HHS Picks Hargan As Acting HHS Secretary

October 11, 2017

President Trump has appointed Eric D. Hargan Acting Secretary of the U.S. Department of Health and Human Services (HHS).

Hargan, who was just sworn into office as Deputy Secretary of HHS on Oct. 6, 2017, takes over the duties of former Secretary Dr. Tom Price, who recently resigned in response to criticism about his expenditures for charter flights.

Before joining HHS, Mr. Hargan was an attorney, most recently a shareholder in Greenberg Traurig’s Chicago office in the Health and FDA Business department, where he focused his practice on transactions, healthcare regulations and government relations. He represented investors, companies, and individuals in healthcare investments and issues across the entire sector.

From 2003 to 2007, Mr. Hargan served at HHS in a variety of capacities, ultimately holding the position of Acting Deputy Secretary. During his tenure at HHS, Mr. Hargan also served as the Department’s Regulatory Policy Officer, overseeing the development and approval of all HHS, CMS, and FDA regulations and significant guidances.

Prior to this role, he served HHS as Deputy General Counsel. More recently, he was tapped by Governor Bruce Rauner to serve during transition as lead co-chair for Gov. Rauner’s Healthcare and Human Services committee.

During his time in Illinois, Mr. Hargan taught at Loyola Law School in Chicago, focusing on administrative law and healthcare regulations. He was a member of the U.S. government team at the inaugural U.S.-China Strategic Economic Dialogue in Beijing in 2006-2007, worked with the State Department’s Bureau of Arms Control to advance biosecurity in developing nations, and initiated and led the HHS team that developed the first responses to international food safety and importation issues in 2007.

He received his B.A. cum laude from Harvard University, and his J.D. from Columbia University Law School, where he was Senior Editor of the Columbia Law Review. Mr. Hargan also received a Certificate in International Law from the Parker School of Foreign and Comparative Law at Columbia University.

Before returning to Washington, D.C., Mr. Hargan lived in the suburbs of Chicago with his wife, Emily, and their two sons.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer works with health industry and related businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management, disaster and other crisis preparedness and response, and other performance and operations management and compliance. Her experienced includes career long involvement in advising and defending health industry and other organizations about disaster and other crisis preparation, response and mitigation arising from natural and man-made disasters, government enforcement, financial distress, workplace emergencies and accidents, data breach and other cybersecurity and other events.  For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and publisher disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


New HHS Webpage Highlights HHS Administrative Actions To Ease ACA Enforcement & Burdens

April 13, 2017

The Department of Health and Human Services recently launched a new web page on HHS.gov highlighting the regulatory and administrative actions the Department is taking to relieve the burden of the current healthcare law and support a patient-centered healthcare system in response to President Trump’s January 20, 2017 Executive Order Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal (the “Executive Order”).

In the Executive Order, President Trump among other things:

  • Confirmed the Trump Administration’s policy to seek the prompt repeal of the Patient Protection and Affordable Care Act (Public Law 111-148), as amended (the “ACA”); and
  • Announced the Trump Administration’s directivepending the planned ACA repeal to ensure that the law is being efficiently implemented, take all actions consistent with law to minimize the unwarranted economic and regulatory burdens of the ACA, and prepare to afford the States more flexibility and control to create a more free and open healthcare market.

In furtherance of these policies, the Executive Order also directed the Secretary of HHS and and the heads of all other executive departments and agencies (agencies) with authorities and responsibilities under the ACA to the maximum extent permitted by law:

  • To exercise all authority and discretion available to them to waive, defer, grant exemptions from, or delay the implementation of any provision or requirement of the ACA that would impose a fiscal burden on any State or a cost, fee, tax, penalty, or regulatory burden on individuals, families, healthcare providers, health insurers, patients, recipients of healthcare services, purchasers of health insurance, or makers of medical devices, products, or medications;
  • To exercise all authority and discretion available to them to provide greater flexibility to States and cooperate with them in implementing healthcare programs;
  • To encourage the development of a free and open market in interstate commerce for the offering of healthcare services and health insurance, with the goal of achieving and preserving maximum options for patients and consumers.

HHS intends to use the new web page to announce new measures as adopted by HHS in furtherance of the Executive Order with a planned emphasis in particular upon actions to

  • Lower costs and increase choices by providing relief from the burdensome regulations and fostering competition in insurance markets;
  • Work to ensure a stable transition period;
  • Offer states greater flexibility of their Medicaid programs to meet the needs of their most vulnerable populations; and
  • Increase the opportunities for patients to get the care they need when they need it.

According to statements on the new web page, HHS intends to purse these objectives by “going through every page of regulations and guidance related to the Affordable Care Act to determine whether or not they work for patients and whether or not they are making our health care system better.”

Check out and follow these developments here.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition  as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits”  and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management,  crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations. Her experience encompasses  helping health industry clients manage workforce, medical staff, vendors and suppliers, medical billing, reimbursement, claims and other provider-payer relations, business partners, and their recruitment, performance, discipline, compliance, safety, compensation, benefits, and training ;board, medical staff and other governance;   compliance and internal controls; strategic planning, process and quality improvement; change management;  assess, deter, investigate and address staffing, quality, compliance  and other performance;  meaningful use, EMR, HIPAA and other data security and breach and other health IT and data; crisis preparedness and response; internal, government and third-party reporting, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.

The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked closely with a diverse range of physicians, hospitals and healthcare systems, DME, Pharma, clinics, health care providers, managed care, insurance and other health care payers, quality assurance, credentialing, technical, research, public and private social and community organizations, and other health industry organizations and their management deal with governance; credentialing, patient relations and care; staffing, peer review, human resources and workforce performance management; outsourcing; internal controls and regulatory compliance; billing and reimbursement; physician, employment, vendor, managed care, government and other contracting; business transactions; grants; tax-exemption and not-for-profit; licensure and accreditation; vendor selection and management; privacy and data security; training; risk and change management; regulatory affairs and public policy and other concerns.

As a core component of her work,  Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including  insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.  Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting,  risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy and governmental and regulatory affairs experience, Ms. Stamer also is widely recognized for regulatory and policy work, advocacy and outreach on healthcare, education, aging, disability, savings and retirement, workforce, ethics, and other policies.  Throughout her adult life and career, Ms. Stamer has provided thought leadership; policy and program design, statutory and regulatory development design and analysis; drafted legislation, proposed regulations and other guidance, position statements and briefs, comments and other critical policy documents; advised, assisted and represented health care providers, health plans and insurers, employers, professional. and trade associations, community and government leaders and others on health care, health, pension and retirement, workers’ compensation, Social Security and other benefit, insurance and financial services, tax, workforce, aging and disability, immigration, privacy and data security and a host of other international and domestic federal, state and local public policy and regulatory reforms through her involvement and participation in numerous client engagements, founder and Executive Director of the Coalition for Responsible Health Policy and its PROJECT COPE: the Coalition on Patient Empowerment, adviser to the National Physicians Congress for Healthcare Policy, leadership involvement with the US-Mexico Chamber of Commerce, the Texas Association of Business, the ABA JCEB, Health Law, RPTE, Tax, Labor, TIPS, International Life Sciences, and other Sections and Committees, SHRM Governmental Affairs Committee and a host of other  involvements and activities.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical  staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE:  Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children);  current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating  your profile here.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™  All other rights reserved.   For information about republication or other use, please contact Ms. Stamer here.


All Covered Entities Should Learn Lessons From Mississippi Medical Center’s $2.75 Million HIPAA Resolution Agreement

July 27, 2016

Health care providers, health plans, healthcare clearinghouses (covered entities) and their business associates should reevaluate the adequacy of their practices and procedures for the protection of electronic protected health information (ePHI) on or accessible through laptops or other mobile devices in light of the $2.75 million penalty and other schooling the Department of Health and Human Services Office for Civil Rights (OCR) just gave the University of Mississippi (UM) Medical Center (UMMC) documented in a July 7, 2016 Resolution Agreement and Corrective Action Plan (Resolution Agreement) resolving OCR charges of multiple violations of the privacy, security and breach notification requirements of the Health Insurance Portability and Accountability Act (HIPAA) OCR says it uncovered while investigating UMMC’s breach notification report to OCR of the loss a laptop containing 328 files containing the ePHI of an estimated 10,000 patients.

UMMC Report of Missing Laptop Leads To Multiple Charges & Resolution Agreement

Mississippi’s sole public academic health science center, UMMC provides patient care in four specialized hospitals on the Jackson campus and at clinics throughout Jackson and the State as well as conducts medical education and research functions.  Its designated health care component, UMMC, includes University Hospital, the site of the breach in this case, located on the main UMMC campus in Jackson.

The settlement agreed to by UMMC stems from charges resulting from an OCR investigation of UMMC triggered by a breach of unsecured electronic protected health information (“ePHI”) affecting approximately 10,000 individuals.

Like many prior resolution agreements previously announced by OCR, UMMC’s HIPAA woes came to light after a laptop went missing.  OCR learned of the breach and opened its investigation in response to a March 21, 2013 notification UMMC filed with OCR.  UMMC made the breach notification to comply with HIPAA’s Breach Notification Rule requirement that health care providers, health plans and healthcare clearinghouses (Covered Entities) timely notify affected individuals, OCR and others of breaches of unsecured ePHI.

UMMC’s breach notification disclosed that UMMC’s privacy officer had discovered a password-protected laptop containing ePHI of thousands of UMMC patients missing from UMMC’s Medical Intensive Care Unit (MICU). UMMC additionally reported that based on its investigation, UMMC believed that the missing laptop likely was stolen by a visitor to the MICU who had inquired about borrowing one of the laptops.

After discovering the loss, UMMC disclosed the breach to local media and on its website and notified OCR of the breach but apparently did not individually notify the subjects of the missing ePHI.

In keeping with its announced policy of investigating all breach reports impacting 500 or more individuals, OCR opened an investigation into UMMC’s breach report.  Based on this investigation, OCR concluded that while the laptop apparently was password protected, UMMC had breached the Security Rules because ePHI stored on a UMMC network drive was vulnerable to unauthorized access via UMMC’s wireless network because users could use a generic username and password to access an active directory containing 67,000 files including 328 files containing the ePHI of an estimated 10,000 patients.

While OCR’s investigation confirmed that UMMC had implemented policies and procedures pursuant to the HIPAA Rules, OCR’s additionally found that the theft of the laptop that prompted UMMC’s breach report resulted from broad deficiencies in UMMC’s implementation and administration of these policies and its practices.

Based on these findings, OCR charged UMMC with the following HIPAA violations:

  • From the compliance date of the Security Rule, April 20, 2005, through the settlement date, UMMC violated 45 C.F.R. §164.308(a)(1)(i) by failing to implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of the ePHI it holds, and implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level;
  • From January 19, 2013, until March 1, 2014, UMMC violated 45 C.F.R. §164.310(c) by failing to implement physical safeguards for all workstations that access ePHI to restrict access to authorized users;
  • From the compliance date of the Security Rule, April 20, 2005, to March 14, 2013, UM violated 45 C.F.R. § 164.312 (a)(2)(i) by failing to assign a unique user name and/or number for identifying and tracking user identity in information systems containing ePHI including, for example, allowing workforce members to access ePHI on a shared department network drive through a generic account, preventing UMMC from tracking which specific users were accessing ePHI; and
  • While UMMC provided notification on UMMC’s website and in local media outlets following the discovery of the reported breach of unsecured ePHI,, UMMC violated the Breach Notification Rule by failing to notify each individual whose unsecured ePHI was reasonably believed to have been accessed, acquired, used, or disclosed as a result of the breach.

Finally, OCR determined that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet took no significant risk management activity until after the breach, due largely to organizational deficiencies and insufficient institutional oversight.

To resolve these charges, UMMC agrees in the Resolution Agreement to pay OCR $2.75 million and implement a comprehensive compliance plan which among other things, requires UMMC to conduct a sweeping review and correct its HIPAA privacy, security and breach notification policies and their implementation and administration to comply with HIPAA as well as implement and administer detailed management and OCR oversight and reporting processes over the implementation and administration of these procedures.

Lessons For Other Covered Entities From UMMC Resolution Agreement

The UMMC charges and Resolution Agreement contains several key lessons for other covered entities and their business associates, which OCR’s July 21, 2016 announcement warns other covered entities and business associates to heed..

Certainly, the $2.75 million settlement amount reaffirms that covered entities and their business associates risk substantial liability for failing to properly assess and protect the security of ePHI in accordance with HIPAA’s Privacy and Security Rule.

Furthermore, the charges and Resolution Agreement also adds a new twist to OCR’s now well established to stiffly sanction covered entities and their business associates that fail appropriately assess and address risks to the security of their ePHI on or accessible from laptops or other mobile devices. Through previous resolution agreements and guidance, OCR has made clear that it interprets the HIPAA Security Rule as generally requiring that covered entities and business associates encrypt all laptops or other mobile devices containing ePHI.  The UMMC charges and Resolution Agreement makes clear that the responsibility to protect ePHI on or accessible through laptops or other mobile devices does not end with encryption.  Rather, the Resolution Agreement makes clear that covered entities and their business associates also must take appropriate, well-documented steps to monitor, assess, identify, and timely and effectively address other potential risks to the security of the ePHI.

The Resolution Agreement makes clear that these additional responsibilities include, but are not necessarily limited to ensuring that proper safeguards are implemented and enforced to secure access not only to the ePHI contained on the laptop as well as other data bases and systems containing ePHI accessible through the laptop.  In this respect, the Resolution Agreement particularly highlights the need for covered entities and their business associates to assess risks and take appropriate steps:

  • To safeguard the physical security of laptops and other mobile devices;
  • To prevent the use of generic or other unsecure passwords to access ePHI on or accessible through the laptop or other mobile device;
  • To establish and administer appropriate, well-documented processes for assessing and addressing the adequacy of safeguards for and potential threats to the security of ePHI both initially and on an ongoing basis in a manner that meaningfully assesses the actual risks and effectiveness of safeguards against these risks, including those resulting from nonadherence to required safeguards and practices such as the sharing of passwords, changing systems or circumstances, and other developments that potentially threaten the adequacy of ePHI security.

Furthermore, OCR’s July 21, 2016 press release concerning the Resolution Agreement also sends a clear message to all covered entities and business associates that OCR views HIPAA as requiring organizations not only to adopt written policies and procedures that comply on paper or in theory with HIPAA, but also to take steps to monitor and maintain the effectiveness of their safeguard by continuously assessing and monitoring their HIPAA risks and acting as necessary to ensure that required safeguards of protected health information and ePHI and other HIPAA requirements are effectively implemented and administered in operation as well as form.

In OCR’s Press Release announcing the Resolution Agreement, OCR Director Jocelyn Samuels. Stated, “We at OCR remain particularly concerned with unaddressed risks that may lead to impermissible access to ePHI.”  She also warned “In addition to identifying risks and vulnerabilities to their ePHI, entities must also implement reasonable and appropriate safeguards to address them within an appropriate time frame.”

Additionally, the Resolution Agreement also illustrates need for covered entities and business associates to timely provide all individual and other notifications and otherwise fully comply with all requirements of the Breach Notification Rules.

Since the risk of a breach is ever-present even for Covered Entities and business associates exercising the highest degree of care to safeguard PHI and maintain compliance with HIPAA, Covered Entities and business associates are wise to take steps to position themselves to be able to demonstrate the adequacy of both their written policies and procedures and the effectiveness of their implementation and enforcement including ongoing documented practices for assessing, monitoring and addressing security risks and other compliance concerns as well as prepare to comply with the breach notification requirements in the event they experience their own breach of unsecured ePHI.

About The Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, former scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and JCEB Council Representative, former Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section,  the former Board President and Treasurer of the Richardson Development Center for Children Early Childhood Intervention Agency, and past  Board Compliance Chair of the National Kidney Foundation of North Texas, and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, the author of this update, attorney Cynthia Marcotte Stamer, is AV-Preeminent (the highest) rated attorney repeatedly recognized for her nearly 30 years of experience and knowledge representing and advising healthcare, health plan and other health industry and others on these and other regulatory, workforce, risk management, technology, public policy and operations matters as a Martindale-Hubble as a “LEGAL LEADER™” and “Texas Top Rated Lawyer” in Health Care Law, Labor and Employment Law, and Business & Commercial Law and among the “Best Lawyers In Dallas” by D Magazine.

Ms. Stamer’s health industry experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Ms. Stamer also is known for her experience in HIPAA and other privacy and data security and breach concerns.  The scribe for ABA JCEB annual agency meeting with OCR for many years, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical  staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

You can get more information about her health industry experience here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

 

About Solutions Law Press Inc.™

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

If you found these updates of interest, you may be interested in other recent Solutions Law Press, Inc. updates like the following:

Go here to register to receive other Solutions Law Press, Inc. updates and announcements about other upcoming briefings, training or other programs, products, services, and activities or to learn more about Solutions Law Press, Inc., its publications, programs and training, PROJECT COPE: Coalition on Patient Empowerment community service and education projects, event management and other resources and services.

For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2016 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press, Inc. All other rights reserved.

 


3/30 Webex Shares Latest On Security, Patient Access & Other HIPAA Developments

March 9, 2016

Solutions Law Press, Inc. ™ Invites You To A Special WebEx Briefing  

HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments

Wednesday, March 30, 2016

1:00 P.M.-2:00 P.M. Eastern | 12:00 P.M.-1:00 P.M. Central 11:00 A.M-12:00 P.M. Mountain | 10:00 A.M-11:00 A.M. Pacific

Health care providers, health plans, health care clearinghouses and their business associates (Covered Entities) face new imperatives to review and tighten their practices to ensure their practices comply with recently released guidance from the U.S. Department of Health & Human Services Office of Civil Rights (OCR)) emphasizing and clarifying the responsibilities of health care providers, health plans and the healthcare clearinghouses under the Health Insurance Portability & Accountability Act of 1996 (HIPAA) to provide access to individuals that are the subject of protected health information or “PHI” to access or copies of their PHI in accordance with HIPAA’s rules and other recent HIPAA guidance and enforcement. With OCR’s recent release of added guidance and OCR enforcement statistics continuing to show HIPAA access rule violations among the most common HIPAA violations and OCR stepping up HIPAA enforcement, health care providers, health plans, healthcare clearinghouses can expect heightened scrutiny and enforcement of these requirements. Additionally, Covered Entities also should evaluate the adequacy of their other practices in light of other recent OCR guidance and enforcement actions.

Solutions Law Press, Inc.™ invites to catch up on the latest guidance on HIPAA’s requirements to provide access to patients to PHI by registering here to participate in the Solutions Law Press, Inc.™ “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” WebEx briefing from Cynthia Marcotte Stamer on Friday, March 18, 2016.   During the Briefing, Ms. Stamer will provide participants with:

√ An update on OCR enforcement actiions and guidance over past 12 months

√ A detailed discussion of OCR’s new guidance about when Covered Entities must provide PHI access or copies to patients

√ Discuss rules and best practices for verifying the identity and credentials of an individual requesting PHI as a patient or personal representative of a patient

√ Share tips for contracting and dealing with business associates to facilitate administration of patient PHI access and security compliance activities

√ Share other practical considerations & best practices for compliance and risk management

√ Respond to participant questions on a time permitting basis

√ More

ABOUT THE SPEAKER

Recognized as “Legal Leader™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” and an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble, singled out as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine;, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her more than 28 years extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care, health plan and employee benefits, workforce and related regulatory and other compliance, performance management, risk management, product and process development, public policy and other key operational concerns.

As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance including extensive involvement with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others. Ms. Stamer also has worked extensively domestically and internationally on public policy and regulatory advocacy on HIPAA and other privacy and data security risks and requirements as well as a broad range of other health, employee benefits, human resources, insurance, tax, compliance and other matters and representing clients in dealings with the US Congress, Departments of Labor, Treasury, Health & Human Services, Federal Trade Commission, HUD and Justice, as well as a state legislatures attorneys general, insurance, labor, worker’s compensation, and other agencies and regulators as well supports clients in defending litigation as lead strategy counsel, special counsel and as an expert witness.

Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served as the scrivener for the ABA JCEB’s meeting with OCR on HIPAA for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients, serves on the faculty and planning committee of many workshops, seminars, and symposia, and on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.

 REGISTRATION & PROGRAM DETAILS

Registration Fee per course is $75.00 per person. Registration Fee Discounts available for groups of three or more participants from the same organization. Limited opportunities for participation. Registration accommodated on a first come basis. Completed registration and payment required via website registration 48 hours in advance of the program. No checks or cash accepted. Persons not registered with completed payment at least 48 hours in advance will only participate subject to availability and completed registration and payment. Payment only accepted via website PayPal. Register Here!

The Webex will be conducted over the internet. Participants will receive access code and instructions for sign on to participate in the Webex and/or dial in to participate in the program via telephone after processing of completed registration. Participants must have access to a computer with internet access and to telephone access to dial in via telephone to participate in the program. Solutions Law Press, Inc. is not responsible for any interruption or interference in participation resulting from limitations in the internet connectivity, computer, telephone or other equipment used by the participant to access and participate in the program.

ABOUT SOLUTIONS LAW PRESS, INC.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders better anticipate legal and operational issues impacting their organization’s performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to inquire about becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com.   These programs, publications and other resources are provided only for general informational and educational purposes, the applicability of which to any particular circumstances may be impacted by legal changes, the specific facts and circumstances or other factors. Consequently, neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are not intended to or shall not be construed as establishing an attorney-client relationship, to constitute legal advice or a substitute for legal advice, or otherwise provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties that any participant or any other party can rely upon the information or any statements presented herein. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. If you would prefer not to receive communications from Solutions Law Press, Inc. send an e-mail with “Solutions Law Press Unsubscribe” in the Subject to support@solutionslawyer.net. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.   ©2016 Solutions Law Press, Inc.

 

 

 


Use Free Cyber Security Awareness Month Resources To Boost HIPAA & Other Cyber Security Training & Skills

October 25, 2015

Halloween’s annual celebration of spooks and goblins peak is a perfect time to promote awareness and help American businesses and citizens build their skills to guard against the real and growing menace of identity thieves and other cybercriminals by getting involved with the 12th annual National Cyber Security Awareness Month (NCSAM) in October, begin preparing to participate in the next annual “Data Privacy Day” on January 28, 2016 and joining in other activities highlighted through NCSAM and Data Privacy Day to help deter Cybercrime and identity theft threats. Even if your organization or family choose not to participate in any official or public way, checking out and using the many free resources provides an invaluable, free opportunity to raise your defenses against this rising menace.

Health care providers and organizations, health plans, and their business associates face special legal and ethical mandates to safeguard “protected health information” and other sensitive patient information under the Privacy & Security Rules of the Health Insurance Portability & Accountability Act (HIPAA), state health care, insurance, medical ethics and licensure, identity theft and other laws.   Most health care organizations and providers are sensitive to the need to comply with these requirements as a result of the stiff civil and criminal sanctions associated with violation of these medical privacy and data security requirements and notoriety surrounding stiff sanctions imposed as part of their enforcement, effective operationalization and maintenance of compliance with these rules remains a continuous challenge and only covers a small part of any health care organization’s legal responsibilities and risks.   Health care organizations not only must manage their health care specific  obligations, but also a host of other concerns like those that apply to other organizations.  Getting workforce members, vendors, patients and others to understand and practice good Cyber Security in all aspects of their personal and private lives is key to effective management of all of these risks and responsibilities.

With virtually every American business and citizen now connected to and using the Internet to conduct key personal and business transactions and the constant drive by government and business to digitize regular business transactions, no one agency, business or individual alone can truly know where and who has their sensitive data, much less reliably can defend this data against the identity and other theft and other cybercriminals lurking in the digital world’s virtual streets waiting to strike, then disappear in “Jack The Ripper” style into the darkness of the Internet.  That’s why every American and American business in general – and health industry organizations and providers particularly – should take time to participate and urge others to Get Involved in the 12th Annual NCSAM activities this month and use the supportive resources offered through that involvement throughout the year.

Celebrated annually in October, NCSAM was created to provide resources to help Americans stay safer and more secure online through public-private collaboration between the U.S. Department of Homeland Security and industry led by the National Cyber Security Alliance (NCSA). NCSAM and its associated activities outreach to consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation.  NCSAM 2015 particularly focuses on the consumer and his/her needs regarding cybersecurity and safety continuing the overall message of STOP. THINK. CONNECT. Campaign founded in 2010 and its capstone concepts: “Keep a Clean Machine,” “Protect Your Personal Information,” “Connect with Care,” “Be Web Wise” and “Be a Good Online Citizen.” NCSAM seeks to remind Americans to incorporate “STOP. THINK. CONNECT.” into their online routines and offers resources to help individuals understand and put these principles into practice into their online routine at the home, the office and elsewhere.

Designed to be accessible and understandable by consumers, many business and government organizations may want to support and promote their Cyber Security employee and customer training and awareness efforts by participating annually in NCSAM in October, signing up your organization to Data Privacy Day Champion and/or participating in Data Privacy Day on January 28, 2016, or otherwise using and sharing tips, tools and other resources in the Privacy Library such as:

General Privacy & Cyber Security Awareness

Keep a Clean Machine/Cookies & Behavioral Tracking

  • Malware & Botnets
  • A video about cookies and why they matter created by the Wall Street Journal.
  • Information about the Network Advertising Initiative (NAI) offering opt-out of online behavior advertising and provides factual information about online behavioral advertising, privacy, cookies.

Health Privacy

Identity Theft Prevention & Clean Up

Mobile App Privacy & Security

Student & Educational Privacy & Security

  • I want to each online safety for Grades K-2,  Grades 3-5  Middle and High School Higher Education and CSave Volunteer Lesson Plans & Materials
  • The Protecting Privacy in Connected Learning toolkit is an in-depth, step-by-step guide to navigating the Family Education Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA) and related privacy issues.
  • Securing Your Home Network
  • The Family Educational Rights and Privacy Act, or FERPA, is the main federal law that deals with education privacy, but there are a host of other laws, best practices, and guidelines that are essential to understanding education privacy. FERPA|SHERPA aims to provide service providers, parents, school officials, and policymakers with easy access to those materials to help guide responsible uses of student’s data.
  • General guidance for parents provided by the department of education Family Educational Rights and Privacy Act (FERPA)
  • Student Privacy 101: FERPA for parents and students – Ever have questions about your rights regarding education records? This short video highlights the key points of the family education rights and privacy act (FERPA).

Other Resources 

About the Author

Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than years’ experience helping business and government organizations and their leaders manage. Ms. Stamer’s legal and management consulting work throughout her 28 plus year career has focused on helping organizations and their management understand and use the law and process to manage people, process, compliance, operations and risk including significant work in the prevention, investigation and remediation of data breach and other Cybercrime events.

Scribe responsible for leading the American Bar Association (ABA) Joint Committee on Employee Benefits (JCEB) annual agency meeting with the Department of Health & Human Services Office of Civil Rights,Scribe responsible for leading the American Bar Association (ABA) Joint Committee on Employee Benefits (JCEB) annual agency meeting with the Department of Health & Human Services Cynthia Marcotte Stamer’s practice has focused on advising and representing government and private technology, security, health care providers, health plans, health, schools and other educational organizations, insurance, banking and financial services, retail, employer and other organizations about privacy and data security compliance and risk management, breach and other investigations and enforcement, workforce and performance management and other risk management, compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

With data and technology use, protection and management imbedded in virtually every aspect of her client’s operations, data and other confidential information and systems use, protection, breach or other abuse investigation and response, enforcement and liability mitigation and defense and other Cybercrime and Cyber Security challenges are a continuous component of Ms. Stamer’s management work.  Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce, data breach and Cybercrime, and other legal and operational crises large and small that arise in the course of operations.  Ms. Stamer regularly helps clients design, administer and defend HIPAA, FACTA, data breach, identity theft and other risk management, compliance and other privacy, data security, confidential information and other data security, technology and management policies and practices affecting their operations.   She also helps clients prevent, investigate and mitigate HIPAA, FACTA, PHI and other data breach hacking, identity theft, data breach, data loss or destruction, theft of trade secrets or other sensitive data, spoofing, industrial espionage, insider and other parties misuse of data or technology and other cybercrime and technology use concerns.  Best-known for her extensive work helping health care, insurance and other highly regulated entities manage both general employment and management concerns and their highly complicated, industry specific corporate compliance, internal controls and risk management requirements, Ms. Stamer’s clients and experience also includes a broad range of other businesses.  Her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.  Common engagements include internal and external privacy and data security compliance, risk management, investigation and remediation, workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other legal and operational compliance, risk management, disaster preparedness and response, and liability defense and mitigation concerns arising out of organization’s operations.

Cindy also is widely recognized for her regulatory and public policy advocacy, publications, and public speaking on privacy and other compliance, risk management concerns. Among others, she is the author of “Privacy & Securities Standards-A Brief Nutshell,” “Privacy Invasions of Medical Care-An Emerging Perspective,” the E-Health Business and Transactional Law Chapter on Other Liability-Tort and Regulatory;” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA;” “Personal Identity Management Legal Demands and Technology Solutions;” “Tailoring A Records Management Plan And Process To Meet Your Legal And Operational Needs;” “Brokers & Insurers Identity Theft and Privacy Perils;” “HR’s Role In Personal Identity Theft & Cyber Crime Prevention;” “Protecting & Using Patient Data In Disease Management Opportunities, Liabilities And Prescriptions;” “Why Your Business Needs A Cybercrime Prevention and Compliance Program;” “Leveraging Your Enterprise Digital Identity Management Investments and Breaking though the Identity Management Buzz;” “When Your Employee’s Private Life Becomes Your Business;” “Healthcare Breaches: How to Respond” and hundreds of other works. Her insights on privacy, data security, and other matters have appeared in The Wall Street Journal, Business Insurance, the Dallas Morning News, Spencer Publications, and a host of other publications. She speaks and has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer works with businesses and government organizations and their management, employee benefit plans, schools, financial institutions, retail, hospitality, and other organizations deal with all aspects of these and other operations performance and compliance management.  She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer serves on the steering committee and as a faculty member of the Southern California ISSA-HIMMS Annual Security Summit and Chaired its 2015 3rd Annual Health Care Privacy Summit.  Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.  She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see here, or the Stamer Chadwick Soefje PLLC website here.  To contact Ms. Stamer, e-mail her at here or telephone (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™  provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of Ms. Stamer’s publications our other Solutions Law Press, Inc.™ resources such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.

©2015 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.. All other rights reserved.


EBSA Speaks On Health Plans At 9/15 Free Study Group Lunch

September 15, 2015

Solutions Law Press, Inc. is happy to share the following announcement.

Welcome Back From Summer Vacation To NTHCPA Members & Friends!!!

NORTH TEXAS HEALTHCARE COMPLIANCE PROFESSIONALS ASSOCIATION
 Invites Members and Guests to Our Next Group Luncheon
Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act
Featuring
Kristi Gotcher
U.S. Department of Labor Employee Benefit Security Administration Investigator
Tuesday, September 15, 2015
11:30 a.m. to 1:30 p.m.
DFW Hospital Council Offices
250 Decker Drive
Irving, Texas
RSVP here  by Noon on September 14, 2015
Space Limited!  Register Early To Reserve Your Spot To Participate!
Stay In Touch.  Check Out Our New Newsletter, the NTHCPA News, here
Please share this invitation with others who might be interested in this topic or other NTHCPA events!

The North Texas Healthcare Compliance Professionals Association (NTHCPA) invites members and other interested health care compliance professionals to join us on Tuesday, September 15, 2015 from 11:30 a.m. to 1:30 p.m. for our Study Group Luncheon featuring a program on “Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act” from U.S. Department of Labor Employee Benefit Security Administration (EBSA) Investigator Kristi Gotcher.

The health and other employee benefit plan rules of the Employee Retirement Income Security Act (ERISA) generally offer important protections and create significant compliance challenges for health care organizations and providers.  On one hand, health care providers generally rely heavily on their or their patient’s ability to obtain health benefits promised under employer or union-sponsored health plans covering their patients to help reimbursement provider charges.  Meanwhile, health care providers and their leaders also can incur significant liability for failing to comply with ERISA’s rules when establishing and maintaining health or other employee benefit programs for their own employees.

Drawing on her involvement as investigator with the Department of Labor agency primarily responsible for both interpreting and enforcing ERISA’s rules, EBSA Ms. Gotcher will share key updates and insights on both how ERISA and the EBSA can help patients and providers enforce benefit rights under ERISA-covered health plans and key health and highlight employee benefit compliance responsibilities that health care organizations and their leaders need to ensure that their own health and other employee benefit programs meet to avoid violating ERISA.

About the Speaker

Kristi A. Gotcher is an Investigator with the United States Department of Labor, Employee Benefits Security Administration (EBSA) in the Dallas Regional Office.   Kristi began working for EBSA in the Dallas Regional Office in November 2007 as a Benefits Advisor.  She earned her Bachelor of Arts in Social Political Relations from St. Edwards University and a J.D. from Texas Wesleyan University School of Law (now Texas A&M University School of Law).  Ms. Gotcher is licensed to practice law in the State of Texas.

Registration & Meeting Details

The meeting scheduled from 11:30 a.m. to 1:30 p.m. on Tuesday, September 15, 2015 at the DFW Hospital Council Offices located at 250 Decker Drive, Irving Texas.  Participants who timely R.S.V.P. will enjoy a complimentary luncheon. Networking and lunch service will begin at 11:30. Our program will begin at Noon.

NTHCPA encourages members and other interested health care compliance professionals to register early to reserve their spot to participate and to share this invitation with others in the industry who might benefit from participation.
There is no charge to participate in the meeting.  However space is limited and available only on a first come, first serve basis.  To ensure your spot and help us to arrange for adequate space and refreshments for this meeting, R.S.V.P. here as soon as possible and no later than Noon on September 14, 2015.  Walk in guests will be accommodated on a space-available basis only.

 Thanks To Meeting Underwriter Stamer ׀ Chadwick ׀ Soefje, PLLC

NTHCPA and its members extend our thanks to Cynthia Marcotte Stamer, P.C. and the other members of Stamer ׀ Chadwick ׀ Soefje PLLC for underwriting this month’s study group luncheon and other support of NTHCPA.

A boutique firm of exceptionally experienced and skilled “big-firm” lawyers committed to changing the way law firms serve their clients, Stamer │Chadwick │Soefje, PLLC delivers sophisticated legal advice and innovative solutions to the most challenging and complex problems. Simply put, Stamer │Chadwick │Soefje, PLLC attorneys are “Solutions Lawyers™.”
Stamer │Chadwick │Soefje, PLLC attorneys deliver sophisticated legal advice and innovative solutions to the most challenging and complex problems. Stamer │Chadwick │Soefje, PLLC attorneys possess the breadth of experience to respond to the unique legal and operational challenges health industry and other clients face and help guide them toward pragmatic resolutions that make sense for them. “Solutions Lawyers™ possess the breadth of experience to respond to the unique challenges our corporate and individual clients face and help guide them toward pragmatic resolutions that make sense for them.

Founded by nationally-known, healthcare and labor & employment attorney Cynthia Marcotte Stamer; labor & employment attorney Robert G. Chadwick; and professional liability and civil litigation attorney Timothy B. Soefje, Stamer │Chadwick │Soefje, PLLC focuses on advising and representing businesses and professionals nationally in the areas of healthcare, cyber liability, ERISA, employee benefits, labor & employment, corporate and commercial litigation, professional liability, construction litigation, and insurance defense.  All three attorneys are rated AV® Preeminent™ by Martindale-Hubbell® Peer Review Ratings™ Ms. Stamer and Mr. Chadwick are both Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, are Fellows in the American Bar Foundation, and recognized as “Top Lawyers” in Labor and Employment Law.  Ms. Stamer also has received recognition as a “Top” attorney in health care and employee benefits law and is a Fellow in the American College of Employee Benefit Council.

Ms. Stamer more than 28 years’ experience advising and representing health industry and employee benefit clients on a wide range of legal, public policy, management and operational concerns as well as extensive leadership and management experience serving in on the board of health industry nonprofit organizations. Nationally recognized for her legal work, advocacy, publications, writings and presentations on health industry concerns, Ms. Stamer provides legal and management advice, training and coaching, defense, public policy and regulatory advocacy to health industry and other clients on health and other regulatory and operational compliance, federal and state public policy and enforcement, managed care and other contracting, reimbursement, fraud, quality, employment, staffing and other workforce, benefits, licensing, credentialing and peer review, safety, disaster preparedness and response, HIPAA and other privacy and data security, corporate governance, investigations and internal controls, and a host of other health industry compliance and risk management and other legal and operational concerns. In addition to her legal experience, Ms. Stamer also contributes her experience and talents to serving in a number of health industry and other civil and professional groups.  Among other things, Ms. Stamer serves as Vice President of the NTHCPA, the RPTE representative to the American Bar Association (ABA) Joint Committee on Employee Benefits Council and scrivener for its annual agency meeting with the Office of Civil Rights, the ABA International Section Life Sciences and Health Law Committee Vice President of Policy, RPTE Liaison to the ABA Health Care Coordinating Counsel, TIPS Employee Benefit Committee Vice Chair, Founder and Executive Director of the Project COPE:  The Coalition on Patient Empowerment, and National Physicians Council for Healthcare Policy.  She also previously served as President and Founding Board Member of the Alliance for Health Care Excellence and its Health Care Heroes and Patient Empowerment Programs, as RPTE Employee Benefits & Other Compensation Group Chair and Welfare Benefit Committee Vice Chair, Exempt Organizations Coordinator of the Gulf States Area TEGE Council, Board President and Audit Committee Chair of the Richardson Development Center for Children ECI Agency, National Kidney Foundation of North Texas Board Audit Committee Chair, the United Way of North Texas Long Range Planning Committee.  She also has and continues to serve in the leadership of many other civic and professional boards, seminar faculties, editorial advisory boards and publishes and speaks extensively on health industry and employee benefit related concerns.

Mr. Chadwick has extensive experience advising and defending health industry and other clients on OSHA and other occupational health and safety, employee benefits, compensation and other labor and employment  concerns as well as defending boards and other management leaders against management liability claims.

Mr. Soefje has extensive experience advising and representing health industry clients and professionals on medical malpractice, officers and directors liability and other professional liability, errors and omissions, construction defect and other litigation and disputes.   For additional information, see the firm’s website here or contact Ms. Stamer via e-mail here.

About the NTHCPA

NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles.  The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.

Sponsorship and Other Involvement Opportunities

Would you or someone you know like to join the NTHCPA, get notice of upcoming meetings or events and network on relevant professional developments with other health care professionals?  Stay on top of information about upcoming meetings and share and dialogue with other NTHCPA members about health care compliance challenges and developments by participating in our meetings and events, joining our Linked In Group here and checking out the NTHCPA News here.   To be added to our invitation list, we also encourage interested persons to make sure we have your current contact information by joining the NTHCPA here or registering for the meeting at here.

We also invite interested members to volunteer to help make our study group a success.  If you or someone you know would like to help support for the NTHCPA by sponsoring the luncheon or hosting a social hour, speaking at or helping to plan upcoming meetings, suggesting a speaker or topic, helping with the newsletter or website getting more involved in other ways, let us know by emailing us here.

Notice:  This communication may be considered marketing purposes.  If you wish to update your e-mail for purposes of or would prefer not to receive future e-mail concerning meetings or other activities of the North Texas Healthcare Compliance Professionals Association or other marketing and promotional mailings from it, please send an email with the word “unsubscribe” in its subject heading here.
Please share this invitation with others who might be interested in this topic or other NTHCPA events!


Health Care Org’s ERISA Health Plan Reimbursement Opportunities & Compliance Obligations Free 9/15 Study Group Topic

September 9, 2015

Solutions Law Press, Inc. is happy to share information about this upcoming free health industry study group meeting on 9/15/2015 in Irving, Texas.

NORTH TEXAS HEALTHCARE COMPLIANCE PROFESSIONALS ASSOCIATION

Invites Members and Guests to Our Next Group Luncheon

Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act

Featuring

Kristi Gotcher

U.S. Department of Labor Employee Benefit Security Administration Investigator

Tuesday, September 15, 2015

11:30 a.m. to 1:30 p.m.

DFW Hospital Council Offices

250 Decker Drive

Irving, Texas

RSVP here  by Noon on September 14, 2015

Space Limited!  Register Early To Reserve Your Spot To Participate!

 

Please share this invitation with others who might be interested in this topic or other NTHCPA events!

The North Texas Healthcare Compliance Professionals Association (NTHCPA) invites members and other interested health care compliance professionals to join us on Tuesday, September 15, 2015 from 11:30 a.m. to 1:30 p.m. for our Study Group Luncheon featuring a program on “Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act” from U.S. Department of Labor Employee Benefit Security Administration (EBSA) Investigator Kristi Gotcher.

The health and other employee benefit plan rules of the Employee Retirement Income Security Act (ERISA) generally offer important protections and create significant compliance challenges for health care organizations and providers.  On one hand, health care providers generally rely heavily on their or their patient’s ability to obtain health benefits promised under employer or union-sponsored health plans covering their patients to help reimbursement provider charges.  Meanwhile, health care providers and their leaders also can incur significant liability for failing to comply with ERISA’s rules when establishing and maintaining health or other employee benefit programs for their own employees.  Drawing on her involvement as investigator with the Department of Labor agency primarily responsible for both interpreting and enforcing ERISA’s rules, EBSA Ms. Gotcher will share key updates and insights on both how ERISA and the EBSA can help patients and providers enforce benefit rights under ERISA-covered health plans and key health and highlight employee benefit compliance responsibilities that health care organizations and their leaders need to ensure that their own health and other employee benefit programs meet to avoid violating ERISA.

About the Speaker

Kristi A. Gotcher is an Investigator with the United States Department of Labor, Employee Benefits Security Administration (EBSA) in the Dallas Regional Office.   Kristi began working for EBSA in the Dallas Regional Office in November 2007 as a Benefits Advisor.  She earned her Bachelor of Arts in Social Political Relations from St. Edwards University and a J.D. from Texas Wesleyan University School of Law (now Texas A&M University School of Law).  Ms. Gotcher is licensed to practice law in the State of Texas.

Registration & Meeting Details

The meeting scheduled from 11:30 a.m. to 1:30 p.m. on Tuesday, September 15, 2015 at the DFW Hospital Council Offices located at 250 Decker Drive, Irving Texas.  Participants who timely R.S.V.P. will enjoy a complimentary luncheon. Networking and lunch service will begin at 11:30. Our program will begin at Noon.

NTHCPA encourages members and other interested health care compliance professionals to register early to reserve their spot to participate and to share this invitation with others in the industry who might benefit from participation.

There is no charge to participate in the meeting.  However space is limited and available only on a first come, first serve basis.  To ensure your spot and help us to arrange for adequate space and refreshments for this meeting, R.S.V.P. here as soon as possible and no later than Noon on September 14, 2015.  Walk in guests will be accommodated on a space-available basis only.

Thanks To Meeting Underwriter Stamer ׀ Chadwick ׀ Soefje, PLLC

NTHCPA and its members extend our thanks to Cynthia Marcotte Stamer, P.C. and the other members of Stamer ׀ Chadwick ׀ Soefje PLLC for underwriting this month’s study group luncheon and other support of NTHCPA.

A boutique firm of exceptionally experienced and skilled “big-firm” lawyers committed to changing the way law firms serve their clients, Stamer │Chadwick │Soefje, PLLC delivers sophisticated legal advice and innovative solutions to the most challenging and complex problems. Simply put, Stamer │Chadwick │Soefje, PLLC attorneys are “Solutions Lawyers™.”

Stamer │Chadwick │Soefje, PLLC attorneys deliver sophisticated legal advice and innovative solutions to the most challenging and complex problems. Stamer │Chadwick │Soefje, PLLC attorneys possess the breadth of experience to respond to the unique legal and operational challenges health industry and other clients face and help guide them toward pragmatic resolutions that make sense for them. “Solutions Lawyers™ possess the breadth of experience to respond to the unique challenges our corporate and individual clients face and help guide them toward pragmatic resolutions that make sense for them.

Founded by nationally-known, healthcare and labor & employment attorney Cynthia Marcotte Stamer; labor & employment attorney Robert G. Chadwick; and professional liability and civil litigation attorney Timothy B. Soefje, Stamer │Chadwick │Soefje, PLLC focuses on advising and representing businesses and professionals nationally in the areas of healthcare, cyber liability, ERISA, employee benefits, labor & employment, corporate and commercial litigation, professional liability, construction litigation, and insurance defense.  All three attorneys are rated AV® Preeminent™ by Martindale-Hubbell® Peer Review Ratings™ Ms. Stamer and Mr. Chadwick are both Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, are Fellows in the American Bar Foundation, and recognized as “Top Lawyers” in Labor and Employment Law.  Ms. Stamer also has received recognition as a “Top” attorney in health care and employee benefits law and is a Fellow in the American College of Employee Benefit Council.

Ms. Stamer more than 28 years’ experience advising and representing health industry and employee benefit clients on a wide range of legal, public policy, management and operational concerns as well as extensive leadership and management experience serving in on the board of health industry nonprofit organizations. Nationally recognized for her legal work, advocacy, publications, writings and presentations on health industry concerns, Ms. Stamer provides legal and management advice, training and coaching, defense, public policy and regulatory advocacy to health industry and other clients on health and other regulatory and operational compliance, federal and state public policy and enforcement, managed care and other contracting, reimbursement, fraud, quality, employment, staffing and other workforce, benefits, licensing, credentialing and peer review, safety, disaster preparedness and response, HIPAA and other privacy and data security, corporate governance, investigations and internal controls, and a host of other health industry compliance and risk management and other legal and operational concerns. In addition to her legal experience, Ms. Stamer also contributes her experience and talents to serving in a number of health industry and other civil and professional groups.  Among other things, Ms. Stamer serves as Vice President of the NTHCPA, the RPTE representative to the American Bar Association (ABA) Joint Committee on Employee Benefits Council and scrivener for its annual agency meeting with the Office of Civil Rights, the ABA International Section Life Sciences and Health Law Committee Vice President of Policy, RPTE Liaison to the ABA Health Care Coordinating Counsel, TIPS Employee Benefit Committee Vice Chair, Founder and Executive Director of the Project COPE:  The Coalition on Patient Empowerment, and National Physicians Council for Healthcare Policy.  She also previously served as President and Founding Board Member of the Alliance for Health Care Excellence and its Health Care Heroes and Patient Empowerment Programs, as RPTE Employee Benefits & Other Compensation Group Chair and Welfare Benefit Committee Vice Chair, Exempt Organizations Coordinator of the Gulf States Area TEGE Council, Board President and Audit Committee Chair of the Richardson Development Center for Children ECI Agency, National Kidney Foundation of North Texas Board Audit Committee Chair, the United Way of North Texas Long Range Planning Committee.  She also has and continues to serve in the leadership of many other civic and professional boards, seminar faculties, editorial advisory boards and publishes and speaks extensively on health industry and employee benefit related concerns.

Mr. Chadwick has extensive experience advising and defending health industry and other clients on OSHA and other occupational health and safety, employee benefits, compensation and other labor and employment  concerns as well as defending boards and other management leaders against management liability claims.

Mr. Soefje has extensive experience advising and representing health industry clients and professionals on medical malpractice, officers and directors liability and other professional liability, errors and omissions, construction defect and other litigation and disputes.

For additional information, contact Ms. Stamer cstamer@solutionslawyer.net

About the NTHCPA

NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles.  The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available hereYou also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Examples of some of these recent health care related publications include:


New HIPAA Settlement Highlights Internet Applications Safeguards, Whistleblower & Management Oversight Compliance Risks

July 10, 2015

Health care providers, health insurers, group health plans and health care clearinghouses (Covered Entities), their business associates and their leaders need to ensure the adequacy of the security of internet portals and applications used to create, use, access or disclose protected health information (PHI) and should establish and administer ongoing procedures to monitor and maintain adequate PHI security on an ongoing basis in light of a new Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rule (“HIPAA Rules”) Resolution Agreement with St. Elizabeth’s Medical Center (SEMC) announced today (July 10, 2015) by the Department of Health & Human Services Office of Civil Rights (OCR). Concurrently, the Resolution Agreement also reaffirms the growing involvement of employees and other workforce members as HIPAA “whistleblowers” as well as the need for Covered Entities, business associates and their leaders to ensure that they include and administer documented requirements for board reporting and oversight in their HIPAA compliance and risk management activities.

To settle OCR charges that the Brighton, Massachusetts’s based hospital system violated the HIPAA Rules resulting from OCR’s investigation of a November 16, 2012 complaint made to OCR by SEMC workforce members, SEMC has agreed to pay $218,400 and to implement a “robust corrective action plan” to correct deficiencies in its HIPAA security and other compliance revealed in the investigation.

According to OCR, OCR opened the investigation after employees complained to OCR  that SEMC violated  HIPAA by allowing workforce members to use an internet-based document sharing application to share and store documents containing electronic protected health information (ePHI) of at least 498 individuals without having analyzed the risks associated with such a practice. According to OCR, its investigation of the complaint revealed among other things that:

  • SEMC improperly disclosed the PHI of at least 1,093 individuals;
  • SEMC failed to implement sufficient security measures regarding the transmission of and storage of ePHI to reduce risks and vulnerabilities to a reasonable and appropriate level; and
  • SEMC failed to timely identify and respond to a known security incident, mitigate the harmful effects of the security incident, and document the security incident and its outcome. Separately, on August 25, 2014, SEMC submitted notification to HHS OCR regarding a breach of unsecured ePHI stored on a former SEMC workforce member’s personal laptop and USB flash drive, affecting 595 individuals. A review of detailed corrective action plan imposed under the Resolution Agreement provides helpful insights about some of the steps that OCR is likely to expect Covered Entities and business associates to take to meet its security expectations for internet applications and portals. Beyond imposing a $218,400 penalty (“Resolution Amount”) against SEMC, the Resolution Agreement requires among other things that SEMC in accordance with the Resolution Agreement and to OCR satisfaction.

In announcing the Resolution Agreement, OCR Director Jocelyn Samuels sent a clear message to Covered Entities and their business associates to confirm and maintain the adequacy of security of internet portals and applications used in connection with PHI. “Organizations must pay particular attention to HIPAA’s requirements when using internet-based document sharing applications,” said OCR Director Jocelyn Samuels. “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”

  • To self-assess the adequacy of its policies and workforce and operations compliance with HIPAA including conducting unannounced audits of SEMC workforce members’ familiarity and compliance with SEMC policies and procedures on transmitting ePHI using unauthorized networks; storing ePHI on unauthorized information systems, including unsecured networks and devices; removal of ePHI from SEMC; prohibition on sharing accounts and passwords for ePHI access or storage; encryption of portable devices that access or store ePHI; security incident reporting related to ePHI;
  • The adequacy of workforce compliance with these policies by conducting unannounced site visits to various SEMC departments, inspections of certain laptops, smartphones, storage media and other portable devices as well as on workstations and other devices containing ePHI;
  • To identify and report to OCR any material compliance issues with the policies and recommendations for improving these policies and procedures, oversight and supervision, or training;
  • Develop and implement to OCR satisfaction corrections to policies, practice and training along with oversight mechanisms reasonably tailored to ensure that all SEMC workforce members follow such policies and procedures, and only use and disclose ePHI appropriately;
  • Collect and retain for OCR review and approval certain documentation of compliance; and
  • Conduct documented investigations of potential violations, redress and report to OCR about investigations and violations.

First, management should take special note that members of the SEMC workforce made the complaint to OCR that prompted OCR’s investigation.

As in other health care compliance areas, required workforce training coupled with HIPAA’s anti-retaliation and whistleblower protections provide encouragement if not incentives for disgruntled or well-meaning employees or other workforce members and business partners of covered entities or business associates make complaints about suspected HIPAA or other compliance concerns internally or to OCR. Management needs to take appropriate steps to ensure that its policies and processes include appropriate privacy and human resources procedures to manage both its HIPAA compliance obligations and potential retaliation and other human resources exposures that can result if these concerns are mishandled.   Employee & Other Whistleblower Complaints Common Source of HIPAA Privacy & Other Complaints.  Effective health plan and employer HIPAA and human resources compliance, reporting internal investigation and risk management policies and practices are critical to manage both HIPAA and other compliance exposures and the retaliation and other human resources risks that inevitably arise when employees or other workforce members or business partners raise compliance concerns or participate in compliance investigations internally or externally.

Second, the Resolution Agreement also reflects the clear expectation that management of Covered Entities and business associates make compliance with HIPAA a priority. Consistent with its recent practice, the Resolution Agreement requires management oversight and accountability for ensuring compliance with the Resolution Agreement and HIPAA by requiring an officer to attest to the fulfillment of the requirements of the Resolution Agreement. This emphasis upon requiring leadership oversight and prioritization of HIPAA compliance tracks the broader general expectations regarding responsibilities for management and boards concerning compliance with HIPAA and other federal health care increasingly articulated by HHS and other federal agencies enforcing laws subject to the Federal Sentencing Guidelines like HIPAA, See e.g. Practical Guidance for Health Care Governing Boards on Compliance Oversight. While OCR officials have indicated that the need for officer attestation like that required by the Resolution Agreement may not be required in all cases, the inclusion of these requirements coupled with these other developments sends a strong message that Boards and other management should ensure that their processes include appropriate evidence and document retention of management oversight.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Board Certified in Labor & Employment Law, and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 27 years’ experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here. You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources. Examples of some of these recent health care related publications include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press, Inc. All other rights reserved.


Use New State Ebola Protocol Table In Ebola Prevention & Management Planning

January 10, 2015

Health care providers, public health, school, and other community organizations, employers and other business leaders and others concerned about continuing Ebola and other pandemic prevention and containment should check out the new table of State Ebola Protocols Table compiled by the Centers for Disease Control (CDC) to help law and policy makers prepare for and respond to Ebola-related situations As part of continuing Federal efforts to make up for lost time on helping U.S. health care providers and communities prepare to prevent and respond to Ebola outbreak risks since the death of  Liberian Ebola patient Thomas Eric Duncan at a in Dallas hospital last year alerted Americans to the risks and need for tighter preparations.

While the Dallas hospital that treated Mr. Duncan paid a settlement to his family and faced other widespread criticism and negative publicity, it then has become clear that misinformation provided by the patient, the original presentation of the patient with flu-like symptoms,  the Obama Administration’s reluctance to adopt policies or communications that might interfere with its pro-immigration political agenda, the CDC’s failure to maintain and communicate the most current health care information to health care providers and communities, the CDC’s academic rather than operational emphasis, EMTALA mandates that forced the hospital to triage the patient, Medicaid and other insurance payment protocols that would have as medically unnecessary screening tests in the absence of more clear risk factors, federal licensing restrictions on the use of testing and a host of other limits and deficiencies in the Federal government’s preparations and response to Ebola and other communication risks, left Texas Health Resources and other U.S. health care providers, as well as U.S schools, public service agencies, employers and others at a great disadvantage in their efforts to deal with the outbreak.  After denying the seriousness of Ebola risk concerns for several weeks, the diagnosis with Ebola of health care providers that treated Mr. Duncan and subsequent death and diagnosis resulted in the CDC and other federal and state agencies stepping up their Ebola preparation and guidelines.  In keeping with this ongoing commitment, CDC says the CDC now will continue to update the State guidelines table as states continue to modify their Ebola response protocols.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related developments or other risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Unpatched and Unsupported Software Triggers Latest HIPAA Security Breach Resolution Agreement

December 11, 2014

Health care providers, health plans, health care clearinghouses (covered entities) and their business associates need to watch for and protect protected health information (PHI) against security exposures from unpatched or unsupported software and other weaknesses in their data security protections as part of their compliance obligations under the Security Rules of the Health Insurance Portability & Accountability Act (HIPAA).

The need to monitor and address data security threats associated with unpatched or unsupported software is demonstrated by the December 9, 2014 announcement by the U.S. Department of Health & Human Services (HHS) Office of Civil Rights (OCR) that Anchorage Community Mental Health Services (ACMHS) will pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program resulting from unpatched and unsupported software.

OCR opened an investigation against the five-facility, nonprofit provider of behavioral health care services to children, adults, and families in Anchorage, Alaska after receiving notification from ACMHS of a breach of unsecured electronic protected health information (ePHI) affecting 2,743 individuals due to malware compromising the security of its information technology resources.

According to the OCR announcement of the ACMHS Resolution Agreement with OCR, OCR’s investigation revealed that ACMHS had adopted sample Security Rule policies and procedures in 2005, but failed to follow these procedures. Moreover, OCR found that the reported security incident directly resulted of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software.

“Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis,” said OCR Director Jocelyn Samuels. “This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”

In an effort to promote awareness of the need to assess and monitor the security of ePHI by covered entities and business associates, OCR continues to encourage covered entities and business associates to conduct regular documented evaluations of the adequacy of their ePHI safeguards and systems. To aid in this process, OCR and the Office of the National Coordinator for Health Information Technology have created a Security Rule Risk Assessment Tool available here to assist organizations that handle PHI in conducting a regular review of the administrative, physical and technical safeguards they have in place to protect the security of the information. Since OCR points to the Tool as a resource, covered entities and business associates should anticipate that their failure to identify and address any deficiencies in the areas identified by the tools as a potentially serious compliance issue. As a result, covered entities and business associates likely will want to take steps to ensure that their records include documented review of the adequacy of the security safeguards identified in the Tool. At the same time, covered entities and their business associates should not assume that the Tool adequately covers all potential HIPAA Security Rule exposures. OCR has made clear in this and other Resolution Agreements that HIPAA’s Security Rule requires ongoing monitoring and assessment of the adequacy of security in response to changes in software or system, emerging threats and other developments.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Congress Sends Bill To Fast Track FDA Ebola Treatment Review & HHS Declaration Gives Ebola Treatment Manufacturers Special Immunity

December 11, 2014

As part of Washington’s late response to the Ebola outbreak crisis, the House and Senate in the past week have passed legislation that if signed by the President as expected will add Ebola and other filoviruses to the list of diseases eligible for fast track review by the Food and Drug Administration (FDA) under the FDA Priority Review Voucher Program (Program).

The FDA Program awards vouchers to sponsors of human drug applications that are approved to prevent or treat designated tropical diseases. A voucher entitles the holder to have a future human drug application acted upon by the FDA within six months.

The House on December 3, 2014 and the Senate on December 10, 2014 respectively passed the “FDA Priority Review Voucher Program Act,” (S.B. 2917/H.B. 5729) (the “Bill”) that will amend the Federal Food, Drug, and Cosmetic Act to add Ebola and other filoviruses to the list of diseases covered by the Program. The Bill also seeks to expedite FDA approval of Ebola and other designated disease treatments by:

  • Changing the process by which infectious diseases that do not significantly impact developed nations and disproportionately affect poor and marginalized populations can be designated as tropical diseases from rulemaking to order of the Secretary of Health and Human Services (HHS).
  • Allowing priority review vouchers to be transferred between sponsors of human drug applications any number of times.
  • Reducing from 365 days to 90 days the advance notice required before submitting a human drug application subject to a priority review voucher.

Congress sent the Bill to the President just one day after Department of Health & Human Services (HHS) Secretary Sylvia M. Burwell today announced a declaration under the Public Readiness and Emergency Preparedness (PREP) Act HHS says it hopes will “facilitate the development and availability of experimental Ebola vaccines in hopes of  helping combat the current epidemic in West Africa and help prevent future outbreaks there.”

Fighting the disease in Africa has been the primary focus of the Obama Administration’s Ebola response.  The December 9, 2014 HHS declaration provides immunity under United States law against legal claims related to the manufacturing, testing, development, distribution, and administration of three vaccines for Ebola virus disease. It does not, generally, provide immunity for a claim brought in a court outside the United States.

For many years, the U.S. has encouraged vaccine development by managing liability and compensation, starting with the National Childhood Vaccine Injury Act of 1986. The PREP Act was designed to facilitate the development of medical countermeasures to respond to urgent public health needs, including the development of critical vaccines like those to prevent the spread of Ebola. This U.S. declaration under the PREP act is part of a global dialogue to address these issues in the U.S., and other countries where the vaccine is being developed, manufactured and potentially used.

“My strong hope in issuing this PREP Act declaration in the United States is that other nations will also enact appropriate liability protection and compensation legislation,” said Secretary Burwell. “As a global community, we must ensure that legitimate concerns about liability do not hold back the possibility of developing an Ebola vaccine, an essential strategy in our global response to the Ebola epidemic in West Africa.”

HHS hopes the PREP Act declaration will strengthen the incentive to conduct research and spur development, manufacturing, and the potential use of the vaccines in large scale vaccination campaigns in West Africa. The PREP Act declaration provides legal protection under U.S. law for three vaccine candidates:

  • the GlaxoSmithKline’s Recombinant Replication Deficient Chimpanzee Adenovirus Type 3-Vectored Ebola Zaire Vaccine known as ChAd3-EBO-Z;
  • the BPSC1001 vaccine, known as rVSV-ZEBOV-GP, made by BioProtection Services Corporation, a subsidiary of Newlink Genetics; and
  • the Ad26.ZEBOV/MVA-BN-Filo vaccine manufactured by Janssen Corporation, subsidiary of Johnson & Johnson/Bavarian Nordic.

Similar PREP Act declarations have been issued, revised or renewed 14 times since the Act was signed in 2005. Past declarations have covered vaccines used in H5N1 pandemic influenza clinical trials in 2008, products related to the H1N1 influenza pandemic in 2009, and the development and manufacturing of antitoxins to treat botulism in 2008.  For more information about the PREP Act, see here .

The Bill and the HHS PREP Act declaration are the latest efforts to provide what many health care providers see as a long overdue response to the Ebola outbreak in the wake of the diagnosis and subsequent death of an Ebola patient in Dallas lead to his death and the infection of nurses involved in his treatment, and a small number of other Ebola victims in the United States raised national awareness and concern.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related developments or other risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Preparing Privacy Compliance For Emergencies-Ebola Crisis Prompts HHS OCR To Share Guidance On HIPAA Privacy in Emergency Situations

November 11, 2014

The recent US Ebola scare provided an important reminder to health care providers, health insurers and health plans, health care clearinghouses, employers and others of the importance of understanding and preparing to deal with health care privacy and other challenges arising from epidemics and other emergencies.  In response to the recent Ebola and other contagious disease outbreaks and just as U.S. health care and other business leaders are working to prepare for the biggest contagious disease time of the year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is reminding health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates that the privacy rules of the Health Insurance Portability & Accountability Act (HIPAA) requiring Covered Entities and their business associates to limit the use, access and disclosure of patient’s protected health information (PHI) continue to apply during emergency situations and help them understand when HIPAA allows them to share PHI in emergency situations in a new notice titled “HIPAA Privacy in Emergency Situations” (Guidance) published November 10, 2014. A business associate of a covered entity (including a business associate that is a subcontractor) also must continue to comply with HIPAA and may only make disclosures permitted by the Privacy Rule on behalf of a Covered Entity or another business associate to the extent authorized by its business associate agreement and consistent with HIPAA’s requirements.

Sharing Patient Information

The Guidance begins by reminding Covered Entities and their business associates that HIPAA’s Privacy Rule continues to apply in emergency situations and requires Covered Entities protect and prohibits their use, access or disclosure of patient’s protected health information except as allowed by HIPAA unless the patient authorizes the Covered Entity to disclose the PHI in accordance with HIPAA’s requirements for authorization set forth in 45 CFR 164.508.

The Guidance then goes on to discuss the following circumstances that the HIPAA Privacy Rule might allow Covered Entities to share PHI without getting patient authorization, subject to the reminder that in many cases, HIPAA will require that the Covered Entity limit the disclosure to the minimum necessary disclosure necessary for the allowable purpose and require other conditions to be fulfilled:

  • Treatment.

Under the Privacy Rule, covered entities may disclose, without a patient’s authorization, protected health information about the patient as necessary to treat the patient or to treat a different patient. Treatment includes the coordination or management of health care and related services by one or more health care providers and others, consultation between providers, and the referral of patients for treatment. See 45 CFR §§ 164.502(a)(1)(ii), 164.506(c), and the definition of “treatment” at 164.501.

  • Public Health Activities.

The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information that is necessary to carry out their public health mission. Therefore, the Privacy Rule permits covered entities to disclose needed protected health information without individual authorization:

  • To Or At The Direction Of A Public Health Authority.

The HIPAA Privacy Rule allows Covered Entities to share protected health information with Public Health Authorities authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury or disability like the Centers for Disease Control and Prevention (CDC) or a state or local health department. This would include, for example, the reporting of disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions. A “public health authority” is an agency or authority of the United States government, a State, a territory, a political subdivision of a State or territory, or Indian tribe that is responsible for public health matters as part of its official mandate, as well as a person or entity acting under a grant of authority from, or under a contract with, a public health agency. See 45 CFR §§ 164.501 and 164.512(b)(1)(i). For example, a covered entity may disclose to the CDC protected health information on an ongoing basis as needed to report all prior and prospective cases of patients exposed to or suspected or confirmed to have Ebola virus disease.

The HIPAA Privacy Rule also allows Covered Entities to share information at the direction of a public health authority:

    • To a foreign government agency that is acting in collaboration with the public health authority. See 45 CFR 164.512(b)(1)(i); and
    • To persons at risk of contracting or spreading a disease or condition if other law, such as state law, authorizes the covered entity to notify such persons as necessary to prevent or control the spread of the disease or otherwise to carry out public health interventions or investigations. See 45 CFR 164.512(b)(1)(iv)
  • Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification.

The HIPAA Privacy Rule allows a Covered Entity to share protected health information:

    • With a patient’s family members, relatives, friends, or other persons identified by the patient as involved in the patient’s care;
    • About a patient as necessary to identify, locate, and notify family members, guardians, or anyone else responsible for the patient’s care, of the patient’s location, general condition, or death including where necessary to notify family members and others, the police, the press, or the public at large. See 45 CFR 164.510(b).

The Guidance reminds Covered Entities, however, that the Privacy Rule requires the Covered Entity to get verbal permission from individuals or otherwise be able to reasonably infer that the patient does not object, when possible. If the individual is incapacitated or not available, the Guidance states Covered Entities may share information for these purposes if, in their professional judgment, doing so is in the patient’s best interest.

The Guidance also confirms that Covered Entities may share protected health information with disaster relief organizations authorized by law or by their charters to assist in disaster relief efforts like the American Red Cross for the purpose of coordinating the notification of family members or other persons involved in the patient’s care, of the patient’s location, general condition, or death. It is unnecessary to obtain a patient’s permission to share the information in this situation if doing so would interfere with the organization’s ability to respond to the emergency.

  • Imminent Danger

The Guidance also states that Covered Entities that are health care providers may share patient information with anyone as necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public – consistent with applicable law (such as state statutes, regulations, or case law) and the provider’s standards of ethical conduct. See 45 CFR 164.512(j).

  • Disclosures to the Media & Others Not Involved in the Care of the Patient/Notification

The Guidance also reminds Covered Entities of the importance of closely adhering to HIPAA’s rules when responding to information requests from the medial or others not involved in the care of a patient. The Guidance states that when the media or other other party not involved un the patient’s care asks the Covered Entity for information about a particular patient by name, a hospital or other health care facility may release limited facility directory information to acknowledge an individual is a patient at the facility and provide basic information about the patient’s condition in general terms (e.g., critical or stable, deceased, or treated and released) if the patient has not objected to or restricted the release of such information or, if the patient is incapacitated, if the disclosure is believed to be in the best interest of the patient and is consistent with any prior expressed preferences of the patient. See 45 CFR 164.510(a). In general, except in the limited circumstances authorized in the HIPAA Privacy Rule, affirmative reporting to the media or the public at large about an identifiable patient, or the disclosure to the public or media of specific information about treatment of an identifiable patient, such as specific tests, test results or details of a patient’s illness, may not be done without the patient’s written authorization (or the written authorization of a personal representative who is a person legally authorized to make health care decisions for the patient).

  • Minimum Necessary Restriction Requirement

The Guidance cautions Covered Entities and their business associates that for most disclosures, a Covered Entity generally must make reasonable efforts to limit the information disclosed to that which is the “minimum necessary” to accomplish the purpose. However, this minimum necessary requirement does not apply to disclosures to health care providers for treatment purposes.

Covered Entities may rely on representations from a public health authority or other public official that the requested information is the minimum necessary when making disclosures in response to request from those parties. For example, a covered entity may rely on representations from the CDC that the protected health information requested by the CDC about all patients exposed to or suspected or confirmed to have Ebola virus disease is the minimum necessary for the public health purpose.

  • Required Internal Restrictions On Use, Access & Disclosure

Internally, covered entities should continue to apply their role-based access policies to limit access to protected health information to only those workforce members who need it to carry out their duties. See 45 CFR §§ 164.502(b), 164.514(d).

Safeguarding Patient Information

Beyond limiting the use, access and disclosure of PHI, the Guidance also reminds Covered Entities and their business associates that even in emergency situations, HIPAA continues to require them to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures as well as to apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic PHI.

Limited Waiver

Although HHS has yet to take steps to trigger a limited waiver, the Guidance also reminds Covered Entities and their business associates that HHS has the power to do so, the effect of a limited waiver and the circumstances under which HHS could elect to apply  a limited waiver to waive sanctions against a hospital for certain specific types of HIPAA violations while the waiver is in effect.

As the Guidance notes, the HIPAA Privacy Rule is not suspended during a public health or other emergency.  Rather, the limited waiver rules only operates to permit the Secretary of HHS to waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act. The limited waiver only applies when the President declares an emergency or disaster and HHS declares a public health emergency. When and if these requirements are met, HHS may waive sanctions and penalties against a Covered Entity that is a hospital for failing to comply with the following HIPAA Privacy Rule provisions:

  • The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).
  • The requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a).
  • The requirement to distribute a notice of privacy practices. See 45 CFR 164.520.
  • The patient’s right to request privacy restrictions. See 45 CFR 164.522(a).
  • The patient’s right to request confidential communications. See 45 CFR 164.522(b).

If the Secretary issues such a waiver, Covered Entities and their business associates should keep in mind the waiver only applies to the list violations and only applies:

  • For so long as the waiver remains in effect;
  • In the emergency area and for the emergency period identified in the public health emergency declaration
  • To hospitals that have instituted a disaster protocol; and
  • For up to 72 hours from the time the hospital implements its disaster protocol.

When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.

Not Necessarily Just About HIPAA

HIPAA is not necessarily the only law that Covered Entities, business associates or others need to consider when deciding what to disclose during an emergency or otherwise.  The HIPAA Privacy Rule applies to disclosures made by and Covered Entities, business associates employees, volunteers, and other members of a Covered Entity’s or Business Associate’s workforce. The Privacy Rule does not apply to disclosures made by entities or other persons who are not Covered Entities.

Beyond HIPAA, Covered Entities, their business associates or members of their workforce, employers, and other organizations also need to consider whether other federal or state laws, ethical rules, contracts or policies may restrict use or disclosure, safeguard, or take other steps to protect PHI or other information.  For instance, other federal laws, state law, professional ethical rules, contracts, facility policies or procedures, or other restrictions often apply to health care provides, insurers, brokers, employers or others.  Employers, health care organizations, insurers and others also need to be concerned about potential discrimination, common law and statutory privacy, retaliation, defamation and other exposures.

Prepare For Compliance Now

The recent experiences of various health care organizations intimately involved in caring for the Ebola patients highlights the importance of anticipating, preparing and conducting training, and having your workforce practice to prepare  to deal with the special challenges of dealing with HIPAA and other legal responsibilities in advance of emergency events.  When preparing for these events, Covered Entities and business associates need to take into account the need to comply operationally as well as to document and retain records of compliance.   They should  both should anticipate and prepare to respond to both typical inquiries as well as those from the media, public and others.   They also should consider how various types of emergencies could create new privacy or security risks.  For instance, in certain emergency situations, recordkeeping or other systems could be disrupted, impacting the ability retain and subsequently produce required documentation.  Furthermore, Covered Entities also should prepare to manage the patient and public relations aspects of these events including adverse impressions that often arise when the media or others are disappointed at being denied information because of compliance obligations, from breaches or perceived breaches, or other similar events.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Doc Caught Submitting Conflicting Patient Records to Private Payer Versus Medicare Criminally Sentence, Pays Civil Settlement

July 23, 2013

The  recent criminal sentencing and civil settlement of Illinois physician Dr. Mahmoud Yassin highlights the growing- but too often appreciated exposure of physicians and other health care providers and their billing or other management who submit conflicting claims data to private and government claims or otherwise permit in false  falsely bill or participate in the cover-up of fraudulent or other improper billings to payers.  The Yassin sentencing is notable both because Yassin incurred criminal liability for obstruction based on his presentation of altered patient records to a private payer and and civil liability for  making false claims to Medicare and others.

Yassin was sentenced July 22, 2013 to serve 30 days in prison and 3 years of probation and to pay  a fine of $10,000, a special assessment of $100, and restitution to Blue Cross Blue Shield of Illinois in the amount of $19,615.17 in federal district court in Benton, Illinois for Obstructing a Criminal Health Care Fraud Investigator.  The felony obstruction conviction stemmed from charges that on March 2, 2012, when a FBI agent, having served a subpoena for patient records on Dr. Yassin, gave an altered patient progress note  that showed an in-office examination previously claimed to an insurance carrier, but which had not taken place.

In a separate civil settlement with the United States Attorney’s Office regarding false claims to Medicare, Dr. Yassin also previously has paid double damages for $87,348.64. The restitution and civil false claims settlement were based on claims for in person office visits in which the patient either failed to show up for an appointment or only was spoken to by telephone.

The Yassin prosecution demonstrates the importance of providers getting their records and billings straight when billing both private payers and government payers.  While most  health care providers recognize  the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ), many  don’t recognize their exposure from private payer billings or the potential interaction between private and government claims investigations  Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.  Furthermore, federal fraud investigators and private payers increasingly are working together on the investigation and redress of false billing and other aggressive practices.  These and other risks mean that providers cannot afford to be unprepared when asked to respond to investigations like one that lead to the Yassin conviction, recoupment or other audit and enforcement actions  See,  Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings.   Rather, physicians and other health care clinics must be ready to prove and defend their billings to public and private payers.  In both cases, these preparations should ensure that records accurately and completely document the care provided, that the coding and billing applied is reflective of actual care and consistent with existing reimbursement, and otherwise defensible.  As demonstrated by Yassin, inconsistencies between records presented to different payers should be avoided.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


OCR To Covered Entities: Learn From WellPoint $1.7 Settlement

July 12, 2013

WellPoint $1.7 M HIPAA Settlement Expensive Lesson On HIPAA Risks Of Leaving PHI Too Accessible In Web-Based Applications

With health care providers, health care organizations and others increasingly using Web-based applications and portals in operations and patient communications, managed care company WellPoint Inc. (WellPoint) is learning a $1.7 million lesson about the importance of ensuring Web-based applications and portals that allow access to members or other consumers protected health information (PHI) incorporate the administrative, technical and other security safeguards required by the Health Insurance Portability & Accountability Act (HIPAA) Privacy and Security rules.

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced late yesterday (July 11, 2013) that WellPoint has agreed to pay $1.7 million to settle OCR charges that WellPoint violated the HIPAA Security Rule and left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet by failing to implement appropriate administrative and technical safeguards in its Web-based applications. See WellPoint HIPAA Settlement Press Release.

Web-based application use is increasingly popular among health care providers, health plans, employers and others.   Health care providers use them for health care operations, as well as patient engagement and communication tools.  Employers and health plans use them both in plan administration and as member tools.

The WellPoint settlement shows that managed care and other health insurers, health plans and their employer or other sponsors, health care providers, health care clearinghouses (Covered Entities) and their business associates can’t let their enthusiasm for the ease of use of these products to compromise the security of PHI.

Rather, health care providers and other Covered Entities, employer and other  health plan sponsors, their business associates, and the Web and other technology developers, providers and consultants marketing products, services or other solutions to these organizations should learn from WellPoint’s hard lesson to ensure that current and future Web-based applications, portals and other information system components that are or could be used to provide access to PHI incorporate the Security Rule safeguards both when originally implemented and with each subsequent upgrade.

HIPAA Privacy, Security & Breach Notification Rules Require PHI Safeguards & Other Protections

The Breach Notification Rule added to HIPAA under the Health Information Technology for Economic and Clinical Health, or HITECH Act requires HIPAA-covered entities to notify OCR, affected individuals and the media promptly of a breach of “unsecured protected health information” (UPHI) impacting more than 500 individuals.  For smaller breaches, the Breach Notification Rule still requires prompt notice to impacted individuals, but allows Covered Entities to disclose the breach to OCR as part of an annual breach report and to forego notification to the media. UPHI generally includes any PHI, whether or not ePHI that is not either secured or destroyed in the manner described by the Breach Notification Rules.

In addition to the Breach Notification Rule, most Covered Entities and their business associates also are subject to state laws or regulations that impose similar or additional breach notification and other standards and responsibilities on the protection of personal health or other data including required notification and other responses following a breach of the security of UPHI or other PHI.

WellPoint’s $1.7 HIPAA Security Mistake

WellPoint’s $1.7 million settlement lesson resulted from an OCR investigation started in response to a breach report WellPoint submitted to comply with the Breach Notification Rules.

According to OCR, the Breach Report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.

OCR says its investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule.  According to OCR, WellPoint did not:

  • Adequately implement policies and procedures for authorizing access to the on-line application database;
  • Perform an appropriate  technical evaluation in response to a software upgrade to its information systems; or
  • Have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

As a result, OCR concluded that from October 23, 2009 until March 7, 2010, WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to their ePHI maintained in the application database. This data included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

Under the resulting WellPoint HIPAA Resolution Agreement, WellPoint must pay OCR a $1.7 million settlement payment as well as take a series of corrective actions to correct the deficiencies in its policies and practices that resulted in the reported breach to minimize future risks of breaches resulting from these deficient.

OCR Warns Learn From WellPoint’s Experience

All Covered Entities and their business associates and leaders should heed the lesson sent to them by OCR in announcing the WellPoint settlement and take appropriate steps other to ensure that appropriate policies and safeguards are adopted and applied in selecting and implementing future application or system upgrades, as well as review existing systems to ensure that the security of existing systems and applications have incorporated and apply the requisite safeguards.

OCR made clear that the WellPoint settlement is intended to send a message to Covered Entities and their business associates to ensure that these steps are appropriately taken.  The settlement announcement states:

This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet. Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet.

The settlement announcement also reminds business associates that OCR will begin holding them directly accountable along with their Covered Entity clients for complying with many HIPAA requirements beginning in September, stating:

Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

Take Documented Steps To Show You Hear OCR’s Messages

Covered entities and their business associates and leaders, and vendors and consultants offering services or products to them should take care to conduct careful and well-documented reviews and implement corrective actions necessary to show their applications and systems, policies and practices reflect their strong commitment and action to appropriately protect PHI in accordance with the expectations shown by the WellPoint HIPAA Resolution Agreement and other OCR settlements, OCR’s updated HIPAA regulations, and other OCR and industry information.

In addition to the guidance set forth in OCR’s Resolution Agreements with WellPoint and other Covered Entities, revisions to OCR’s Privacy and Security Rules in OCR’s 2013 restatement of its regulations here cause all Covered Entities and their business associates conduct a well-documented reassessment of the adequacy of their existing policies, systems and practices and steps taken to redress any uncovered gaps.

Among other things, the 2013 Regulations:

  • Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
  • Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
  • Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
  • Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
  • Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act  that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
  • Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
  • Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Covered Entities were required to begin complying with most of these rule changes earlier this year.  However, delayed compliance dates in the 2013 Regulations allowed Covered Entities and Business Associates to delay updates to pre-existing business associate agreements and the date that OCR would begin enforcing many of the HIPAA Rules directly against business associates to September 23, 2013.

Even without the necessity Settlements like that involving WellPoint, these 2013 Regulations make it imperative that Covered Entities to take the necessary steps to conduct an appropriate and well-documented review  and update as needed their systems, policies and practices,  business associate agreements, training and documentation.

With self-disclosures of breaches mandated by the Breach Notification Rules and OCR audits and enforcement rising, careful documentation of these activities and its analysis is necessary so that Covered Entities can be in a position to show OCR that the risk assessments required by the Security Rules was conducted as well as the efforts and commitment of the Covered Entity or business associate in the event of a breach investigation or audit. Yesterday’s WellPoint HIPAA announcement is just the latest in an ever-growing list of examples of the expensive consequences that can result if a Covered Entity or business associate cannot produce this documentation in response to an OCR audit or investigation. See, e.g.  OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks$1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other SafeguardsIn contrast, the OCR website also provides a multitude of examples showing how the ability to produce documentation and other evidence showing diligent efforts to comply has helped other covered entities that fall under OCR investigation to avoid or mitigate serious sanctions.

Coupled with statements by OCR about its intolerance, the WellPoint and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions against WellPoint and others, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable.  Covered Entities and business associates should document this review in a manner that both reflects the scope and diligence of their activities including relevant considerations and decision-making about identified potential susceptibilities and reasoning about the adequacy of safeguards and other solutions.

Because this review is likely to uncover existing or past deficiencies or breaches, most covered entities and business associates will want to discuss with qualified legal counsel the planned assessment within the scope of attorney-client privilege to understand when and how to conduct the assessment to preserve options to claim attorney-client privilege to protect sensitive work product or discussions that may result in the course of the investigation within the attorney-client communication, work product or other evidentiary privileges, evaluation of the adequacy and appropriateness of the audit and resulting investigations and its documentation, and other assistance in strengthening the defensibility of compliance and risk management activities.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health care providers, health plans and their sponsors, their workforces, professional associations and others.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Improper Billing Of Private Payers Increasing Source Of Liability & Risk For Providers

July 8, 2013

Physicians or other health care providers now have even more to worry about when a Medicare or other federal program audit reveals overpayments – repayment demands from commercial insurers and self-insured health plans, who are secondary payers.  Federal officials and private payers alike increasingly are coming after providers to recover overpayments or other inappropriate billings identified through audits or other investigations.  In the face of these actions, providers should use care to ensure that their billing and compliance programs appropriately manage and monitor the defensibility of claims billed to private payers as well as those to Medicare or other government programs.

Most  health care providers recognize  the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ).

Unfortunately, many health care providers don’t recognize that overbilling private payers can carry similar risks and liabilities.  Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.

While CMS, OIG and DOJ tend to emphasize Medicare and other federal program recoveries in media releases about their overbilling and health care fraud enforcement efforts, careful review of these actions increasingly shows that these enforcement actions often also cover overbilling of private health plans uncovered in connection with the underlying  Medicare or other federal program overpayment audit or investigation.   For instance, upcoding and other false billing of claims was the basis of the federal criminal health care fraud prosecution of the Chief Executive Officer of a small, rural Texas health care clinic.  Texas Clinic CEO Sentence Highlights Risks Of Upcoding. See, also Pharmas Face New Pressure To Put Patients Before Profits After GlaxoSmithKline Record $3 Billion Health Care Fraud & FDCA Settlement.

Unfortunately, many providers have failed to recognize and adequately respond to these and other clear indicators of their exposure to fraud, recoupment and other enforcement actions from sloppy or otherwise improper billings to private insurers and self insured plans.  With health care reform increasingly focusing on reducing health care expenditures in the private as well as public arena, already existing federal and state enforcement against providers for improper billing of private payers will inevitably grown.

Taking into account these and other trends toward stepped up enforcement against aggressive billing by providers of private insurance or self-insured plans, physicians and other providers should not be surprised or unprepared to respond to recoupment or other audit and enforcement actions like that recently reported by Nina Youngstrom in AIS Health about the recoupment demands by commercial insurers against a Kansas health care clinic based on the Medicare audit findings of overpayments. See,  Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings.   Rather, physicians and other health care clinics must be ready to prove and defend their billings to private payers as well as Medicare and other government payers.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


OCR Shares New Tools to Educate Consumers and Providers about HIPAA Privacy and Security

April 30, 2013

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has developed an array of new tools to educate consumers and health care providers about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.  

Many consumers are unfamiliar with their rights under the HIPAA Privacy Rule.  With that in mind, OCR has posted a series of factsheets, also available in eight languages, to inform consumers about their rights under the HIPAA Privacy Rule. These materials are available on OCR’s website here

The fact sheets compliment a set of seven consumer-facing videos released earlier this year on OCR’s YouTube channel.  An additional video, The HIPAA Security Rule, has been designed for providers in small practices and offers an overview of how to establish basic safeguards to protect patient information and comply with the Security Rule’s requirements. The videos are available on the HHS OCR YouTube Channel at here.

OCR has also launched three modules for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules, available at Medscape.org:

  • Patient Privacy: A Guide for Providers at here;
  • HIPAA and You: Building a Culture of Compliance here; and
  • Examining Compliance with the HIPAA Privacy Rule here.

The Medscape modules offer free Continuing Medical Education (CME) credits for physicians and Continuing Education (CE) credits for health care professionals. 

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls.  Extensively published and a popular speaker on HIPAA and other data security matters, Ms. Stamer works extensively with health care providers, health plans, employers, insurance and financial services, technology and other clients on privacy, data seurity and other privacy and cybercrime concerns.  She also serves as the Scribe for the ABA JCEB Agency Techical Sessions Meetings with the Office of Civil Rights which occur each May in Washington, D.C.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


HHS Publishes Medicaid Expansion Final Regs, Invites Public Comment

April 1, 2013

The Department of Health & Human Services (HHS) has published its final rule with a request for comments that provides, effective January 1, 2014, the federal government will pay 100 percent of the cost of certain newly eligible adult Medicaid beneficiaries.  These payments will be in effect through 2016, phasing down to a permanent 90 percent matching rate by 2020.  The Affordable Care Act authorizes states to expand Medicaid to adult Americans under age 65 with income of up to 133 percent of the federal poverty level (approximately $15,000 for a single adult in 2012) and provides unprecedented federal funding for these states.

Under the Affordable Care Act, states that cover the new adult group in Medicaid will have 100 percent of the costs of newly eligible Americans paid for by the federal government in 2014, 2015, and 2016. The federal government’s contribution is then phased-down gradually to 90 percent by 2020, and remains there permanently.  For states that had coverage expansions in effect prior to enactment of the Affordable Care Act, the rule also provides information about the availability of an increased FMAP for certain adults who are not newly eligible.

For the full text of the final rule, see http://www.ofr.gov/inspection.aspx.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Hospitals with 2012 CMS Adverse Complaint Inspection Reports in AHCJ Data Bank Should Prepare Response

March 27, 2013

Acute-care and critical access hospitals that had adverse complaint inspections in 2012 by the Centers for Medicare & Medicaid Services (CMS) may want to prepare to respond to press and public inquiries.  The Association of Health Care Journalists (AHCJ) updated its website, healthcareinspectionreports.com, to include details about deficiencies cited during complaint inspections at acute-care and critical access hospitals throughout the United States since January 1, 2011 obtained from CMS. 

Although AHCJ cautions in its website that the posted data should not be used to rank hospitals because of omissions and limitations in the data, hospitals with posted reports in the data bank should expect that the reports on their hospital may draw the attention of the media, patients, health plans and others.

AHCJ publishes the reports, which historically have not been easily accessible to the general public.  AHCJ cautions that the data is not necessarily complete and should not be used to rank hospitals within a state.  AHCJ says data on acute-care and critical hospital access hospitals is incomplete because CMS has just begun gathering this data and releasing it in electronic format. AHCJ also says some reports are missing narrative details. Beyond that, CMS acknowledges that other reports that should appear may not.  It does not include results of routine inspections or those of psychiatric hospitals or long-term care hospitals. It also does not include hospital responses to deficiencies cited during inspections. Those can be obtained by filing a request with a hospital or the U.S. Centers for Medicare and Medicaid Services (CMS).AHCJ to make future iterations of this data more complete. At this time, this data should not be used to rank hospitals within a state or between states. It can be used to review issues identified at hospitals during recent inspections.

Subject to these limitations, an individual wishing to review the available data can click  on a state on the map will retrieve a list of all hospitals with their violations grouped together.

In anticipation of potential media or public review and reaction to the AHCJ website posting, hospitals with adverse reports posted on the website should consider acting proactively.  Hospitals should consult with counsel and their public relations team to plan and prepare a factually accurate response to the shared reports and other suitable mitigation activities.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


OCR Invites Comments On Plans to Survey HIPAA Covered Entities Audited Under 2012 HIPAA Audit Program

March 25, 2013

The Department of Health & Human Services (HHS) Office of Civil Rights (OCR) wants to ask the 115 health plans, health care clearinghouses, and health care providers (covered entities) that OCR audited in 2012 for compliance with Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA)  under its HIPAA Audit Program to share feedback about their experience.  The planned survey announcement follows OCR’s recent released of restated HIPAA Privacy & Security Rules scheduled to take effect in September, 2013 and as OCR continues and expanding its HIPAA Audit Program in 2013.  All together, the signs are clear that covered entities should update and strengthen their HIPAA compliance and risk management practices to withstand the tightened rules and enforcement.

OCR initiated the HIPAA Audit Program in 2012 to comply with Section 13411 of the Health Information Technology for Economic and Clinical Health Act’s requirement that it audit covered entity and business associate compliance with the HIPAA privacy, security, and breach notification rules.  While it continues its HIPAA Audit Program in 2013, OCR also is evaluating the effectiveness of the HIPAA Audit Program audits in 2012. 

To this end, OCR currently is conducting a review of the HIPAA Audit program to determine its efficacy in assessing the HIPAA compliance efforts of covered entities.  As part of that review, OCR plans to ask covered entities audited under the HIPAA Audit Program in 2012 to complete an online survey about their experience.  In anticipation of its conduct of the proposed surveys, OCR is inviting public comment on the burden to Covered Entities to complete the planned online survey, which OCR estimates will take two hours to complete through May 20, 2013.  According to OCR, the survey will gather information on the effect of the audits on the audited entities and the entities’ opinions about the audit process. The online survey will be used to:

  • Measure the effect of the HIPAA Audit program on covered entities;
  • Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the audit report findings and recommendations;
  • Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests;
  • Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations; and
  • Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program.

OCR says it will use the information, opinions, and comments collected using the online survey to produce recommendations for improving the HIPAA Audit program.

For instructions to comment or more details, see here.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

November 29, 2012

The Department of Health & Human Services Office of Inspector General is recommending the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) act to improve the effectiveness of its oversight and management of the Medicare electronic health record (EHR) incentive program.  The recommendations are likely to impact on the requirements that hospitals and other professionals will be required to meet to get and keep EHR program incentive payments.  Consequently, hospitals, physicians and other providers and their technology and other systems advisors and vendors should carefully watch and respond to changes that these two agencies implement in response to the OIG feedback.

According to an OIG study reported here, the CMS estimates that it will pay $6.6 billion in EHR incentive payments to providers under the program between 2011 and 2016.  Many hospitals, physician organizations and other providers are making substantial investments in EHR and related technologies in reliance of expectation of receiving program incentive payments.  Accordingly, parties hoping to qualify for incentive programs need to watch closely the actions that the agencies take in response to this OIG input or otherwise that impacts on qualification and audits.

OIG Study & Findings

OIG’s early assessment of CMS’s oversight of the Program found that because professionals and hospitals self-report data to prove fulfillment of program requirements, CMS’s efforts to verify these data will help make sure the integrity of Medicare EHR incentive payments.

The recommendation comes from an OIG study reviewing CMS’s oversight of professionals’ and hospitals’ self-reported meaningful use of certified EHR technology in 2011, the first year of the program.  OIG evaluated self-reported information against program requirements.  It also looked at CMS’s audit planning documents, regulations and guidance for the program and conducted structured interviews with CMS staff on CMS’s oversight.

Based on this evaluation, OIG foundCMS faces obstacles to overseeing the Medicare EHR incentive program that leave the program vulnerable to paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements.  OIG says CMS has not yet implemented strong prepayment safeguards, and has limited ability to safeguard incentive payments postpayment. OIG also reports that the ONC requirements for EHR reports may contribute to CMS’s oversight obstacles.

OIG Recommended Corrective Action

Based on its study, OIG is recommending that CMS take the following actions.

  • Obtain and review supporting documentation from selected professionals and hospitals prior to payment to verify the accuracy of their self‑reported information and
  • Issue guidance with specific examples of documentation that professionals and hospitals should maintain to support their compliance. 

CMS did not agree with our first recommendation, stating that prepayment reviews would increase the burden on practitioners and hospitals and could delay incentive payments.  Despite this CMS feedback, OIG nevertheless is continuing to recommend that CMS conduct prepayment reviews to improve program oversight. CMS concurred with our second recommendation.

OIG also recommended that ONC take the following actions: 

  • Require that certified EHR technology be capable of producing reports for yes/no meaningful use measures where possible and
  • Improve the certification process for EHR technology to make sure applicants provide accurate EHR reports. 

ONC concurred with both recommendations.

Recommended Provider Action

Hospitals and providers looking to take advantage of the HER incentive payments should carefully monitor the developments resulting from these recommendations and take proper actions to stay compliant with evolving requirements as they move forward.

Along with monitoring these responses, providers participating in the incentive program also need to stay abreast of other developments.  For instance, last month, ONC announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files).  See 2014 Edition Draft Test Procedures webpage. Additional waves of test methods are impending.  ONC says it expects the final set of Test Methods to be available for use in early 2013. 

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Changes Start Time, Releases Agenda For 11/13 Virtual Workshop On Health IT Test Standards

November 9, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 9, 2012) announced a preliminary agenda of topics and  the procedures that health care providers and other interested parties wishing to participate in  a public virtual workshop on the ONC Health Information Technology (IT) Certification Program and 2014 Edition Test Methods that ONC plans to host on Tuesday, November 13, 2012 from 8:15 AM-4:30PM EST.   

The announced commencement time is 45 minutes earlier than the originally announced 9:00 AM start time that ONC had announced as the start time for the workshop in November 8 announcements.

To review the preliminary agenda for the workshop, see http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-methods.

According to today’s  ONC announcement, parties wishing to participate in the virtual workshop should  register for ONC Certification Technical Workshop on Nov 13, 2012 8:15 AM EST at https://attendee.gotowebinar.com/register/2114316126469925632 .  ONC says that successful registrants will receive a confirmation email containing information about joining the webinar. 

The planned workshop follows ONC’s anno0uncement of the release for review of the latest in a series of electronic medical records Test Standards that ONC has issued recently in its march to implement its mandate.    ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification.   ONC  typically allows  a two week period of public review and comment from the date posted for public review and comment on each Wave.  

In keeping with this process, ONC is inviting interested persons to  submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013. 

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

November 8, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 8, 2012) announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files). To review the 2014 Edition draft Test Methods, visit the 2014 Edition Draft Test Procedures webpage.   As a follow up to this announcement, ONC is inviting interested parties to participate in a public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13th, 9AM-4:30PM EST.

The Test Procedures announced today are the latest in a series ONC has issued recently.    ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification.   ONC  typically allows  a two week period of public review and comment from the date posted for public review and comment on each Wave.  

In keeping with this process, ONC is inviting interested persons to  submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013. 

To help interested parties stay informed about the Test Messages, ONC also announced today it will host a virtual public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13th, 9AM-4:30PM EST.  According to ONC, the topics to be covered include 2014 Test Procedures, Test Tools, Test Data, ONC Timeline, and the Certified Health IT Product List (CHPL).   ONC says additional details regarding access and agenda will be forthcoming.  Watch the ONC website.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Releases First Wave of EHR Test Procedures; More To Come

September 14, 2012

On September 7th the ONC published the first wave of draft Test Procedures and applicable test data files for the 2014 Edition Elelctronic Health Record (EHR) certification criteria for public review and comment. ONC will release additional Test Procedures in waves on a weekly or bi-weekly basis. Each set of draft test procedures will undergo a two week period of public review and comment from the date posted. You can now provide input on Wave One 2014 draft Test Procedures. Visit the site for detailed information on the 2014 Test Procedure development process at http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-procedures.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

September 14, 2012

Along with its stepped up enforcement and new audit programs, the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) is working to promote and encourage better voluntary compliance by physician and other health care providers by releasing a new interactive security and privacy training game to help educate healthcare providers and their staffs to make more informed decisions regarding privacy and security of health information. Using a game format, the game asks users to respond to privacy and security challenges often faced in a typical medical practice. 

With the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) stepping up enforcement and sanctions  for health care providers, health plans, health care providers and their businesses associates (covered entities) that violate the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules and OCR now auditing HIPAA compliance, covered entities should self-audit within the scope of attorney-client privilege and tighten as necessary existing policies, practices and documentation to comply with evolving requirements of HIPAA and other laws requiring the protection of protected health information (PHI), personal financial information and sensitive data. 

As the HIPAA Privacy, Security and Breach Rules include mandates that covered entities train members of their workforce, the new game could be a helpful component for health care providers as part of their organization’s training efforts.

The mounting list of settlement agreements – most of which have required settlement payments of more than $1 million – that OCR has announced show the  growing exposures that covered entities face when violating HIPAA. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On WebsiteThese settlements and sanctions prove the importance of covered entities strengthening their HIPAA compliance and adopting other suitable safeguards to keep up HIPAA compliance and minimize HIPAA and other exposures that can arise if PHI, personal financial information and other sensitive data.  For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

HIPAA & Texas Require HIPAA Training! Register for 8/14 HIPAA Update Workshop Now

August 8, 2012

Texas House Bill 300 Medical Records Privacy Act Amendments & HIPAA Regulations Require HIPAA Privacy Training!

Register Now!

Register Now For A Solutions Law Press 2012 Coping with Health Care Reform Series Workshop

HIPAA Update

August 14, 2012

12:30 P.M.-2:30 P.M. Eastern | 11:30 A.M.-1:30 P.M. Central | 10:30 A.M-12:30 P..M. Mountain | 9:30 A.M-11:30 A.M. Pacific

Texas Department Of Insurance Continuing Education Credit, HRCI and World At Work Education Credit Approved!

Expanded health care privacy mandates of the Texas Medical Records Privacy Act that take effect September 1, 2012 and HIPAA regulations require covered entities and their business associates conduct training and take other steps to protect the privacy and security of personal health information (“PHI”).

Complete HIPAA Training While You Catch Up On The Latest On HIPAA & Texas Medical Records Privacy Rules & Get Helpful Compliance And Risk Management Tips!

Health care providers, health plans, health care clearinghouses face new imperatives to strengthen their HIPAA and other procedures for handling protected health information and other sensitive information to manage expanding risks and responsibilities arising from evolving rules, expanding enforcement and oversight, and rising penalties and other liabilities. 

Expanded health care privacy mandates of the Texas Medical Records Privacy Act that take effect September 1, 2012 and HIPAA regulations require covered entities and their business associates conduct training and take other steps to protect the privacy and security of personal health information (PHI) and certain other information.

The $4.3 million HIPAA Civil Monetary Penalty and growing list of $1 million plus resolution payments announced by the Office of Civil Rights coupled with its commitment to investigate all large breaches reported under the HITECH Act Breach Notification Rule and other stepped up enforcement and newly initiated audit activities send a clear signal that HIPAA-covered entities and their business associates face significant exposures for failing to appropriately manage their HIPAA and other responsibilities when handling protected health information.  Meanwhile, Texas House Bill 300 has raised maximum state civil penalties for unlawful disclosures of Protected Health Information under the Texas Medical Records Privacy Act to from $5,000 to $1.5 million per year.  Meanwhile HITECH Act amendments to HIPAA require covered entities provide notification of certain breaches while Texas House Bill 300 adds its own specific requirements to provide notice of certain breaches of computerized data containing sensitive personal information.

With Texas House Bill 300 expanding covered entities responsibilities and liabilities and OCR issuing new regulations and other guidance to implement amendments to the HIPAA Privacy & Security Standards and implement and enforce the HITECH Act Breach Notification Rule, health care providers, health plans and insurers, their brokers, third party administrators, and other covered entities, as well as their business associates and employer and union clients must review and tighten their policies, practices, business associate and other contracts, and enforcement to manage HIPAA and other compliance and manage risks arising from the access, collection, use, protection and disclosure of PHI to meet expanding mandates and to guard against growing liability exposures under HIPAA and other federal and state laws. 

Solutions Law Press, Inc. invites you to catch up on the latest on these and other key HIPAA requirements and enforcement and learn tips for managing risks and liabilities by participating in the “HIPAA Update Workshop” on Tuesday, August 14, 2012.   Participants may choose to attend the live briefing in Addison, Texas or participate via WebEx for a registration fee of $125.00.  Texas Department of Insurance Continuing Education Credit and other professional certification credit may be requested by qualifying participant for an added charge.

Learn Latest On HIPAA & Texas House Bill 300 Privacy, Security & Breach Notification Guidance & Enforcement

The HIPAA Update Workshop will brief participants on the latest HIPAA Privacy, Security and Breach Notification rules and guidance and share compliance and risk management lessons emerging from recent OCR enforcement and audit activities and other selected federal and state litigation and enforcement actions impacting the handling of protected health information.  Among other things, the workshop will cover:

√ Latest HIPAA Privacy, Security & Breach Notification Rules, Guidance & Enforcement

√Latest on Texas House Bill Amendments To Texas Medical Records Privacy Law Effective September 1, 2012

 √Post HITECH Act Heightened Liability Risks:  Audits, Civil Penalties, Criminal Penalties & State Lawsuits

√ Expansion of HIPAA Responsibilities & Liabilities To Business Associates & What Covered Entities & Business Associates Should Do In Response

√ HIPAA Data Breach Notification Requirements & Practical Challenges & Strategies For Managing These Responsibilities

√ HIPAA Compliance & Risk Management Coordination With Other Federal & State Medical Privacy, Financial Information, Identity Theft & Date Security Responsibilities

√ Breach Preparedness & Response Planning

√ Practical Steps & Best Practices For Compliance & Risk Management 

√ Practical Strategies For Monitoring & Responding To New Requirements & Changing Rules

√ Participant Questions

√ More

About The Speaker

A Fellow in the American College of Employee Benefits Counsel, recognized in International Who’s Who, North Texas Health Care Compliance Professionals Association Vice-President and Board Certified in Labor & Employment Law, attorney  Cynthia Marcotte Stamer has 25 years experience advising and representing private and public health care providers, employers, employer and union plan sponsors, employee benefit plans, associations, their fiduciaries, administrators, and vendors, group health, Medicare and Medicaid Advantage, and other insurers, governmental leaders and others on privacy and data security, health care, health and other employee benefit. employment, insurance and related matters. A well-known and prolific author and popular speaker, Ms. Stamer has served as the scrivener for the ABA JCEB Agency Meetings with the Office of Civil Rights on HIPAA Privacy for the past two years.  She presently serves as Co-Chair of the ABA RPTE Section Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Representative, an Editorial Advisory Board Member of the Institute of Human Resources (IHR/HR.com) and Employee Benefit News, and various other publications.  A primary drafter of the Bolivian Social Security privatization law with extensive domestic and international regulatory and public policy experience, Ms. Stamer also has worked extensively domestically and internationally on public policy and regulatory advocacy on HIPAA and other privacy and data security risks and requirements as well as a broad range of other health,  employee benefits, human resources, insurance, tax, compliance and other matters and representing clients in dealings with the US Congress, Departments of Labor, Treasury, Health & Human Services, Federal Trade Commission, HUD and Justice, as well as a state legislatures attorneys general, insurance, labor, worker’s compensation, and other agencies and regulators. A prolific author and popular speaker, Ms. Stamer regularly authors materials and conducts workshops and professional, management and other training on HIPAA and other privacy, health care, employee benefits, human resources, insurance and related topics for the ABA, Aspen Publishers, the Bureau of National Affairs (BNA), SHRM, World At Work, Government Institutes, Inc., the Society of Professional Benefits Administrators and many other organizations. Her insights on privacy and other matters are quoted in Modern Healthcare, HealthLeaders, Benefits, Caring for the Elderly, The Wall Street Journal and many other publications.  She also regularly serves on the faculty and planning committees of a multitude of symposium and other educational programs.  For more details about Ms. Stamer’s services, experience, presentations, publications, and other credentials or to inquire about arranging counseling, training or presentations or other services by Ms. Stamer, see http://www.CynthiaStamer.com.

Registration

 Registration Fee per course is $125.00 per person (plus an additional $10 service fee for each individual seeking Texas Department of Insurance Continuing Education Credit).  Registration Fee Discounts available for groups of three or more.  Payment required via website registration required 48 hours in advance of the program to complete registration.  Payment only accepted via website PayPal.  No checks or cash accepted.  Persons not registered at least 48 hours in advance will only participate subject to system and space availability.

 *Tex. Dept. of Insurance, HRICI, WorldAtWork, CLE & Other Continuing Education Credit

These programs are approved to be offered for general certification credit by the Texas Department of Insurance, HRCI and WorldAtWork education credit  for the time period offered subject to fulfillment all applicable accrediting agency requirements, completion of required procedures and payment of the additional service processing fee of $10.00.  An application for State Bar of Texas continuing education legal education credit is pending. The Texas Department of Insurance has approved the HIPAA Update program is approved for 1.5 hours of General Credit and .5 Hours of Ethics Credit.  The applicable credentialing agency retain the final authority to determine whether an individual qualifies to receive requested continuing education credit.  Neither Solutions Law Press, Inc., the speaker or any of their related parties guarantees the approval of credit for any individual or has any liability for any denial of credit.  Special fees or other conditions may apply.  CANCELLATION   & REFUND POLICY:  In order to receive credit, cancellation (either fax or mail) must be received at least 48 hours in advance of the meeting and are subject to a $10.00 refund processing fee.  Refunds will be made within 60 days of receipt of written cancellation notice.

Check Out Our Health Plan-U & Other Workshops Including:

HIPAA Update*

August 14, 2012

11:30 A.M.-1:00 P.M. Central 

Health Plan Communications Update: SBCs, SPDs & Beyond*

August 28, 2012

11:30 A.M.-1:00 P.M.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives.  Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs.  For additional information about upcoming programs, to inquire about becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com   These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship,  to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com.  If you would prefer not to receive communications from Solutions Law Press, Inc. send an e-mail with “Solutions Law Press Unsubscribe” in the Subject to support@solutionslawyer.net.  CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

©2012 Solutions Law Press, Inc. All Rights Reserved.


HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

July 30, 2012

Health care providers and payers should ensure that practices for billing private payers can withstand the scrutiny of federal and state health care fraud enforcers after the July 26, 2012 announcement of a ground-breaking new public-private antifraud initiative between federal and state health care fraud fighters and a private insurers under which  private insurers will share an unprecedented amount of private health claims data, fraud detection practices, and other coöperation with federal and state official fraud prevention and prosecution efforts.

Government Health Care Fraud Fighters Partner With Private Insurers

The Federal health care fraud fighting departmental duo of the Departments of Health and Human Services (HHS) Justice (DOJ) last week expanded their network of fraud fighting resources by launching a “ground-breaking” partnership among the federal government, State officials, several leading private health insurance organizations, and other health care anti-fraud groups to prevent health care fraud. HHS and DOJ say the following organizations and government agencies are among the first to join this partnership:

  • America’s Health Insurance Plans
  • Amerigroup Corporation
  • Blue Cross and Blue Shield Association
  • Blue Cross and Blue Shield of Louisiana
  • Centers for Medicare & Medicaid Services
  • Coalition Against Insurance Fraud
  • Federal Bureau of Investigations
  • Health and Human Services Office of Inspector General
  • Humana Inc.
  • Independence Blue Cross
  • National Association of Insurance Commissioners
  • National Association of Medicaid Fraud Control Units
  • National Health Care Anti-Fraud Association
  • National Insurance Crime Bureau 
  • New York Office of Medicaid Inspector General
  • Travelers
  • Tufts Health Plan
  • UnitedHealth Group
  • U.S. Department of Health and Human Services
  • U.S. Department of Justice
  • WellPoint, Inc.

HHS & DOJ Say Partnering With Private Insurers Will Give Ongoing Anti-Fraud Efforts Even More Punch

In announcing the new partnership on July 26, 2012, HHS Secretary Kathleen Sebelius and Attorney General Eric Holder touted this new voluntary, collaborative public-private arrangement as the “next step” in the Obama administration’s efforts to combat health care fraud.

“This partnership is a critical step forward in strengthening our nation’s fight against health care fraud,” said Attorney General Holder.  “This Administration has established a record of success in combating devastating fraud crimes, but there is more we can and must do to protect patients, consumers, essential health care programs, and precious taxpayer dollars.  Bringing additional health care industry leaders and experts into this work will allow us to act more quickly and effectively in identifying and stopping fraud schemes, seeking justice for victims, and safeguarding our health care system.”

 “This partnership puts criminals on notice that we will find them and stop them before they steal health care dollars,” Secretary Sebelius said.  “Thanks to this initiative today and the anti-fraud tools that were made available by the health care law, we are working to stamp out these crimes and abuse in our health care system.”

Partnership Allows Feds To Use Private Payer Claims Data, Knowledge & Other Fraud Detection Resources

According to HHS and DOJ, the new partnership is designed to share information and best practices in order to improve detection and prevent payment of fraudulent health care billings. Its goal is to reveal and halt scams that cut across a number of public and private payers. HHS and DOJ say the partnership will private insurers to share their anti-fraud insights more easily with investigators, prosecutors, policymakers and other stakeholders and law enforcement officials more effectively to identify and prevent suspicious activities, better protect patients’ confidential information and use the full range of tools and authorities provided by the Patient Protection & Affordable Care Act (Affordable Care Act) and other statutes to combat and prosecute illegal actions.

One unprecedented element of this partnership will involve the sharing of information on specific schemes, utilized billing codes and geographical fraud hotspots between the public and private partners.  The partners say the planned sharing of claims data and other information will help partners prevent, detect and respond to potential health care billing fraud by:

  • Helping partners to take action, to prevent losses to both government and private health plans before they occur;
  • Improving their ability to spot and stop payments billed to different insurers for care delivered to the same patient on the same day in two different cities;
  • In the future to use sophisticated technology and analytics on industry-wide healthcare data to predict and detect health care fraud schemes. 

Presumably, this will involve the extension of the use of state-of-the-art technology and data mining practices like those the Centers for Medicare & Medicaid Services (CMS) already uses to review claims, to track suspected fraud trends and flag suspected fraudulent activity.

Partnership Expands Use & Reach of New Affordable Care Act & Other Health Care Fraud Detection & Enforcement Tools & Collaboration

The partnership builds upon and extends the reach and use of expanded legal tools created by the Affordable Care Act and other laws that Federal and state officials are using in their highly publicized war against health care fraud, waste and abuse in Medicare, Medicaid, the Children’s Health Insurance Program (CHIP) and, increasingly, private insurance plans.  Using these and other new tools, convictions under the Health Care Fraud and Abuse Control Program increased by over 27% (583 to 743) between 2009 and 2011, and the number of defendants facing criminal charges filed by federal prosecutors in 2011 increased by 74% compared with 2008 (1,430 vs. 821).

The Affordable Care Act and other legislative changes and related programs have significantly strengthened the powers of HHS, DOJ and other federal and state agencies to investigate and prosecute health care fraud.  Among other things, these amendments and programs included :

  • Qui tam and other whistleblower incentives and programs that encourage employees, patients, competitors and others to report suspicious behavior;
  • Require providers, plans to self-identify, self-report and self-correct false claims and certain other non-compliance;
  • Increase the federal sentencing guidelines for health care fraud offenses by 20-50% for crimes that involve more than $1 million in losses;
  • Create penalties for obstructing a fraud investigation or audit;
  • Make it easier for the government to recapture any funds acquired through fraudulent practices;
  • Make it easier for the Department of Justice (DOJ) to investigate potential fraud or wrongdoing at facilities like nursing homes;
  • Under the risk-based provider enrollment rules, providers and suppliers wishing to take part in Medicare, Medicaid, and CHIP who federal officials view as posing a higher risk of fraud or abuse now must undergo licensure checks, site visits and other heightened scrutiny including ongoing monitoring as part of the new Automated Provider Screening (APS) system CMS implemented in December 2011.  The APS uses existing information from public and private sources to automatically and continuously verify information submitted on a provider’s Medicare enrollment application including licensure status Secretary to impose a temporary moratorium on newly enrolling providers or suppliers of a particular type or in certain geographic areas if necessary to prevent or combat fraud, waste, and abuse. 
  • Increased information sharing and coördination of investigations and enforcement among states, CMS, and its law enforcement partners at the Office of the Inspector General (OIG) and DOJ including the highly publicized activities of the Health Care Fraud Prevention and Enforcement Action Team (HEAT), a joint effort between HHS and DOJ to fight health care fraud.
  • The power of CMS, in consultation with OIG, to suspend Medicare payments and require States to suspend Medicaid and SCHIP payments to providers or suppliers during the investigation of a credible allegation of fraud;
  • The deployment and use of the sophisticated data collection and mining technologies of CMS’ new Fraud Prevention System, which since June 30, 2011 has used advanced predictive modeling technology to screen all Medicare fee-for-service claims before payment and target investigative resources on areas that this profile identifies as reflecting heightened risks of health care fraud vulnerability to allow regulators and prosecutors to more efficiently identify and respond to suspected fraudulent claims and emerging trends;
  • Focused fraud prevention, detection and enforcement activities on Home Health agencies, Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) suppliers and certain other categories of providers and suppliers that federal officials view as historically presenting heightened concerns;
  • Expansion of the overpayment detection and recovery activities ofthe Recovery Audit Contractor (RAC) program to Medicaid, Medicare Advantage, and Medicare Part D programs; and
  • Various other tools.

Health Plan Partnership Latest Wrinkle In Fed’s Efforts To Use Private Whistleblower & Other Resources To Find Fraud

The partnership with the health plans is the latest wrinkle in a growing network of private relationships and outreach that HHS and DOJ use to discover health care fraud.  By partnering with health plans, HHS and DOJ have recruited the health plans to help federal officials find and redress potential fraud in public and private health plans. 

HHS and DOJ already know the value of getting private citizens to watch for and report suspected illegal behavior.  Indeed, expended qui tam and other whistleblower activities already are paying off big for federal officials.  For example, a former executive’s qui tam claim helped bring about the settlement announced in June, 2012 under which Christus Spohn Health System Corporation recently  paid more than $5 million to settle Justice Departmentclaims that it profited from violations of the False Claims Act by inappropriately admitted patients to inpatient status for outpatient procedures.  The investigation leading to the settlement began in March 2008 after Christus – Shoreline’s former director of case management filed a lawsuit under seal under the qui tam provisions of the False Claims Act alleging the six hospitals were submitting false claims to the Medicare program by billing for services that should have been performed on an outpatient basis as if they were more expensive inpatient services. The allegations stated that these hospitals were routinely billing outpatient surgical procedures as if they required an inpatient level of care even though the patients often were discharged from the hospital in less than 24 hours.   The federal False Claims Act empowers private citizens with knowledge of fraud against the United States to present those allegations to the United States by bringing a lawsuit on behalf of the United States under seal. If the government’s investigation substantiates those allegations, then the private citizen is entitled to share in any recovery. In this case, that person will receive 20% of the $5,100,481.74 recovery.   

With qui tam and other reports of suspected fraud an increasingly frequent and valuable tool in the federal and state wars on health care fraud, officials have added a wide range of programs encouraging and in some cases financially rewarding individuals and businesses that report circumstances leading to fraud convictions.  The partnership with health plans reflects the latest wrinkle in these efforts.

Health Care Providers & Health Plans Must Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.  In light of the growing qui tam risks, health care providers also should tighten internal investigation, exit interview and other human resources and business partner oversight, reporting and investigation policies and practices to help find and redress potential fraud or other qui tam, retaliation and similar  exposures early and more effectively.  

For More Information Or Assistance

If you need help reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


UCLA Health Systems Payment of $865,500 To Settle HIPAA Charges Shows Rising HIPAA Risk

September 15, 2011

Health care providers, health plans, health care clearinghouses and their business associates got another wake up call about the growing importance of strengthening their policies, practices and safeguards of medical information and records that are “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the announcement on July 7 that the University of California at Los Angeles Health System (UCLAHS) has reached an agreement with the U.S. Department of Health & Human Services Office of Civil Rights (OCR) to pay $865,500 and act to strengthen its health information privacy and security practices to settle charges of HIPAA violations.

The latest in a series of recently announced high-dollar Resolution Agreements, the UCLAHS Resolution Agreement highlights the growing risks that covered entities and their business associates run by failing to adequately adopt and administer the policies, systems and other management controls and training necessary to ensure that their organizations and their employees and other members of their workforce actually operationally comply with HIPAA.

Increased penalties, tighter rules and recent enforcement actions by OCR make it more important than ever that covered entities tighten their compliance and risk management policies and procedures.

As a result of amendments enacted as part of the HITECH Act, Congress modified and expanded the HIPAA audit and enforcement obligations of OCR, amended and expanded the potential penalties, made business associates liable for violation of the privacy rules like covered entities, added an obligation for covered entities and business associates to provide notification of breaches of unsecured PHI and tightened other HIPAA obligations. The HITECH Act also gave state attorneys general to bring civil lawsuits against covered entities and business associates that commit HIPAA violations that injure citizens in their state under certain circumstances. Eventually, individuals injured by HIPAA violations will get the right to share in a portion of certain HIPAA recoveries. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

OCR enforcement actions and statistics make clear that OCR is serious about investigation and enforcement of HIPAA violations. This Spring, OCR assessed its first civil monetary penalty (CMP) under HIPAA – a $4.3 million against Cignet Health of Prince George’s County, Md. (Cignet) and entered into a series of Resolution Agreements under which CVS Pharmacy, Inc., General Hospital Corporation and Massachusetts General Physicians Organization Inc., Rite Aid and others paid a million or more dollars as part of the required terms of settlement. See e.g., Rite Aid Pays $1 Million HIPAA Privacy Settlement As OCR Tightens HIPAA Regulations; HIPAA Risks Soar As CVS Agrees To Pay $2.25 Million To Resolve HIPAA Charges & Stimulus Bill Amends HIPAA; Providence To Pay $100,000 & Implement Other Safeguards To Settle HIPAA Penalty Exposures Under HIPAA. Meanwhile, as of January 1, 2011, OCR reported that it had referred more than 484 Privacy Rule breach investigations to the Department of Justice for consideration for potential criminal prosecution and required changes in privacy practices and other corrective actions as part of the requirements for resolution of an additional 12,781 of cases investigated. In addition to these civil enforcement actions by OCR, the Department of Justice has secured several criminal convictions or pleas under HIPAA’s criminal provisions. OCR data confirms that the covered entities involved in these actions included health care providers, health plans, and others. See, e.g., 2 New HIPAA Criminal Actions Highlight Risks From Wrongful Use/Access of Health Information

Lax HIPAA and other practices for protection of medical and other confidential personal information also increasingly exposes covered entities and other organizations to liability under state laws. State courts allow individual plaintiffs to rely on violations of HIPAA as the basis for bringing state privacy, retaliation or other actions. See, e.g. Sorensen v. Barbuto, 143 P.3d 295 (Utah Ct. App. 2006), Acosta v. Byrum, 638 S.E. 2d 246 (N.C. Ct. App. 2006). Private plaintiffs employed by covered entities also claim HIPAA related misconduct as the basis for their retaliation claims. See, e.g.,  Retaliation For Filing HIPAA Complaint Recognized As Basis For State Retaliatory Discharge Claim.

HIPAA-specific exposures, wrongful use, access or disclosure of medical information also can expose covered entities, members of their workforce and others improperly using, accessing or disclosing protected health information to liability under other federal or state laws. See, Cybercrime & Identity Theft: Health Information Security Beyond HIPAA; NY AG Cuomo Announcement of 1st Settlement For Violation of NY Security Breach Notification Law; Woman Who Revealed AIDs Info Gets A Year.

These and other developments make clear that covered entities and their business associates must get serious about HIPAA compliance and risk management. These organizations should review and tighten privacy policies, breach and other monitoring, training and other practices to mitigate against exposures in light of recently tightened requirements and new enforcement risks.

For More Details Or Help With HIPAA & Other Risk Management & Compliance Needs

To learn more about the UCLAHS Resolution Agreement and other risk management tips, see UCLA Health Systems Payment of $865,000 To Settle HIPAA Charges Shows Rising HIPAA Risk.

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For instance, On May 3, 2011, Ms. Stamer served as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR and will moderate a teleconference featuring comments by OCR’s Susan McAndrew for the Joint Committee on Employee Benefits scheduled for May 16. Her insights on the required “culture of compliance” with HIPAA also recently were quoted in medical privacy related publications of the Atlantic Information Service. Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here. To ask for legal help with these or other compliance concerns, inquire about arranging for compliance audit or training, or matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here. You can review other publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here and register to receive future updates about developments on these and other concerns from Ms. Stamer here. For important information concerning this communication click here.Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

 

©2011 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.


Health Care Employers Beat National Average When Offering Health Benefits To Workers

July 29, 2011

A new 2011 U.S. Department of Labor Bureau of Labor Statistics Study of employee benefits offered shares key insights into the availability of employer-provided health and other coverage. 

With regard to health benefits, the report reveals that practices vary significantly among employers, on average, medical care benefits were available to 69 percent of private industry workers. 1/2 private industry  workers participated in a medical plan. For single coverage, private sector employers paid 80 percent of the medical care premiums for full-time workers and  69 percent of medical care premiums for full-time workers in private industry.  Data shows employees often elect not to take offered coverage.  

The study shows that health and other benefits offered by employers and utilized by employees varies widely varied by whether the employer is a government or private sector employer, the industry, size and other characteristics of the employer and the income, profession, education and other characteristics of the employee. It is no surprise that government employers that can pass along costs to taxpayers provide coverage more broadly and subsidize more of the cost. 

The report reveals that most health care employers offer health coverage and significantly subsidize the cost of this coverage for their workers.    According to the report:

  •  73  percent of private sector health care workers are offered health coverage by their employers;
  • 52 percent of health care workers participate in employer provided health care coverage;
  • The take up rate by private sector health industry workers for employer provided coverage is  72 percent.

The report also shows that private sector health care employers on average paid 81  percent of single coverage health coverage costs, and only required employees to contribute an average of 19 percent of the cost for their single coverage.      

In addition to data on medical benefits, the study also reports that paid leave remains the most commonly provided benefit nationally and includes data on other benefits.

The DOL highlights 1st time reporting of domestic partner status for 1st time in its announcement.  Data also provided on paid vacation and other leave. 

Read report summary and access report at http://www.bls.gov/news.release/ebs2.nr0.htm.

For Help or More Information

If you have questions or need help understanding or responding to the Regulations, with other health benefit design, administration or operations concerns, or with other employee benefits, compensation, labor or employment or other workforce management concerns, please contact the author of this update, Board Certified Labor and Employment attorney and management consultant Cynthia Marcotte Stamer here or at (469)767-8872.

Past Chair of the American Bar Association (ABA) Health Law Section Managed Care & Insurance Interest Group, Chair of the ABA RPTE Employee Benefit and Other Compensation Committee, and a council member of the ABA Joint Committee on Employee Benefits, Vice President of the North Texas Healthcare Compliance Professionals Association, Exempt Organizations Coordinator of the Gulf States Area TEGE Council, and Executive Director of the Project COPE: Coalition On Patient Empowerment, Ms. Stamer is nationally recognized for her more than 23 years pragmatic and innovative health program work.

Board certified in labor and employment law by the Texas Board of Legal Specialization with extensive leading edge health care, human resources and employee benefits experience. 

For more than 24 years, Ms. Stamer has worked with health care providers, payers, government and charitable agencies, policymakers and others on managing health, insurance and employee benefits, practices, people, performance, costs, performance and policy.  In the health care industry, Ms. Stamer works extensively with hospitals, physician practices, skilled nursing, hospice, and other health care providers to manage their people, compliance, quality and operations.  Along side this work, Ms. Stamer also has worked extensively in the payor community on product design, administration, quality, contracting, compliance, public policy and other concerns.  As part of this work, she has worked continuously throughout her career helping self-insured and insured, public and private health plan sponsors, fiduciaries, administrators, insurers and others design, administer and defend health and other employee benefit and insurance programs domestically and internationally. She is widely recognized for her experience helping design and implement legally compliant self-insured and insured health reimbursement, mini-med, high-deductible health plans, limited benefit plans, 24-hour and occupational medicine, Medicare and Medicaid Advantage, ex-pat and medical tourism, deductible reimbursement and other creative health benefit programs to solve a wide range of financial and other challenges while coping with changing regulatory and market realities. Her work includes both working with clients to design, document, implement and administer these and other arrangements, as well as the development of wellness and disease management, claims administration and appeals, eligibility, and other administrative services, processes and technologies.  Ms. Stamer regularly represents and defends these and other clients in dealings with the Department of Labor, Department of Justice, Department of Health & Human Services, Department of Defense, Internal Revenue Service, Securities and Exchange Commission, state insurance regulators, state attorneys general and other federal and state regulators and prosecutors and private plaintiffs in connection with investigations, prosecutions, audits and other actions arising from employee benefit, insurance and related arrangements and products.

Recognized in the International Who’s Who of Professionals and bearing the Martindale Hubble Premier AV-Rating, Ms. Stamer also is a highly regarded author and speaker, who regularly conducts management and other training on a wide range of health care, insurance, labor and employment, employee benefit, human resources, internal controls, privacy and data security, board governance and other related risk management matters.  Her writings frequently are published by the American Bar Association (ABA), Aspen Publishers, Bureau of National Affairs, the American Health Lawyers Association,the American Bar Association, SHRM, World At Work, Government Institutes, Inc., Atlantic Information Services, Employee Benefit News, Modern Healthcare, and many others. For a listing of some of these publications and programs, see here. Her insights on human resources risk management matters also have been quoted in The Wall Street Journal, various publications of The Bureau of National Affairs and Aspen Publishing, the Dallas Morning News, Spencer Publications, Health Leaders, Business Insurance, the Dallas and Houston Business Journals and a host of other publications. In addition to her many ABA leadership involvements, she also serves in leadership positions in numerous human resources, corporate compliance, and other professional and civic organizations. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, World At Work, the ICEBS, SHRM and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.

©2011 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press.  All other rights reserved.

For assistance with assessing or defending your current worker classification, wage and hour or other health care and human resources policies and controls, please contact Cynthia Marcotte Stamer at cstamer@solutionslawyer.net, 972-419-7188..

For More Information or Assistance

The author of this update, attorney Cynthia Marcotte Stamer, has extensive experience advising and assisting health care providers and other health industry clients to respond to these and other health care industry enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management matters.

Board Certified in Labor and Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising physicians, hospitals and other health industry, assisted living, educational and other clients about human resources, employee benefits and compensation, regulatory compliance and enforcement, quality assurance, peer review, licensing and discipline, and other medical staff performance matters.  She continuously advises health industry clients about the use of technology, process and other mechanisms to promote compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational needs. As part of this experience, she has worked extensively with health care providers, payers, health care technology and consulting and other health industry clients, as well as other businesses, on privacy, data security, trade secret and related matters. A popular lecturer and widely published author on health industry concerns, Ms. Stamer also publishes and speaks extensively on health care compliance, staffing and human resources, compensation and benefits, technology, medical staff, public policy, reimbursement, privacy, technology, and other health and managed care industry regulatory, and other operations and risk management concerns for medical societies and staffs, hospitals, the HCCA, American Bar Association, American Health Lawyers Association and many other health industry groups and symposia.  Her highly popular and information packed programs include many highly regarded publications on HIPAA, FACTA, medical confidentiality, state identity theft and privacy and other many other related matters.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. To review some of her many publications and presentations, or for additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources.  If you or someone else you know would like to receive future updates and notices about other upcoming Solutions Law Press events, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here. For important information concerning this communication click here

©2010 Cynthia Marcotte Stamer. Limited license to reprint granted to Solutions Law Press.  All other rights reserved.


States Get More Info On Affordable Care Act Medicaid Eligibility Maintenance Of Effort; Payers & Providers Must Monitor

March 7, 2011

On February 27, 2011, Department of Health and Human Services Secretary Kathleen Sebelius issued a new letter and a frequently asked questions (FAQ) document that explain Medicaid and Children’s Health Insurance Program (CHIP) provisions in the Affordable Care Act in ways that afford greater flexibility to States.  The new guidance clarifies aspects of the maintenance of effort (MOE) rules for Medicaid and CHIP.  According to HHS, added guidance will follow.  In these turbulent financial times, states are likely to welcome guidance that allows them more flexibility.  While HHS and the states work out the detaails of these rules, health care providers and health plans also must keep a close eye out for developments that may require changes in enrollment or coverage coordination procedures to ensure their ability to comply with these evolving requirements.

The Medicaid MOE provision in the Affordable Care Act generally ensures that States’ eligibility rules for adults under the Medicaid program remain in place pending implementation of eligibility rules changes that become effective in January 2014.  The MOE provision for children extends to 2019.

The letter and supporting FAQ document released February 27, 2011 address three aspects of the MOE provisions:

  • The MOE exemption for higher-income adult populations in States that are experiencing budget deficits.  Under the Affordable Care Act, if a State has or projects a budget deficit, the MOE provision does not apply to adults who are not eligible for coverage on the basis of pregnancy or disability and whose incomes are above 133 percent of the Federal poverty level.  The FAQ document explains State options and how States can seek this exemption.
  • The implication of the MOE provision on Section 1115 demonstration projects.  Some States cover groups of people under Medicaid through a Section 1115 demonstration.  As explained in the FAQ document, the MOE provision generally applies to these waivers and demonstrations.  However, waivers and demonstration are, by their terms, time limited.  The guidance clarifies that the MOE provision does not require States to seek a new or renewed waiver after the expiration of their waiver or demonstration.
  • How premiums are treated under the MOE requirements.  Because premiums and premium increases have an impact on eligibility, previous guidance under the Recovery Act explained that new or increased premiums were considered to be a violation of the Recovery Act MOE requirement.  Because the period during which the Affordable Care Act MOE provisions apply is considerably longer than the MOE period under the Recovery Act, this new guidance offers States additional flexibility relating to premiums and the MOE requirements under the Affordable Care Act.  This will help a number of States that have been requesting the ability to adjust premiums for populations such as children in CHIP with family incomes above 150 percent of the Federal poverty line.

For Help With Compliance, Investigations Or Other Needs

If you need assistance responding to or monitoring changes in Medicaid, CHIP or other federal or state health program eligibility rules or dealing with other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies and to respond to OCR, FTC, medical board and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on Medicare quality and other compliance concerns.  Her publications and insights on HIPAA and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.©2011 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


New Affordable Care Act Mandated High Risk Pre-Existing Condition Insurance Pool Program Regulations Set Program Rules, Prohibit Plan Dumping of High Risk Members

July 31, 2010

nterim final rules (Regulations) implementing the implementation of the “Pre-Existing Condition Insurance Plan” (PCIP) program required by the Patient Protection and Affordable Care Act of 2010 (Affordable Care Act) became effective immediately upon their publication by the Department of Human Services on Friday, July 30, 2010. The Regulations published by HHS on July 30, 2010 define eligible individuals and detail the rules governing the establishment, implementation and administration of the PCIP program.   The Regulations also send a clear message that insurers and group health plans risk stiff penalties for engaging in activities that HHS considers inappropriate dumping from coverage of individuals with pre-existing conditions. Read details


Office of Civil Rights Proposes Changes To HIPAA Privacy, Security & Civil Sanctions Rules

July 9, 2010

Stay Tuned To Solutions Law Press For More Details

Get ready for even tighter privacy and security rules and more enforcement!  The U.S. Department of Health & Human Services Office for Civil Rights (OCR) on July 8, 2010 proposed changes to its existing Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules in response to amendments enacted under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Because of the lead time required to implement needed changes in policies, technology and training, health care providers, health plans, healthcare clearinghouses and their business associates should evaluate and begin preparations to adjust their health information privacy and data security policies and practices in anticipation of the finalization and implementation of these rules. 

The more than 220 page Notice of Proposed Rulemaking (NPRM) proposes to revise the existing Standards for Privacy of Individually Identifiable Health Information (Privacy Rule); the Security Standards for the Protection of Electronic Protected Health Information (Security Rule); and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule) issued under HIPAA.

Solutions Law Press is finalizing arrangements to host a briefing on the proposed changes in August and planning more detailed updates on these developments.  Stay tuned to Solutions Law Press for additional updates and details about a future briefing on these proposed HIPAA changes and other developments affecting HIPAA and other health plan and human resources matters.   In the meanwhile, you may want to check out other existing Solutions Law Press updates and resources about HITECH Act and other HIPAA developments such as HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

The author of this update, attorney Cynthia Marcotte Stamer, has extensive experience advising and assisting health care providers and other health industry clients with HIPAA and other privacy and data security, reimbursement, compliance, public policy, regulatory, staffing, and other operations and risk management matters. You can get more information about her health industry experience here.  If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you. If you need assistance evaluating or responding to the Health Care Reform Law or health care compliance, risk management, transactional, operational, reimbursement, or public policy concerns, please contact the author of this update, Cynthia Marcotte Stamer, at (469) 767-8872, cstamer@Solutionslawyer.net.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. A popular lecturer and widely published author on health industry and human resources matters, Ms. Stamer continuously advises health industry clients about health industry and other related concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

©2010 Solutions Law Press. All rights reserved.


NCPDP SCRIPT 10.6 Approved As Medicare Part D/Advantage E-Prescribing Option

July 1, 2010

The Centers for Medicare & Medicaid Services (CMS) today (July 1, 2010) issued an interim final rule (Rule) that permits the voluntary use of the National Council for the Prescription Drug Programs (NCPDP) Prescriber/Pharmacist Interface SCRIPT standard, Implementation Guide, Version 10, Release 6 (Version 10.6) (NCPDP SCRIPT 10.6) for conducting certain e-prescribing transactions for the Medicare Part D electronic prescription drug program. Review the Rule here.

Prior to the adoption the Rule, only NCPDP SCRIPT 8.1 was authorized for use in communicating Medicare Part D medication history among sponsors, prescribers and dispensers. The Rule revises Regulation §423.160(b)(4) to specify that entities now may use either NCPDP SCRIPT 10.6 or 8.1 for the communication of Medicare Part D medication history among sponsors, prescribers, and dispensers.

Along with the rule, CMS issued a request for comments on the Rule.  The deadline for interested parties to comment is 5 p.m. Eastern Daylight Time on August 30, 2010.

Section 101 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108-173) requires that Prescription Drug Plan (PDP) sponsors, Medicare Advantage (MA) organizations offering Medicare Advantage-Prescription Drug Plans  and other Medicare Part D sponsors (Plans) provide for electronic transmittal the prescribing provider, dispensing pharmacy and the dispenser of information about:

  • Eligibility,
  • Benefits (including drugs included in the applicable formulary, any tiered formulary structure and any requirements for prior authorization),
  • The drug being prescribed or dispensed and other drugs listed in the medication history,
  • The availability of lower cost, therapeutically appropriate alternatives (if any) for the drug prescribed, and
  • Certain other information.

Before the Rule, CMS had approved NCPDP SCRIPT 8.1 for conducting these electronic transmittals.

As a consequence of the Rule, Plans, prescribers and dispensers now may use either NCPDP SCRIPT 10.6 or 8.1 when conducting e-Prescribing to conduct:

  • Get message transaction.
  • Status response transaction.
  • Error response transaction.
  • New prescription transaction.
  • Prescription change request transaction.
  • Prescription change response transaction.
  • Refill prescription request transaction.
  • Refill prescription response transaction.
  • Verification transaction.
  • Password change transaction.
  • Cancel prescription request transaction.
  • Cancel prescription response transaction.
  • Fill status notification transaction.
  • For the communication of Medicare Part D medication history among sponsors, prescribers, and dispensers.

The MMD does not require that prescribers or dispensers implement e-Prescribing, prescribers and dispensers who electronically transmit prescription and certain other prescription-related information for Medicare Part D covered drugs prescribed for Medicare Part D eligible individuals, directly or through an intermediary, must comply with any applicable final standards that are in effect.  The Rule provides new choices on how to accomplish this.

The author of this update, attorney Cynthia Marcotte Stamer, has extensive experience advising and assisting health care providers and other health industry clients with reimbursement, compliance, public policy, regulatory, staffing, and other operations and risk management matters. You can get more information about her health industry experience here.   If you need help with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

Other Recent Developments

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance evaluating or responding to the Health Care Reform Law or health care compliance, risk management, transactional, operational, reimbursement, or public policy concerns, please contact the author of this update, Cynthia Marcotte Stamer, at (469) 767-8872, cstamer@Solutionslawyer.net.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.  A popular lecturer and widely published author on health industry and human resources matters, Ms. Stamer continuously advises health industry clients about these and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, and other operations and risk management concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

©2010 Solutions Law Press.  All rights reserved.


WellPoint To Ban Coverage Rescissions Before Affordable Care Act Fall 2010 Deadline

April 28, 2010

WellPoint, Inc. will suspend the practice of rescinding patients’ coverage May 1, 2010, months in advance of this Fall’s deadline for insurers stop this practice established by the Affordable Care Act. The nation’s largest health insurer announced here its plans to implement the change in its practices regarding individual market rescissions on April 27, 2010.  

Beginning this Fall, the Affordable Care Act will prohibit insurance companies from rescinding policies, except in cases of fraud or intentional misrepresentation of material fact. Wellpoint’s termination of individual policy rescissions announced this week comes months ahead of the effective deadline for terminating rescissions contained in the legislation.  The ban against rescissions is one of a number of new federal restrictions on health insurers and group health plans enacted as part of the Affordable Care Act scheduled to take effect this Fall.  Wellpoint previously announced it also would change its dependent coverage policies to extend the period that a dependent child can remain on his parent’s coverage to age 26 before the deadline required by the Affordable Care Act.

WellPoint’s announcement comes after Health & Human Services Secretary Kathleen Sebelius sent a letter on April 22 urging the company to immediately stop the practice of rescinding coverage for patients who become ill.  Wellpoint recently drew criticism from Secretary Sebelius and others for targeting breast cancer victims for rescission of their policies.  Secretary Sebelius’ initial letter to WellPoint can be found here or at here.

For Assistance With Health Industry Concerns

If your organization needs advice or assistance with the proposed regulation, preparing or submitting comments on the regulation or with other health care matters, contact Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here

Vice President of the North Texas Health Care Compliance Professionals Association, Exempt Organization Vice-Coordinator of the Southern States IRS TEGE Council, a Council Member of the ABA Joint Committee On Employee Benefits Council, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, the former Board Compliance Chair of the National Kidney Foundation of North Texas and former Board President of the Richardson Development Center for Children (now Warren Center), Ms. Stamer has more than 22 years experience advising health industry clients about health care operations, regulatory and compliance, reimbursement, staffing, risk management, public policy and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact Cynthia Marcotte Stamer, at (469) 767-8872 or to cstamer@solutionslawyer.net. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


Agencies Seek Public Input On New Insurer Premium Revenue Reporting Obligations Added By Patient Protection and Affordable Care Act

April 15, 2010

By Cynthia Marcotte Stamer

The Departments of Treasury (IRS), Labor (DOL) and Health & Human Services (HHS) are inviting public comments on impending new federal requirements that will compel health insurance issuers offering individual or group medical coverage to send annual reports to HHS on the percentages of premiums that the coverage spends on  reimbursement for clinical services and activities that improve health  care quality, and to provide rebates to enrollees if this spending does  not meet minimum standards for a given plan year added as Section 2718  of the Public Health Service Act (PHS Act), by the Patient Protection and Affordable Care Act  (PPACA), Public Law 111-148, enacted on March 23, 2010.

Among other things, Section 2718 of  the PHS Act, Section 715 of the Employee Retirement Income Security Act  of 1974 (ERISA) and Section 9815 of the Internal Revenue Code of 1986  (the Code) will require  health  insurance issuers offering group or individual  coverage to report to HHS annually:

  • The ratio of the incurred loss (or incurred claims) plus the  loss adjustment expense (or change in contract reserves) to earned  premiums (also known as the medical loss ratio (MLR)); and
  • The percentage of total premium revenue–after accounting for collections or receipts for risk  adjustment and risk corridors and payments of reinsurance–that the  coverage spends: (1) on reimbursement for clinical services provided to enrollees; (2) for activities that improve health care quality;  and (3) on all other non-claims costs, including an explanation of the  nature of these costs, and excluding Federal and State taxes and  licensing or regulatory fees.

PPACA also requires that HHS make these reports available to the public on the Internet Web site of HHS.  To review the request for comments and its instructions for commenting on the new requirements, see here.

For Assistance With This Opportunity Or Other Health Industry Concerns

If your organization needs advice or help with commenting on the request for comments or to evaluate or respond to other health care reform regulations or other health care matters, contact Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here

Vice President of the North Texas Health Care Compliance Professionals Association, Exempt Organization Vice-Coordinator of the Southern States IRS TEGE Council, Chair of the American Bar Association (ABA) Real Property, Probate & Trust Section Employee Benefits & Other Compensation Arrangements Group, a Council Member of the ABA Joint Committee On Employee Benefits Council, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 22 years experience advising health industry clients about these and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact Cynthia Marcotte Stamer, at (469) 767-8872 or to cstamer@solutionslawyer.net.. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


TSHHRAE Provides Health Industry Managers Employment Law Update & Other Timely Management Training At April Barnstorm 2010: Creating Effective Leaders Programs

March 23, 2010

Get Details & Registration Information here!

A Legal Update on Employment Law presentation by Attorney Cynthia Marcotte Stamer is among 5 hours of “Barnstorm 2010: Creating an Effective Leaders-Tools of the Trade” management training that the Texas Society for Healthcare Human Resources Administration and Education (TSHHRAE) will be hosting for health industry human resources and other managers in five Texas cities between April 26 and April 30, 2010. 

Interested health industry human resources and other managers can elect to participate in TSHHRAE’s Barnstorm 2010 management training at the following dates and locations:  

  • April 26 – Weslaco, Knapp Medical Center
  • April 28 – Sweetwater, Rolling Plains Memorial Hospital
  • April 28 – Brenham, Trinity Medical Center
  • April 29 – Lubbock, University Medical Center
  • April 30 – Odessa, Medical Center Hospital

Update on Employment Law Program Highlights

Ms. Stamer’s Legal Update on Employment Law Program will address:

  • Recent changes in FMLA, Military Leave, wage and hour, ADA & other disability, COBRA, GINA, HIPAA and other selected federal & Texas employment laws and regulations;
  • Rising government enforcement of EEOC, HIPAA, wage & hour, worker classification, and other laws and regulations;
  • Recent developments and increases in retaliation claims;
  • Recent cases related to supervision; and
  • Other selected developments impacting health industry human resources management.

Other Barnstorm 2010 Program Highlights and Details

In addition to the Legal Update on Employment Law that Ms. Stamer is scheduled to present, the Barnstorm Program also will feature presentations on:

  • Leadership in 2010
  • Dealing with Poor Performers; and
  • Cultivating a Superstar

For registration and other information about the Barnstorm Program, see here.

About Ms. Stamer

Nationally and internationally recognized for more than 22 years of work with health industry and other organizations, publications, workshops and presentations and leadership on health industry and other labor and employment, staffing and credentialing, employee benefits, performance management and discipline, regulatory compliance and internal controls, risk management, and public policy matters, Ms. Stamer is Chair of the Curran Tomko Tarski Labor & Employment & Health Care Practice Groups, Vice President of the North Texas Health Care Compliance Professionals Association, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is.  The publisher of Solutions Law Press HR & Benefits Update, the Solutions Law Press Health Care Update, and Solutions Law Press Health Care Privacy & Technology Update and a former legal columnist for MD News, Ms. Stamer also is a popular speaker and author of these topics.  She regularly speaks and conducts training for the ABA, American Health Lawyers Association (AHLA), Health Care Compliance Association, Institute of Internal Auditors, Harris County Medical Society, the Medical Group Management Association, SHRM, Southwest Benefits Association and many other organizations.  Publishers of her many highly regarded writings on health industry and human resources matters include the Bureau of National Affairs, Aspen Publishers, ABA, AHLA, Spencer Publications, World At Work, SHRM, Business Insurance, James Publishing and many others.  You can review other highlights of Ms. Stamer’s health care experience here, and employment experience hereHer insights on these and other matters appear in Managed Care Executive, Modern Health Care, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, MDNews, Kentucky Physician, and many other national and local publications.

If you need assistance with health industry human resources or other management, concerns, wish to inquire about compliance, risk management or training, or need legal representation on other matters please contact Cynthia Marcotte Stamer at cstamer@cttlegal.com or 214.270.2402. 

Other Resources

If you found this information of interest, you also may be interested in reviewing other updates and publications by Ms. Stamer including:

For More Information

We hope that this information is useful to you.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


House Could Vote On Health Care Reform As Early As Sunday

March 19, 2010

By Cynthia Marcotte Stamer

The stage now appears to be set for the House of Representatives to vote as early as Sunday on the latest version of health care reform backed by President Obama, Speaker Nancy Pelosi and other key Congressional Democrats, the Reconciliation Act of 2010 (H.R. 4872).  The impending deadline means that health industry providers and other Americans concerned about the potential outcome of the impending vote need to act quickly if they wish to attempt to influence the decision. For tips about sharing your input with Congress effectively, see Getting Your Health Care Reform Message Heard By Key Congressional Leaders.

Developments Today Start Clock Running For Vote

On Thursday, March 18, 2010, two key developments set the stage for a vote on H.R. 4871 as early as Sunday:

  • The House Rules Committee posted the text of H.R. 4872 on its website; and
  • The Congressional Budget Office (CBO) delivered its scoring of H.R 4872 to House Speaker Nancy Pelosi.

The delivery of CBO scoring started the clock running on the 72 hour mandatory period between the release of the CBO scoring and any final vote on the bill. This means the House could vote on H.R. 4872 as early as Sunday, March 21. 

If passed by the House, H.R. 4872 would make sweeping changes to the U.S. health care system impacting virtually every American patient, health care provider, employer and taxpayer.  To learn the facts about these proposed changes, read the full text of H.R. 4872 here.  

According to the CBO, H.R. 4872 will cost $940 billion over 10 years to extend coverage to 32 million uninsured people.  To learn more specifics about these cost and other determinations, review the CBO scoring here.

This Is Only The Beginning: Stay Involved

The outcome of this latest health care reform push is only a small part of a continuing process.  Whether or not the President’s proposal or some other version of health care reform passes this week, Congress already has and will continue to consider other legislation impacting health care reform.  This reality is demonstrated by Congressional actions recently taken on the COBRA premium subsidy extension, Medical reimbursement for physicians, continuing federal efforts to develop and implement federal health care quality and technology standards, and other legislative, regulatory and enforcement actions taken while public attention has been focused largely only on the broader health care reform debate.

Upcoming mid-term elections will significantly impact the nature and scope of these upcoming efforts.  Perhaps even more significantly, the enactment of legislation is only a beginning point.  The real meaning of these or other health care reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye.  Monitoring and staying active in these ongoing processes provides a critical opportunity to continue to monitor your issues and provide input to shape how they are addressed.

Individuals concerned about these and other health care reform proposals and concerns are invited to stay involved in the discussion by sharing their input with Congress, regulators.  Concerned individuals also are invited to stay involved in the discussion by joining the Coalition for Responsible Health Care Reform Group on Linkedin and registering to receive these updates here. The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns.  You can get more information about her health industry experience here.  

Help Monitoring & Responding To Developments

If you need assistance evaluating or formulating comments on the proposed reforms contained in the House Bill or on other health industry matters please contact Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com or 214.270.2402. 

From her extensive involvement with federal and state legislative and regulatory licensing, telemedicine, managed care, privacy and other health, pension and other reforms in the U.S. to her involvement as a lead advisor to the Government of Bolivia on its pension privatization legislation, Ms. Stamer’s experience includes significant experience working with clients domestically on key health care and other public policy matters.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Chairman of the Board of Richardson Development Center for Children and past Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer couples her policy experience with her extensive experience working with health industry clients on regulatory, staffing, reimbursement, risk management and compliance and other operational matters.  She has more than 22 years experience advising health industry clients about these and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Edwin J. Tomko at (214) 270-1405 or another Curran Tomko Tarski LLP Partner of your choice. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to cstamer@cttlegal.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


Medicare Ends Fox Insurance Company Drug Plan Contract As CMS Turns Up Heat on Medicare Advantage & Part D Plan Enforcement & Oversight

March 16, 2010

By Cynthia Marcotte Stamer

The Centers for Medicare & Medicaid Services (CMS) terminated its Medicare Part D prescription drug coverage contract with Fox Insurance Company (Fox) on March 9, 2010.    The action highlights CMS’s growing scrutiny and enforcement of Medicare requirements against Medicare Part D, Medicare Advantage Plans and other federal health care program contractors.

CMS terminated the Fox contract after CMS found the failure by Fox’s plan and services to meet Medicare’s requirements to provide enrollees with prescription drugs according to recognized standards of care jeopardized the health and safety of Fox enrollees.   When announcing the contract termination, CMS reported that an on-sight review by CMS showed that Fox committed a series of violations, including improperly denying its enrollees coverage of critical HIV, cancer, and seizure medications. CMS issued an enrollment and marketing sanction to Fox on Feb. 26, 2010, because the organization was not following Medicare’s rules for providing prescription drug coverage to its enrollees.   According to CMS, an onsite audit conducted between March 2 and March 4 showed that Fox’s problems persisted and that Fox continued to subject its enrollees to obstacles in getting sustaining medicines or other needed medications.  Among other things, CMS found Fox:

  • Failed to provide access to Medicare prescription drugs benefits by imposing unapproved prior authorization and step therapy criteria that made it more difficult for beneficiaries to get drugs that are protected by law;
  • Failed to meet the plan’s appeals deadlines; and
  • Did not comply with Medicare regulations requiring enrollees to be transitioned to new drugs at the beginning of the new plan year.
  • Failed to notify enrollees about prior authorization and step therapy determinations as required by Medicare.

CMS also found that many of the obstacles were in place to limit access to high-cost drugs, which could have led to enrollees’ clinical needs not being met.

In many cases, CMS reported that Fox required enrollees to have unnecessary and invasive medical procedures before they were able to obtain drugs. Finding that Fox was unable to satisfactorily address these compliance concerns and furnish medicines to its Medicare enrollees, CMS immediately terminated the Fox contract.

At the time of the termination, more than 123,000 Medicare beneficiaries were enrolled in Fox plans. Beginning March 10, 2010, CMS indicated that LI-NET, a Medicare run program administered by Humana, would replace the Medicare Part D coverage of  enrollees affected by the Fox contract termination on an interim basis. Fox enrollees will be able to choose a new Medicare prescription drug plan through May 1, 2010. Current enrollees who do not choose a plan will be enrolled into a new plan by Medicare. CMS is sending letters explaining the actions taken by CMS to enrollees and has established a 1-800 number to receive questions.

The action against Fox is part of an ongoing series of oversight, disciplinary and enforcement actions by CMS against Medicare Advantage and other federal health care program participants.  These programs and CMS’ oversight and enforcement of federal programs are drawing increasing Congressional scrutiny in connection with Congressional health care reform efforts. Amid this heightened scrutiny, Medicare Part D and Medicare Advantage Plans; health care providers, administrative services providers and others contracting with these plans and others involved with this programs should take appropriate action to maintain compliance, tighten their contracts with and oversight of actions of partners and vendors performing critical functions; review complaint reporting, investigation and response processes and procedures; and strengthen other practices to minimize exposures to audit or other enforcement actions.

For Assistance With Medicare Managed Care or Other Matters

If your organization needs advice or assistance about Medicare Part D or other Medicare Advantage contracting or other requirements or about other health plan or health care matters, consider contacting the author of this article, Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail here

Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee and an ABA Joint Committee on Employee Benefits Council member,  Ms. Stamer has more than 22 years experience advising health plans, health care providers, and other health industry and insurance clients.  Her experience includes specific experience assisting Medicare, Medicaid and other health plan sponsors, administrators,  or administrative services providers about contracting, compliance, coverage and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer also conducts compliance and other training on Medicare Advantage and other contract and compliance matters, as well as a broad range of other health industry related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on health industry matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent updates available online by clicking on the article title:

You can review other recent health plan, health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer