appropriate strategies to enhance the Covered Entity’s ability to demonstrate its compliance commitment both on paper and in operation.

For Assistance With Compliance Or Other Concerns

The author of this article,  Ms. Stamer has extensive experience advising and assisting health care practitioners and other businesses and business leaders to establish, administer, investigate and defend health care fraud and other compliance and internal control policies and practices to reduce risk under federal and state health care and other laws. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact the author of this article, Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com, 214.270.2402 or another Curran Tomko Tarski LLP attorney of your choice.  You can get more information about the CTT Health Care Practice  and more specifics about Ms. Stamer’s health industry experience here.

Ms. Stamer is nationally known for her work, training and presentations, and publications on privacy and security of health and other sensitive information in health and managed care, employment, employee benefits, financial services, education and other contexts. 

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 22 years experience advising clients, conducting workshops and other training, and providing policy advice about health care, privacy, data security, and other matters. She advises health care providers, health insurers and administrators, employer and other health plan sponsors, employee benefit plan fiduciaries, schools, financial services providers, governments and others about privacy and data security, health care, insurance, human resources, ERISA, technology, and other legal and operational concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry privacy, data security and other technology, regulatory and operational risk management matters. A widely published author on privacy, data security, health care and other related matters, Ms. Stamer is the author of “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA,” and a host of other highly regarded publications. Her insights on health care, health insurance, human resources and related matters appear in the Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Helpful Resources & Other Information

If you found these updates of interest, you also be interested in one or more of the following other recent articles:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. You can access other recent updates and other informative publications and resources provided by Curran Tomko Tarski LLP attorneys and get information about its attorneys’ experience, briefings, speeches and other credentials here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2010 Cynthia Marcotte Stamer.  All rights reserved. 


2010 Medicare Part B Monthly Premium Rate, Annual Part B Deductible & Actuarial RatesAnnounced

October 27, 2009

The Centers for Medicare & Medicaid Services recently announced that the monthly premiums, actuarial rates for aged (age 65 and over) and disabled (under age 65) beneficiaries enrolled in Part B of the Medicare Supplementary Medical Insurance (SMI) program that will apply for calendar year 2010. 

The rates announced here in the Federal Register on October 22, 2009 are as follows:

  • The monthly actuarial rates for 2010 are $221.00 for aged enrollees and $270.40 for disabled enrollees. The standard monthly Part B premium rate for 2010 is $110.50, which is up from the 2009
  • standard premium rate of $96.40.)
  • The Part B deductible for 2010 is set at $155.00 for all Part B beneficiaries.

A beneficiary who has to pay an income-related monthly adjustment may have to pay a total monthly premium of roughly 35, 50, 65 or 80 percent of the total cost of Part B coverage.

For More Information

We hope that this information is useful to you.  If you need assistance with these or other health care public policy, regulatory, compliance, risk management, workforce and other staffing, transactional or operational concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other reimbursement, operations, internal controls and risk management matters.  You can review other recent health care and related resources and additional information about the health industry and other experience of Ms. Stamer here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here and/or by participating in the SLP Health Care Risk Management & Operations Group on LinkedIn.  To unsubscribe, e-mail here.

©2009 Cynthia Marcotte Stamer.  All rights reserved.


%d bloggers like this: