Physician health care fraud prosecutions and convictions of physicians like Arizona physician Linh Cao Nguyen, M.D. drive home the need for all physicians to ensure their understanding and ability to defend their compliance with federal and state healthcare fraud laws. This includes, but it’s not limited to proper coding and billing for the use of mid-level in the delivery of care. Physicians and other prescribers should review a recently released resource to get a basic overview of these federal healthcare fraud rules.
Nguyen Health Care Fraud Plea For Billing Delegated Care As Physician Provided
One of literally thousands of physicians and other prescribers prosecuted by federal prosecutors for health care fraud, Nguyen pleaded guilty on March 19, 2024, to Health Care Fraud. Nguyen’s sentencing is scheduled for May 28, 2024, before United States District Judge John C. Hinderaker.
Nguyen admitted that for years, he engaged in a scheme to defraud various health care benefit programs, including Medicare, TRICARE, AHCCCS, Blue Cross Blue Shield, and UnitedHealthcare.
Court documents charged the fraudulent claims generally identified a medical doctor as the treating provider when, in fact, another provider such as a nurse practitioner, social worker, unlicensed psychology intern, or wound care nurse provided the service independently. By billing the medical service as if it were provided by a physician, Nguyen falsely inflated the amount his company was to be paid for the service.
Through these prohibited practices, Nguyen confessed to knowingly causing submission of thousands of false billing claims.Nguyen falsely created patient records to conceal and avoid detection of his fraudulent billing scheme.
Nguyen admitted the loss he caused was at least $3.7 million dollars. He agreed to pay restitution to the private insurance companies totaling over $1 million.
A conviction for Health Care Fraud carries a maximum penalty of 10 years in prison and a $250,000 fine.
Learn Basics From HHS Physician Health Care Fraud & Abuse Educational Resources
Along with ensuring that billing for care properly reflects the identity and legal capacity of the caregiver, physicians also have to negotiate a number of other federal healthcare laws.
The Department of Health and Human Services (“HHS”) Office of Inspector General (OIG) has created the educational materials listed below to assist in teaching physicians about the Federal laws designed to protect the Medicare and Medicaid programs and program beneficiaries from fraud, waste, and abuse:
The speaker note set that accompanies the PowerPoint and a narration of the speaker notes to accompany the PowerPoint slides.
The presentation summarizes the five main Federal fraud and abuse laws (the False Claims Act, the Anti-Kickback Statute, the Stark Law, the Exclusion Statute, and the Civil Monetary Penalties Law) and provide tips on how physicians should comply with these laws in their relationships with payers (e.g., the Medicare and Medicaid programs), vendors (e.g., drug, biologic, and medical device companies), and fellow providers (e.g., hospitals, nursing homes, and physician colleagues).
Physicians and another prescribers are encouraged to use these resources to help build their awareness of these rules as they relate to their practices. If any questions exist, physicians are encouraged to seek the advice of legal counsel to confirm their compliance.
If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters, contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
About the Author
Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of employee benefit, managed care and other health and insurance industry, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Laws Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
UnitedHealthcare Group (UHG) plans to resume certain key health benefit and payment function this week that it turned off in response to a February 21, 2024 cyberattack.
Health care providers and their billing and other service providers may find these updates helpful to their efforts to respond with ongoing payment and other disruptions as well as to fulfill their own Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, state contract, prompt pay and other duties to health care providers or other responsibilities in response to disruptions created by UHG’s Blackcat1234 ransomware attack subsidiary Change Healthcare.
UHG Attack
On February 21, 2024, a ransomware attack executed by the Blackcat1234 ransomware group took control of and shut down the payment, revenue cycle management and related tools and systems of UHG Subsidiary Change Healthcare. Well-known for stealing sensitive data and demanding ransom for not publishing it, and other public and private cybersecurity monitoring and tracking organizations have warned heath care and other system operators to guard against Blackcat1234 and related ransomware attack risks since at least 2022. See, e.g., #StopRansomware: ALPHV Blackcat | CISA.
The Choice Health shutdown resulting from the Blackcat1234 ransomware attack has created widespread disruptions to key care authorization, billing and other pharmacy, provider and other plan and provider transactions within health care and health benefit systems nationwide due to the widespread use of the Choice Health tools. Among other things:
Due to the widespread use of the Change Healthcare tools and systems as a financial clearinghouse for connecting pharmacy benefit managers, health care providers, and other key plays and health plans throughout the health care and health benefits industry, the attack has and continues to disrupt key billing, care-authorization, payment and other transactions between health care payers and pharmacies, physicians and other health care providers and health care payers and their partners across the health care industry.
The resulting shutdown and disruption to electronic payment and medical claims systems incorporating the compromised Change Healthcare tools create various legal and operational headaches for many health plans and other health care payers by preventing or obstructing the submission and processing of health care claims and other transactions between health care providers and health plans.
While UHG works to remediate and restore the operability and security of the Choice Health tools and systems, health plans, and insurers, their fiduciaries, plan sponsors, and fiduciaries should take timely and prudent steps in response to the breach and resulting disruptions to mitigate the exposure of their health plans, and themselves under HIPAA and ERISA. See Manage Health Plan HIPAA, ERISA & Other Exposures From Change Healthcare Ransomware Attack.
Timeline
In its Product Restoration Timeline posted on a UHG website, UhG projects the following timeline for restoration of the following systems:
Clearance: Benefits verification and authorization determination
MedRX: Pharmacy electronic claims for medical
Reimbursement Manager: Claim pricing
Coverage Insight: Coverage discovery
Week of 4/1
Clinical Exchange: Provider workflow enabling electronic prescribing, ordering and resulting integrated into EHR’s
Payer Connectivity Services(PCS): EDI validation and editing
Hosted Payer Services(HPS): Payer hosting service for eligibility responses to providers
Acuity / Pulse: Acuity provides revenue cycle analytics for users of Clearance and Assurance; Pulse provides RCM KPI benchmarks for institutional claims utilizing Assurance client data
Week of 4/8
Risk Manager: Supports clients in managing value-based payment contracts.
Health QX: Retrospective episode-base payment models
No Guarantees
The UHG website warns these dates are projections based on available information. Products will go through a phased reconnection process, including launch, testing and scaled reconnection. The timeline may change as UHG learns more.
Unlisted Services
The Timeline currently does not list all products and services. The UHG website states that the absence of a product from the schedule does not mean that product is more than three weeks away from resumption. Rather, it means that UHG does not yet have line of sight to the week that it expects to restore it. UHG plans to provide updated information as those timelines become clear.
For specific product updates, UHG invites interested persons to subscribe to the products of interest here.
Restoration Webinars
UHG also has shared the following series of webinary providing more information about its restoration efforts:
If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters, contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
About the Author
Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of employee benefit, managed care and other health and insurance industry, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Laws Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE ABOUT THIS COMMUNICATION
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Health care providers, health plans, health care clearinghouses and their business associates (covered entities) that fail to appropriately safeguard their protected health information and systems against randomware and other malware threats as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) should expect to pay hefty amounts to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) if an attack occurs. That is the clear message sent by OCR’s February 22, 2022 announcement of its second ransomware settlement since October, 2023.
Duty To Guard Against Malware
OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which sets forth the requirements that HIPAA covered entities (most health care providers, health plans, and health care clearinghouses) and their business associates must follow to protect the privacy and security of protected health information.
Ransomware and hacking are the primary cyber-threats in health care. A type of malware (malicious software) designed to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid, OCR has seen large breaches affecting more than 500 individuals reported to OCR involving hacking increase 256% and those from ransomware increase 264% increase over the past five years,
In 2023, hacking accounted for 79% of the large breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022.
In light of the growing threat, OCR is prioritizing enforcement, education and compliance outreach to HIPAA covered entities.
OCR’s February 22, 2024 announcement of its second ever and second settlement of a malware related enforcement action in less than five months demonstrates OCR’s readiness to hold covered entities accountable for failing to fulfill this responsibility.
Green Ridge Ransomeware Breach
OCR’s February 22, 2022 announcement of its second ever ransomware related resolution agreement and corrective action plan reaffirms OCR’s readiness to hold covered entities accountable for failing to guard against ransomware and other cyber risks.
Green Ridge Behavioral Health, LLC, (Green Ridge), a Maryland-based practice that provides psychiatric evaluations, medication management, and psychotherapy. This marks the second settlement that OCR has reached with a HIPAA regulated entity for potential violations identified during an investigation following a ransomware attack.
The settlement resolves an investigation following a ransomware attack that affected the protected health information of more than 14,000 individuals.
OCR learned of the breach after Green Ridge filed a breach report with OCR in February 2019 that stated that its network server had been infected with ransomware resulting in the encryption of company files and the electronic health records of all patients.
In keeping with its policy of investigating all breaches affecting more that 500 individuals (large breaches), OCR opened an investigation in April, 2019.
OCR’s investigation of the breach found evidence of potential violations of the HIPAA Privacy and Security Rules leading up to and at the time of the breach. Other findings included that Green Ridge Behavioral Health failed to:
Have in place an accurate and through analysis to determine the potential risks and vulnerabilities to electronic protected health information;
Implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level; and
Have sufficient monitoring of its health information systems’ activity to protect against a cyber-attack.
Under the terms of the settlement, Green Ridge agreed to pay $40,000 and implement a corrective action plan that will be monitored by OCR for three years to avoid exposure to potentially much greater HIPAA monetary penalties.
The plan also requires Green Ridge to take many actions to resolve potential HIPAA violations and to protect electronic protected health information, including:
Conducting a comprehensive and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information;
Designing a Risk Management Plan to address and mitigate security risks and vulnerabilities found in the Risk Analysis;
Reviewing, and as necessary, developing, or revising its written policies and procedures to comply with the HIPAA Rules;
Providing workforce training on HIPAA policies and procedures;
Conducting an audit of all third-party arrangements to ensure appropriate business associate agreements are in place, where applicable; and
Reporting to OCR when workforce members fail to comply with HIPAA.
First Malware Settlement
Prior to this week’s announcement of the Green Ridge resolution agreement, OCR already had announced its first ever malware related resolution agreement on October 31, 2023.
That $100,000 settlement resolved a potentially much greater HIPAA liability business associate Doctors’ Management Services (DMS) could have faced for alleged HIPAA violations OCR found investigating a large breach report DMS filed on April 22, 2019.
The DMS breach report disclosed that a ransomware attack affected DMS’ network server with GandCrab ransomware beginning with an initial unauthorized access to the network that occurred on April 1, 2017; however, DMS did not detect the intrusion until December 24, 2018, Once the DNS system was accessed, ransomware was used to encrypt their files. The attack affected the electronic protected health information of 206,695 individuals
OCR’s investigation of the DNS breach found evidence of potential failures by DMS to have in place an analysis to determine the potential risks and vulnerabilities to electronic protected health information across the organization. Other findings included insufficient monitoring of its health information systems’ activity to protect against a cyber-attack, and a lack of policies and procedures in place to implement the requirements of the HIPAA Security Rule to protect the confidentiality, integrity, and availability of electronic protected health information.
Under the terms of the DMS settlement agreement paid $100,000 to OCR and agreed to implement a corrective action plan that requires:
DMS to submit to OCR monitoring for three years to ensure compliance with HIPAA
Review and update its Risk Analysis to identify the potential risks and vulnerabilities to Doctor’s Management Services data to protect the confidentiality, integrity, and availability of electronic protected health information.
Update its enterprise-wide Risk Management Plan (strategy to protect the confidentiality, integrity, and availability of ePHI) to address and mitigate any security risks and vulnerabilities found in the updated Risk Analysis.
Review and revise, if necessary, its written policies and procedures to comply with the Privacy and Security Rules.
Provide workforce training on HIPAA policies and procedures.
Warning To All Covered Entities
Along with announcing the two recent resolution agreements, OCR also is warning all covered entities to tighten their malware and ransomware safeguards.
OCR’s announcement of the Green Ridge resolution agreement, for instance, quotes OCR Director Melanie Fontes Rainer as stating, “Health care providers need to understand the seriousness of these attacks and must have practices in place to ensure patients’ protected health information is not subjected to cyber-attacks such as ransomware.”
To assist covered entities to meet this responsibility, OCR has developed Fact Sheet guidance that recommends covered entities to take at least the following steps to guard against breaches from ransomware and other malware attacks:
Review all vendor and contractor relationships to ensure business associate agreements are in place as appropriate and address breach/security incident obligations.
Risk analysis and risk management should be integrated into business processes; conducted regularly and when new technologies and business operations are planned.
Ensure audit controls are in place to record and examine information system activity.
Implement regular review of information system activity.
Utilize multi-factor authentication to ensure only authorized users are accessing ePHI.
Encrypt ePHI to guard against unauthorized access to ePHI.
Incorporate lessons learned from incidents into the overall security management process.
Provide training specific to organization and job responsibilities and on regular basis; reinforce workforce members’ critical role in protecting privacy and security.
two recent resolutions agreements and other guidance and enforcement actions make clear that all covered entities should ensure their ability to demonstrate their completion of these and other actions a risk analysis shows are needed to defend against a ransomware or other malware threats. This guidance also alerts covered entities to stay vigilant and update risk assessments and safeguards in response as to evolving threats.
Covered entities should not assume the relatively modest settlement amounts collected in the two new ransomware settlements compared to exponentially greater resolution settlements like the $4.75 million settlement payment New York based Montefiore Medical Center made last year reflect greater tolerance for ransomware related threats versus internal or external hacking. To the contrary, the Montefiore Medical Center resolution makes clear the randomware threat is one of a multitude of internal and external threats covered entities must defend their protected health information against to comply with HIPAA.
Moreover, covered entities and their leaders also should take steps to understand and fully address all other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by HIPAA. For example, health care providers, health plans and their fiduciaries, brokers, administrators and insurers also may bear responsibilities under the Employee Retirement Income Security Act fiduciary responsibility rules, the Fair and Accurate Credit Transactions Act, federal and state electronic crimes, privacy data security, artificial intelligence, workforce, tax, and other laws.
Publicly traded organizations and their leaders also may face responsibilities and liability under new Securities and Exchange Commission regulations, clawback rules and other laws arising from the occurrence or bungled response to a breach.
Likewise, got businesses sponsoring or administering employment-based health plans, Employee Benefit Security Administration considers managing cybersecurity risks a part of the fiduciary obligations of fiduciaries of employment-based health plans. Meanwhile, health care providers, insurance organizations and brokers, third party administrators, government contractors, attorneys and other advisors and others also may be subject to medical confidentiality and other data privacy and security obligations under federal and state electronic crimes, identity theft, ethics, professional licensure, contractual, common law privacy and other statutory and common laws. Since HIPAA and many of these other laws involve potential criminal as well as civil liability, organizations and leaders in covered entities generally should ensure their HIPAA and other cybersecurity compliance efforts are included in and administered according to their Federal Sentencing Guidelines Compliance program.
While it commonly is necessary or advisable to involve consulting or other technical support in the conduct of these activities, HIPAA entities should keep in mind the likelihood that their analysis and review is likely to uncover and prompt discussion of potentially legally or politically sensitive information. For this reason, HIPAA entities and their leaders generally will want to engage experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.
In planning for an implementing these procedures, Covered Entities also are reminded that the effectiveness of these efforts requires that the Covered Entities incorporate appropriate processes and policies for monitoring and investigating compliance with the policies and procedures implemented to comply with HIPAA. Conducting this monitoring and investigation by necessity is likely to involve surveillance, investigation and cooperation of employees, contractors, vendors and others for which Fair Credit Reporting Act background check notification and consent and other procedures are necessary or advisable.
Finally, HIPAA entities should keep in mind that HIPAA and other cybersecurity compliance and risk management is an ongoing process requiring constant awareness and diligence. Consequently, HIPAA entities should both monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.
For More Informational
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The $4.75 million settlement payment New York based Montefiore Medical Center is paying to settle charges by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act (HIPAA) that multiple breaches of HIPAA’s Security Rule allowed a former employee to steal and sell more than 12,000 patients’ electronic personal health care information (EPHI) warns other health care providers, health plans, health care clearinghouses and their business associates (Covered Entities) to ensure their HIPAA compliance efforts incorporate adequate safeguards to protect their organizations’ EPHI against insider theft or other misuse as well as against external actors.
HIPAA Requirement To Protect Protected Health Information
The HIPAA Privacy, Security, and Breach Notification Rules require health care providers, health plans and insurers and others take steps to protect the privacy and security of patients’ protected health information. The HIPAA Security Rule requires Covered Entities to protect electronic protected health information and other protected health information against use, access, disclosure or destruction by third parties except under the conditions allowed by HIPAA. These requirements include the requirements of the Security Rule to conduct and document comprehensive security assessments of risks to sensitive data systems, to implement and enforce detailed security safeguards to protect EPHI and the systems containing that data against these threats, to train and enforce compliance with these safeguards, and other requirements. Meanwhile, the HIPAA Breach Notification Rule requires Covered Entities to report most breaches of unsecured EPHI to individuals whose data is affected, OCR, and in the case of breaches of EPHI affecting more than 500 individuals, to the media.
Despite these Rules and the expanded audit and enforcement efforts by OCR, cybersecurity threats and breaches continue to present significant threats to the privacy and security of protected health information possessed by Covered Entities. OCR’s breach reports reflect that EPHI breaches affecting more than 500 individuals (large breaches) remain common. These breach reports reveal that more than 134 million individuals were affected by large breaches in 2023, compared to the not insignificant 55 million individuals affected in 2022. In response to this continuing threat, HHS released a Department-wide Cybersecurity strategy for the health care sector in December of 2023, and released voluntary performance goals to enhance cybersecurity across the health sector just last week. The enforcement action and settlement with Montefiore Medical Center is the latest of the growing list of investigations and resulting high dollar settlements obtained by OCR in its efforts to enhance the security of EPHI through enforcement of the Security Rule.
Montefiore Medical Center $4.75 Million Settlement
The $4.75 million monetary settlement agreement and corrective action plan resolves Montefiore Medical Center’s exposure to potentially much greater penalties that OCR could impose for multiple Security Rule violations OCR reports finding while investigating a Montefiore Medical Center data breach report of the theft and sale of personal health information by an employee.
Montefiore Medical Center learned of the data theft while investigating a report from the New York Police Department of evidence of theft of a specific patient’s medical information in 2015. The internal investigation revealed two years previously a Montefiore Medical Center employee stole the electronic records containing patient’s name, address, SSN, next of kin, and health insurance information, of 12,517 patients from its electronic medical record system and then sold patient information to an identity theft ring. OCR learned of the breach when Montefiore Medical Center filed the breach report about the theft with OCR to comply with the HIPAA Breach Notification Rule.
In accordance with its policy of investigating all breach reports involving the personal health information of more than 500 individuals (a large breach), OCR conducted an investigation of the breach reported in the Montefiore Medical Center breach notification report. According to OCR, that investigation revealed the breach and theft of the Montefiore patients’ EPHI was made possible by multiple potential violations of the HIPAA Security Rule, including failures by Montefiore Medical Center:
To analyze and identify potential risks and vulnerabilities to protected health information,
To monitor and safeguard its health information systems’ activity, and
To implement policies and procedures that record and examine activity in information systems containing or using protected health information.
OCR concluded without these safeguards in place, Montefiore Medical Center was unable to prevent the cyberattack or even detect the attack had happened until years later.
Under the terms of the settlement, Montefiore Medical Center will pay $4,750,000 to OCR and implement a corrective action plan that identifies certain steps toward protecting and securing the security of protected health information. These actions include:
Conducting an accurate and thorough assessment of the potential security risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information;
Developing a written risk management plan to address and mitigate security risks and vulnerabilities identified in the Risk Analysis;
Developing a plan to implement hardware, software, and/or other procedural mechanisms that record and examine activity in all information systems that contain or use electronic protected health information;
Reviewing and revising, if necessary, written policies and procedures to comply with the HIPAA Privacy and Security Rules;
Providing training to its workforce on HIPAA policies and procedures; and
Submit to monitoring of its compliance by OCR for two years.
Covered Entities Urged To Protect EPHI From Internal & External Security Threats
The Montefiore breach illustrates both how cyber criminals and thieves frequently target EPHI held by Covered Entities for criminal purposes and reminds Covered Entities that these breaches often are committed or facilitated by employees or other insiders of their own or a business associate’s organization. The $4,750,000 settlement paid by Montefiore Medical Center demonstrates the significant financial consequences that a Covered Entity is likely to incur if it experiences a breach as a result of its failure to adequately comply with HIPAA Security Rules from both external and internal threats.
To mitigate these risks, Covered Entities must be prepared to demonstrate their efforts to implement safeguards to mitigate or prevent cyber threats in accordance with the HIPAA Security Rule. In conducting these activities, Covered Entities should heed the clear warning from the Montefiore Medical Center breach and settlement that the Security Rule requires the protection of EPHI from a broad range of ever-evolving internal and external threats. While theft by a malicious insider definitely is one of these risks, cyberthreat and breach experiences within the health care and other industries as well as OCR’s enforcement, investigation and other guidance demonstrate that Covered Entities must be vigilant to monitor and manage a multitude of ever-changing risks. Covered Entities and their leaders must be prepared to demonstrate the adequacy of their ongoing efforts to identify and manage these risks in compliance with the Security Rule.
As part of these efforts, OCR recommends that Covered Entities HIPAA Security and other cybersecurity defenses include, but not be limited to:
Reviewing all vendor and contractor relationships to ensure business associate agreements are in place as appropriate and address breach/security incident reporting obligations.
Integrating risk analysis and risk management into business processes; and ensuring that they are conducted regularly, especially when new technologies and business operations are planned. Ensuring audit controls are in place to record and examine information system activity.
Implementing regular review of information system activity.
Utilizing multi-factor authentication to ensure only authorized users are accessing protected health information.
Encrypting protected health information to guard against unauthorized access.
Incorporating lessons learned from previous incidents into the overall security management process.
Providing training specific to organization and job responsibilities and on regular basis; and reinforcing workforce members’ critical role in protecting privacy and security.
Additionally, HIPAA entities and their leaders also should take steps to understand and fully address all other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by HIPAA. For example, health care providers, health plans and their fiduciaries, brokers, administrators and insurers also may bear responsibilities under the Employee Retirement Income Security Act fiduciary responsibility rules, the Fair and Accurate Credit Transactions Act, federal and state electronic crimes and privacy laws. Publicly traded organizations and their leaders may face responsibilities and liability under new Securities and Exchange Commission regulations. The Employee Benefit Security Administration considers managing cybersecurity risks a part of the fiduciary obligations of fiduciaries of employment-based health plans. Meanwhile, health care providers, insurance organizations and brokers, third party administrators, government contractors, attorneys and other advisors and others also may be subject to medical confidentiality and other data privacy and security obligations under federal and state electronic crimes, identity theft, ethics, professional licensure, contractual, common law privacy and other statutory and common laws.
While it commonly is necessary or advisable to involve consulting or other technical support in the conduct of these activities, HIPAA entities should keep in mind the likelihood that their analysis and review is likely to uncover and prompt discussion of potentially legally or politically sensitive information. For this reason, HIPAA entities and their leaders generally will want to engage experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.
In planning for an implementing these procedures, Covered Entities also are reminded that the effectiveness of these efforts requires that the Covered Entities incorporate appropriate processes and policies for monitoring and investigating compliance with the policies and procedures implemented to comply with HIPAA. Conducting this monitoring and investigation by necessity is likely to involve surveillance, investigation and cooperation of employees, contractors, vendors and others for which Fair Credit Reporting Act background check notification and consent and other procedures are necessary or advisable.
Finally, HIPAA entities should keep in mind that HIPAA and other cybersecurity compliance and risk management is an ongoing process requiring constant awareness and diligence. Consequently, HIPAA entities should both monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.
For More Information
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The Food and Drug Administration (“FDA” and Centers for Medicare and Medicaid Services (“CMS”) are joining forces to heighten scrutiny of diagnostic testing. As part of these efforts, the agencies are working together to expand FDA oversight of testing facilities to increase FDA regulation and oversight of tests run within a single laboratory, known as laboratory, developed tests or LDTs. The agencies claim this will promote more reliable and accurate diagnostic tests.
LDTs Defined
LDTs are in vitro diagnostic products (IVDs) that are intended for clinical use and are designed, manufactured, and used within a single clinical laboratory which meets certain laboratory requirements. Specifically, such laboratory must be certified under the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and meet the regulatory requirements under CLIA to perform high complexity testing.
IVDs are intended for use in the collection, preparation and examination of specimens taken from the human body, such as blood, saliva, or tissue. LDTs, like other IVDs, can be used to measure or detect a wide variety of substances, analytes, or markers in the human body, such as proteins, glucose, cholesterol, or DNA, to provide information about a patient’s health, including to diagnose, monitor, or determine treatment for diseases and conditions.
FDA Steps Up LDT Oversight
While LDTs generally are covered by the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and required to meet the regulatory requirements under CLIA to perform high complexity testing, the FDA since the 1970s has not enforced applicable requirements with respect to most LDTs.
The FDA now is making clear LDTs are covered by the CLiA and the FDA now will require LDT CLIA compliance in response to their increasing use and the greater risks associated with most modern LDTs compared to those associated with LDTs used decades ago.
In furtherance of this effort, on September 29, 2023, the FDA announced a proposed rule aimed at helping to ensure the safety and effectiveness of these tests. The proposed rule seeks to amend the FDA’s regulations to make explicit that IVDs are devices under the Federal Food, Drug, and Cosmetic Act, including when the manufacturer of the IVD is a laboratory. Along with this amendment, the FDA is proposing a policy under which the FDA intends to provide greater oversight of LDTs through a phaseout of its general enforcement discretion approach for most LDTs.
Today, the FDA announced it is moving forward to phase out its CLIA non enforcement policy for LDTs to provide increased FDA oversight of LDTs on January 18, 2024. See Laboratory Developed Tests (January 18, 2024).
Along with this announcement, the FDA and CNS also released the following joint statement released on January 18, 2024, attributed to Jeff Shuren, M.D., J.D., director of the FDA’s Center for Devices and Radiological Health (CDRH) and Dora Hughes, M.D., M.P.H., acting chief medical officer and acting director of the Center for Clinical Standards and Quality, Centers for Medicare & Medicaid Services (CMS)
Physicians heavily rely on laboratory tests to make critical decisions about their patients’ care—roughly 70% of healthcare decisions depend on laboratory test results according to the Centers for Disease Control and Prevention (CDC). For example, results from laboratory tests can be the sole determinant of whether a patient with cancer gets a particular therapy, potentially risking the patient’s life with an inaccurate test result. Because of the important role of laboratory tests in healthcare decisions, it is essential to ensure these tests work.
While the U.S Food and Drug Administration (FDA) actively oversees tests made outside laboratories by test manufacturers, tests m and run within a single laboratory, known as laboratory, developed tests or LDTs, are often used without such oversight. The FDA’s approach was developed half a century ago when tests made and used in single labs were generally simple, often made to address local individual needs, and mostly manufactured in small volumes. Therefore, the FDA, as a policy approach, generally did not enforce requirements for LDTs. However, since then, LDTs have evolved. Due to the increased risk to patients, it is time to reconsider this approach.
In recent decades, the FDA has identified concerns with a number of LDTs. For example, the FDA is aware of tests offered as LDTs that could have led to patients being over- or under-treated for heart disease; patients with cancer being exposed to inappropriate therapies or not getting effective therapies; and incorrect diagnoses of rare diseases, autism and Alzheimer’s Disease.1,2Other evidence, including published literature3,4,5,6,7,8 and the FDA’s experience with tests to diagnose COVID-19,9 suggests that the situation is getting worse. Therefore, in October of this year, the FDA issued a notice of proposed rulemaking to help ensure the safety and effectiveness of LDTs by phasing out the FDA’s current approach to LDTs. If finalized, LDTs would generally fall under the same enforcement approach as other tests. The Centers for Medicare & Medicaid Services (CMS) supports the FDA’s proposal.
Both CMS and the FDA believe that patients and their doctors need to know that LDTs are valid. The FDA and CMS both provide oversight to help assure the accuracy of test results, however, they have different roles. CMS regulates laboratories that perform testing on individuals in the U.S. through the Clinical Laboratory Improvement Amendments of 1988 (CLIA) by establishing quality standards for all laboratory testing to help ensure the accuracy, reliability and timeliness of patient test results. In 2013, CMS published a fact sheet on LDTs, outlining each agency’s authority and the complementary roles of the two regulatory schemes. That said, a decade later, in connection with the FDA’s notice of proposed rulemaking, we are – together – reiterating that CMS’s CLIA program is separate in scope and purpose from FDA oversight.
Some have suggested that concerns with LDTs should be addressed through expansion of CLIA. This is not the answer. As was stated in our 2015 testimony, CMS does not have the expertise to assure that tests work; the FDA does. Moreover, establishing a duplicative system for the oversight of tests by expanding CLIA would create more government bureaucracy and inconsistencies. That makes no sense.
The FDA and CMS have long stood together in mutual support of FDA oversight of the analytical and clinical validity of LDTs. LDTs play an important role in healthcare, but when they perform poorly or are not supported by science, they put patients at risk. The current approach has enabled some tests to enter the market with unfounded claims of innovation. These claims can mislead the public, undermine legitimate competition and disincentivize responsible, science-based innovation. Applying the same oversight approach to laboratories and non-laboratories that manufacture tests would better assure the safety and effectiveness of LDTs and would remove a disincentive for non-laboratory manufacturers to develop novel tests that can be available to and used by many laboratories for many patients.
We are now emerging from a global pandemic that has underscored the importance of accurate and reliable tests. Patients and providers need to have confidence that laboratory tests work. We believe the complementary FDA and CMS frameworks are both critical to assuring patients can rely on the clinical accuracy of their test results. “
Affected LDT facilities and other interested parties should follow these efforts closely for relevant developments and opportunities for comment and other input. Additionally, LDTs should move quickly to come into compliance with all applicable CLIA requirements.
For More Information
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The No Surprises Act (“NSA”) Federal Independent Dispute Resolution (“IDR”) portal now is reopened for processing all health benefit disputes covered by the NSA between health care providers, facilities, and providers of air ambulance services (“providers”), and group health plans, health insurance issuers, and Federal Employee Health Benefits Program carriers (“payers”) (collectively, “disputing parties”). The Departments of Health & Human Resources, Labor and Treasury (“Departments”) reopened the IDR Portal on December 15, 2023 for all types of NSA-covered claims including previously initiated batched disputes, new batched disputes, and new single disputes involving air ambulance services.
As part of its provisions to protect patients from “surprise bills” or out-of-network services covered bu the NSA, the NSA establishes rules and procedures for providers and payers to determine the appropriate out-of-network payment rate for out-of-network services received by patients enrolled in covered payer programs. Where payers and providers cannot agree about the appropriate payment rate using other NSA procedures, the IDR portal is the online system established under the NSA for disputing payers and health care providers arrange for a certified IDR entity to resolve disagreements about the appropriate out-of-network payment rate for items and services subject to the surprise billing protections in the NSA through a process in which the certified IDR entity reviews offers made by each disputing party along with supporting information about the dispute. Once established under the NSA, payers are required to pay providers the appropriate payment rate for the covered out-of-network services provided to the member patient and the provider is prohibited from balance billing charges in excess of the appropriate payment rate for those services. The Departments previously suspended the operation of the IDR portal earlier this year after a federal court ruled that rules adopted by the Departments implementing the NSA violated the NSA.
In connection with the reopening of the IDR Portal, the Departments also announced the following extensions of the applicable IDR deadlines for the initiation of new batched disputes and new single disputes involving air ambulance services, resubmission of disputes determined by certified IDR entities to be improperly batched, and selection or reselection of a certified IDR entity.
Parties for whom the IDR initiation deadline under applicable regulations fell on any date between August 3, 2023 and December 15, 2023 will have until the 20th business day after the Federal IDR portal reopens, which is January 16, 2024, to initiate a new batched dispute or a new single dispute involving air ambulance services. Parties for whom the IDR initiation deadline falls between December 16, 2023 and January 15, 2024 will also have until January 16, 2024 to initiate a batched or air ambulance dispute. Parties whose initiation deadline falls on January 16, 2024 or after will have the usual 4 business days after the end of the Open Negotiation Period, or if the dispute is subject to the 90-calendar-day suspension period following a payment determination, the usual 30 business day period, to initiate a batched or air ambulance dispute in the Federal IDR portal.
For batched disputes and single disputes involving air ambulance services initiated under extensions of deadlines after the Federal IDR portal reopens, the deadline for the parties to jointly select a certified IDR entity will be 10 business days after initiation.
For disputing parties that were engaged in certified IDR entity selection for batched disputes when the Federal IDR portal temporarily closed, the deadline for parties to jointly select a certified IDR entity will be 10 business days after the Federal IDR portal reopens, which is December 29, 2023.
An initiating party that has received a notification from a certified IDR entity that a dispute initiated before August 3, 2023 was improperly batched will have one opportunity to resubmit the improperly batched items and services for reconsideration within 10 business days of being notified by the certified IDR entity, provided that the initiating party’s 4-business-day period to resubmit the batched dispute expired between August 3 and August 9, 2023.
The deadline to submit fees and offers will remain 10 business days after certified IDR entity selection.
Disputing parties with batched disputes that were impacted by the temporary suspension of use of the notice of offer form will be granted an additional 10 business days to submit offers, as communicated to impacted disputing parties by email from the Federal IDR Inbox.
The deadline extensions announced December 15, 2023 supplement extensions the Departments previously announced in November, 2023. On November 22, 2023, the Departments used their statutory authority (Internal Revenue Code Section 9816(c)(9), ERISA Section 716(c)(9), and PHS Act Section 2799A-1(c)(9)) to grant extensions in the following circumstances:
Disputing parties may request additional time, beyond the current business day deadline, to respond to the certified IDR entity’s requests for additional information. The Departments instructed certified IDR entities to grant such requests through January 16, 2024.
Certified IDR entities may provide parties, upon request, an additional 10 business days after the original offer deadline to submit an offer. Certified IDR entities may provide parties this additional time, as needed, through January 16, 2024.
On November 29, 2023, the Departments also announced another extension of the timeline for disputing parties to select a certified IDR entity. Under this extension, disputing parties will have 10 business days to select a certified IDR entity for all disputes through January 16, 2024. This extension will be provided automatically and does not require a request by disputing parties.
The Departments already announced the November 22, 2023 and November 29, 2023 extensions until January 16, 2023 for new single and bundled disputes and these extensions will persist for all disputes until January 16, 2023.
In connection with their full reopening of the IDR portal, the Departments renewed prior reminders to parties accessing or using the IDR portal to clear their computer’s cache or open the Federal IDR initiation web forms in a private or incognito window to see all the new features at least once a week to ensure access to the most up-to-date version of the initiation form as the Departments continue to implement Federal IDR web forms to accommodate guidance-related and system enhancements. Users failing to follow this recommendation risk additional follow-up with certified IDR entities or system errors.
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Health care providers, health plans and health plan sponsors, and their administrative services providers should evaluate and update their billing and claims practices in response to the No Surprises Act (NSA) Independent Dispute Resolution (IDR) Administrative Fee Frequently Asked Questions (FAQs) jointly released by the Department of Health and Human Services (HHS), the Department of Labor (DOL), and the Department of the Treasury (collectively, the “Departments”) on August 11, 2023).
The No Surprises Act (NSA) established a Federal Independent Dispute Resolution (“IDR”) medical claims review process that allows out-of-network providers, facilities, and providers of air ambulance services, and group health plans, health insurance issuers in the individual and group markets, and Federal Employee Health Benefits (“FEHB”) carriers (disputing parties) to determine the out-of-network rate for out-of-network emergency services and certain items and services provided by out-of-network providers at in-network facilities and out-of-network air ambulance services.
The IDR process currently is suspended following the August 3 , 2023 ruling by the United States District Court for the Eastern District of Texas in Texas Medical Association v. United States Department of Health and Human Services, Case No. 6:23-cv-59-JDK, vacating certain portions of 45 C.F.R. § 149.510, 26 C.F.R. § 54.9816-8T, and 29 C.F.R. § 2590-716-8, which are parallel provisions governing the Federal IDR.
The Court granted summary judgement to the Texas Medical Association and other provider plaintiffs challenging these federal IDR rules for arbitration of health coverage disputes between payers and providers under the No Surprises Act. The Court agreed with the health care providers that the rules violated federal law by failing to take into account the full range of factors Congress directed be considered when enacting the IRO rules as part of the No Surprises Act.
Immediately following the Court’s entry of the order, the Departments temporarily suspended the federal IDR medical claims review process including the ability to initiate new disputes and directed certified IDR entities to pause all IDR-related activities in response an the ruling. As a result of the suspension, the Patient-Provider Dispute Resolution Portal also temporarily ceased accepting new initiated disputes.
When announcing the suspension, the they would review the court’s decision to evaluate changes to current IDR processes, templates, and system updates necessary to comply with the court’s order. The Departments said they will issue updates to these processes in the near future and will provide specific directions to certified IDR entities for resuming all IDR-related activities in a manner consistent with the court’s judgment and order “soon.” Until then, arbitration of disputes between payers and providers under covered employment based group health plans and individual and group health insurance subject to the law will be delayed.
The FAQs are not announcing the reopening of the Federal IDR portal to initiate new disputes. Accordingly, the IDR process remains in suspension pending further action by the Departments. In the meantime, however, the FAQs clarify the administrative fee amount that each disputing party will be required to pay to engage in the Federal IDR process when the IDR process suspension resumes as a result of the Texas Medical Association opinion and order.
Delay in final processing and adjudication of surprise bills resulting from the suspension of the IDR processes creates headaches and ambiguity for both providers and payers. Pending resumption of the IDR process, many payers and providers are likely to reconsider negotiated resolution of pending disputes to mitigate these effects. Whether pursuing this option during the suspension, payers and providers impacted by the USR rules will want to follow developments closely to be prepared to move forward quickly when the suspension ends. Stay tuned here for more developments.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
For More Information
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Phoenix-based nonprofit health system Banner Health and its affiliates (“Banner Health”) paid $1.25 million and agreed to take corrective actions to resolve its exposure to potentially much greater Health Insurance Portability and Accountability Act (HIPAA) Security Rule civil monetary penalty exposure for a 2016 cyber hacking breach that compromised the personal health information of 2.81 million consumers. OCR used its February 2 announcement of the Banner Health settlement to warn health care providers, health plans, health care clearinghouses (“covered entities”) and business associates covered by HIPAA to guard their own systems containing protected health information against breach by cyber hacking.
Banner Health Settlement
Banner Health is one of the largest non-profit health systems in the country, with over 50,000 employees and operating in six states. Banner Health is the largest employer in Arizona and one of the largest in northern Colorado.
In November 2016, OCR initiated an investigation of Banner Health following the receipt of a breach report stating that a threat actor had gained unauthorized access to electronic protected health information, potentially affecting millions. The hacker accessed protected health information that included patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medications, diagnoses and conditions, and health insurance information.
OCR’s investigation found evidence of long-term, pervasive noncompliance with the HIPAA Security Rule across Banner Health’s organization, a serious concern given the size of this covered entity. Organizations must be proactive in their efforts to regularly monitor system activity for hacking incidents and have measures in place to sufficiently safeguard patient information from risk across their entire network.
The potential violations OCR identified specifically included:
A lack of an analysis to determine risks and vulnerabilities of electronic protected health information across the organization;
Insufficient monitoring of its health information systems’ activity to protect against a cyber-attack;
Failure to implement an authentication process to safeguard its electronic protected health information; and
Failure to have security measures in place to protect electronic protected health information from unauthorized access when it was being transmitted electronically.
Under the Resolution Agreement and Corrective Action Plan negotiated to resolve these potential violations, Banner Health paid $1,250,000 to OCR. Banner Health also agreed to implement a corrective action plan, which identifies steps Banner Health will take to resolve these potential violations of the HIPAA Security Rule and protect the security of electronic patient health information that will be monitored for two years by OCR to ensure compliance with the HIPAA Security Rule. Under the corrective action plan, Banner has agreed to take the following steps:
Conduct an accurate and thorough risk analysis to determine risks and vulnerabilities to electronic patient/system data across the organization
Develop and implement a risk management plan to address identified risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI
Develop, implement, and distribute policies and procedures for a risk analysis and risk management plan, the regular review of activity within their information systems, an authentication process to provide safeguards to data and records, and security measures to protect electronic protected health information from unauthorized access when it is being transmitted electronically, and
Report to HHS within thirty (30) days when workforce members fail to comply with the HIPAA Security Rule.
OCR Warns Other HIPAA-Covered Entities
In the health care sector, hacking is now the greatest threat to the privacy and security of protected health information. OCR’sannouncement of the settlement reports 74 percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents.
The announcement also notesOCR offers an array of resources to help health care organizations bolster their cybersecurity posture and comply with the HIPAA Rules,
The settlement and OCR’s announcement warn other covered entities and business associates to use these and other necessary resources to protect their systems with protected health information from cyber hacking and other breaches.
In conjunction with reminding other covered entities of these resources, the settlement announcement quotes OCR Director Melanie Fontes Rainer as a warning, “Hackers continue to threaten the privacy and security of patient information held by health care organizations, including our nation’s hospitals, … It is imperative that hospitals and other covered entities and business associates be vigilant in taking robust steps to protect their systems, data, and records, and this begins with understanding their risks, and taking action to prevent, respond to and combat such cyber-attacks. … Cyber security is on all of us, and we must take steps to protect our health care systems from these attacks.”
Alerts issued by OCR regarding heightened security risks in recent months and a growing tide of highly publicized breaches send a strong warning to other covered entities and their business associates to reconfirm the adequacy of their own HIPAA privacy, security, breach notification and other procedures and protections by among other things:
Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected violations or other indicia of potential security concerns.
Tracking and reviewing on a systemized, well-documented basis actual and near-miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
Establishing and providing well-documented monitoring of compliance that includes board-level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
Establishing and providing well-documented timely investigation and redress of reported violations or other compliance concerns.
Establishing contingency plans for responding in the event of a breach.
Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.
Because of susceptibilities in systems, software and other vendors of business associates, suppliers and other third parties, covered entities and their business associates should use care to assess and manage business associate and other vendor-associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.
Beyond these HIPAA exposures, breaches and other HIPAA noncompliance carries other liability risks. Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders. For instance, the Department of Health & Human Services has warned health care providers participating in Medicare or other federal programs and Medicare Advantage health plans that HIPAA compliance is a program term of participation.
Health care providers and health insurers can face liability under state data privacy and breach, negligence or other statutory or common laws. In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards.
Health plans also face a myriad of other exposures from failing to use appropriate cyber safeguards. Plan fiduciaries of employment-based health plans covered by the Employee Retirement Income Security Act (“ERISA”) risk liability under ERISA’s fiduciary responsibility rules. The Department of Labor Employee Benefit Security Administration (“EBSA”) now audits the adequacy of the cybersecurity and other HIPAA compliance of health plans and their third-party administrators and other business associates as part of EBSA’s oversight and enforcement of ERISA. Department of Labor Assistant Secretary for EBSA Lisa Gomez confirmed audit and enforcement of cybersecurity obligations is a key priority in EBSA’s current work plan in her February 4, 2023 comments to the American Bar Association.
Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other public companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations.
Furthermore, appropriate cyber security practices also may be advisable elements for organizations to include in their Federal Sentencing Guideline Compliance Programs to mitigate potential organization liability risks under federal electronic crime and related laws.
In the face of these risks and warnings, all covered entities and their business associates should reassess and confirm the adequacy of their and their business associates’ cyber security defenses and breach response preparations.
More Information
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely-known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on health and managed care and employer benefits legal, public policy and operational concerns in the healthcare, employer benefits, and insurance and financial services industries. She speaks and publishes extensively on HIPAA and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The $6.8 million settlement paid by four pharmacies to settle False Claims Act civil claims warns other pharmacies and other health care providers against improper copayment or other cost sharing waiver, billing and referral practices.
The Department of Justice announced October 12, 2022 that DermaTran Health Solutions, LLC (“DermaTran”); Pharmacy Insurance Administrators, LLC; Legends Pharmacy; TriadRx; and the former owners of Lake Side Pharmacy and related entities, agreed to pay $6,876,564 to resolve allegations that they violated the False Claims Act by waiving copays, charging the government higher prices than permitted, and trading federal healthcare business with other pharmacies.
The government alleged that in 2012, pharmacy DermaTran opened in Rome, Georgia, for the purpose of making and selling custom “compound” pain creams. DermaTran’s owners during the relevant time include DIII Consulting, LLC; SRM Holdings, LLC; Gussenhoven Holdings, LLC; Sam Moss; and Robert Gussenhoven. At the same time, another company named Pharmacy Insurance Administrators, LLC (“PIA”), was created to handle the billing for DermaTran. During the relevant time, PIA was a subsidiary of Insurance Administrative Solutions, LLC; which was a subsidiary of Gulfcoast Administrators, LLC; which was majority-owned by Life & Health Holdings, Inc.; which was a subsidiary of State Mutual Insurance Company.
Compound pain creams were very lucrative. Government-backed health insurance programs such as TRICARE (for the military) and the Federal Employees Health Benefits Program (for federal workers) would reimburse hundreds of dollars for these prescriptions. But the government programs imposed certain restrictions to limit spending. For example, patients were required to contribute to the cost of the prescription in the form of copays. The government programs also limited payments to the “usual and customary price”—the price charged to a cash-paying, uninsured patient.
The Government alleged that DermaTran and PIA found ways to avoid these restrictions. DermaTran and PIA created a copay-waiver program where patients would have their copays waived based on a brief, unverified statement of economic need. DermaTran and PIA also misled the government programs about the price being charged to uninsured, cash-paying patients by falsely stating that that price was high when, in fact, it was only $30. As a result, there were days that veterans were charged $600+ for pain creams, while uninsured patients were charged only $30.
Eventually, various auditors uncovered these problems and began to terminate DermaTran from their networks. The Government alleged that DermaTran, looking for a way to continue to earn money, began selling its out-of-network prescriptions to other pharmacies. The other pharmacies could fill the prescriptions because they were still in network. After filling the lucrative prescriptions, the other pharmacies remitted a portion of the proceeds to DermaTran and PIA. The government alleged that this arrangement constituted an illegal kickback. The other pharmacies that participated in this prescriptions-for-money scheme included Legends Pharmacy (in Texas), Lake Side Pharmacy (in Alabama), and TriadRx (in Alabama).
This settlement resulted from a joint investigation by the U.S. Attorney’s Office for the Northern District of Georgia, the FBI, the Defense Criminal Investigative Service, the US Office of Personnel Management – Office of the Inspector General, the U.S. Postal Service – Office of Inspector General, and the Health and Human Services – Office of Inspector General.
This civil settlement resolves a lawsuit filed in the U.S. District Court for the Northern District of Georgia by a former accountant for DermaTran, under the qui tam, or whistleblower provisions, of the False Claims Act. United States ex rel. Doe v. DermaTran Health Solutions, LLC, et al., Civil Action No. 1:17-CV-1765. Under the False Claims Act, private citizens may bring suit for false claims on behalf of the United States and share in any recovery obtained by the government.
Under the settlement, PIA will contribute $6.5 million to the settlement. DermaTran is no longer operating and was sold in an arm’s-length transaction to a third-party buyer last year for the price of $40,000. That amount will be turned over to the government as part of the settlement. MLDP of Texas, LP (a/k/a “Legends Pharmacy”) will pay $59,293. TRIAD Rx, Inc. will pay $166,547. Lake Side Pharmacy is no longer in business, but former owners of Lake Side Pharmacy will pay $110,724. The former owners include Titan Medical Marketing, LLC; Donald Wayne Bogue; George Takashi Elkins; James Bernard Bogue, Jr.; Robert Joseph Puckett, Jr.; Robert Joseph Puckett, Sr.; Stephen Weston Wilson; and Charles Franklin Taylor, Jr. The whistleblower will receive $1,434,775 from the settlements. PIA will also pay her attorney’s fees.
The settlement documents the commitment of the Justice Department, the Department of Health & Human Services (“HHS”) Office of Inspector General (“OIG”) and other federal agencies to enforce the False Claims Act to recover government payments that result from improper waiver of copays, charging the government higher prices and other improper practices in violation of the False Claims Act. The agencies made a point of including their respective warnings in their announcement of the settlement.
“Health care fraud abuse like this case erodes the trust patients have in the health care system,” said Keri Farley, Special Agent in Charge of FBI Atlanta. “The FBI will not stand by when there are allegations of companies operating corporate wide schemes to illegally line their pockets.”
“Fraud through compounding pharmacies bilked billions out of TRICARE and undermined the integrity of our healthcare system designed to care for our service members and their families,” stated Cynthia Bruce, Special Agent in Charge of the Department of Defense, Office of Inspector General, Defense Criminal Investigative Service (DCIS). “I appreciate the partnership among involved law enforcement agencies and the U.S. Attorney’s Office to bring this matter to justice.”
“The OPM OIG has no tolerance for businesses that knowingly take advantage of FEHBP, violating the rules to make a profit,” said Amy K. Parker, Special Agent in Charge, OPM OIG. “I am extremely proud of the hard work of our investigators, analysts, and other law enforcement partners because overcharging the government is not a victimless crime – it contributes to higher premium prices and harms the financial integrity of the FEHBP.”
“The U.S. Postal Service, Office of Inspector General, will continue to tirelessly investigate those who commit frauds against federal benefit programs and the U.S. Postal Service. This settlement is a clear message that the USPS OIG is dedicated to rooting out corruption and bringing to justice those responsible for these crimes, said Special Agent in Charge Matthew Modafferi of the U.S. Postal Service, Office of Inspector General Northeast Area Field Office. The USPS OIG would like to thank our law enforcement partners and the Department of Justice for their efforts in this investigation”.
“Health care providers that try to boost their profits by submitting fraudulent claims to Federal health care programs threaten the integrity of those programs and drive up prices for everyone,” said Tamala E. Miles, Special Agent in Charge with the U.S. Department of Health and Human Services Office of Inspector General. “We work tirelessly alongside our law enforcement partners to protect the integrity of Federal health care programs and to ensure the appropriate use of taxpayer dollars.”
More Information
We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and managed care industry legal, public policy and operational concerns.
Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE ABOUT THIS COMMUNICATION
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Criminal inditements unsealed October 12, 2022 against a Brooklyn area doctor, three pharmacies and four employees illustrate federal authorities’ continuing war against providers for wrongfully distributing oxycodone or other controlled substances.
The 10-count indictment unsealed charges Dr. Somsri Ratanaprasatporn, her office manager Leticia Smith, pharmacists Bassam Amin, Omar Elsayed, and Yousef Ennab, Michael Kent, Anthony Mathis, and Raymond Walker with conspiracy to distribute and possess with intent to distribute oxycodone and related crimes. Smith and Kent are also charged with money laundering in connection with their alleged efforts to hide the proceeds of their illegal oxycodone distribution operation. All eight defendants were arrested this morning and are scheduled to be arraigned this afternoon before United States Magistrate Judge Robert M. Levy.
As set forth in the indictment and publicly filed documents, between December 2018 and October 2022, the defendants operated a drug distribution ring out of a medical practice on Linden Boulevard in East New York, Brooklyn. Together, they unlawfully distributed more than 11,000 prescriptions for oxycodone.
According to the unsealed inditements, the structured drug trafficking ring’s operations started in a doctor’s office and ended with more than 1.2 million dangerously addictive opioids worth $24 million supplied to the streets of New York City,. Ratanaprasatporn, a pediatrician and general practitioner, and Smith, issued the prescriptions; Amin, Ennab and Elsayed filled the prescriptions at pharmacies in Brooklyn and Staten Island, and Kent, Mathis, and Walker oversaw “crews” of sham patients who received medically unnecessary prescriptions. Together, the defendants made millions of dollars from the scheme. During the execution of a search warrant this morning, members of law enforcement recovered several hundred thousand dollars in U.S. currency from Smith’s residence. Law enforcement also recovered two handguns that Kent was observed tossing from a rear door of his residence.
The charges in the indictment are allegations, and the defendants are presumed innocent unless and until proven guilty. If convicted of the drug charges, the defendants face up to 20 years’ imprisonment. If convicted of the money laundering charges, Smith and Kent face up to 20 years’ imprisonment for each count.
Oxycodone is a highly addictive opioid used to treat severe and chronic pain conditions. Addition and other abuse often starts from medications prescribed by or otherwise made available by health care providers.
Every year, millions of Americans abuse oxycodone. Misuse of painkillers like oxycodone leads to hundreds of thousands of annual emergency room visits. More than 16,000 Americans died from prescription opioid overdoses in 2020. Oxycodone prescriptions have enormous cash value to drug dealers. For example, one oxycodone 30 mg tablet, which was the dosage prescribed in this case, can be sold by dealers on the street for between $20 and $30 in New York City.
The growing epidemic of abuse of oxycodone and other prescription pain medications have prompted federal and state authorities to partner in their fight against pain medication abuse.
The charges are the result of an ongoing Organized Crime Drug Enforcement Task Forces (OCDETF) investigation led by the United States Attorney’s Office for the Eastern District of New York and the DEA. The principal mission of the OCDETF program is to identify, disrupt, and dismantle the most serious drug trafficking, weapons trafficking, and money laundering organizations, and those primarily responsible for the nation’s illegal drug supply. OCDETF uses a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state, and local law enforcement agencies against criminal networks.
Like many other recent prosecutions, these inditements target health care providers profiting off of the illegal prescription or other distribution of oxycodine or other controlled substances.
In announcing the inditements, representatives of each participating agency reintegrated their agencies commitment to continue investigation and prosecuting health care providers improperly distributing controlled substances.
“Doctors and medical professionals have a professional obligation to do no harm, but, as alleged, the defendants callously supplied more than one million pills to traffickers for distribution, resulting in dangerous opioids flooding the streets of this district,” stated United States Attorney Peace. “Today’s charges demonstrate this Office’s continued commitment to stemming the availability of illegal drugs and holding to account those who contribute to the epic tragedy that is the opioid epidemic.”
DEA Special Agent-in-Charge Tarentino warned the “DEA and our law enforcement partners will continue to hold DEA Registrants and other medical professionals to the highest possible standards and also hold them accountable when they knowingly endanger members of the community.”
“With this multi-million-dollar criminal scheme, it’s alleged the defendants made their profits off the vulnerabilities and addictions of their customers throughout New York City. Law enforcement partnerships like those seen here today have been and continue to be an integral part of stopping the flow of highly addictive narcotics into our communities,” stated IRS-CI Special Agent-in-Charge Fattorusso.
“Today’s charges show how diverted prescription drugs still fuel the opioid epidemic in New York. The Bureau of Narcotic Enforcement remains resolute in its commitment to work together with our federal and local law enforcement partners to disrupt and dismantle the criminal organizations that abuse the public’s trust in health care practitioners to move these dangerous and addictive pills from pharmacies to our neighborhoods,” stated BNE Director Vinciguerra.
Along with vigorous investigation and enforcement of providers and others involved in illegal distribution, federal and state authorities also have worked to tighten rules, standards and records keeping requirements for the legal prescription of opioids and other narcotics by physicians and other prescribers and stepped up disciplinary investigation and enforcement of these requirements. Billing for prescriptions of opioids beyond the parameters of tightened parameters also can trigger overprescribing and other allegations. Physician and other prescribers, pharmacists and pharmacies and other health industry participants should use care to establish and ensure they and their staff meticulously follow appropriate protocols and procedures to ensure their ability to defend their handling of opioid and other narcotic painkillers.
More Information
We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and managed care industry legal, public policy and operational concerns.
Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE ABOUT THIS COMMUNICATION
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Today’s U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announcement of resolution agreements with three separate dental practices warns all health care providers, health plans and health care clearinghouses of the importance of complying with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s patient right of access and other federal and state mandates about providing patients and health plan members access to their records.
The following three resolution agreements OCR announced September 20, 2022 underscore the importance and necessity of compliance with the right of access and other HIPAA requirements:
Chicago-based Family Dental Care, P.C. (“FDC”), paid $30,000.00 to resolve potential OCR charges aiding from OCR’s investigation located in Chicago, Illinois. OCR received a complaint on August 8, 2020, alleging that FDC failed to provide a former patient with timely access to her complete medical records. The former patient requested her entire medical records in May 2020, but received only portions. The former patient filed a complaint with OCR, and during OCR’s investigation, FDC provided her with the remainder of her records in October 2020. Thus, FDC did not provide a complete copy of the records until more than five months after the request was made. OCR’s investigation determined that FDC’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision. FDC agreed to pay $30,000 and implement a corrective action plan.
Georgia based dental and orthodontics provider Great Expressions Dental Center of Georgia, P.C. (“GEDC-GA”) paid $80,000 to resolve concerns arising from OCR’s investigation of a November 2020 complaint alleging that GEDC-GA would not provide an individual with copies of her medical records because she would not pay GEDC-GA’s $170 copying fee. The individual first requested her records in November 2019, but did not receive them until February 2021, over a year later. OCR’s investigation determined that GEDC-GA’s failure to provide timely access to the requested medical records, and its practice of assessing copying fees that were not reasonable and cost-based, were potential violations of the HIPAA right of access provision. GEDC-GA agreed to pay $80,000 and implement a corrective action plan.
Las Vegas, Nevada dental practice B. Steven L. Hardy, D.D.S., LTD, doing business as Paradise Family Dental (“Paradise”) paid $25,000 to resolve potential violations uncovered after OCR investigated an October 26, 2020 complaint alleging that Paradise had failed to provide a mother with copies of her and her minor child’s protected health information. The mother submitted multiple record requests between April 11, 2020, and December 4, 2020, but Paradise did not send the records until December 31, 2020, more than eight months after her initial request. OCR’s investigation determined that Paradise’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision. Paradise agreed to pay $25,000 and implement a corrective action plan.
The three newly announced resolution agreements bring to 41 the number of resolution agreements OCR has announced since announcing its program targeting access right violations. OCR call Rosov call Riedel access violations are the most common of all reported HIPAA violations.
OCR made clear its announcements of these resolution agreements to “send an important message to dental practices of all sizes that are covered by the HIPAA Rules to ensure they are following the law,” said OCR Director Melanie Fontes Rainer. “Patients have a fundamental right under HIPAA to receive their requested medical records, in most cases, within 30 days. I hope that these actions send the message of compliance so that patients do not have to file a complaint with OCR to have their medical records requests fulfilled.”
Health care providers as well as health plans should heed thus strong warning by ensuring their compliance with the HIPAA right of access as well as other applicable rules about providing patient and plan members copies of records or other data. for healthcare providers, you can please but are not limited to State medical records, ethics, and other rules and regulations. Or health plan, the HIPAA Records access rules are in addition to the Employee Retirement Invome Security Act mandates to provide plan records when requested.
If circumstances come to light that indicate a breach of the access or any other HIPAA standards, Covered Entities also promptly should work with legal counsel timely to investigate, determine and provide any required notifications or other corrective action and document their actions to meet applicable HIPAA and other legal obligations and mitigate liability.
Of course, all HIPAA-covered entities and their leaders always must keep in mind that their responsibilities and potential liability for mishandling protected health information could extend well beyond HIPAA. In addition to the civil monetary penalties HIPAA authorizes, mishandling the collection, protection or disposal of PHI or other sensitive data also can trigger other legal exposures. For instance, as HIPAA compliance is part of the Conditions of Participation that Medicare participating Covered Entities and Medicare Advantage Plans must meet to qualify for program participation, noncompliance could trigger program exclusion, False Claims Act or related exposures. Deficiencies in security or destruction of credit card, banking or other PHI that also qualifies as personal financial information could trigger exposure under Federal Trade Commission, state identity theft and privacy or other laws. Public companies and their leaders also may need to evaluate if deficiencies in their security or destruction protocols trigger investor disclosure obligations under Securities and Exchange Commission rules or other federal or state laws. Considering these and other exposures, documented, compliance and defensibility of PHI and other sensitive information use, protection, disclosure and destruction should rank high among the priorities of all Covered Entities and their leaders.
More Information
We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and managed care industry legal, public policy and operational concerns.
Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE ABOUT THIS COMMUNICATION
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
All Medicare and Medicaid certified health care facilities, and a broad range of other employers must prepare to meet impending new federal COVID-19 vaccine mandates announced by the Biden-Harris Administration today.
According to today’s announcements all healthcare facilities participating in Medicare or Medicaid or employing 100 or more employees will be required to ensure all staff are vaccinated against COVID-19.
The Biden-Harris Administration says the new health industry COVID-19 vaccine mandates will be implemented through emergency regulations to be issued in October.
According to today’s announcement, the Centers for Medicare & Medicaid Service (“CMS”) in collaboration with the Centers for Disease Control (“CDC”) is developing an Interim Final Rule with Comment Period that will be issued in October that will extend vaccine mandates originally announced last month for all Medicare and Medicaid participating nursing home workers to include hospitals, dialysis facilities, ambulatory surgical settings, and home health agencies, among others, as a condition for participating in the Medicare and Medicaid programs. See CMS/CDC Mandating COVID Vaccination For All Nursing Home Staff.
The announcement of the vaccine mandates for healthcare workers coincides with the Biden-Harris Administration’s announcement of sweeping new vaccine mandates for all government workers, government contractors and employers employing more than 100 employees.
The two mandates will force most health care facilities to impose mask mandates for all staff in order to meet the requirement all staff be vaccinated.
CMS and CDC say the decision was based on the continued and growing spread of the virus in health care settings, especially in parts of the U.S. with higher incidence of COVID-19. They claim the action will protect patients of the 50,000 providers and over 17 million health care workers in Medicare and Medicaid certified facilities.
According to the CDC, nursing homes with an overall staff vaccination rate of 75% or lower experience higher rates of preventable COVID infection. In CMS’s review of available data, the agency is seeing lower staff vaccination rates among hospital and End Stage Renal Disease (ESRD) facilities. To combat this issue, CMS is using its authority to establish vaccine requirements for all providers and suppliers that participate in the Medicare and Medicaid programs. Vaccinations have proven to reduce the risk of severe illness and death from COVID-19 and are effective against the Delta variant.
In it’s announcement of the impending vaccination requirements, CDC urged health care facilities to prepare now to meet the new mandate in October. CMS expects certified Medicare and Medicaid facilities to act in the best interest of patients and staff by complying with new COVID-19 vaccination requirements.
CDC also urged any health care workers employed in these facilities who are not currently vaccinated are urged to begin the process immediately and facilities to use all available resources to support employee vaccinations, including employee education and clinics, as they work to meet new federal requirements.
While legal challenges to the mandate requirements are likely, most facilities that have not already adopted vaccine mandates are expected to adopt these mandates rather than risk losing eligibility for Medicare and Medicaid reimbursement and other sanctions.
Beyondprogram disqualification and attendant financial pressures, announcement of the new vaccine mandates adds vaccination to the list of safety safeguards that healthcare facilities as employers can expect to be required to enforce as part of the occupational safety rules of the Occupational Safety and Health Administration (”OSHA”).
OSHA already is sanctioning employers for violating COVID-19 related OSHA requirements. For instance, OSHA nailed Lakewood Resource and Referral Center Inc., dba Center for Education Medicine and Dentistry (CHEMED) with heavy fines for allegedly violating applicable COVID-19 safety guidelines in January, 2021.
In a July 23, 2021 citation letter, OSH proposes to fine CHEMED $273,064.00 for willfully violating OSHA by not providing a medical evaluation to determine each employee’s ability to use a N95 respirator, before the employee was fit tested or required to use the respirator in the workplace to protect against SARS-CoV-2 virus while testing suspected COVID-19 individuals.
In addition to the proposed fine, the citation also orders CHEMED to take a series of corrective actions and to post notices in the workplace informing workers of the violation.
Along with the CHEMED citation, OSH also cited a staffing agency contracted to provide nursing staffing to CHEMED, Homecare Therapies for also failing to conduct medical evaluations and fit tests. It received two violations and a proposed fine of $13,653.
In the face of these potential consequences, most covered health care facilities and other employers impacted by the mandate are likely to implement mandates unless and until these requirements are struct down by the courts or withdrawn.
Assuming the Administration follows appropriate procedures to adopt the rules, most legal commentators do not expect the legal challenges opposing the mandate orders to be successful in the courts particularly after the Supreme Court refused to overturn or hear arguments for overturning a unanimous decision of a three-judge panel of the United States Court of Appeals for the Seventh Circuit in Klassen v. Trustees of Indiana University that refused to enjoin a vaccine mandate imposed by Indiana University as a condition of student or staff in person participation in classes or other activities.
While most healthcare and other covered businesses are not expected to challenge the rules, compliance us likely to trigger backlash from some unvaccinated workers strongly opposed to becoming vaccinated. Employers may find that some employees will resign their employment or take other tactics to avoid becoming vaccinated. Even those who elect to become vaccinated to retain their employment are likely to express opposition and dissatisfaction that could create liability exposures for the employers if it becomes a basis for retaliation claim.
Employers in Texas and certain other states that have adopted rules restricting or prohibiting vaccine, mask or other mandates also may face challenges based on the state rules.
In light of these and other uncertainties and challenges, Healthcare and Other or Employers generally should seek legal advice and assistance from legal counsel experienced with the relevant health care, labor and employment, privacy and other concerns.
More Information
This article is republished by permission of the author, Cynthia Marcotte Stamer. To review the original work, see here.
Solutions Law Press, Inc. invites you to receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.
Most widely recognized for her work with health care, life sciences, insurance and data and technology organizations, she also has worked extensively with health plan and insurance, employee benefits, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders.
Ms. Stamer has extensive experience advising, representing, defending, and training domestic and international public and private business, charitable, community and governmental organizations and their leaders, employers, employee benefit plans, their fiduciaries and service providers, insurers, and others has published and spoken extensively on these concerns. As part of these involvements, she has worked, published and spoken extensively on these and other human resources, employee benefits, compensation, worker classification and other workforce and other services; insurance; health care; workers’ compensation and occupational disease; business reengineering, disaster and distress; and many other performance, risk management, compliance, public policy and regulatory affairs, and other operational concerns.
A former lead advisor to the Government of Bolivia on its pension project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.
Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member, past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.
For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com, on Facebook, on LinkedIn or Twitter or e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns.
The Centers for Medicare & Medicaid Services (CMS), in collaboration with the Centers for Disease Control and Prevention (CDC), announced today plans to mandate COVID-19 vaccination for all Medicare and Medicaid-participating nursing home staff.
The joint announcement released today states the agencies are developing an emergency regulation requiring staff vaccinations within the nation’s more than 15,000 Medicare and Medicaid-participating nursing homes.
The agencies view the new requirement as a key component of protecting the health and safety of nursing home residents and staff.
Today’s action is in keeping with CMS’s authority to establish requirements to ensure the health and safety of individuals receiving care from all providers and suppliers participating in the Medicare and Medicaid programs. About 62% of nursing home staff are currently vaccinated as of August 8 nationally, and vaccination among staff at the state level ranges from a high of 88% to a low of 44%. The emergence of the Delta variant in the United States has driven a rise in cases among nursing home residents from a low of 319 cases on June 27, to 2,696 cases on August 8, with many of the recent outbreaks occurring in facilities located in areas of the United States with the lowest staff vaccination rates.
In May, the Agency issued new regulations that require Long-Term Care (LTC) facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICFs/IID) to educate residents, clients, and staff about COVID-19 vaccination and, when available, offer a COVID-19 vaccine to these individuals. These regulations also mandate that LTC facilities report weekly COVID-19 vaccination data for residents and staff to the CDC’s National Healthcare Safety Network (NHSN).
Today’s announcement states the agencies will continue to analyze vaccination data for residents and staff from the CDC’s National Healthcare Safety Network (NHSN) data as an additional method of compliance monitoring and in keeping with current practice, as well as deploy the Quality Improvement Organizations (QIOs)—operated under the Medicare Quality Improvement Program—to educate and engage nursing homes with low rates of vaccinations.
Meanwhile, the announcement strongly encourages nursing home residents and staff members to get vaccinated as the Agency undergoes the necessary steps in the rule-making process over the course of the next several weeks. CMS expects nursing home operators to act in the best interest of residents and their staff by complying with these new rules, which the Agency expects to issue in September.
According to today’s announcement, CMS also expects nursing home operators to use all available resources to support employees in getting vaccinated, including employee education and vaccination clinics, as they work to meet this staff vaccination requirement.
More Information
This article is republished by permission of the author, Cynthia Marcotte Stamer. To review the original work, see here.
Solutions Law Press, Inc. invites you to receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.
For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com, on Facebook, on LinkedIn or Twitter or e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns.
A Virtual Summit For Texas Families & Business, Community and Government Leaders On Safely Keeping Texas Working During COVID-19 And Other Pandemics
Presented Via Facebook Live
October 8, 2020
11:00 a.m. – 1:30 p.m. Central Daylight Time
Supercharge your ability to get back to business safely during the COVID-19 and other pandemic health care emergencies by joining other business, community and government leaders online at the Kickin’ COVID-19: Reopening Texas Summit, a free virtual event scheduled on Thursday October 8, 2020 from 11:00 a.m. to 1:30 p.m. Central Daylight Time on Facebook Live.
Solutions Law Press, Inc. PROJECT COPE: COALITION ON PATIENT EMPOWERMENT is happy to join in presenting the Kickin’ COVID-19: Reopening Texas Summit on October 8, 2020 on Facebook Live from 11:00 a.m.-1:30 p.m. Central Time, a free virtual Summit to discuss and share critical tools, information and perspectives to help American citizens, businesses, schools, health care providers, government organizations and leaders and communities better understand options to safely and responsibly do business and get on with life during the COVID-19 and other pandemic outbreaks.
ABOUT THE SUMMIT
Scheduled to be broadcast live on Facebook Live at from 11:30 a.m. to 1:30 p.m. Central Time, the Summit and its resources are designed to empower and inform individuals and families, businesses, schools, churches and other communities and our government leaders about options to continue safe and responsible reopening of Texas and America.
The Summit provides a uniquely valuable opportunity to hear a panel a leading biomedical expert and a panel of other business, community and government leaders share how the COVID-19 health care emergency is affecting their operations, their experiences and strategies reopening in response to these challenges, and their perceptions about the other tools and actions that their organizations for their operations and Texas to reopen and operate safely during the COVID-19 or other pandemic outbreaks. Participants will:
Hear leading biomedical expert James Burgess objectively explain the science of COVID-19 and other pandemic risks and their management;
Hear a panel of key business, community and government leaders discuss how COVID-19 impacts their operations, their response, and their thoughts about what their organizations and Texas need to safely resume operations; and
View and explore a portable pandemic containment unit and other exhibits demonstrating science based pandemic prevention and management tools promoting safe resumption of operations;
Join the fireside chat between the panel and live audience of business, community and government leaders discuss practical challenges and opportunities for business, community and government leaders separately or collaboratively can help expedite and support the recovery of their own and other businesses, communities, people and economy from the COVID-19 and future pandemics; and
Collaborate with other business, government and community leaders on reopening and keeping our businesses, governments, communities and economies open and thriving despite the COVID-19 or another pandemic.
Confirmed panelists include:
Biomedical engineer James Burgess, Chief Executive Officer, American Biomedical Group, Inc.
Susan Fletcher, Collin County Commissioner, Precinct 1; Gubernatorial Appointee TCDRS
George C. Fuller, Owner The Guitar Center and The Sanctuary Music & Events Center; Mayor of McKinney, Texas
Traci Mayer, Executive Director, Hotel Association of North Texas
Pam Minick, Executive Vice President of Marketing, Billy Bob’s Texas
Michael Simmons, CISSP, CISM, CISA, CRISC, Managing Director – Technology, Chief Information Security Officer, Southwest Airlines
Cynthia Marcotte Stamer, Executive Director, Project COPE Coalition; Managing Shareholder, Cynthia Marcotte Stamer, P.C.; Vice Chair, American Bar Association International Section Life Sciences & Health Committee and Tort & Insurance Practice Section Medicine & Law Committee
Sean Terry, Chief Operating Officer, Centurion American Development Group; Mayor, City of Celina, Texas; past president of the North Texas Mayors Association
TOUR PANDEMIC MANAGEMENT RESOURCES IN VIRTUAL EXHIBIT HALL
Along with this valuable opportunity to participate in the Summit, participants also can tour the Summit’s Virtual Event Hall of information and exhibits collected as resources for helping to cope with COVID-19 and prepare for future pandemic threats.
The Summit has been organized through a collaboration of business, community and government leaders, who are volunteering their time and resources to share information and discussions they hope will support the continued responsible and safe reopening and continued resumption of operations and life in Texas and across the Nation despite the continued COVID-19 or other pandemic outbreaks. The Solutions Law Press, Inc. is proud to support this effort as part of its PROJECT COPE: Coalition on Patient Empowerment initiatives.
President Trump has appointed Eric D. Hargan Acting Secretary of the U.S. Department of Health and Human Services (HHS).
Hargan, who was just sworn into office as Deputy Secretary of HHS on Oct. 6, 2017, takes over the duties of former Secretary Dr. Tom Price, who recently resigned in response to criticism about his expenditures for charter flights.
Before joining HHS, Mr. Hargan was an attorney, most recently a shareholder in Greenberg Traurig’s Chicago office in the Health and FDA Business department, where he focused his practice on transactions, healthcare regulations and government relations. He represented investors, companies, and individuals in healthcare investments and issues across the entire sector.
From 2003 to 2007, Mr. Hargan served at HHS in a variety of capacities, ultimately holding the position of Acting Deputy Secretary. During his tenure at HHS, Mr. Hargan also served as the Department’s Regulatory Policy Officer, overseeing the development and approval of all HHS, CMS, and FDA regulations and significant guidances.
Prior to this role, he served HHS as Deputy General Counsel. More recently, he was tapped by Governor Bruce Rauner to serve during transition as lead co-chair for Gov. Rauner’s Healthcare and Human Services committee.
During his time in Illinois, Mr. Hargan taught at Loyola Law School in Chicago, focusing on administrative law and healthcare regulations. He was a member of the U.S. government team at the inaugural U.S.-China Strategic Economic Dialogue in Beijing in 2006-2007, worked with the State Department’s Bureau of Arms Control to advance biosecurity in developing nations, and initiated and led the HHS team that developed the first responses to international food safety and importation issues in 2007.
He received his B.A. cum laude from Harvard University, and his J.D. from Columbia University Law School, where he was Senior Editor of the Columbia Law Review. Mr. Hargan also received a Certificate in International Law from the Parker School of Foreign and Comparative Law at Columbia University.
Before returning to Washington, D.C., Mr. Hargan lived in the suburbs of Chicago with his wife, Emily, and their two sons.
About The Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
Ms. Stamer works with health industry and related businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management, disaster and other crisis preparedness and response, and other performance and operations management and compliance. Her experienced includes career long involvement in advising and defending health industry and other organizations about disaster and other crisis preparation, response and mitigation arising from natural and man-made disasters, government enforcement, financial distress, workplace emergencies and accidents, data breach and other cybersecurity and other events. For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and publisher disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
A Centers for Medicare and Medicaid Services (CMS) proposed rule scheduled for publication in the August 18, 2017 Federal Register will propose to reduce the number of mandatory geographic areas for the joint bundled payment program and cancel the cardiac bundled payment program model for determining reimbursement of providers for care under Medicare as well as make other refinements to the bundled payment program scheduled to take effect in January.
Widely criticized by many providers including department of Health and Human Services Secretary Dr. Tom Price, the mandatory bundled payment program presently is scheduled to take effect in January, 2018 after multiple delays.
According to the advanced copy of the proposed rule released by CMS on August 15, 2017, the proposed rule will propose among other things the following changes to the bundled payment program:
Cancel the Episode Payment Models (EPMs) and Cardiac Rehabilitation (CR) incentive payment model and rescind the regulations governing these models;
Revise certain aspects of the Comprehensive Care for Joint Replacement (CJR) model, including: giving certain hospitals selected for participation in the CJR model a one-time option to choose whether to continue their participation in the model;
Make technical refinements and clarifications for certain payment, reconciliation and quality provisions; and
Increase the pool of eligible clinicians that qualify as affiliated practitioners under the Advanced Alternative Payment Model (APM) track.
Healthcare providers and others interested in the proposed changes should carefully review the proposed changes and provide feedback as soon as possible and no later than the October 17, 2017 deadline the proposed regulation sets for submitting comments.
About The Author
The author of this update, attorney Cynthia Marcotte Stamer, is AV-Preeminent (the highest) rated attorney repeatedly recognized for her nearly 30 years of experience and knowledge representing and advising healthcare, health plan and other health industry and others on these and other regulatory, workforce, risk management, technology, public policy and operations matters as a Martindale-Hubble as a “LEGAL LEADER™” and “Texas Top Rated Lawyer” in Health Care Law, Labor and Employment Law, and Business & Commercial Law and among the “Best Lawyers In Dallas” by D Magazine.
An American Bar Foundation, American College of Employee Benefits Counsel, and Texas Bar Foundation Fellow, current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, former scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and JCEB Council Representative, former Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, the former Board President and Treasurer of the Richardson Development Center for Children Early Childhood Intervention Agency, and past Board Compliance Chair of the National Kidney Foundation of North Texas, and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer’s health industry experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management and a broad range of other legal and operational concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.
You can get more information about her health industry experience here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.
About Solutions Law Press Inc.™
Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.
If you found these updates of interest, you may be interested in other recent Solutions Law Press, Inc. updates, publications, training program, advocacy and other initiatives available here.
Go here to register to receive other Solutions Law Press, Inc. updates and announcements about other upcoming briefings, training or other programs, products, services, and activities or to learn more about Solutions Law Press, Inc., its publications, programs and training, PROJECT COPE: Coalition on Patient Empowerment community service and education projects, event management and other resources and services.
For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
The Quality Payment Program Hardship Exception Application for the 2017 transition year now is available on the Quality Payment Program website.
MIPS eligible clinicians and groups may qualify for a reweighting of their Advancing Care Information performance category score to 0% of the final score, and can submit a hardship exception application, for one of the following specified reasons:
Insufficient internet connectivity
Extreme and uncontrollable circumstances
Lack of control over the availability of Certified EHR Technology (CEHRT).
Some MIPS eligible clinicians who are considered Special Status, will be automatically reweighted (or, exempted in the case of MIPS eligible clinicians participating in a MIPS APM), do not need to submit a Quality Payment Program Hardship Exception Application. In addition to submitting an application via the Quality Payment Program website, clinicians also may contact the Quality Payment Program Service Center and work with a representative to verbally submit an application.
To submit an application, a physician or other applying clinician will need:
The Taxpayer Identification Number (TIN) for group applications or National Provider Identifier (NPI) for individual applications;
Contact information for the person working on behalf of the individual clinician or group, including first and last name, e-mail address, and telephone number; and
Selection of hardship exception category (listed above) and supplemental information.
Applicants for a hardship exception based on the Extreme and Uncontrollable Circumstance category, also must select one of the following and provide a start and end date of when the circumstance occurred:
Disaster (e.g., a natural disaster in which the CEHRT was damaged or destroyed);
Practice or hospital closure;
Severe financial distress (bankruptcy or debt restructuring);
EHR certification/vendor issues (CEHRT issues)
Once an application is submitted, CMS will send the applicant a confirmation email acknowledging receipt of the application and when it is pending, approved, or dismissed. Applications will be processed on a rolling basis.
Physician and other clinicians or practices interested in pursuing an exemption should act promptly.
About The Author
Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent (Top 1%) rated practicing attorney and management consultant, health industry public policy advocate, widely published author and lecturer, recognized for her nearly 30 years’ of work on health industry and other privacy and data security and other health care, health benefit, health policy and regulatory affairs and other health industry legal and operational as a LexisNexis® Martindale-Hubbell® “LEGAL LEADER™ and “Top Rated Lawyer,” in Health Care Law and Labor and Employment Law; a D Magazine “Best Lawyers In Dallas” in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law,” a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel.
Technical advisor to the National Physicians Council for Healthcare Policy, Vice President of the North Texas Healthcare Professionals Association, American Bar Association (ABA) International Life Sciences Committee Vice Chair, Policy; Scribe for ABA JCEB annual agency meeting with OCR, Ms. Stamer is well-known for her extensive work and leadership throughout her career on healthcare and health policy, regulatory, operations and other industry topics. Her clients include public and private healthcare systems, hospitals and other healthcare facilities, health care providers, health insurers, health plans, employers, health and other technology and other vendors, communities and others.
In addition to representing and advising these organizations, she also speaks extensively and conducts training on health care and other privacy and data security and many other matters.
Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other health care and other professional and civic organizations. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.
Memorial Healthcare Systems (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The nonprofit corporation which operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities throughout the South Florida area with affiliated physician offices through an Organized Health Care Arrangement (OHCA) also agreed to implement a robust corrective action plan as part of the Resolution Agreement.
The MHS Resolution sends a strong message to all health care providers, health plans health care clearinghouses (Covered Entities) and their business associates that simply adopting HIPAA policies alone is insufficient to avoid getting nailed by OCR under HIPAA; Covered Entities and their business associates also must implement, audit and enforce those policies.
The MHS Resolution Agreement resulted from an investigation initiated by the HHS Office for Civil Rights (OCR) after MHS reported to OCR that protected health information (PHI) of 115,143 individuals had been impermissibly accessed by its employees and impermissibly disclosed to affiliated physician office staff. This information consisted of the affected individuals’ names, dates of birth, and social security numbers. The login credentials of a former employee of an affiliated physician’s office had been used to access the ePHI maintained by MHS on a daily basis without detection from April 2011 to April 2012, affecting 80,000 individuals.
The investigation revealed that although MHS had workforce access policies and procedures in place, MHS failed to implement procedures with respect to reviewing, modifying and/or terminating users’ right of access, as required by the HIPAA Rules. Further, MHS failed to regularly review records of information system activity on applications that maintain electronic protected health information by workforce users and users at affiliated physician practices, despite having identified this risk on several risk analyses conducted by MHS from 2007 to 2012.
MHS’ failure to follow through to implement the controls required by its policies and audit and enforce compliance with HIPAA and its HIPAA policies was a costly mistake. Other Covered Entities should heed MHS’ painful lesson and take documented steps to ensure its HIPAA policies not only are adopted, but also implemented and monitored and audited for compliance.
Health care providers, health plans, healthcare clearinghouses (covered entities) and their business associates should reevaluate the adequacy of their practices and procedures for the protection of electronic protected health information (ePHI) on or accessible through laptops or other mobile devices in light of the $2.75 million penalty and other schooling the Department of Health and Human Services Office for Civil Rights (OCR) just gave the University of Mississippi (UM) Medical Center (UMMC) documented in a July 7, 2016 Resolution Agreement and Corrective Action Plan (Resolution Agreement) resolving OCR charges of multiple violations of the privacy, security and breach notification requirements of the Health Insurance Portability and Accountability Act (HIPAA) OCR says it uncovered while investigating UMMC’s breach notification report to OCR of the loss a laptop containing 328 files containing the ePHI of an estimated 10,000 patients.
UMMC Report of Missing Laptop Leads To Multiple Charges & Resolution Agreement
Mississippi’s sole public academic health science center, UMMC provides patient care in four specialized hospitals on the Jackson campus and at clinics throughout Jackson and the State as well as conducts medical education and research functions. Its designated health care component, UMMC, includes University Hospital, the site of the breach in this case, located on the main UMMC campus in Jackson.
The settlement agreed to by UMMC stems from charges resulting from an OCR investigation of UMMC triggered by a breach of unsecured electronic protected health information (“ePHI”) affecting approximately 10,000 individuals.
Like many prior resolution agreements previously announced by OCR, UMMC’s HIPAA woes came to light after a laptop went missing. OCR learned of the breach and opened its investigation in response to a March 21, 2013 notification UMMC filed with OCR. UMMC made the breach notification to comply with HIPAA’s Breach Notification Rule requirement that health care providers, health plans and healthcare clearinghouses (Covered Entities) timely notify affected individuals, OCR and others of breaches of unsecured ePHI.
UMMC’s breach notification disclosed that UMMC’s privacy officer had discovered a password-protected laptop containing ePHI of thousands of UMMC patients missing from UMMC’s Medical Intensive Care Unit (MICU). UMMC additionally reported that based on its investigation, UMMC believed that the missing laptop likely was stolen by a visitor to the MICU who had inquired about borrowing one of the laptops.
After discovering the loss, UMMC disclosed the breach to local media and on its website and notified OCR of the breach but apparently did not individually notify the subjects of the missing ePHI.
In keeping with its announced policy of investigating all breach reports impacting 500 or more individuals, OCR opened an investigation into UMMC’s breach report. Based on this investigation, OCR concluded that while the laptop apparently was password protected, UMMC had breached the Security Rules because ePHI stored on a UMMC network drive was vulnerable to unauthorized access via UMMC’s wireless network because users could use a generic username and password to access an active directory containing 67,000 files including 328 files containing the ePHI of an estimated 10,000 patients.
While OCR’s investigation confirmed that UMMC had implemented policies and procedures pursuant to the HIPAA Rules, OCR’s additionally found that the theft of the laptop that prompted UMMC’s breach report resulted from broad deficiencies in UMMC’s implementation and administration of these policies and its practices.
Based on these findings, OCR charged UMMC with the following HIPAA violations:
From the compliance date of the Security Rule, April 20, 2005, through the settlement date, UMMC violated 45 C.F.R. §164.308(a)(1)(i) by failing to implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of the ePHI it holds, and implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level;
From January 19, 2013, until March 1, 2014, UMMC violated 45 C.F.R. §164.310(c) by failing to implement physical safeguards for all workstations that access ePHI to restrict access to authorized users;
From the compliance date of the Security Rule, April 20, 2005, to March 14, 2013, UM violated 45 C.F.R. § 164.312 (a)(2)(i) by failing to assign a unique user name and/or number for identifying and tracking user identity in information systems containing ePHI including, for example, allowing workforce members to access ePHI on a shared department network drive through a generic account, preventing UMMC from tracking which specific users were accessing ePHI; and
While UMMC provided notification on UMMC’s website and in local media outlets following the discovery of the reported breach of unsecured ePHI,, UMMC violated the Breach Notification Rule by failing to notify each individual whose unsecured ePHI was reasonably believed to have been accessed, acquired, used, or disclosed as a result of the breach.
Finally, OCR determined that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet took no significant risk management activity until after the breach, due largely to organizational deficiencies and insufficient institutional oversight.
To resolve these charges, UMMC agrees in the Resolution Agreement to pay OCR $2.75 million and implement a comprehensive compliance plan which among other things, requires UMMC to conduct a sweeping review and correct its HIPAA privacy, security and breach notification policies and their implementation and administration to comply with HIPAA as well as implement and administer detailed management and OCR oversight and reporting processes over the implementation and administration of these procedures.
Lessons For Other Covered Entities From UMMC Resolution Agreement
The UMMC charges and Resolution Agreement contains several key lessons for other covered entities and their business associates, which OCR’s July 21, 2016 announcement warns other covered entities and business associates to heed..
Certainly, the $2.75 million settlement amount reaffirms that covered entities and their business associates risk substantial liability for failing to properly assess and protect the security of ePHI in accordance with HIPAA’s Privacy and Security Rule.
Furthermore, the charges and Resolution Agreement also adds a new twist to OCR’s now well established to stiffly sanction covered entities and their business associates that fail appropriately assess and address risks to the security of their ePHI on or accessible from laptops or other mobile devices. Through previous resolution agreements and guidance, OCR has made clear that it interprets the HIPAA Security Rule as generally requiring that covered entities and business associates encrypt all laptops or other mobile devices containing ePHI. The UMMC charges and Resolution Agreement makes clear that the responsibility to protect ePHI on or accessible through laptops or other mobile devices does not end with encryption. Rather, the Resolution Agreement makes clear that covered entities and their business associates also must take appropriate, well-documented steps to monitor, assess, identify, and timely and effectively address other potential risks to the security of the ePHI.
The Resolution Agreement makes clear that these additional responsibilities include, but are not necessarily limited to ensuring that proper safeguards are implemented and enforced to secure access not only to the ePHI contained on the laptop as well as other data bases and systems containing ePHI accessible through the laptop. In this respect, the Resolution Agreement particularly highlights the need for covered entities and their business associates to assess risks and take appropriate steps:
To safeguard the physical security of laptops and other mobile devices;
To prevent the use of generic or other unsecure passwords to access ePHI on or accessible through the laptop or other mobile device;
To establish and administer appropriate, well-documented processes for assessing and addressing the adequacy of safeguards for and potential threats to the security of ePHI both initially and on an ongoing basis in a manner that meaningfully assesses the actual risks and effectiveness of safeguards against these risks, including those resulting from nonadherence to required safeguards and practices such as the sharing of passwords, changing systems or circumstances, and other developments that potentially threaten the adequacy of ePHI security.
Furthermore, OCR’s July 21, 2016 press release concerning the Resolution Agreement also sends a clear message to all covered entities and business associates that OCR views HIPAA as requiring organizations not only to adopt written policies and procedures that comply on paper or in theory with HIPAA, but also to take steps to monitor and maintain the effectiveness of their safeguard by continuously assessing and monitoring their HIPAA risks and acting as necessary to ensure that required safeguards of protected health information and ePHI and other HIPAA requirements are effectively implemented and administered in operation as well as form.
In OCR’s Press Release announcing the Resolution Agreement, OCR Director Jocelyn Samuels. Stated, “We at OCR remain particularly concerned with unaddressed risks that may lead to impermissible access to ePHI.” She also warned “In addition to identifying risks and vulnerabilities to their ePHI, entities must also implement reasonable and appropriate safeguards to address them within an appropriate time frame.”
Additionally, the Resolution Agreement also illustrates need for covered entities and business associates to timely provide all individual and other notifications and otherwise fully comply with all requirements of the Breach Notification Rules.
Since the risk of a breach is ever-present even for Covered Entities and business associates exercising the highest degree of care to safeguard PHI and maintain compliance with HIPAA, Covered Entities and business associates are wise to take steps to position themselves to be able to demonstrate the adequacy of both their written policies and procedures and the effectiveness of their implementation and enforcement including ongoing documented practices for assessing, monitoring and addressing security risks and other compliance concerns as well as prepare to comply with the breach notification requirements in the event they experience their own breach of unsecured ePHI.
About The Author
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, former scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and JCEB Council Representative, former Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, the former Board President and Treasurer of the Richardson Development Center for Children Early Childhood Intervention Agency, and past Board Compliance Chair of the National Kidney Foundation of North Texas, and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, the author of this update, attorney Cynthia Marcotte Stamer, is AV-Preeminent (the highest) rated attorney repeatedly recognized for her nearly 30 years of experience and knowledge representing and advising healthcare, health plan and other health industry and others on these and other regulatory, workforce, risk management, technology, public policy and operations matters as a Martindale-Hubble as a “LEGAL LEADER™” and “Texas Top Rated Lawyer” in Health Care Law, Labor and Employment Law, and Business & Commercial Law and among the “Best Lawyers In Dallas” by D Magazine.
Ms. Stamer’s health industry experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
Ms. Stamer also is known for her experience in HIPAA and other privacy and data security and breach concerns. The scribe for ABA JCEB annual agency meeting with OCR for many years, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.
You can get more information about her health industry experience here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.
About Solutions Law Press Inc.™
Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.
If you found these updates of interest, you may be interested in other recent Solutions Law Press, Inc. updates like the following:
Go hereto register to receive other Solutions Law Press, Inc. updates and announcements about other upcoming briefings, training or other programs, products, services, and activities or to learn more about Solutions Law Press, Inc., its publications, programs and training, PROJECT COPE: Coalition on Patient Empowerment community service and education projects, event management and other resources and services.
For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Healthcare providers, health plans, healthcare clearinghouses (Covered Entities) and their business associates should verify that their copying charges and other policies and practices for responding to requests of individuals for copies and other access to protected health information (PHI) comply with the Privacy and Security Rules (Privacy Rule) of the Health Insurance Portability & Accountability Act of 1996 (HIPAA) as construed in a new Frequently Asked Question (FAQ published May 24, 2016 as follow up to two other sets of guidance about HIPAA assess rights published by the Department of Health & Human Services Office of Civil Rights (OCR) since January, 2016.
New OCR Guidance Sheds New Light On HIPAA Access Rule Requirements
The OCR FAQ titled New Clarification – Up to $6.50 Flat Rate Option published May 24, 2016 is the third in a series of guidance materials OCR discussing OCR’s interpretation of individuals’ core right under HIPAA to access and obtain a copy of their PHI from Covered Entities since January, 2016 (the “Access Rule”). With OCR Enforcement Data already showing Access Rule violations among the top 5 issues in cases investigated by OCR every year since HIPAA took effect in 2003, Covered Entities can expect OCR to include Access Rule violations among the Privacy Rule violations OCR likely will target as it continues to ramp up its HIPAA audit, investigation and enforcement efforts.
As part of its sweeping requirements concerning the use, access, protection and disclosure of PHI, the Access Rule provisions of the Privacy Rule generally require Covered Entities to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more “designated record sets” maintained by or for the Covered Entity or its business associate. This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the Covered Entity to transmit a copy to a designated person or entity of the individual’s choice as long as the Covered Entity or a business associate on its behalf maintains the PHI, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the Covered Entity, another provider, the patient, etc.).
With its publication of the New Clarification FAQ on May 24, 2016, OCR now has published three pieces of guidance (the Access Guidance) about its interpretation of the Access Rule since January, 2016 that it hopes will promote greater understanding of and compliance with the Access Rule by Covered Entities:
In January, OCR published a comprehensive Fact Sheet (Fact Sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient;
On March 1, OCR published a second set of FAQs accessible here addressing when Covered Entities may charge individuals to provide requested copies of their PHI, how Covered Entities must calculate these fees, when Covered Entities must send an individual’s PHI to a third party designated by the individual in its request for copies, and other issues relating to access rights guaranteed by the Privacy Rule; and
Collectively, the Access Guidance addresses a broad range of questions and issues about the responsibilities of Covered Entities under the Access Rule including what PHI Covered Entities must provide as well as detailed guidance about when and how much Covered Entities can charge individuals for requested copies of their PHI or summaries of their PHI. Since the OCR Access Guidance may restrict the charge that health care providers or other Covered Entities can charge for copies or other access more than applicable state law rules, Covered Entities need to verify their practices comply with OCR’s Access Guidance in addition to any applicable state law rules. The Access Guidance makes clear that OCR expects Covered Entities and their business associates to ensure that their charges for copying or providing other access to PHI guaranteed by the Privacy Rule complies with this Access Guidance even if that practice does not violate applicable state law.
Are You Charging Too Much? Charges For Copies of PHI Must Meet OCR Privacy Rule Guidance
Concerning charges for copies of PHI requested by an individual, Privacy Rule § 164.524(c)(4) permits a Covered Entity to impose a reasonable, cost-based fee if the individual requests a copy of the PHI (or agrees to receive a summary or explanation of the information) provided that the Covered Entity properly and timely notifies the individual of the cost and properly determines the cost in accordance with OCR guidance.
Many physicians or other health care providers that use electronic health records (EHRs) certified to allow individuals to access their PHI in the system may be unaware that OCR views the availability of electronic access from the EHR affects the health care provider’s ability to charge for copies of requested PHI. OCR’s position is that the Privacy Rule prohibits a Covered Entity from charging an individual for requested copies of PHI when the request is fulfilled by the individual accessing the requested PHI using the View, Download, and Transmit functionality of the provider’s certified electronic health record.
Assuming the request for access or copies is not fulfilled through download from an HER, the Access Guidance indicates q Covered Entity must use one of three potentially applicable OCR-approved methods to calculate the fee the Covered Entity charges an individual for copies of PHI or an agreed upon summary provided that the method used takes into account only labor costs for copying or producing an agreed upon summary as defined by OCR.:
The “Actual Cost” Method;
The “Average Cost” Method; or
For electronic copies of PHI maintained electronically, the “Flat Fee” Method.
Charging a flat fee not to exceed $6.50 is an option available to those entities that do not want to go through the process of calculating actual or average costs for requests for electronic copies of PHI under either the Actual Cost or Average Cost Methods. However, by its terms, the “Flat Fee” Method is only an allowable for Covered Entities to use to avoid calculating actual or average allowable costs when a Covered Entity is providing electronic copies of PHI maintained electronically (and presumably when the access request is not fulfilled through download from an EHR). When applicable, the Flat Fee Method allows a Covered Entity to charge a flat fee for all requests for electronic copies of PHI maintained electronically, provided the fee does not exceed $6.50, inclusive of all labor, supplies, and any applicable postage. The New Clarification – Up to $6.50 Flat Rate Option clarifies that use of the Flat Rate Method is permitted not required when a Covered Entity provides copies of PHI maintained electronically other through download directly from a certified EHR. Covered Entities that wish to charge more than the $6.50 flat rate allowed under the Flat Rate Option retain the right, if the facts and evidence warrant, to use either the Actual Cost Method or Average Cost Method to calculate the fee for providing electronic records electronically within the boundaries of what is permissible under the Privacy Rule.
Where the Flat Fee Method is inapplicable or the Covered Entity elects not to use it, the Covered Entity must use either the Actual Cost Method or the Average Cost Method to calculate the fee in accordance with OCR’s rules.
Under the “Actual Cost Method,” a Covered Entity may calculate actual labor costs to fulfill the request, as long as the labor included is only for copying (and/or creating a summary or explanation if the individual chooses to receive a summary or explanation) and the labor rates used are reasonable for such activity. The Covered Entity may add to the actual labor costs any applicable supply (e.g., paper, or CD or USB drive) or postage costs. Covered Entities that charge individuals actual costs based on each individual access request still must be prepared to inform individuals in advance of the approximate fee that may be charged for providing the individual with a copy of her PHI. An example of an actual labor cost calculation would be to time how long it takes for the workforce member of the Covered Entity (or business associate) to make and send the copy in the form and format and manner requested or agreed to by the individual and multiply the time by the reasonable hourly rate of the person copying and sending the PHI. What is reasonable for purposes of an hourly rate will vary depending on the level of skill needed to create and transmit the copy in the manner requested or agreed to by the individual (e.g., administrative level labor to make and mail a paper copy versus more technical skill needed to convert and transmit the PHI in a particular electronic format);
Under the “Average Cost” Method, in lieu of calculating labor costs individually for each request, a Covered Entity can develop a schedule of costs for labor based on average labor costs to fulfill standard types of access requests, as long as the types of labor costs included are the ones which the Privacy Rule permits to be included in a fee (e.g., labor costs for copying but not for search and retrieval) and are reasonable. Covered Entities may add to that amount any applicable supply (e.g., paper, or CD or USB drive) or postage costs. This standard rate can be calculated and charged as a per page fee only in cases where the PHI requested is maintained in paper form and the individual requests a paper copy of the PHI or asks that the paper PHI be scanned into an electronic format. However OCR’s guidance states that OCR does not consider per page fees for copies of PHI maintained electronically to be reasonable for purposes of 45 CFR 164.524(c)(4);
Whether using the Actual Cost Method or the Average Cost Method, a Covered Entity must only take into account only “reasonable labor costs associated only with the: (1) labor for copying the PHI requested by the individual, whether in paper or electronic form; and (2) labor to prepare an explanation or summary of the PHI, if the individual in advance both chooses to receive an explanation or summary and agrees to the fee that may be charged.
OCR’s guidance makes clear that the reasonability of the charges for labor must reflect the technology available for providing this access. In this respect, OCR’s guidance states that a Covered Entity cannot charge a fee under HIPAA for individuals to access the PHI from a health care provider’s EHR technology that has been certified as being capable of making the PHI accessible. OCR’s position is that where a Covered Entity fulfills an individual’s HIPAA access request by allowing the individual to access the requested PHI using the View, Download, and Transmit functionality of the provider’s certified electronic health record (CEHRT), an individual requests or agrees to access her PHI available through the View, Download, and Transmit functionality of the CEHRT, there are no labor costs and no costs for supplies to enable such access.
To the extent that access is not provided through an CEHRT, the fee a Covered Entity charges an individual to provide copies of requested PHI or an agreed upon summary may include only the cost of:
Copying the PHI; and
Preparation of an explanation or summary of the PHI, if agreed to by the individual.
As interpreted by OCR, labor for copying includes only labor for creating and delivering the electronic or paper copy in the form and format requested or agreed upon by the individual, once the PHI that is responsive to the request has been identified, retrieved or collected, compiled and/or collated, and is ready to be copied. For example, labor for copying may include labor associated with the following, as necessary to copy and deliver the PHI in the form and format and manner requested or agreed to by the individual:
Labor for copying the PHI requested by the individual, whether in paper or electronic form;
Supplies for creating the paper copy or electronic media (e.g., CD or USB drive) if the individual requests that the electronic copy be provided on portable media;
Postage, when the individual requests that the copy, or the summary or explanation, be mailed; and
Creating and executing a mailing or e-mail with the responsive PHI.
See 45 CFR 164.524(c)(4).
The Access Guidance states the fee may not include costs associated with verification; documentation; searching for and retrieving the PHI; maintaining systems; recouping capital for data access, storage, or infrastructure; outsourcing the function of responding to individual requests for PHI copies or other costs not listed above even if such costs are authorized by State law. See 45 CFR 164.524(c)(4).
Of course, in any case, OCR’s guidance makes clear that regardless of how a entity chooses to calculate its fee to copy PHI, the Privacy Rule requires that the Covered Entity inform the requesting individual in advance of the approximate fee that may be charged for providing the copy requested and otherwise comply with the Privacy Rule as interpreted by OCR’s latest guidance concerning providing individuals access to PHI and other requirements.
Beyond operationally complying with the Access Guidance, Covered Entities and their business associates generally will want to update their policies, practices and training to position themselves to defend their calculation of any charges made for copies provided in response to a request for access protected by the Privacy Rule and other compliance with the requirements of that rule and the otherwise applicable provisions of HIPAA as well as include monitoring and enforcement of these requirements as part of their ongoing HIPAA compliance efforts.
These and other HIPAA compliance efforts are particularly critical in light of the expanding audit, investigation and enforcement activities of OCR under the Privacy Rule. OCR’s publication of the Access Guidance coincides with a surge in OCR’s HIPAA audit, investigation and enforcement activities.
OCR’s publication of the new Access Guidance comes as OCR is ramping up its interpretation, oversight and enforcement of HIPAA generally. See, Brace For OCR HIPAA Audits & Enforcement; Update Privacy Practices For New OCR HIPAA Enforcement, Security & Records Access Guidance. While continuing to offer guidance like the Access Guidance and other tools to encourage and help Covered Entities and their business to understand and comply with the Privacy Rule, OCR also increasingly now uses the expanded penalties and authority created by the HITECH Act to punish Covered Entities for violating Privacy Rule requirements. HITECH Act amendments, among other things, broadened the duties of OCR to audit, investigate and sanction HIPAA violations as well as tightened various requirements of the Privacy Rules.
The risks to Covered Entities from violating the Privacy Rules are significant and growing. Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities and their business associates face heightened risks that violations of HIPAA will trigger liability to pay a Civil Monetary Penalty (CMP) to OCR or other sanctions. The two, multimillion dollar CMPs now imposed by OCR against two different Covered Entities caught violating the Privacy Rules only reflect a small part of OCR’s CMP enforcement. Equally or perhaps more significant are the growing stream of high dollar settlement payments that an ever-growing list of Covered Entities to resolve OCR Privacy Rule violation charges that otherwise also might result in OCR’s assessment of a CMP against them. See, e.g. $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use; Provider Pays $750K To Settle HIPAA Business Associate Rule Breach Charges; North Memorial Hit With $3.9M HIPAA Fine For HIPAA Violations; OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000; Lehey Pays $850K After Unencrypted Laptop Stolen.
These already substantial enforcement risks are likely to rise as OCR begins auditing the compliance of selected Covered Entities as part of its recently announced 2016 audit program. As a result of audit requirements enacted as part of the HITECH Act, Covered Entities now need to be prepared to demonstrate the adequacy of their HIPAA compliance in case their organization becomes targeted for audit under OCR’s 2016 audit program. Even if not selected for audit, however, Covered Entities and their business associates still face the risk that a complaint filed with OCR will trigger an OCR investigation of their practices for providing copies or other access or other compliance with the Privacy Rules. In light of the growing aggressiveness of OCR’s enforcement, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply. Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions. Consequently, Covered Entities and their business associates should move quickly to review and update their practices, communications and training to comply with this new Access Guidance as well as other guidance, enforcement and other developments that might impact the adequacy of their existing practices under the Privacy Rule generally. Because of the risk that any review or investigation of the adequacy of its practices or complaints under the Privacy Rule will involve sensitive information or analysis, Covered Entities and their business associates are cautioned to consider the advisability of arranging for this analysis and review to be conducted within the scope of attorney-client privilege under the guidance of legal counsel experienced with the Privacy Rules and other related legal concerns.
About The Author
Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.
As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.
Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients, on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see www.CynthiaStamer.com, email Ms. Stamer cstamer@solutionslawyer.net or telephone her at (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.SolutionsLawPress.com such as:
North Memorial Health Care of Minnesota has agreed to pay $1,550,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to implement a business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information. North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities. The settlement highlights the importance for healthcare providers, health plans, healthcare clearinghouses and their business associates to comply with HIPAA’s business associate agreement and other HIPAA organizational, risk assessment, privacy and security, and other requirements.
OCR’s announcement emphasizes the importance of meeting these requirements. “Two major cornerstones of the HIPAA Rules were overlooked by this entity,” said Jocelyn Samuels, Director of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). “Organizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure.”
The settlement comes from charges filed after OCR initiated its investigation of North Memorial following receipt of a breach report on September 27, 2011, which indicated that an unencrypted, password-protected laptop was stolen from a business associate’s workforce member’s locked vehicle, impacting the electronic protected health information (ePHI) of 9,497 individuals.
OCR’s investigation indicated that North Memorial failed to have in place a business associate agreement, as required under the HIPAA Privacy and Security Rules, so that its business associate could perform certain payment and health care operations activities on its behalf. North Memorial gave its business associate, Accretive, access to North Memorial’s hospital database, which stored the ePHI of 289,904 patients. Accretive also received access to non-electronic protected health information as it performed services on-site at North Memorial.
The investigation further determined that North Memorial failed to complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure — including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes.
In addition to the $1,550,000 payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan, as required under the Security Rule. North Memorial will also train appropriate workforce members on all policies and procedures newly developed or revised pursuant to this corrective action plan.
Following up on OCR’s imposition of its second-ever HIPAA Civil Monetary Penalty (CMP) and the latest in an ever-growing list of settlements by Covered Entities under HIPAA, the North Memorial settlement is another example of the substantial liability that Covered Entities face for violating HIPAA. To avoid these liabilities, Covered Entities must constantly be diligent to comply with the latest guidance of OCR concerning their obligations under HIPAA. As OCR continues to issue additional guidance as well as supplement this guidance through information shared in settlement agreements like the North Memorial settlement, even if Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever expanding list of enforcement actions by OCR.
Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities face growing responsibilities and liability for maintaining the security of ePHI. In response to HITECH, OCR continues to use a carrot and stick approach to encouraging and enforcing compliance. As demonstrated by OCR’s imposition of the second-ever HIPAA Civil Monetary Penalty (CMP) of $239,000 against Lincare and the ever-growing list of Resolution Agreements OCR announces with other Covered Entities, OCR continues to step up enforcement against Covered Entities that breach the Privacy and Security Rules. See OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000.
On the other hand, OCR also continues to encourage voluntary compliance by Covered Entities by sharing guidance and tools to aid Covered Entities to understand fulfill their HIPAA responsibilities such as the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016.The crosswalk that maps the HIPAA Security Rule to the standards of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) as well as mappings to certain other commonly used security frameworks.
While stating that the HIPAA Security Rule does not require use of the NIST Cybersecurity Framework, OCR says it hopes the Crosswalk will provide “a helpful roadmap” for HIPAA Covered Entities and their business associates to understand the overlap between the NIST Cybersecurity Framework, the HIPAA Security Rule, and other security frameworks that can help Covered Entities safeguard health data in a time of increasing risks and help them to identify potential gaps in their programs. At the same time, OCR’s announcement of its release of the Crosswalk also cautions users that “use of the Framework does not guarantee HIPAA compliance.” Rather, OCR says “the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.
With a USA Today report attributing more than 40 percent of data breaches to the healthcare industry over the last three years 91 percent of all health organizations having reporting breaches over the last two years, OCR has made clear that it intends to zealously investigate and enforce the Security Rules against Covered Entities that violate the Security Rules against Covered Entities that fail to take suitable steps to safeguard the security of PHI as required by the HIPAA Security Rule. To meet these requirements, the HIPAA Security Rule requires that Covered Entities conduct and be prepared to product documentation of their audit and other efforts to comply with the Security Rule Most Covered Entities will want to consider including an assessment of the adequacy of their existing practices under the Crosswalk and other requirements disclosed by OCR in these assessments to help position the Covered Entity to defend or mitigate HIPAA CMP and other liabilities in the event of a HIPAA breach or audit.
Latest Guidance Clarifies Patient Rights To Access PHI & Allowable Charges
In addition to maintaining adequate security, HIPAA also requires Covered Entities to provide individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans in accordance with the HIPAA Privacy Rule. In response to recurrent difficulties experienced by individuals in exercising these rights, OCR recently published supplemental guidance to clarify and promote better understanding and compliance with these rules by Covered Entities.
OCR started this process in January, 2015 by releasing a comprehensive fact sheet (Access fact sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient.
Earlier this month, OCR followed up by publishing on March 1, 2016 a second set of FAQs addresses additional issues, including the fees individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they so choose.
Covered entities and their business associates should move quickly to review and update their business associate agreements and other practices to comply with this new guidance as well as watch for further guidance and enforcement about these practices from OCR.
OCR’s new guidance on access to PHI follows a host of other regulatory and enforcement activities. While the particulars of each of these new actions and guidance vary, all send a very clear message: OCR expects Covered Entities and their business associates to comply with HIPAA and is offering tools and other guidance to aid them in that process.. In the event of a breach or audit, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply. Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.
Register For 3/30 Webex Briefing
Solutions Law Press, Inc.™ invites to catch up on the latest guidance on the Covered Entities’ responsibility under HIPAA to provide access to patients to PHI by registering here to participate in the “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” Webex briefing by attorney Cynthia Marcotte Stamer that Solutions Law Press, Inc.™ will host beginning at Noon Central Time on Wednesday, March 30, 2016. Get additional information or register here.
About The Author
Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.
As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.
Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at http://www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
Responding to growing concern about widespread over prescription opioids, the Centers for Disease Control (CDC) has just released a new guidance and other tools the help guide physicians and other prescribers to determine when and how to prescribe opioids to patients.
“Clinical Tools,” which essentially consist of digested summaries of the detailed guidance and a quick reference checklists; and
“Factsheets” for patients.
As irregularities and other improprieties in the prescription and management of painkillers and other controlled substances are a leading basis of serious discipline of physicians and other clinicians, physicians and other clinicians, clinics and hospitals, pharmacies in pharmacists and other healthcare providers involved in prescribing or supervising patients using or contemplating the use of opioids will want to review and incorporate these guidelines into their practices as soon as possible.
Health plan and other pay yours and the pharmacy benefit manager’s responsible for overseeing and evaluating prescriptions also likely will benefit from reviewing these materials and incorporating them into their practices as soon as possible. Beyond the clinical use of these materials both health plans and healthcare providers likely will want to incorporate or use the fact sheets as communication tools for patients and their families to help educate patients about the proper use, misuse, risks and other relevant information about opioid prescriptions.
About The Author
Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.
As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.
Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at http://www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
Health care providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) under the Health Insurance Portability & Accountability Act of 1996 (HIPAA) should review and update practices on protecting the security of and providing protected health information (PHI) and record access to patients, plan members and other subjects of that information in response to new guidance and enforcement actions of the Department of Health & Human Services Office of Civil Rights (OCR).
Even if Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever expanding list of enforcement actions by OCR.
To catch up on this latest guidance, Solutions Law Press, Inc. ™ invites you to register to participate in a special webex briefing on “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” on Wednesday, March 30, 2016 beginning at Noon Central Time on Wednesday, March 30, 2016.
New Guidance On PHI Records Access Rules & Security Standards
OCR continues to issue new guidance and tools on HIPAA compliance. Keeping on top of and ensuring privacy and security practices are update for this guidance is an important part of the responsibilities of health plans and other Covered Entities including:
New guidance on responsibilities of Covered Entities to provide patient access to protected health information under HIPAA;
Guidance contained in announcements and resolutions agreements published about OCR enforcement actions; and
Other recent regulatory and enforcement developments.
OCR Cybersecurity & Other Security Guidance & Enforcement
HIPAA’s Privacy, Security and Breach Notification rules require Covered Entities to implement strong data security safeguards to ensure the confidentiality, integrity, and availability of all of the electronic protected health information (ePHI) and other PHI tthey create, receive, maintain or transmit. To help minimize their potential exposure to Civil Monetary Penalties or other risks associated with breaches of these Rules, Covered Entities generally will want to review and update as necessary their current practices for safeguarding the security of PHI and ePHI in light of the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016 as well as guidance about OCR’s expectations concerning HIPAA Security compliance disclosed in the two HIPAA Civil Monetary Penalties and ever growing list of HIPAA Resolution Agreements published by OCR.
Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities face growing responsibilities and liability for maintaining the security of ePHI. In response to HITECH, OCR continues to use a carrot and stick approach to encouraging and enforcing compliance. As demonstrated by OCR’s imposition of the second-ever HIPAA Civil Monetary Penalty (CMP) of $239,000 against Lincare and the ever-growing list of Resolution Agreements OCR announces with other Covered Entities, OCR continues to step up enforcement against Covered Entities that breach the Privacy and Security Rules. See OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000.
On the other hand, OCR also continues to encourage voluntary compliance by Covered Entities by sharing guidance and tools to aid Covered Entities to understand fulfill their HIPAA responsibilities such as the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016.
released a crosswalk that maps the HIPAA Security Rule to the standards of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) as well as mappings to certain other commonly used security frameworks.
While stating that the HIPAA Security Rule does not require use of the NIST Cybersecurity Framework, OCR says it hopes the Crosswalk will provide “a helpful roadmap” for HIPAA Covered Entities and their business associates to understand the overlap between the NIST Cybersecurity Framework, the HIPAA Security Rule, and other security frameworks that can help Covered Entities safeguard health data in a time of increasing risks and help them to identify potential gaps in their programs. At the same time, OCR’s announcement of its release of the Crosswalk also cautions users that “use of the Framework does not guarantee HIPAA compliance.” Rather, OCR says “the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.”
With a USA Today report attributing more than 40 percent of data breaches to the healthcare industry over the last three years 91 percent of all health organizations having reporting breaches over the last two years, OCR has made clear that it intends to zealously investigate and enforce the Security Rules against Covered Entities that violate the Security Rules against Covered Entities that fail to take suitable steps to safeguard the security of PHI as required by the HIPAA Security Rule. To meet these requirements, the HIPAA Security Rule requires that Covered Entities conduct and be prepared to product documentation of their audit and other efforts to comply with the Security Rule Most Covered Entities will want to consider including an assessment of the adequacy of their existing practices under the Crosswalk and other requirements disclosed by OCR in these assessments to help position the Covered Entity to defend or mitigate HIPAA CMP and other liabilities in the event of a HIPAA breach or audit.
Latest Guidance Clarifies Patient Rights To Access PHI & Allowable Charges
In addition to maintaining adequate security, HIPAA also requires Covered Entities to provide individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans in accordance with the HIPAA Privacy Rule. In response to recurrent difficulties experienced by individuals in exercising these rights, OCR recently published supplemental guidance to clarify and promote better understanding and compliance with these rules by Covered Entities.
OCR started this process in January, 2015 by releasing a comprehensivefact sheet (Access fact sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient.
Earlier this week, OCR followed up by publishing on March 1, 2016 a second set of FAQs addresses additional issues, including the fees individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they so choose.
The complete set of materials – the Fact Sheet and both the first and second set of FAQs – published to date as part of this effort to improve access, may be found on OCR’s website here.
Covered entities and their business associates should move quickly to review and update their practices to comply with this new guidance as well as watch for further guidance and enforcement about these practices from OCR.
OCR’s new guidance on access to PHI follows a host of other regulatory and enforcement activities. While the particulars of each of these new actions and guidance vary, all send a very clear message: OCR expects Covered Entities and their business associates to comply with HIPAA and is offering tools and other guidance to aid them in that process.. In the event of a breach or audit, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply. Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.
Register For 3/30 Webex Briefing
Solutions Law Press, Inc.™ invites to catch up on the latest guidance on the Covered Entities’ responsibility under HIPAA to provide access to patients to PHI by registering here to participate in the “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” Webex briefing by attorney Cynthia Marcotte Stamer that Solutions Law Press, Inc.™ will host beginning at Noon Central Time on Wednesday, March 30, 2016. Get additional information or register here.
About The Author
Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.
As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.
Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at http://www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
Health care providers, health plans, health care clearinghouses and their business associates (Covered Entities) face new imperatives to review and tighten their practices to ensure their practices comply with recently released guidance from the U.S. Department of Health & Human Services Office of Civil Rights (OCR)) emphasizing and clarifying the responsibilities of health care providers, health plans and the healthcare clearinghouses under the Health Insurance Portability & Accountability Act of 1996 (HIPAA) to provide access to individuals that are the subject of protected health information or “PHI” to access or copies of their PHI in accordance with HIPAA’s rules and other recent HIPAA guidance and enforcement. With OCR’s recent release of added guidance and OCR enforcement statistics continuing to show HIPAA access rule violations among the most common HIPAA violations and OCR stepping up HIPAA enforcement, health care providers, health plans, healthcare clearinghouses can expect heightened scrutiny and enforcement of these requirements. Additionally, Covered Entities also should evaluate the adequacy of their other practices in light of other recent OCR guidance and enforcement actions.
Solutions Law Press, Inc.™ invites to catch up on the latest guidance on HIPAA’s requirements to provide access to patients to PHI by registering here to participate in the Solutions Law Press, Inc.™ “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” WebEx briefing from Cynthia Marcotte Stamer on Friday, March 18, 2016. During the Briefing, Ms. Stamer will provide participants with:
√ An update on OCR enforcement actiions and guidance over past 12 months
√ A detailed discussion of OCR’s new guidance about when Covered Entities must provide PHI access or copies to patients
√ Discuss rules and best practices for verifying the identity and credentials of an individual requesting PHI as a patient or personal representative of a patient
√ Share tips for contracting and dealing with business associates to facilitate administration of patient PHI access and security compliance activities
√ Share other practical considerations & best practices for compliance and risk management
√ Respond to participant questions on a time permitting basis
√ More
ABOUT THE SPEAKER
Recognized as “Legal Leader™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” and an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble, singled out as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine;, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her more than 28 years extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care, health plan and employee benefits, workforce and related regulatory and other compliance, performance management, risk management, product and process development, public policy and other key operational concerns.
As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance including extensive involvement with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others. Ms. Stamer also has worked extensively domestically and internationally on public policy and regulatory advocacy on HIPAA and other privacy and data security risks and requirements as well as a broad range of other health, employee benefits, human resources, insurance, tax, compliance and other matters and representing clients in dealings with the US Congress, Departments of Labor, Treasury, Health & Human Services, Federal Trade Commission, HUD and Justice, as well as a state legislatures attorneys general, insurance, labor, worker’s compensation, and other agencies and regulators as well supports clients in defending litigation as lead strategy counsel, special counsel and as an expert witness.
Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served as the scrivener for the ABA JCEB’s meeting with OCR on HIPAA for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients, serves on the faculty and planning committee of many workshops, seminars, and symposia, and on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.
REGISTRATION & PROGRAM DETAILS
Registration Fee per course is $75.00 per person. Registration Fee Discounts available for groups of three or more participants from the same organization. Limited opportunities for participation. Registration accommodated on a first come basis. Completed registration and payment required via website registration 48 hours in advance of the program. No checks or cash accepted. Persons not registered with completed payment at least 48 hours in advance will only participate subject to availability and completed registration and payment. Payment only accepted via website PayPal. Register Here!
The Webex will be conducted over the internet. Participants will receive access code and instructions for sign on to participate in the Webex and/or dial in to participate in the program via telephone after processing of completed registration. Participants must have access to a computer with internet access and to telephone access to dial in via telephone to participate in the program. Solutions Law Press, Inc. is not responsible for any interruption or interference in participation resulting from limitations in the internet connectivity, computer, telephone or other equipment used by the participant to access and participate in the program.
Solutions Law Press, Inc. is happy to share information about this upcoming free health industry study group meeting on 9/15/2015 in Irving, Texas.
NORTH TEXAS HEALTHCARE COMPLIANCE PROFESSIONALS ASSOCIATION
Invites Members and Guests to Our Next Group Luncheon
Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act
Featuring
Kristi Gotcher
U.S. Department of Labor Employee Benefit Security Administration Investigator
Space Limited! Register Early To Reserve Your Spot To Participate!
Please share this invitation with others who might be interested in this topic or other NTHCPA events!
The North Texas Healthcare Compliance Professionals Association (NTHCPA) invites members and other interested health care compliance professionals to join us on Tuesday, September 15, 2015 from 11:30 a.m. to 1:30 p.m. for our Study Group Luncheon featuring a program on “Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act” from U.S. Department of Labor Employee Benefit Security Administration (EBSA) Investigator Kristi Gotcher.
The health and other employee benefit plan rules of the Employee Retirement Income Security Act (ERISA) generally offer important protections and create significant compliance challenges for health care organizations and providers. On one hand, health care providers generally rely heavily on their or their patient’s ability to obtain health benefits promised under employer or union-sponsored health plans covering their patients to help reimbursement provider charges. Meanwhile, health care providers and their leaders also can incur significant liability for failing to comply with ERISA’s rules when establishing and maintaining health or other employee benefit programs for their own employees. Drawing on her involvement as investigator with the Department of Labor agency primarily responsible for both interpreting and enforcing ERISA’s rules, EBSA Ms. Gotcher will share key updates and insights on both how ERISA and the EBSA can help patients and providers enforce benefit rights under ERISA-covered health plans and key health and highlight employee benefit compliance responsibilities that health care organizations and their leaders need to ensure that their own health and other employee benefit programs meet to avoid violating ERISA.
About the Speaker
Kristi A. Gotcher is an Investigator with the United States Department of Labor, Employee Benefits Security Administration (EBSA) in the Dallas Regional Office. Kristi began working for EBSA in the Dallas Regional Office in November 2007 as a Benefits Advisor. She earned her Bachelor of Arts in Social Political Relations from St. Edwards University and a J.D. from Texas Wesleyan University School of Law (now Texas A&M University School of Law). Ms. Gotcher is licensed to practice law in the State of Texas.
Registration & Meeting Details
The meeting scheduled from 11:30 a.m. to 1:30 p.m. on Tuesday, September 15, 2015 at the DFW Hospital Council Offices located at 250 Decker Drive, Irving Texas. Participants who timely R.S.V.P. will enjoy a complimentary luncheon. Networking and lunch service will begin at 11:30. Our program will begin at Noon.
NTHCPA encourages members and other interested health care compliance professionals to register early to reserve their spot to participate and to share this invitation with others in the industry who might benefit from participation.
There is no charge to participate in the meeting. However space is limited and available only on a first come, first serve basis. To ensure your spot and help us to arrange for adequate space and refreshments for this meeting, R.S.V.P. here as soon as possible and no later than Noon on September 14, 2015. Walk in guests will be accommodated on a space-available basis only.
Thanks To Meeting Underwriter Stamer ׀Chadwick ׀ Soefje, PLLC
NTHCPA and its members extend our thanks to Cynthia Marcotte Stamer, P.C. and the other members of Stamer ׀ Chadwick ׀ Soefje PLLC for underwriting this month’s study group luncheon and other support of NTHCPA.
A boutique firm of exceptionally experienced and skilled “big-firm” lawyers committed to changing the way law firms serve their clients, Stamer │Chadwick │Soefje, PLLC delivers sophisticated legal advice and innovative solutions to the most challenging and complex problems. Simply put, Stamer │Chadwick │Soefje, PLLC attorneys are “Solutions Lawyers™.”
Stamer │Chadwick │Soefje, PLLC attorneys deliver sophisticated legal advice and innovative solutions to the most challenging and complex problems. Stamer │Chadwick │Soefje, PLLC attorneys possess the breadth of experience to respond to the unique legal and operational challenges health industry and other clients face and help guide them toward pragmatic resolutions that make sense for them. “Solutions Lawyers™ possess the breadth of experience to respond to the unique challenges our corporate and individual clients face and help guide them toward pragmatic resolutions that make sense for them.
Founded by nationally-known, healthcare and labor & employment attorney Cynthia Marcotte Stamer; labor & employment attorney Robert G. Chadwick; and professional liability and civil litigation attorney Timothy B. Soefje, Stamer │Chadwick │Soefje, PLLC focuses on advising and representing businesses and professionals nationally in the areas of healthcare, cyber liability, ERISA, employee benefits, labor & employment, corporate and commercial litigation, professional liability, construction litigation, and insurance defense. All three attorneys are rated AV® Preeminent™ by Martindale-Hubbell® Peer Review Ratings™ Ms. Stamer and Mr. Chadwick are both Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, are Fellows in the American Bar Foundation, and recognized as “Top Lawyers” in Labor and Employment Law. Ms. Stamer also has received recognition as a “Top” attorney in health care and employee benefits law and is a Fellow in the American College of Employee Benefit Council.
Ms. Stamer more than 28 years’ experience advising and representing health industry and employee benefit clients on a wide range of legal, public policy, management and operational concerns as well as extensive leadership and management experience serving in on the board of health industry nonprofit organizations. Nationally recognized for her legal work, advocacy, publications, writings and presentations on health industry concerns, Ms. Stamer provides legal and management advice, training and coaching, defense, public policy and regulatory advocacy to health industry and other clients on health and other regulatory and operational compliance, federal and state public policy and enforcement, managed care and other contracting, reimbursement, fraud, quality, employment, staffing and other workforce, benefits, licensing, credentialing and peer review, safety, disaster preparedness and response, HIPAA and other privacy and data security, corporate governance, investigations and internal controls, and a host of other health industry compliance and risk management and other legal and operational concerns. In addition to her legal experience, Ms. Stamer also contributes her experience and talents to serving in a number of health industry and other civil and professional groups. Among other things, Ms. Stamer serves as Vice President of the NTHCPA, the RPTE representative to the American Bar Association (ABA) Joint Committee on Employee Benefits Council and scrivener for its annual agency meeting with the Office of Civil Rights, the ABA International Section Life Sciences and Health Law Committee Vice President of Policy, RPTE Liaison to the ABA Health Care Coordinating Counsel, TIPS Employee Benefit Committee Vice Chair, Founder and Executive Director of the Project COPE: The Coalition on Patient Empowerment, and National Physicians Council for Healthcare Policy. She also previously served as President and Founding Board Member of the Alliance for Health Care Excellence and its Health Care Heroes and Patient Empowerment Programs, as RPTE Employee Benefits & Other Compensation Group Chair and Welfare Benefit Committee Vice Chair, Exempt Organizations Coordinator of the Gulf States Area TEGE Council, Board President and Audit Committee Chair of the Richardson Development Center for Children ECI Agency, National Kidney Foundation of North Texas Board Audit Committee Chair, the United Way of North Texas Long Range Planning Committee. She also has and continues to serve in the leadership of many other civic and professional boards, seminar faculties, editorial advisory boards and publishes and speaks extensively on health industry and employee benefit related concerns.
Mr. Chadwick has extensive experience advising and defending health industry and other clients on OSHA and other occupational health and safety, employee benefits, compensation and other labor and employment concerns as well as defending boards and other management leaders against management liability claims.
Mr. Soefje has extensive experience advising and representing health industry clients and professionals on medical malpractice, officers and directors liability and other professional liability, errors and omissions, construction defect and other litigation and disputes.
NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles. The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.
Other Helpful Resources & Other Information
We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication availablehere, or our HR & Benefits Update electronic publication available here. You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.
Examples of some of these recent health care related publications include:
November 6, 2015 is the deadline for health care providers, health insurance exchanges, Medicare Advantage plans, Medicaid Advantage plans, health insurers providing coverage in the health insurance marketplaces, their contractors and other concerned parties to comment on a proposed rule on Nondiscrimination in Health Programs and Activities published today by the Department of Health and Human Services (HHS) to implement the federal prohibition against sex discrimination in health programs and activities enacted under Section 1557 of the Patient Protection and Affordable Care Act (ACA) and tightening other nondiscrimination requirements that generally apply to Health Insurance Marketplaces, any health program that HHS itself administers, and any health program or activity, any part of which receives funding from HHS, such as hospitals that accept Medicare patients or doctors who treat Medicaid patients, and health insurance issurers participating in the Health Insurance Marketplaces, Medicare or Medicaid Advantage Plans and other entities covered by the HHS Office of Civil Rights (OCR) civil rights rules (covered entities) and various other programs and activities administered by HHS’ Office of Civil Rights (OCR).
Since OCR already aggressively investigates and enforces federal prohibitions against discrimination based on race, color, national origin, disability, age and sex against covered entities as part of the Obama Administration’s broader civil rights agenda, covered entities can look forward to OCR’s adoption of the proposed rules to add even more teeth and fire to the already aggressive enforcement by OCR of health care providers, insurers and other parties subject to the civil rights laws enforced by OCR. See. e.g., Health Care Employer’s Discrimination Triggers Medicare, EEOC Prosecutions; Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled; OCR Settlements Show Health Care & Disabled Housing Providers Face Growing Disability Discrimination Risks Given the often multimillion dollar penalties and other heavy sanctions that OCR already has imposed against a long and ever-growing list of state and other health care, child care, elder care, insurance and other entities for violating the discrimination or other civil rights rules administered by OCR, health care and other providers, Medicare and Medicaid Advantage and other insurers, and other covered entities generally will want both to carefully review and comment as appropriate on the proposed rules, as well as review and tighten as advisable their existing practices to reduce the risk of being sanctioned, excluded or both for violation of these nondiscrimination and other civil rights requirements by OCR. In this respect, covered entities will want both to evaluate their risks and responsibilities under the specific rules about Section 1557’s sex discrimination prohibits, as well as changes that more broadly affect the interpretation and enforcement of the nondiscrimination rules enforced by OCR generally.
Sex and Gender Identity Discrimination
Concerning the new prohibition against sex discrimination added by Section 1557 of the ACA, the proposed rule expressly provides that covered entities must treat woman equally with men in the health care they receive generally as well as specifically comments on the obligations of covered insurers with respect to sex discrimination including gender identity. While other provisions of the ACA bar certain types of sex discrimination in insurance, for example by prohibiting women from being charged more than men for coverage, the proposed regulation makes clear that the protections of Section 1557 reach even more broadly to prohibit sex discrimination both in the health coverage patients obtain as well as in the health services they seek from providers.
Not unexpectedly in light of the Supreme Court’s ruling in Obergefell and the Obama Administration’s proactive agenda on the advance of rights for lesbian, bisexual, gay and transsexual (LBGT) individuals, the proposed rule makes clear that OCR construes prohibited sex discrimination under Section 1557 to include discrimination based on gender identity as well as to address various coverage and care practices that OCR views as prohibited sex discrimination of LBGT individuals. In this respect, the proposed rule makes clear HHS’s commitment, as a matter of policy, to preventing discrimination based on sexual orientation by providing, among other things that Individuals may not be subject to discrimination based on gender identity by any covered entities including insurance policies and their issuers. OCR also highlights various policy provisions and other practices by insurers that it views as prohibited sex discrimination against transsexual individuals such as categorical exclusions on coverage of all care related to gender transition. Similarly, the proposed rule also states that health care providers, insurers and other covered person must treat all individuals consistent with their gender identity, including in access to facilities. Beyond the already proposed safeguards against sex discrimination based on gender identity, OCR also requests comment on how a final rule can incorporate the most robust set of protections against discrimination that are supported by the courts on an ongoing basis.
Other Nondiscrimination Rule Expansions
Beyond its requirements relating to sex discrimination, the proposed rule also addresses a host of other concerns relating to the civil rights rules more generally. As an initial matter, the proposed rule invites individuals in protected classes to file complaints and pursue other enforcement by confirming that OCR interprets Section 1557 as allowing individuals to seek legal remedies for discrimination under Section 1557. While OCR already has been allowing this in practice, this blessing of the right of individuals to seek legal remedies unquestionably will encourage the filing of more complaints and other private actions.
The proposed rule also would add more teeth to the already aggressive enforcement by OCR of its position that covered entities must accommodate community deficiencies of persons with cognitive, speech, hearing or other disabilities and English proficiency limitations on their ability to communicate on health care matters by establishing more detailed minimum standards for the provision of language services, such as oral interpreters and written translations to persons with limited English proficiency and to provide individuals with hearing or other disabilities affecting their ability to communicate to provide auxiliary aids and services, including alternative formats and sign language interpreters, and the accessibility of programs offered through electronic and information technology. These proposed requirements are designed to provide more teeth and compliance with OCR’s expectation that covered entities will affirmatively act to offer accommodations needed to ensure the ability of individuals to communicate when the individual’s ability to understand or respond is impaired by disabilities or limited English proficiency.
Also, the proposed regulations specifically addresses various practices by Medicare and Medicaid Advantage plans and other insurers offering coverage in the marketplace that OCR views as discriminatory. For instance, the proposed rule states that insurers participating or offering coverage through any Health Insurance Marketplace cannot engage in any marketing practices or benefit designs that discriminate on the basis of race, color, national origin, sex, age, or disability. This prohibition would extend to all the plans of insurers participating in the Marketplace are covered by the proposed rule.
Beyond the already proposed expansion in the current regulatory expectations, OCR also invites input about additional requirements to broaden the safeguards in the proposed regulations by requesting comment on whether Section 1557 should include an exemption for religious organizations and what the scope of any such exemption should be as well as comment on how a final rule can incorporate the most robust set of protections against discrimination that are supported by the courts on an ongoing basis.
Unquestionably these and other changes proposed in the proposed regulation likely will impact the practices and risks of virtually all covered entities. The proposed rule is open for public comment through November 6, 2015. Covered entities and other interested persons will want to promptly review the specifics of the proposed regulation in light of OCR’s already existing investigation and enforcement activities and their current or contemplated practices. To the extent appropriate, covered entities will want to ensure that they carefully prepare and submit all revelevant comment or other feedback promptly submitted on or before the November 6, 2015 comment deadline. Whether or not a covered entity elects to comment of the proposed regulations, however, all covered entities also should begin tightening and adapting their existing policies and practices to respond to the positions revealed by the proposed regulations, as OCR’s enforcement activities reflect that OCR will act to enforce many of these expectations even as it pursues adoption of the proposed regulations in final form.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Board Certified in Labor & Employment Law, and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 28 years experience advising health industry clients about these and other matters. Her experience includes more than 23 years experience advising and defending hospitals, nursing home, home health, rehabilitation and other health care, housing, insurance and other clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to discrimination and other charges from OCR, HUD, EEOC, DOJ, private claimants and others. She also advises and assists a broad range of health industry and other clients to respond to and defend Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR, CMS & other HHS agencies, Department of Labor, IRS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting for several years with OCR. Ms. Stamer also works extensively with health care providers, health plans and insurers, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance, investigations, defense, and other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on discrimination and other civil rights, pandemic and other contagious disease, HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance, quality, reimbursement, and a broad range of other industry internal controls, compliance, risk management, employment, patient safety, staffing, credentialing, board governance, antitrust, contracting and other legal and operational concerns for a multitude of clients and associations ranging from the Association of State & Territorial Health Plans, Los Angeles County Health Department, ISSA, HIMMS, the ABA, the American Health Lawyers Association, the Medical Group Management Association, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.
Other Helpful Resources & Other Information
We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication availablehere, or our HR & Benefits Update electronic publication available here. You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.
Examples of some of these recent health care related publications include:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Yesterday’s announcement of the exclusion of the operator and manager of the national dental chain, Small Smiles Dental Centers, from exclusion in Medicaid, Medicare and other federal health programs highlights the risks health care providers run by failing to comply with a Corporate Integrity Agreement.
Daniel R. Levinson, Inspector General of the U.S. Department of Health and Human Services, announced April 3, 2014 that the operator and manager of the Small Smiles Dental Centers, CSHM, LLC (formerly known as FORBA Holdings and Church Street Health Management (CSHM), has signed an Exclusion Agreement that bars CSHM from participating in Medicare, Medicaid, and all other Federal health care programs for 5 years. Small Smiles Dental Centers provides services primarily to children on Medicaid.
Mr. Levinson said that this exclusion “makes clear to the provider community that OIG closely monitors our CIAs, critically evaluates providers’ representations and certifications, and will pursue exclusion actions against providers that fail to abide by their integrity agreement obligations.”
According to the announcement, the exclusion is based on CSHM’s alleged material breaches of its Corporate Integrity Agreement (CIA) with the Office of Inspector General (OIG).
CSHM’s corporate predecessor entered into the CIA in 2010, as part of the resolution of a False Claims Act case involving allegations that the company had provided dental services to children on Medicaid that were medically unnecessary or failed to meet professionally recognized standards of care.
On March 7, 2014, OIG issued a Notice of Exclusion to CSHM based upon numerous material breaches of its obligations under the CIA. CSHM failed to report serious quality-of-care reportable events, take corrective action, or make appropriate notifications of those events to the State dental boards as required by the CIA, OIG found. CSHM also failed to implement and maintain key quality-related policies and procedures, comply with internal quality and compliance review requirements, properly maintain a log of compliance disclosures, and perform training as required by the CIA. Finally, CSHM submitted a false certification from its Compliance Officer regarding its compliance with CIA obligations.
This exclusion marks the culmination of a series of alleged failures by CSHM and its corporate predecessors to comply with its CIA. Under the CIA, an independent quality monitor conducted more than 90 site visits and reviews to monitor CSHM’s compliance. Since the 2010 settlement, OIG repeatedly cited CSHM and took actions to address those violations, promote improved compliance, and maintain access to care for an underserved population. These actions included imposing financial penalties and forcing the divestiture of one of the company’s clinics.
Despite these actions, CSHM remained in material breach of its CIA and OIG issued Notices of Intent to Exclude to the company in December 2013 and January 2014. In such cases, providers get the chance to show OIG that they have cured, or are in the process of curing, the material breaches. CSHM represented to OIG that it would cure the material breaches. However, through meetings with CSHM and its Board of Directors and review of its written submissions, OIG determined that CSHM had failed to cure the material breaches and proceeded with the exclusion.
CSHM disputed OIG’s determination that it was in material breach of the CIA. However, under the Exclusion Agreement, CSHM now has waived its objections to these findings.
To minimize immediate disruption of care to the hundreds of thousands of children treated at CSHM clinics and to enable an orderly, controlled shutdown of the company or divestiture of its assets, the exclusion takes effect September 30, 2014. CSHM waived its right to appeal this exclusion in any judicial forum.
Until the exclusion goes into effect on September 30, 2014, an independent monitor will continue to monitor the quality of care being provided to patients at CSHM clinics. CSHM is required to inform patients at least 30 days before closing a clinic. CSHM is also required to keep State Medicaid agencies abreast of developments and provide monthly status reports to OIG. Any divestiture of assets by CSHM must be through bona fide, arms-length transactions to an entity that is not related to or affiliated with CSHM.
Beyond the implications for Small Smiles Dental Centers, the announced exclusion carries important implications for other health care providers. First, of course, the exclusion means that Small Smiles Dental Centers and CSHM as excluded providers are ineligible for hiring by other providers participating in Medicare or other Federal Health Programs. Second, the exclusion also highlights the advisability for other providers covered by CIAs not only to see to comply with their CIA and in the event the OIG questions of the adequacy of that compliance to look for opportunities to work with OIG to rectify alleged concerns as cooperatively as possible unless a high degree of certainty that the provider can prove that OIG’s concerns are unfounded.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.
Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.
Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Hospitals, skilled nursing and other health care organizations need to be concerned about union organizing of their employees in light of the growing success of unions with the aid of the pro-union support and agenda of the National Labor Relations Board (NLRB) under the Obama Administration’s leadership. The Administration’s goal of telling health care providers what to do extends well beyond Medicare and Medicaid into their workforce and terms and conditions of employment.
On February 21, 2014, for instance, the Obama Administration helped the Service Employees International Union (the Union) force Holy Cross Youth and Family Services, Inc., d/b/a Kairos Healthcare (the Employer), a provider of drug and alcohol rehabilitation services, to recognize and bargain with the over terms and conditions of employees with the Union by securing a court order forcing the employer to recognize and bargain with the Union.
Ruling in a lawsuit filed by the NLRB against the Employer on February 21, a federal court judge for the Eastern District of Michigan ordered upheld the allegations made in August 23, 2013 by the National Labor Relations Board (NLRB) Detroit, Michigan Regional Office that the Employer violated the National Labor Relations Act when it withdrew recognition from Local 517M, made unilateral changes to employees’ terms and conditions of employment without affording the Union an opportunity to bargain over those changes, and failed to provide relevant information to the Union to help in its bargaining with the Employer on behalf of the employees.
The Regional Office sought, and the Board authorized, seeking interim injunctive relief to return the parties to the bargaining table pending final resolution of the matter, to require the Employer to provide the Union with the information it requested and, upon request, to rescind the unilateral changes made to employees’ terms and conditions of employment.
On February 21, 2014, the District upheld the Regional Office’s action. It ruled that an interim injunction was appropriate to prevent loss of Union support, to keep the employees’ right to bargain with their Employer through their chosen bargaining representative, and to provide the Union with the information it needs to evaluate and make bargaining proposals while the administrative case is pending before the Board.
The case is one of a growing number of actions where the NLRB has used is powers to help Unions force health care and other employers to yield to union demands. See e.g., Specialty Healthcare and Rehabilitation of Mobile, Board Case No. 15-CA-68248 (reported at 357 NLRB No. 174) (6th Cir. decided August 15, 2013 under the name Kindred Nursing Centers East, LLC f/k/a Specialty Healthcare and Rehabilitation of Mobile v. NLRB).
These decisions should remind health care and other employers of the highly union-friendly bent of the NLRB under the current administration, as well as the hazards of mishandling efforts to defend against union organizing and other protected activities under the NLRA. Beyond the obligation to recognize and bargain with properly certified collective bargaining unions, the NLRB and other federal labor laws also grant employees a host of other protections. Among these are recently affirmed rights-even for a worker not represented by a union – to insist another employee be present when participating in disciplinary and certain other meetings with management, rules limit the ability of employers to prohibit or restrict employees requiring employees to keep confidential and not discuss among each other salary, wages or other terms of compensation or employment terms and conditions, and others. The Obama Administration has made known its desire to expand these rights further and has carried out an aggressive legislative, regulatory and enforcement campaign in pursuit of this goal since taking office. For this reason, health care or other organizations should seek the advice and assistance of qualified legal counsel experienced with labor management relations matters to review policies for compliance, to prepare and administer anti-organizing activities, and to evaluate and respond to union organizing or bargaining activities.
For More Information Or Assistance
If you need assistance responding to health industry staffing and workforce, regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD, and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Board Certified in Labor and Employment Law, Ms. Stamer’s experience includes continuous involvement in advising and representing health care organizations about employment, labor-management, peer review and staffing and other workforce management and compensation concerns. Ms. Stamer also continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Osceola Community Hospital Refused To Hire Child Care Worker With Cerebral Palsy Who Had Worked As Volunteer
Osceola Community Hospital in Sibley, Iowa will pay $75,000 and furnish other relief to settle an Americans With Disabilities Act (ADA) disability discrimination lawsuit filed by the U.S. Equal Employment Opportunity Commission (EEOC) for its refusal to hire a child care worker with cerebral palsy. The case shows both the need for health care and other employers to have sufficient evidence to support decisions not to hire disabled workers for safety reasons as well as the potential risks that hospitals or other face when refusing to hire disabled individuals who have been allowed to work as volunteers in their organizations.
The EEOC charged a day care center operated by the hospital, Bright Beginnings of Osceola County, unlawfully failed to hire a volunteer employee into a paid position for which she was qualified because of her cerebral palsy. Although the woman who brought the charge of discrimination against the hospital already volunteered in the day care center and held a job driving a school bus, the EEOC’s investigation revealed the county refused to hire her into a paying job in the center out of an unfounded fear that her disability meant that she could not safely care for the children.
Judge Mark Bennett entered a consent decree on February, 28, 2014, resolving the brought by the EEOC in EEOC v. Osceola Community Hospital d/b/a Bright Beginnings of Osceola County, Civil Action No. 5:12-cv-4087 (N.D. Iowa, Sept. 26, 2012 that orders Osceola Community Hospital to pay $75,000 to the discrimination victim. The decree also requires the hospital to institute a policy prohibiting discrimination on the basis of disability and to distribute the policy to all of its employees. The hospital also must train its employees and report regularly to the EEOC on its compliance with the ADA.
The lawsuit provides another example to health care and other employers of their growing exposure to disability discrimination claims under the ADA. The EEOC action and lawsuit highlights the importance of employers ensuring that decisions to refuse to hire disabled workers for safety reasons are based upon appropriate evidence of actual safety concerns that prevent the worker from safely performing the assigned duties with or without reasonable accommodation.
The fact that the worker in this case had in fact worked as a volunteer likely created additional challenges in defending the decision. The use of volunteer workers in health industry businesses is a common practice that may justify special care before those organizations deny employment to a former volunteer on the basis of safety concerns associated with the disabilities of the applicant or worker both to document the reasonable basis of the safety concern and that the concern could not be adequately resolved through reasonable accommodation.
Health Care Providers Must Strengthen Disability Compliance & Risk Management
Employment discrimination isn’t the only disability discrimination risk that hospitals and other health industry organizations need to worry about in today’s liability charged environment. Enforcing federal discrimination laws is a high priority of the Obama Administration. The Departments of Labor, Health & Human Services, Education, Justice, Housing & Urban Development, and others all have both increased enforcement, audits and public outreach, as well as have sought or are proposing tighter regulations.
The expanding applicability of nondiscrimination rules coupled with the wave of new policies and regulatory and enforcement actions should alert private businesses and state and local government agencies of the need to exercise special care to prepare to defend their actions against potential disability or other Civil Rights discrimination challenges under employment, Medicare, housing and a broad range of other laws.
The Obama Administration is targeting disability discrimination by health care organizations in a broad range of areas as part of its Barrier Free Health Care Initiative (Initiative). Launched on the 22nd anniversary of the ADA in July 2012, the Initiative is a partnership of the Civil Rights Division and 40 U.S. Attorney’s offices across the nation, that targets ADA and other disability discrimination law enforcement efforts on a critical area for individuals with disabilities.
Part of a broader enforcement initiative of the Obama Administration to enforce and expand federal protections for individuals with disabilities, the Initiative seeks to protect patients with disabilities against illegal disability discrimination by prosecuting health care providers under the ADA and the Rehab Act.
Section 504 of the Rehab Act requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.
The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities.
In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. The public accommodation provisions of the ADA, for instance, generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities. The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.
The Justice Departments campaign against disability discrimination by health care providers is supported and enhanced by the concurrent efforts of OCR. Along side the Justice Department’s efforts, OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with the Rehab Act and the ADA well as various other federal nondiscrimination and civil rights laws. Through its own antidiscrimination campaign, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. See, e.g. Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled. Meanwhile, both the Justice Department and OCR also are encouraging victims of discrimination to enforce their rights through private action through educational outreach to disabled and other individuals protected by federal disabilities and other civil rights laws to make them aware of and to encourage them to act to enforce these rights.
Health Care Organizations & Providers Should Act To Manage Patient-Related Disability Discrimination Risks
Prosecutions and settlements by these and other federal agencies show the need for health care providers and other public and private organizations to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the Justice Department, OCR, the EEOC and other agencies as well as private law suits. Hospitals, health care clinics, physicians and other health care providers should take steps to guard against joining the growing list of health care providers caught in the enforcement sights of the Initiative by reviewing and updating practices, policies, training and oversight to ensure that their organizations can prevent and defend against charges of disability discrimination.
Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.
In light of the expanding readiness of the Justice Department, OCR, HUD, EEOC and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.
To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.
For More Information Or Assistance
If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.
Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.
The Centers for Medicare & Medicaid Services (CMS) is offering training resources to help providers learn about the electronic administrative simplification tools available through the CMS eHealth programs implemented as part of the Health Insurance Portability & Accountability Act (HIPAA) Administrative Simplification rules.
CMS recently launched eHealth University, a new education portal designed to give providers information vital for understanding, implementing, and successfully participating in a range of . The curriculum offers resources organized by level, from beginner to advanced, in a variety of formats, including fact sheets, guides, videos, checklists, webinar recordings, and more.
As part of eHealth University, CMS is offering tools and resources to help providers understand Administrative Simplification initiatives such as claims and eligibility operating rules, electronic funds transfer and remittance advice operating rules and standards, and the health plan identifier. These resources include:
Once providers or others have an understanding of the basics of Administrative Simplification through these beginner-level resources, the user can use the intermediate and advanced resources also available on the eHealth University website.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients on how to establish, administer and defend workforce, staffing, management, compliance and risk management policies and practices; prevent, conduct and investigate, and respond to employment, staffing, peer review and other quality, compliance and enforcement concerns; and to respond to OSHA and other Department of Labor, IRS, Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters, her experience includes extensive work with health industry clients on workforce and other performance management concerns including OSHA and other laws. In addition to her other extensive health industry experience, she has specific experience working with hospital and other health industry employers on the unique rules and challenges of managing risks and compliance under OSHA, FLSA, FCRA and other privacy, peer review and staffing, NLRA and other laws in the health care industry.
Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.
Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Health industry employers brace for heightened worker health and safety exposures. The U.S. Department of Labor’s Occupational Safety and Health Administration (OHSA) is getting serious about health care worker safety.
On January 15, 2014, OSHA launched a new educational Web-based OSHA Hospital Resource with extensive materials it intends to help hospitals prevent worker injuries, assess workplace safety needs, enhance safe patient handling programs, and implement safety and health management systems. The materials include fact books, self-assessments and best practice guides.
In announcing the new resource, OSHA noted that hospital workers face serious hazards, including: lifting and moving patients, workplace violence, slips and falls, exposure to chemicals and hazardous drugs, exposures to infectious diseases and needlesticks.
According to OSHA, U.S. hospitals recorded 250,000 work-related injuries and illnesses, almost 60,000 of which caused employees to miss work in 2012. Nationwide, workers’ compensation losses result in a total annual expense of $2 billion for hospitals.
According to OSHA, the website’s materials on safe patient handling are designed to address the most common type of injuries hospital workers face, and hospitals can use these resources to protect their workers, improve patient safety and reduce costs.
While presented as helpful tools for industry employers, health care employers should not overlook the potential legal exposures risked by failing to properly manage employee health and safety risks.
Under the Occupational Safety and Health Act of 1970, employers are responsible for providing safe and healthful workplaces for their employees. OSHA’s role is to ensure these conditions for America’s working men and women by setting and enforcing standards, and providing training, education and assistance. Viewed from this perspective, health industry employers generally will want to use the tool within the scope of attorney-client privilege to evaluate their potential risks and exposures in the event of a workplace injury or death, OSHA audit or both, and take appropriate steps to mitigate those risks promptly.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients on how to establish, administer and defend workforce, staffing, management, compliance and risk management policies and practices; prevent, conduct and investigate, and respond to employment, staffing, peer review and other quality, compliance and enforcement concerns; and to respond to OSHA and other Department of Labor, IRS, Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters, her experience includes extensive work with health industry clients on workforce and other performance management concerns including OSHA and other laws. In addition to her other extensive health industry experience, she has specific experience working with hospital and other health industry employers on the unique rules and challenges of managing risks and compliance under OSHA, FLSA, FCRA and other privacy, peer review and staffing, NLRA and other laws in the health care industry.
Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.
Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
A new settlement agreement announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows health plans, health care providers, health care clearinghouses and their business associates the perils of failing to properly implement the necessary policies and procedures to comply with the breach notification requirements added to the Health Insurance Portability & Accountability Act of 1996 (HIPAA) added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
APDerm Settlement Overview
Private dermatology practice, Adult & Pediatric Dermatology, P.C., (APDerm) has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. The APDerm Settlement marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.
According to its December 26, 2013 announcement of the settlement, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.
Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities
The APDerm also is notable both as it settles the first ever charges against a covered entity for failing to adopt required Breach Notification policies and procedures and the relatively most settlement payment required in comparison to other announced settlement. Other settlements have been significantly higher. For instance, OCR required that Blue Cross Blue Shield of Tennessee (BCBST) to pay $1.5 million to resolve HIPAA violations charges.
In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s audit, investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, evolving rules and technology, and other developments to determine if additional steps are necessary or advisable. For tips, see here.
For Representation, Training & Other Resources
If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.
Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.
Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
[1]WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register
Health care organizations should review the updated optional standard mileage rates and maximum standard automobile costs for purposes of claiming certain automobile allowances during 2014 recently released by the Internal Revenue Service (IRS) to determine and make the necessary arrangements to communicate and implement any changes in the rates that their business plans to use to reimburse employees and others for mileage. In addition, health care organizations also may want to consider sharing information about the updates to medical expense mileage reimbursement rates and other aspects of those rules in newsletters or other marketing communications to help empower those patients and their families to understand and use the new rates and rules to properly claim deductions that their families qualify for on their 2014 tax return for mileage incurred traveling for medical care.
Notice 2013-80, which is scheduled for official publication in Internal Revenue Bulletin 2013-52 on December 23, 2013, provides the optional 2014 standard mileage rates for taxpayers to use in computing the deductible costs of operating an automobile for business, charitable, medical or moving expense purposes. This notice also provides the amount taxpayers must use in calculating reductions to basis for depreciation taken under the business standard mileage rate, and the maximum standard automobile cost that may be used in computing the allowance under a fixed and variable rate (FAVR) plan. The IRS released an advanced copy of the Notice on December 6, 2013.
Many health care organizations reimburse doctors, management, home health, sales and marketing or other employees and other service providers for mileage and other automobile expenses under policies that use these IRS standard rates to calculate the reimbursement amounts. Reimbursement of employees based on these rate is not required. Because reimbursements in excess of the standard rates can create income tax recordkeeping and reporting challenges for the employer, the employee or both, however, most businesses use standard mileage reimbursement rates set at or below the IRS optional standard rates. Businesses facing financial or other challenges may want to reevaluate whether to continue to reimburse mileage and if so, the rate of reimbursement to use to do so.
When communicating with employees about the businesses’ policies for reimbursing business and moving expense mileage, businesses should take care to ensure that employees understand differences in the mileage reimbursement rates that apply to different categories of expenses. As an added service to employees, many human resources departments also may want to consider alerting employees to consult their tax advisor or take other steps to properly understand and retain documentation of mileage not only for business expense reimbursement, but also medical and moving purposes. The availability of this information can be helpful to empower workers and their families to understand and take proper advantage of rules for deducting these expenses even when the employer or its health plan does not reimburse the employee for the expenses.
In addition to reimbursements for workers, businesses also should consider the potential effects of the adjustments in the IRS optional standard mileage rates on the amounts they may bill their customers for mileage expenses as well as the amount that they should expect that their vendors and service providers may bill the business for mileage expenses under contracts that provide for reimbursement of those expenses. Businesses whose contracts with vendors or customers provide for reimbursement of mileage expenses using rates based on the IRS’ optional standard mileage rates should evaluate the effect of the announced adjustments on those mileage obligations to ensure that mileage expenses are properly anticipated, billed and paid.
Beyond dealing with their own policies for reimbursement and billing for mileage, many health care organizations may want to consider sharing information about the 2014 medical mileage reimbursement rates announced by the IRS with patients and their families. Many patients and their families may qualify to claim deductions for mileage for medical travel under IRS rules, but may not be aware of the adjusted rates or the proper procedures for identifying and documenting their medical mileage. While often negligible for families who are not suffering major illness requiring extensive commuting or travel, patients with chronic or serious medical conditions often can benefit from claiming these deductions properly. Communicating the new rates and other tips for keeping records and claiming the mileage deduction could be a significant and valued service to aid these families.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.
Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.
Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
[1]WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register
Dr. Anthony Stevens Chase faces a 15 month sentence and must pay $360,293 in restitution after pleading guilty to two health care fraud counts.
On October 21, 2011, Jase pled guilty to two counts of health care fraud before Judge James J. Brady, for involvement in two nearly identical schemes to defraud Medicare.
The first conviction arose from Jase’s association Baton Rouge-based company Lobdale Medical Services, which was owned by Beatrice and Young Anyanwu. As part of the scheme to defraud, Sandra Parkman Thompson and others procured the names and personal information of Medicare beneficiaries in and around the New Orleans area and delivered these names to Jase, who then signed false and fraudulent prescriptions for power wheelchairs and other durable medical equipment for which the Medicare beneficiaries had no medical need. Thompson later delivered the fraudulent prescriptions to the Anyanwus, who submitted claims to Medicare through Lobdale Medical Services for the medically unnecessary equipment. The total billings to Medicare by Lobdale Medicare Services exceeded $1,000,000.
The second conviction arose from JASE’s involvement with a New Orleans-based durable medical equipment company known as Psalms 23-DME, which also paid Thompson to deliver prescriptions for wheelchairs and other durable medical equipment. Jase wrote prescriptions for beneficiaries whom he had never seen and who had no need for the equipment prescribed them. As a result, Psalms 23-DME billed Medicare for claims totaling $230,963 using JASE’s provider number.
Beatrice and Young Anyanwu pled guilty to the health care fraud scheme to defraud Medicare as well as the illegal remuneration conspiracy on August 14, 2012. Theywere sentenced February 1, 2013. Sandra Parkman Thompson was convicted after a jury trial on August 20, 2012. She was sentenced on March 14, 2013.
The investigation of Jase was conducted by the Department of Health and Human Services, Office of Inspector General, the Federal Bureau of Investigation, and the Louisiana Department of Justice. Announcing the sentence, acting U.S. Attorney Walt Green stated, “This case is a great example of how federal and state law enforcement work together on a daily basis to stamp out health care fraud by doctors and others who abuse our health care system in our state.”
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.
Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.
Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
[1]WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register
Health care and other parties employing or otherwise engaging the services of home care workers should review and update their policies and practices for scheduling, tracking hours worked and paying these workers to ensure that they comply by January 1, 2015 with a new final rule announced by the U.S. Department of Labor’s Wage and Hour Division today (September 18, 2013). Today’s announcement of the regulatory changes means employers of home care workers can expect to see costs rise and also will join most other U.S. businesses that must worry about getting caught in minimum wage and overtime enforcement traps.
Under the new final rule, the Labor Department extends the Fair Labor Standards Act’s minimum wage and overtime protections to most of the nation’s direct care workers who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities beginning January 1, 2015.
The new final rule generally will require that the approximately two million home care workers such as home health aides, personal care aides, and certified nursing assistants will qualify for minimum wage and overtime. Employers engaging these services also generally will need to keep records and comply with other FLSA requirements with respect to these workers as well.
In anticipation of the rollout of these new protections, the Labor Department is kicking off a public outreach campaign to educate home care workers and their employers about the rule change. The Department will be hosting five public webinars during the month of October and has created a new, dedicated web portal here with fact sheets, FAQs, interactive web tools, and other materials.
The Labor Department’s focus on home workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks.
New Home Care Worker Rules Effective January 2015
Under the new final rule, the Labor Department extends the Fair Labor Standards Act’s minimum wage and overtime protections to most of the nation’s direct care workers who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities beginning January 1, 2015.
The new final rule generally will require that the approximately two million home care workers such as home health aides, personal care aides, and certified nursing assistants will qualify for minimum wage and overtime. Employers engaging these services also generally will need to keep records and comply with other FLSA requirements with respect to these workers as well.
In anticipation of the rollout of these new protections, the Labor Department is kicking off a public outreach campaign to educate home care workers and their employers about the rule change. The Department will be hosting five public webinars during the month of October and has created a new, dedicated web portal here with fact sheets, FAQs, interactive web tools, and other materials.
The Labor Department’s focus on home workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks.
The impending change in the treatment of home care workers is part of a larger commitment by the Obama Administration to both expansion and enforcement of the FLSA’s minimum wage and overtime provisions, and a specific program targeting employers in health care and related services industries.
Violation of wage and hour laws exposes health care and other employers to significant back pay awards, substantial civil penalties and, if the violation is found to be willful, even potential criminal liability. Because states all have their own wage and hour laws, employers may face liability under either or both laws. Coupled with these and other enforcement efforts against health and other caregiver businesses, today’s announcement reflects enforcement risks will continue to rise for employers of home care workers.
In light of the proposed regulatory changes and demonstrated willingness of the Labor Department and private plaintiffs to bring actions against employers violating these rules, health care and others employing home care workers should take well-documented steps to manage their risks. These employers should both confirm the adequacy of their practices under existing rules, as well as evaluate and begin preparing to respond to the proposed changes to these rules. In both cases, employers of home care or other health care workers are encouraged to critically evaluate their classification or workers, both with respect to their status as employees versus contractor or leased employees, as well as their characterization as exempt versus non-exempt for wage and hour law purposes. In addition, given the nature of the scheduled often worked by home care givers, their employers also generally should pay particular attention to the adequacy of practices for recordkeeping.
Enforcement Against Other Industries Shows Risks
Of course, the home care and health care industry are not the only industries that need to worry about FLSA enforcement. The Obama Administration is very aggressive in its enforcement of wage and hour and overtime laws generally. For instance, First Republic Bank recently paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions. The Labor Department announced the settlement resulting in the payment on November 27, 2012. The settlement resulted from an investigation by the Labor Department that found the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.
The FLSA requires that covered, nonexempt employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.
While the FLSA provides an exemption from both minimum wage and overtime pay requirements for individuals employed in bona fide executive, administrative, professional and outside sales positions, as well as certain computer employees, job titles do not determine the applicability of this or other FLSA exemptions. In order for an exemption to apply, an employee’s specific job duties and salary must meet all the requirements of the department’s regulations. To qualify for exemption, employees generally must meet certain tests regarding their job duties and be paid on a salary basis at not less than $455 per week.
Investigators found that First Republic Bank failed to consider the FLSA’s criteria that allow certain administrative and professional employees to be exempt from receiving overtime pay. In fact, the employees were entitled to overtime compensation at one and one-half times their regular rates for hours worked over 40 in a week. Additionally, the bank failed to include bonus payments in nonexempt employees’ regular rates of pay when computing overtime compensation, in violation of the act. Record-keeping violations resulted from the employer’s failure to record the number of hours worked by the misclassified employees.
“It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”
FLSA Violations Generally Costly; Enforcement Rising
Employers Should Strengthen Practices For Defensibility
To minimize exposure under the FLSA, employers should review and document the defensibility of their existing practices for classifying and compensating workers under existing Federal and state wage and hour laws and take other actions to minimize their potential liability under applicable wages and hour laws. Steps advisable as part of this process include, but are not necessarily limited to:
Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.
Because of the potentially significant liability exposure, employers generally will want to consult with qualified legal counsel before starting their risk assessment and assess risks and claims within the scope of attorney-client privilege to help protect the ability to claim attorney-client privilege or other evidentiary protections to help shelter conversations or certain other sensitive risk activities from discovery under the rules of evidence.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.
Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.
Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
[1]WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register
CMS just released An Eligible Professional’s Guide to Stage 2 of the EHR Incentive Programs, which provides a comprehensive overview of Stage 2 of the EHR Incentive Programs for eligible professionals. The guide outlines criteria for Stage 2 meaningful use, 2014 clinical quality measure reporting, and 2014 EHR certification including Chapters on;
What is Stage 2 of the EHR Incentive Programs?
What are the requirements under Stage 2 of Meaningful Use?
Health care providers and their vendors and advisors using these resources also are reminded to ensure that their business associate agreements, privacy practices notices and other privacy and data security processes, policies, and procedures are updated to comply with changes to the Privacy, Security, Breach Notification and other requirements he for the protection and handling of personal health information including electronic personal health information of the Health Insurance Portability & Accountability Act (HIPAA) as amended by the HITECH Act. The Final Omnibus Regulations published by the Office of Civil Rights (OCR) generally took effect earlier this year except that the regulations set next Monday, September 23, 2013 as the deadline for updating business associate agreements and the effective date for the extension of most HIPAA requirements to business associates. As demonstrated by recent enforcement actions by OCR, Health care providers and other covered entities, their business associates and advisors continuously reconfirm that their systems and arrangements continue to comply with these requirements as they make updates.
For More Information Or Assistance
If you need assistance responding to EHR, HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information on this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
A week before the September 23, 2013 deadline for all health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates to have updated their business associate agreements to comply with the Final Omnibus HIPAA Rule, the Department of Health & Human Services Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) today (September 16, 2013) released Model Notices of Privacy Practices (Notices) for health care providers and health plans to use to communicate with their patients and plan members. With penalties and enforcement continuing to rise, Covered Entities and their business associates should take appropriate steps to review and update their privacy and breach notification policies and procedures, privacy officer appointments, notices of privacy practices, business associate agreements and other HIPAA compliance and risk management documentation, practices, procedures and coverage, breach notification and other HIPAA compliance and risk management practice.
Model HIPAA Notices
Developed collaboratively by ONC and OCR the Notices available here designed in the following three different styles are designed for users to customize to fit their specific needs and practices:
A notice in the form of a booklet;
A layered notice with a summary of the information on the first page and full content on the following pages; and
A notice with the design elements of the booklet, but that is formatted for full-page presentation.
Use of these model Notices is optional. While the agencies designed the Notices to let Covered Entities to use these models by entering some of their own information into the model, such as contact information, and then printing for distribution and posting on their websites, Covered Entities should consult with legal counsel to determine the suitability of the Notices generally for their entity’s use and any customization, if any, that may be recommended or required to a Notice if the Covered Entity decides rely upon a model Notice to prepare its Notice of Privacy Practices. To facilitate any tailoring, the agencies provided a text-only version for Covered Entities wishing only wish to use the content with or without tailoring.
September 23 Business Associate Agreement Update Deadline
September 23, 2013 also is the final deadline established in the Final Omnibus HIPAA Rule for Covered Entities and their business associations to update the business associate agreements required by HIPAA to reflect application of the breach notification, business associate, and many of HIPAA’s requirements to directly cover business associates and other aspects of the Health Information Technology for Economic and Clinical Health (HITECH) Act enacted as part of the American Recovery and Reinvestment Act of 2009. While HHS published a Sample Business Associate Agreement last June to aid Covered Entities and their business associates with understanding the business associate agreement requirements as impacted by the Omnibus Final HIPAA Rule, it also made clear that Covered Entities and their business associates should tailor their business associate agreements to fit their specific circumstances and relationships. OCR National Office and regional officials speaking about their findings about past business associate agreement compliance have indicated that their audit and enforcement activities show widespread compliance issues among Covered Entities and business associates with the original business associate agreements. OCR clearly expects Covered Entities and their business associates to address and resolve these compliance issues going forward.
In response to the updated Final Regulations and these expanding HIPAA enforcement and exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.
For More Information Or Assistance
If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information on this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
In celebration of the third annual National Health IT Week is September 16-20, the Centers for Medicare & Medicaid Services (CMS) will host several webinars and launching new eHealth tools and resources that it intends to help providers participate in eHealth programs. These programs may be of interest to providers as well as payers who are interested in what providers are doing to use eHealth tools.
Details of Webinar
The eHealth Provider Webinar will be held on Thursday, September 19th from 12:00 p.m. to 1:30 p.m. ET. CMS plans to present an overview of the eHealth programs and its eHealth initiative—an initiative that aligns health IT and electronic standards programs on:
Administrative Simplification
eRx Incentive Program
ICD-10
Quality Measurement
A portion of the webinar will also be dedicated to Q&A.
Registration Information
Space is limited. Register now to secure your spot for the eHealth Provider Webinar. Once registration is complete, you will receive a follow-up email with step-by-step instructions on how to log-in to the webinar. Listserv messages are sent prior to each webinar session with registration information.
If you’d like to view past webinars, the PowerPoint presentations and recordings can now be accessed on the Resources page of the eHealth website. For more information about CMS’ eHealth Initiatives, visit the CMS eHealth website for the latest news and updates on CMS’ eHealth initiatives.
For More Information Or Assistance
If you need assistance responding to this invitation or with other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Health care providers, health plans, employers and others concerned about the regulatory and enforcement activities of the Department of Health & Human Services (HHS) can make their concerns known by speaking up now. Share your input on the draft HHS strategic plan that will guide HHS’ regulatory and enforcement agenda for the next 4 years.
Every 4 years, HHS updates its strategic plan, which describes its work to address complex, multifaceted, and ever-evolving health and human service issues, including:
Health Care
Research and Innovation
Prevention and Wellness
HHS is inviting public input on the draft HHS Strategic Plan for FY 2014-2018. The comment period is open until October 15, 2013. Individuals or organizations wishing to respond to this invitation can read the HHS Strategic Plan FY 2014-2018 (Draft) and submit your comments several ways including:
U.S. Mail (not recommended as security screening results in significant delay.
For More Information Or Assistance
If you need assistance responding to this invitation for comment or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
The North Texas Healthcare Compliance Professionals Association (NTHCPA) invites members and other interested health care compliance professionals faced with these and other challenges to join us on Tuesday, September 17, 2013 from 11:30 a.m. to 1:30 p.m. for our Study Group Luncheon featuring attorney Cynthia Marcotte Stamer speaking on “Sex Drugs & Rock ‘N Role: Managing Physician Conduct in Health Care.”Interested persons canRSVP hereby Noon on September 16, 2013 to attend this meeting free of charge.
About the Program
Whether false claims and other aggressive billing, referral or treatment practices, chemical dependency or other impairment, medical staff or other rule breaking, harassing or other disruptive conduct or a host of other personal behavioral or performance concerns, preventing and addressing personal misconduct and other risky behaviors by physicians on the staff or team of a hospital, medical practice personal misconduct often present major legal, quality, financial, political and operational challenges and risks for health care compliance, medical staff, risk management and other leaders. Alternatively, properly directed physicians can significantly help the operation and performance of health care organizations in many critical ways.
While physician involvement remains an operational necessity for most hospitals, group practices and other health care organizations, these and other health care organizations and other members of their team often face significant legal, financial, reputational and operational risks when a physician becomes impaired by chemical dependency, mental illness, stress, personal tragedy or other personal impairment; is disruptive; or engages in sexual or other harassment of staff or patients, billing, treatment, referral, anticompetitive or other illegal conduct, medical board or facility rule violations, or other acts of personal or professional misconduct. While these behaviors often create major risks for health care organizations and others, successful redress of these or other physician performance or misconduct concerns often depends upon the ability to successfully negotiate a complex minefield of due process and other procedural, legal, political, operational and other challenges.
Ms. Stamer will use lead participants in a workshop examining these challenges and discussion of strategies to help health care organizations and their compliance officers can use to help their organization prevent, investigate and redress these and other physician performance and misconduct concerns while managing HCQIA and other peer review, licensing board, contractual, defamation and other legal, professional and operational traps that often arise out of physician discipline or other corrective actions. On the other hand, well-motivated and properly focused physicians play a key role in leading quality, financial, compliance and other improvements in health care organizations and practices.
Registration & Meeting Details
The meeting scheduled from 11:30 a.m. to 1:30 p.m. on September 17, 2013 at the offices of the Dallas Ft Worth Hospital Council, 250 Decker Drive, Irving, TX 75062-2706 will feature a complimentary luncheon for those who timely R.S.V.P. Networking and lunch service will begin at 11:30 a.m.. Our program will begin at Noon. There is no charge to participate in the meeting. However space is limited and available only on a first come, first serve basis. To ensure your spot and help us to arrange for adequate space and refreshments for this meeting, R.S.V.P. here as soon as possible and no later than Noon on September 16, 2013. Walk in guests will be accommodated on a space-available basis only.
About The Speaker, Cynthia Marcotte Stamer, J.D.
Attorney, author and health care change leader Cynthia Marcotte Stamer, J.D. is nationally and internationally recognized for her more than 25 years of health policy and legal work, process improvement and reengineering, publications and programs, and advocacy. Ms. Stamer works extensively with public and private health care organizations, managed care and health insurance organizations, governments and community leaders and others health industry compliance, risk management, quality, staffing, workforce, patient, quality and performance management, operations, governance, compensation, reimbursement and financing, regulatory and public policy, process improvement and reengineering and other health industry legal and operational concerns.
Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Vice-President of the North Texas Health Care Compliance Professionals Association, past Board Compliance Chair of the National Kidney Foundation of North Texas, Past President of Former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, combines her health industry operations compliance, and risk management experience with an in-depth knowledge of federal and state healthcare, workforce, governance, internal controls, enforcement and other operational issues to help health industry clients to support legal and operational risk and performance management. Her experience includes advising public and private health care systems, hospitals, managed care organizations and physician management organizations, physicians and physician practice groups, skilled nursing, home health, rehabilitation, pharmacy, and other health industry clients domestically and internationally on a wide range of matters including physician and other staffing, credentialing and peer review, gainsharing and other performance management, compliance, enforcement, and a wide range of other matters. Her experience includes extensive work with health care systems, hospitals, physicians and physician organizations, medical staffs, peer review, credentialing and quality committees, ACOs, managed care organizations, and others on physician credentialing, peer review and discipline, quality improvement, performance management, compensation, leadership development, and other matters.
A widely recognized health industry thought leader, advocate, author and speaker, Ms. Stamer’s insights are sought out by health care and other business, government and community leaders, and quoted in HealthLeaders, Managed Care Executive, the Wall Street Journal and many other national popular, business and industry publications. She also conducts continuing board, medical education, workforce and other health industry compliance and risk management training for many organizations on a wide range of topics. She also regularly represents health care organizations and other health industry clients before peer review and other disciplinary bodies, federal and state regulators, investigators, Congress and state legislatures, licensing and credentialing and other governmental and regulatory authorities. To learn more or contact Ms. Stamer, see www.CynthiaStamer.com.
About the NTHCPA
NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles. The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.
Would you or someone you know like to join the NTHCPA, get notice of upcoming meetings or events and network on relevant professional developments with other health care professionals? Stay on top of information about upcoming meetings and share and dialogue with other NTHCPA members about health care compliance challenges and developments by participating in our meetings and events, joining our North Texas Health Care Compliance Professionals Association LinkedIn Group and checking out the NTHCPA Newshere. To be added to our invitation list, we also encourage interested persons to make sure we have your current contact information by registering to receive health care updates here or sending your current contact information including name, title, company, preferred mailing address, e-mail, and telephone number to Vice-President Cynthia Marcotte Stamer here.
Thanks To Solutions Law Press, Inc. ™
The NTHCPA thanks Solutions Law Press, Inc.™ and its Coalition for Responsible Health Policy and Project COPE: the Coalition on Patient Empowerment, for its generous underwriting support of the September 17, 2013 luncheon. Solutions Law Press, Inc.™ publishes the Solutions Law Press Health Care Update and other resources, as well as provides health care risk management, compliance and risk management and other operational consulting, briefings, training, policy, event management, recruiting and other resources and services on health care, human resources, employee benefits, compensation, data security and privacy, insurance, and other key compliance, risk management, internal controls and other key operational concerns.
About Project COPE: The Coalition On Patient Empowerment & Its Coalition on Responsible Health Policy
Sharing and promoting the use of practical practices, tools, information and ideas that patients and their families, health care providers, employers, health plans, communities and policymakers can share and offer to help patients, their families and others in their care communities to understand and work together to better help the patients, their family and their professional and private care community plan for and manage these needs is the purpose of Project COPE, The Coalition on Patient Empowerment & It’s Affiliate, the Coalition on Responsible Health Policy.
The best opportunity to improve access to quality, affordable health care for all Americans is for every American, and every employer, insurer, and community organization to seize the opportunity to be good Samaritans. The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch. Americans can best improve health care by not waiting for someone else to step up: Step up and help bridge the gap when you or your organization can. Speak up to help communicate and facilitate when you can. Building health care neighborhoods filled with good neighbors throughout the community is the key.Project COPE: The Coalition On Patient Empowermentbrings together people, organizations, and resources to promote awareness and collaboration, share ideas, tools and other solutions and other resources to help promote patient empowerment, heath care access, health care quality and health and health coverage operations in meaningful, tangible ways. Its focus is little and big actions that help patients, providers, communities and others deal with or work within the health care system in the real world. TheCoalition For Responsible Health Care Policyprovides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.
To review or receive the Health Care Update, learn or get involved with the Coalition on Responsible Health Policy or its PROJECT COPE: The Coalition on Patient Empowerment, or participate in discussions in a Solutions Law Press, Inc.™ LinkedIn Group or for other information about Solutions Law Press, Inc™ resources and services, see www.SolutionsLawPress.com.
Hospitals, skilled nursing and other health care organizations facing or concerned about union organizing or their nursing or other staffs employees should consider an apparent change in National Labor Relations Board (NLRB) certification policy upheld when the Sixth Circuit ruling upheld the NLRB’s certification of a bargaining unit consisting exclusively of certified nursing assistants (CNAs) at Specialty Healthcare and Rehabilitation of Mobile (Specialty) nursing home and enforced the Board’s order finding that Specialty’s refusal to bargain with the certified unit violated Section 8(a)(5) and (1) of the National Labor Relations Act (NLRA).
Specialty Healthcare and Rehabilitation of Mobile, Board Case No. 15-CA-68248 (reported at 357 NLRB No. 174) (6th Cir. decided August 15, 2013 under the name Kindred Nursing Centers East, LLC f/k/a Specialty Healthcare and Rehabilitation of Mobile v. NLRB), arose after the union had petitioned to represent a unit of 53 full-time and part-time CNAs, Specialty claimed that the smallest appropriate unit must include 86 other service and maintenance employees. The NLRB Regional Director found the unit appropriate and conducted the election, which the union won. The NLRB granted review, asked the parties and public for their views on eight questions on community of interest unit determinations in the non-acute care healthcare industry, and ultimately issued a decision upholding the unit determination and the union’s election victory.
In its decision, the Board overruled Park Manor Care Center, 305 NLRB 872 (1991), which applied a “pragmatic or empirical community of interests approach” to determining unit appropriateness in nursing homes. Instead, the Board ruled that it would apply the traditional test to evaluate appropriateness, which examines whether a proposed unit is readily identifiable and shares a community of interest distinct from other employees. Then, the Board explained, if “a party contends that a petitioned-for unit containing employees readily identifiable as a group who share a community of interest is nevertheless inappropriate because it does not contain additional employees, the burden is on the party so contending to show that the excluded employees share an overwhelming community of interest with the included employees.” Because the CNA-only unit was readily identifiable and shared a distinct community of interest, and because Specialty failed to show that the excluded service and maintenance employees shared an overwhelming community of interest with the CNAs, the Board certified the unit and the union’s victory. Specialty refused to bargain, and this technical NLRA Section 8(a)(5) proceeding followed.
The Sixth Circuit affirmed the Board’s order and its clarification of the community-of-interest test. First, rejecting Specialty’s argument that the Board did not merely embrace the traditional community-of-interest test but instead improperly created an entirely new framework, the court held that the Board permissibly “adopted a community-of-interest test based on some of the Board’s prior precedents, and . . . did explain its reasons for doing so.” In so holding, the court explicitly recognized the ambiguity in the Act’s command that bargaining units must be “appropriate,” and observed that the Board merely granted Judge Posner’s “wish that the Board would give [the traditional community-of-interest test] ‘a precise meaning.’” Slip op. at 13 (quoting Cont’l Web Press v. NLRB, 742 F.2d 1087, 1090 (7th Cir. 1984)).
Next, the court concluded that the Board acted within its discretion in requiring a party claiming that the smallest appropriate unit must include additional employees to show that the excluded employees share an “overwhelming community of interest” with the proposed unit. Indeed, the court explained that “[t]he Board has used the overwhelming-community-of-interest standard before, so its adoption [here] is not new.” After citing numerous cases, including the D.C. Circuit’s Blue Man Vegas LLC v. NLRB, 529 F.3d 417 (D.C. Cir. 2008), the court agreed that the Board merely clarified existing law, overruled any inconsistent precedent, appropriately placed the burden of proving overwhelming community of interest on the employer (who typically possesses the information to make that case), and explained its reasons for doing all of the above.
Turning to Specialty’s third defense, the court concluded that the Board’s test did not run afoul of Section 9(c)(5), which prohibits the Board from finding “the extent to which the employees have organized . . . controlling” in making unit determinations. To the contrary, the court noted that the Board first engaged in an independent community of interest determination to find out whether the proposed CNA-only unit was appropriate “aside from the fact that the union had organized it.” Further, “[a]s long as the Board applies the overwhelming community of interest standard only after the proposed unit has been shown to be prima facie appropriate, the Board does not run afoul of the statutory injunction that the extent of the union’s organization not be given controlling weight.” Slip op. at 19 (internal quotations omitted and emphasis in original).
Finally, the court held that “the Board did not abuse its discretion in adopting a generally applicable rule through adjudication instead of rule making because NLRB v. Bell Aerospace Co. Div. of Textron, Inc., 416 U.S. 267, 294 (1974), holds both that ‘the Board is not precluded from announcing new principles in an adjudicative proceeding and that the choice between rule making and adjudication lies in the first instance within the Board’s discretion.’”
The Speciality ruling reminds health care and other employers of the highly union-friendly bent of the NLRB under the current administration, as well as the hazards of mishandling efforts to defend against union organizing and other protected activities under the NLRA. Beyond the obligation to recognize and bargain with properly certified collective bargaining unions, the NLRB and other federal labor laws also grant employees a host of other protections. Among these are recently affirmed rights-even for a worker not represented by a union – to insist another employee be present when participating in disciplinary and certain other meetings with management, rules limit the ability of employers to prohibit or restrict employees requiring employees to keep confidential and not discuss among each other salary, wages or other terms of compensation or employment terms and conditions, and others. For this reason, health care or other organizations should seek the advice and assistance of qualified legal counsel experienced with labor management relations matters to review policies for compliance, to prepare and administer anti-organizing activities, and to evaluate and respond to union organizing or bargaining activities.
For More Information Or Assistance
If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD, and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Board Certified in Labor and Employment Law, Ms. Stamer’s experience includes continuous involvement in advising and representing health care organizations about employment, labor-management, peer review and staffing and other workforce management and compensation concerns. Ms. Stamer also continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Be careful when repurposing or disposing of copiers and other equipment and media that may contain protected health information. That’s the message the Office of Civil Rights is sending health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates in its August 14, 2013 announcement of a $1.2 million plus settlement agreement with Affinity Health Plan, Inc. (Affinity) under the Health Insurance Portability & Accountability Act Privacy and Security Rules.
According to OCR, the non-profit New York area managed care plan Affinity will pay $1,215,780 and take other corrective actions to settle alleged HIPAA violations under the Affinity Resolution Agreement and CAP(Affinity Settlement). The settlement comes as the September 24, 2013 deadline for health plans, health care providers, health care clearinghouses (Covered Entities) and their business associates to update the written business associate agreements that HIPAA requires exist before business associates can be allowed to create, use, access or disclose personally identifiable health care information protected by HIPAA (PHI) to carry out HIPAA-covered functions on behalf of a Covered Entity to comply with changes to HIPAA’s implementing regulations adopted by OCR earlier this year. Health plans and other Covered Entities should take timely action to confirm that their existing procedures appropriate safeguards to protect PHI when using or disposing of copiers or other equipment or media as well as to implement business associate or other policy, procedures or training updates required to comply with the updated HIPAA rules.
HIPAA Updates Require Breach Notification, Tightened Other HIPAA Requirements
HIPAA generally requires that Covered Entities (and after September 24, 2013, their business associates) safeguard and restrict the use, access or disclosure of PHI as required by HIPAA. The HITECH Act amended these requirements to tighten certain of these requirements and restrictions, to expand the sanctions for violation of these requirements, to require Covered Entities and their business associates to provide notification of breaches of unsecured PHI to individuals whose information was breached, OCR and in some cases, the media, and made certain other changes to the original requirements of HIPAA. Earlier this year, OCR amended and restated its original Privacy and Security Rules here (2013 Final Rule) to comply with changes in the regulations resulting from these HITECH Act amendments beginning last March, but set the deadline for updating business associate agreements to meet these updated requirements at September 23, 2013.
The 2013 Final Rule and other OCR guidance makes clear that OCR expects Covered Entities and their business associates appropriately to safeguard PHI stored in computers, hard drives, and other digital media until it is properly disposed in accordance with the updated standards required by HIPAA as implemented under the 2013 Final Rule. HITECH Breach Notification Rule requires HIPAA-covered entities to notify HHS of a breach of unsecured protected health information, including breaches resulting from failure to properly secure PHI stored in digital format until it has been destroyed in accordance with the standards established by the 2013 Final Rule. OCR previously has sanctioned other Covered Entities for failed to properly destroy or safeguard PHI stored in digital format on computer or other equipment before abandoning or disposing of that equipment. The Affinity Settlement reaffirms OCR’s concern that Covered Entities meet these disposal requirements when replacing or abandoning equipment containing electronic PHI.
Affinity Settlement Highlights
According to the August 14, 2013 OCR announcement of the settlement, the settlement resulted from an investigation initiated after Affinity filed a breach report with OCR on April 15, 2010, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH Act.)
In its breach report, Affinity indicated that it was informed by a representative of CBS Evening News that, as part of an investigatory report, CBS had purchased a photocopier previously leased by Affinity. CBS informed Affinity that the copier that Affinity had used contained confidential medical information on the hard drive.
Affinity estimated in its breach report that up to 344,579 individuals may have been affected by this breach. OCR’s investigation indicated that Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives. In addition, OCR reports its investigation revealed that Affinity failed to incorporate the electronic protected health information (ePHI) stored on photocopier hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the photocopiers to its leasing agents.
In addition to the $1,215,780 payment, the Affinity Settlement includes a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and to take certain measures to safeguard all ePHI.
Learn From Affinity Lesson On Proper Disposal Procedures
Like prior OCR settlements stemming from inadequate security for PHI when transitioning equipment, media or facilities, the Affinity Settlement sends another reminder to Covered Entities and their business associates again of the importance of using appropriate procedures to protect or dispose of PHI when replacing or redeploying equipment or media that may contain PHI.
“This settlement illustrates an important reminder about equipment designed to retain electronic information: Make sure that all personal information is wiped from hardware before it’s recycled, thrown away or sent back to a leasing agent,” said OCR Director Leon Rodriguez. “HIPAA covered entities are required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have appropriate safeguards in place to protect this information.”
OCR has published guidance concerning HIPAA’s requirements for the proper safeguarding and disposal of media and equipment in the 2013 Final Rule and other guidance. Concerning the proper disposition of copiers that may have PHI stored on their hard drives or in other digital formal, OCR in the Affinity Settlement recommended that Covered Entities and their associates also review the Federal Trade Commission’s Guidance On Safeguarding Sensitive Data Stored In The Hard Drives Of Digital Copiers and the National Institute of Standards and Technology has issued Guidance On Assessing The Security Of Multipurpose Office Machines. Covered Entities and their business associates should use this and other guidance to ensure that they can demonstrate that appropriate practices and procedures have been used to when disposing of or repurposing copies or other equipment that may contain electronic PHI.
HIPAA Regulation Updates Require Other Updates Beyond Disposal Procedures
In addition to addressing the concerns that lead to the Affinity Settlement, Covered Entities and their business associates also should verify that their practices, policies, privacy notices, business associate agreements, and training also are updated to comply with updates to the updated 2013 Final Rule adopted by OCR earlier this year here.
Since passage of the HITECH Act, OCR officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While OCR had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating OCR’s HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR’s interpretation and enforcement of HIPAA.
In response to the updated Final Regulations and these expanding HIPAA enforcement and exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.
For More Information Or Assistance
If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters. She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Citing “industry concerns,” the Centers for Medicare & Medicaid Services (CMS) has abandoned at least temporarily its May 31 request to change Section 15.13 of its Program Integrity Manual chapter to require the denial of enrollment applications when the requesting provider or its owner had an overpayment of $1500 or more which was not repaid at the time it submitted its application.
In Change Request 8304, CMS on May 31, 2013 sought to revise its Provider Integrity Manual to instruct a Medicare administrative contractor (MAC) to deny a Form CMS-855 enrollment application if the current owner of an enrolling provider or supplier, an enrolling physician or a non-physician practitioner had an existing of $1500 or more that had not been repaid in full when the provided filed its application. The instruction would have required the MAC to deny the enrollment application regardless of the reason for the overpayment.
If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
The Internal Revenue Service (IRS) today released Notice 2013-51. “Branded Prescription Drug Fee; Guidance for the 2014 Fee Year,” which contains guidance on the branded prescription drug fee imposed under section 9008 of the Patient Protection and Affordable Care Act (ACA) for the 2014 fee year.
Branded Prescription Drug Fee Background
ACA requires that covered entities that engage in the business of manufacturing or importing branded prescription drugs pay the branded prescription drug fee. The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51, published on August 18, 2011 (76 FR 51245), provide the method by which each covered entity’s annual fee is calculated. These regulations also define terms for the administration of the fee.
Regulation section 51.2T(g) defines fee year as the calendar year in which the fee for a particular sales year must be paid and section 51.2T(m) defines sales year as the second calendar year preceding the fee year.
Section 51.3T of the Regulation requires that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.
Section 51.6T provides that for each sales year the Internal Revenue Service (IRS) will make a preliminary fee calculation for each covered entity and will tell each covered entity of this calculation by the date prescribed in guidance published in the Internal Revenue Bulletin. This notification will also include additional prescribed information. As used in this notice, “notice of preliminary fee calculation” includes the additional prescribed information.
Section 51.7T provides that upon receipt of its preliminary fee calculation, each covered entity will have an opportunity to dispute this calculation by submitting to the IRS an error report with prescribed information. Sections 51.7T(b) and (c) set out the information that a covered entity must submit to support each asserted error. Section 51.7T(d) provides that each covered entity must submit reports and error reports, if anyin the form and way required by the IRS.
Section 51.8T provides that the IRS will send each covered entity its final fee calculation no later than August 31st of each fee year and also provides that covered entities must pay their fee by September 30th of the fee year.
2014 Deadlines & Procedures
Notice 2013-51 provides guidance for covered entities for 2014 on:
Submission of Form 8947, “Report of Branded Prescription Drug Information,”
The time and manner for notifying covered entities of their preliminary fee calculation,
The time and manner for submitting error reports for the dispute resolution process; and
The time for notifying covered entities of their final fee calculation.
For the 2014 fee year, the Notice states that a covered entity that chooses to submit Form 8947 must file the form by November 1, 2013.
For the 2014 fee year, the Notice states that the IRS will mail each covered entity a paper notice of its preliminary fee calculation by March 3, 2014. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to Regulation section 51.4T.
A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by February 17, 2014. The Notice instructs that this request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the notice says the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by March 3, 2014.
For the 2014 fee year, the Notice also states a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 15, 2014. When the IRS mails each covered entity a notice of its preliminary fee calculation by March 3, 2014, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM and sent by mail as instructed in the Notice.
The Notice also indicates that the IRS will notify each covered entity of its final fee calculation for 2014 by August 29, 2014, after which each covered entity must pay this fee by September 30, 2014 in accordance with Regulation section 51.8T(c),
For More Information Or Assistance
If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Medicare payments to inpatient psychiatric facilities (IPFs) will rise by 2.3% for fiscal year (FY) 2014 under the final Inpatient Psychiatric Facilities Prospective Payment System (PPS) Updated for Fiscal Year Beginning October 1, 2013 (FY 2013) posted by the Centers for Medicare & Medicaid Services (CMS) July 29 here.
The notice updates the prospective payment rates for Medicare inpatient hospital services provided by inpatient psychiatric facilitates for discharges occurring during the fiscal year (FY) beginning October 1, 2013 through September 30, 2014.
Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:
The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.
IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.
For More Information Or Assistance
If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Medicare payments to inpatient psychiatric facilities (IPFs) will rise by 2.3% for fiscal year (FY) 2014 under the final Inpatient Psychiatric Facilities Prospective Payment System (PPS) Updated for Fiscal Year Beginning October 1, 2013 (FY 2013) posted by the Centers for Medicare & Medicaid Services (CMS) July 29 here.
The notice updates the prospective payment rates for Medicare inpatient hospital services provided by inpatient psychiatric facilitates for discharges occurring during the fiscal year (FY) beginning October 1, 2013 through September 30, 2014.
Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:
The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.
IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.
For More Information Or Assistance
If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Updates the prospective payment rates for (IRFs) for federal fiscal year (FY) 2014 (for discharges occurring on or after October 1, 2013 and on or before September 30, 2014) as required by the statute.
Revises the list of diagnosis codes that may be counted toward an IRF’s “60 percent rule” compliance calculation to determine “presumptive compliance,” update the IRF facility-level adjustment factors using an enhanced estimation methodology;
Revises sections of the Inpatient Rehabilitation Facility-Patient Assessment Instrument,
Revises requirements for acute care hospitals that have IRF units;
Clarifies the IRF regulation text regarding limitation of review;
Updates references to previously changed sections in the regulations text; and
Revises and updates quality measures and reporting requirements under the IRF quality reporting program.
The regulatory amendments in this Rule generally are effective as follows:
Its revisions to the list of diagnosis codes used to determine presumptive compliance under the “60 percent rule” are applicable for compliance review periods beginning on or after October 1, 2014; and
The updated IRF prospective payment rates are applicable for IRF discharges occurring on or after October 1, 2013 and on or before September 30, 2014 (FY 2014).
The changes to the Inpatient Rehabilitation Facility-Patient Assessment Instrument, the amendments to §412.25, and the revised and updated quality measures and reporting requirements under the IRF quality reporting program are applicable for IRF discharges occurring on or after October 1, 2014.
IRFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.
For More Information Or Assistance
If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
The Department of Justice’s July 29, 2013 announcement that it is suing Dr. Hal Brown and Primary Care of the Treasure Coast of Vero Beach, Florida (PCTC) for violating the Americans With Disabilities Act (ADA) by discriminating and retaliating against two deaf patients reminds physicians, clinics, hospitals and other health industry providers, their landlords, and other vendors to tighten their understanding, practices of federal and state disability discrimination laws to avoid getting nailed for improper discrimination. Following on the Department of Health & Human Service’s recently announced exclusion of a physician that illegally discriminated against a HIV-positive patient, health care providers are on notice that Federal officials are gunning for health care providers who illegally discriminate against patients and others with disabilities.
With the Justice Department, HHS and others targeting discrimination in the health care industry, physicians and their practices, clinics, hospitals and other private and public health care providers, and their landlords and other vendors should update their understanding of disability discrimination responsibilities and exposures, and then review and tighten policies, practices, workforce training and oversight, and other risk management and compliance practice to help prevent and mitigate exposures to disability and other discrimination claims.
Health Care Providers & Industry Under Fire For Disability Discrimination
While the heavy emphasis generally placed upon the enforcement of disability laws by the Obama Administration has heightened the risks of all U.S. businesses, health care providers are particularly at risk to disability discrimination liability as a result of the Barrier-Free Health Care Initiative of the Justice Department and related health industry disability enforcement initiatives of HHS and other federal agencies.
Health care provider, like other U.S. businesses, face sweeping responsibilities under the various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws. Section 504 of the Rehabilitation Act generally requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.
The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs. Rather, the ADA requirements and disability discrimination prohibitions generally apply to all U.S. health care and other businesses even if they do not receive federal financial assistance. Under the ADA, health care providers and other covered businesses generally have a duty other to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities.
Specifically under the ADA:
The public accommodation provisions generally both prohibit discrimination against individuals with disabilities when delivering health care or other services, as well as require health industry and other businesses to provide reasonable accommodations to individuals with disabilities unless the health care provider proves its actions are defensible under an exception to these general rules.
The employment discrimination provisions generally prohibit health care industry and other employers from discriminating against qualified individuals with a disability and require employers to provide reasonable accommodations for disabled workers unless the health care provider can prove that its conduct qualifies under one of the allowable exceptions to the general prohibition against discrimination.
The anti-retaliation rules prohibit retaliation against an individual because he opposes an act that is unlawful under the ADA or because he made a charge, testified, assisted or participated in any way in an investigation, proceeding or hearing under the ADA. These provisions also make it unlawful to coerce, intimidate, threaten or interfere with any individual exercising their rights protected by the ADA.
Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.
Justice Department ADA Suit Against Brown & PCTC
The ADA lawsuit against Dr. Brown and PCTC comes on the heels of the Justice Department’s Celebration of the 23rd Anniversary of the ADA last week and is an example of one of a growing number of lawsuits and other actions against health care providers resulting from the Justice Department “Barrier-Free Health Care Initiative” and related Department of Health & Human Services (HHS) enforcement efforts focusing on ensuring access to health care for individuals with disabilities.
The Department of Justice suit charges Dr. Brown and PCTC with violating the public accommodation and anti-retaliation provisions of ADA by discriminating against a deaf couple, Susan and James Liese by discriminating against a deaf couple, Susan and James Liese and then retaliating against the couple for engaging in activities protected under the ADA.
According to the Justice Department’s complaint, Dr. Brown and PCTC terminated Mr. and Mrs. Liese as patients because the couple pursued ADA claims against a hospital located next door to and affiliated with PCTC for not providing effective communication during an emergency surgery. The complaint alleges that after learning that the Lieses threatened the hospital with an ADA suit based on failure to provide sign language interpreter services, PCTC and Dr. Brown, who was the Liese’s primary doctor at PCTC, immediately terminated the Lieses as patients.
The Justice Department says this termination of the Lieses as patients violated the ADA. According to Jocelyn Samuels, Acting Assistant Attorney General for the Civil Rights Division, “A person cannot be terminated as a patient because he or she asserts the right to effective communication at a hospital.”
While it remains to be seen if the Justice Department will be successful in its suit against Dr. Brown and PCTC, it has experienced significant success in disability discrimination actions against other health care providers.
Justice Department Barrier-Free Health Care Initiative Successes Growing
Justice Department suits like the ADA suit against Dr. Brown and PCTC are increasingly common and successful.
While the Justice Department across the years has prosecuted various health care providers for illegal discrimination under the ADA, it has turned up the heat with its nationwide Barrier-Free Health Care Initiative. According to the Justice Department, it intends that the prosecutions under the Barrier-Free Health Care Initiative to focus and leverage the Justice Department’s resources together and send a clear message that disability discrimination in health care is illegal and unacceptable.
Since the Justice Department announced its Barrier-Free Health Care Initiative last year, for instance, the Justice Department has entered into 18 settlements under the Barrier-Free Health Care Initiative. These include three agreements requiring health care providers to provide auxiliary aids and services, including sign language interpreters, to individuals who are deaf to ensure effective communication in health care settings including two settlements in the last month.
On June 27, 2013, the U.S. Attorney’s Office for the Western District of Tennessee announced that Heart Center of Memphis has agreed to provide qualified sign language and oral interpreters as well as other auxiliary aids and services to patients who are deaf, have hearing loss or have speech disabilities to resolve a Justice Department complaint charging the Heart Center violated the ADA by telling a deaf patient that it was his responsibility to arrange a sign language interpreter for his appointment. After several unsuccessful attempts to get the Heart Center to provide a qualified sign language interpreter as required by law, the patient cancelled his appointment.
On June 26, 2013, the U.S. Attorney’s Office for the Northern District of Georgia announced it had reached a disability discrimination settlement agreement with Midtown Neurology P.C. The settlement resolved a complaint alleging that Midtown Neurology P.C. failed to provide, over multiple appointments, a qualified sign language interpreter for a patient who is deaf. At one appointment, the patient underwent a painful neurological test. Because there was no interpreter, the patient could not communicate that she was frightened and in pain, and that she wanted the doctor to stop the procedure. Under the agreement, Midtown Neurology P.C. will provide auxiliary aids and services, including qualified interpreters, to individuals who are deaf or hard of hearing where necessary to ensure effective communication.
In addition, the Justice Department also particularly is aggressive in prosecuting health care providers that discriminate against individuals with HIV. In the past six months, the Department reports it has reached five settlement agreements with medical providers to address HIV discrimination.
For instance, the Justice Department on July 26, 2013 announced that Barix Clinics, an organization that operates bariatric treatment facilities in Michigan and Pennsylvania, will pay $35,000 to victim-complainants and a $10,000 civil penalty, train its staff on the ADA and implement an anti-discrimination policy to settle Justice Department charges that Barix Clinics unlawfully refused to perform bariatric surgery on a man at its Langhorne, Pa., facility because he has HIV. The Department also determined that Barix Clinics cancelled bariatric surgery for another individual at its Ypsilanti, Michigan facility because he has HIV.
The Barix Clinic settlement added to a long list of earlier settlements of ADA charges stemming from discrimination against HIV patients including Glenbeigh (settlement regarding exclusion of an individual from an alcohol treatment program because of the side effects of his HIV medication, March 13, 2013); Woodlawn Family Dentistry (dentist office’s unequal treatment of people with HIV in the scheduling of future dental appointments, February 12, 2013); Castlewood Treatment Center (eating disorder clinic’s refusal to treat a woman for a serious eating disorder because she has HIV, February 6, 2013); and Fayetteville Pain Center (unlawful exclusion of a person with HIV from treatment, January 31, 2013).
While most announced Justice Department settlements involve the denial of interpreters to deaf or other communication impaired patients and discrimination in the treatment of HIV patients, the Justice Department also has shown a willingness to prosecute health care providers who engage in other types of disability discrimination. For instance, on April 3, 2012, the Justice Department reached a settlement with Richard Noren, M.D., Henry Kurzydlowski, M.D., and Pain Care Consultant, Inc., which resolved charges that they violated the ADA by failing to make reasonable changes to policies, practices, and procedures to enable a child with diabetes to participate in summer camp. Furthermore, although not necessarily reflected in the currently published, officially announced settlements of the Justice Department, health care providers have reported that the Justice Department and HHS also have become increasingly aggressive in investigating disability claims of visually or other physically, cognitively, or emotionally disabled patients arising from the failure of health care providers to accommodate their need for support or comfort animals.
Justice Department Plans To Keep Heat On Health Care Providers
All signs are that the Justice Department intends to continue, if not expand its Barrier-Free Health Care Initiatives. In fact, the suit against Dr. Brown and PCTC comes on the heels of the Justice Department’s filing of an ADA disabilities discrimination lawsuit against the State of Florida alleging the state is in violation of the ADA in its administration of its service system for children with significant medical needs.
The Justice Department lawsuit against the State of Florida charges that Florida’s programs have resulted in nearly 200 children with disabilities being unnecessarily segregated in nursing facilities which should be served in their family homes or other community-based settings. The Justice Department further alleges that the state’s policies and practices place other children with significant medical needs in the community at serious risk of institutionalization in nursing facilities. The department’s complaint seeks declaratory and injunctive relief, as well as compensatory damages for affected children.
“Florida must ensure that children with significant medical needs are not isolated in nursing facilities, away from their families and communities,” said Eve Hill, Deputy Assistant Attorney General for the Civil Rights Division. “Children have a right to grow up with their families, among their friends and in their own communities. This is the promise of the ADA’s integration mandate as articulated by the Supreme Court in Olmstead. The violations the department has identified are serious, systemic and ongoing and require comprehensive relief for these children and their families.”
Health Industry Disability Discrimination Risks: Beyond The Justice Department
While private plaintiffs as well as the Justice Department and other agencies increasingly successfully sue health care providers for violating the ADA and other disability discrimination laws, the often significant damages and defense costs that often arise from these suits are only part of the exposure that health care providers should consider and manage. Among other things, health care providers accused or found to engage in disability discrimination also generally also risk significant adverse publicity, loss or curtailment of federal or state program participation, reimbursement or other contractual or administrative penalties, licensing board and accreditation sanctions, burdensome corrective action and ongoing reporting and oversight and other consequences.
Perhaps most notably, HHS also is stepping up enforcement against health care providers that discriminate against the disabled. Like the actions of the Justice Department, many of these enforcement actions focus heavily on discrimination against HIV patients as well as deaf or other individuals whose disabilities impairs their ability to communicate effectively with health care providers.
For instance, on July 18, 2013, HHS announced the termination of Medicaid funding to a California surgeon who intentionally discriminated against an HIV-positive patient by refusing to perform much-needed back surgery. The HHS Departmental Appeals Board concluded that the surgeon violated Section 504 of the Rehabilitation Act of 1973, which prohibits disability discrimination by health care providers who receive federal funds. The order follows an Office for Civil Rights (OCR) investigation of a complaint filed by a patient who alleged that the surgeon refused to perform back surgery after learning that the patient was HIV-positive. OCR found that the surgeon discriminated against the patient on the basis of his HIV status in violation of federal civil rights laws. See HHS Press Release; HHS Departmental Appeals Board Decision; OCR Violation Letter of Findings.
HHS’s exclusion of the surgeon from federal program participation is part of a long-standing policy of OCR of pursuing disability discrimination actions against providers that discriminate against patients with HIV. For instance OCR previously has announced that an Austin, Texas orthopedic surgeon had agreed to ensure that individuals living with HIV/AIDS have equal access to appropriate medical treatment in order to resolve charges brought in an OCR Violation Letter of Finding charging the surgeon with violating the Rehabilitation Act by refusing to perform knee surgery on an HIV-positive patient. See Settlement Agreement.
OCR, like the Justice Department, also is aggressive in pursuing Rehabilitation Act claims against health care providers for failing to provide interpreters or other appropriate accommodations for deaf or other patients with disabilities that impair their ability to communicate. In March, for instance, OCR announced a settlement agreement with national senior care provider, Genesis HealthCare (Genesis) which resolved an OCR complaint that Genesis violated Section 504 of the Rehabilitation Act by failing to provide a qualified interpreter to a resident at its skilled nursing facility in Randallstown, Maryland. See, Genesis Settlement.
OCR construes Section 504 of the Rehabilitation Act of 1973, as among other things requiring that facilities take appropriate steps to ensure effective communications with individuals. According to OCR, throughout the patient’s stay at the facility, an OCR investigation showed center staff relied on written notes and gestures to communicate with the resident, even while conducting a comprehensive psychiatric evaluation with him. Moreover, by not being provided a qualified interpreter, evaluations of his care and discussions on the effects of his numerous medications and the risks caused by not following recommended treatments and prescription protocols had harmful effects on the patient’s overall health status. According to OCR Director Leon Rodriguez, “This patient’s care was unnecessarily and significantly compromised by the stark absence of interpreter services.” OCR concluded that in order for the patient and staff to be able to communicate effectively with each other regarding treatment, a qualified sign language interpreter would have been necessary.
Under the terms of the agreement, Genesis must require all facilities to provide interpreters and other suitable communications accommodations to language disabled patients, form an auxiliary aids and services hotline; create an advisory committee to provide guidance and direction on how to best communicate with the deaf and hard of hearing community; designate a monitor to conduct a self-assessment and obtain feedback from deaf and hard of hearing individuals and advocates and conduct outreach to promote awareness of hearing impairments and services that are available for deaf and hard of hearing individuals. In addition Genesis will be required to pay monetary penalties for noncompliance with any terms of the agreement.
In announcing the Genesis settlement, Director Rodriguez warned, “My office continues its enforcement activities and work with providers, particularly large health care systems like Genesis, to make certain that compliance with nondiscrimination laws is a system wide obligation.
When evaluating the need to provide interpreters, health care providers also should consider the advisability of offering interpreters for patients whose primary language is not English. OCR’s discrimination enforcement efforts often extend to other language impaired persons such as English as a Second Language patients. In addition to its efforts on behalf of individuals with disabilities impacting their ability to communicate, OCR recently announced a national initiative under which it will conduct compliance reviews of critical access hospitals as part of its efforts to strengthen language access for individuals whose primary language is not English. See OCR Launches Nationwide Compliance Review Initiative To Strengthen Language Access Programs At Critical Access Hospitals.
Health care providers also should ensure that their take appropriate steps to accommodate other disabilities. For instance, the use of support animals by veterans, children, and other patients with physical, emotional or cognitive disorders on the rise, health care providers need to ensure that their policies, practices, training, facilities leases and other vendor contracts, posting and other arrangements are updated to accommodate patients requiring the use of support or comfort animals. OCR’s enforcement actions already have extended to protection of the rights of disabled individuals to have the aid and assistance of their service animals when receiving services from health care providers. For instance, under a settlement agreement with the St. Mercy Medical Center (Mercy) in Fort Smith, Arkansas resolving an OCR complaint that it violated Section 504 and the Rehabilitation Act of 1973, Mercy committed to revise it policies and procedures to comply with Section 504 and to provide staff comprehensive training on their obligations to provide services without discrimination to qualified persons with disabilities. This settlement follows an OCR investigation into a complaint filed by an individual whose service animal was not allowed to go with him into the hospital. See, Mercy Settlement Agreement. This recent newscast video highlights how the failure to update postings, training, and other practices could result in a host of negative publicity and enforcement actions from refusing or limiting the ability of a person with a disability to have the support of his comfort animal within a health care facility. North Texas Vet Cries Foul After Service Dog Rejection. This type of adverse publicity not only can do serious damage to a health care provider’s public image, it also is likely to trigger the type of investigation that lead to the Mercy enforcement action.
Other Disability Discrimination Risks
Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR, the Justice Department and other agencies to pursue investigations and enforcement of disability discrimination and other laws, physicians and other licensed professionals can expect that they may face disciplinary action by their applicable licensing boards, whose rules typically now make disability or other wrongful discrimination against patients a violation of their rules. Meanwhile, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.
Act To Manage & Mitigate Disability Risks
In the face of these growing risks , physicians, hospitals and their medical staffs, and other health care providers should review and tighten their policies, leases and other vendor contracts, practices and training to minimize their exposure to prosecution or other sanctions for disability discrimination.
In light of the expanding readiness of OCR, the Justice Department and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures.
Given a series of recent changes in the provisions of the ADA, discrimination regulations, and enforcement standards, this process generally should begin by reviewing the health care provider’s understanding and policies regarding disability and other discrimination to ensure that they comply with current legal and credentialing requirements and standards. Once the organization confirms its understanding of current rules is up-to-date, the health care provider also should critically evaluate its operations to identify where its postings, policies, training, practices and operations need to be updated or tightened to meet these standards or avoid other risks.
In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.
To meet and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.
For More Information Or Assistance
If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.
Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here. About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
The recent criminal sentencing and civil settlement of Illinois physician Dr. Mahmoud Yassin highlights the growing- but too often appreciated exposure of physicians and other health care providers and their billing or other management who submit conflicting claims data to private and government claims or otherwise permit in false falsely bill or participate in the cover-up of fraudulent or other improper billings to payers. The Yassin sentencing is notable both because Yassin incurred criminal liability for obstruction based on his presentation of altered patient records to a private payer and and civil liability for making false claims to Medicare and others.
Yassin was sentenced July 22, 2013 to serve 30 days in prison and 3 years of probation and to pay a fine of $10,000, a special assessment of $100, and restitution to Blue Cross Blue Shield of Illinois in the amount of $19,615.17 in federal district court in Benton, Illinois for Obstructing a Criminal Health Care Fraud Investigator. The felony obstruction conviction stemmed from charges that on March 2, 2012, when a FBI agent, having served a subpoena for patient records on Dr. Yassin, gave an altered patient progress note that showed an in-office examination previously claimed to an insurance carrier, but which had not taken place.
In a separate civil settlement with the United States Attorney’s Office regarding false claims to Medicare, Dr. Yassin also previously has paid double damages for $87,348.64. The restitution and civil false claims settlement were based on claims for in person office visits in which the patient either failed to show up for an appointment or only was spoken to by telephone.
The Yassin prosecution demonstrates the importance of providers getting their records and billings straight when billing both private payers and government payers. While most health care providers recognize the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ), many don’t recognize their exposure from private payer billings or the potential interaction between private and government claims investigations Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers. Furthermore, federal fraud investigators and private payers increasingly are working together on the investigation and redress of false billing and other aggressive practices. These and other risks mean that providers cannot afford to be unprepared when asked to respond to investigations like one that lead to the Yassin conviction, recoupment or other audit and enforcement actions See, Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings. Rather, physicians and other health care clinics must be ready to prove and defend their billings to public and private payers. In both cases, these preparations should ensure that records accurately and completely document the care provided, that the coding and billing applied is reflective of actual care and consistent with existing reimbursement, and otherwise defensible. As demonstrated by Yassin, inconsistencies between records presented to different payers should be avoided.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.
Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Physicians or other health care providers now have even more to worry about when a Medicare or other federal program audit reveals overpayments – repayment demands from commercial insurers and self-insured health plans, who are secondary payers. Federal officials and private payers alike increasingly are coming after providers to recover overpayments or other inappropriate billings identified through audits or other investigations. In the face of these actions, providers should use care to ensure that their billing and compliance programs appropriately manage and monitor the defensibility of claims billed to private payers as well as those to Medicare or other government programs.
Most health care providers recognize the significant exposure they incur from overbilling Medicare or other federal programs as a result of the highly publicized, heavy-handed audit and enforcement activities of the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of Inspector General (OIG) and Department of Justice (DOJ).
Unfortunately, many health care providers don’t recognize that overbilling private payers can carry similar risks and liabilities. Amendments enacted as part of the anti-fraud provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) added private health plans to the list of plans protected by federal prohibitions against fraudulent billing by providers.
While CMS, OIG and DOJ tend to emphasize Medicare and other federal program recoveries in media releases about their overbilling and health care fraud enforcement efforts, careful review of these actions increasingly shows that these enforcement actions often also cover overbilling of private health plans uncovered in connection with the underlying Medicare or other federal program overpayment audit or investigation. For instance, upcoding and other false billing of claims was the basis of the federal criminal health care fraud prosecution of the Chief Executive Officer of a small, rural Texas health care clinic. Texas Clinic CEO Sentence Highlights Risks Of Upcoding. See, also Pharmas Face New Pressure To Put Patients Before Profits After GlaxoSmithKline Record $3 Billion Health Care Fraud & FDCA Settlement.
Unfortunately, many providers have failed to recognize and adequately respond to these and other clear indicators of their exposure to fraud, recoupment and other enforcement actions from sloppy or otherwise improper billings to private insurers and self insured plans. With health care reform increasingly focusing on reducing health care expenditures in the private as well as public arena, already existing federal and state enforcement against providers for improper billing of private payers will inevitably grown.
Taking into account these and other trends toward stepped up enforcement against aggressive billing by providers of private insurance or self-insured plans, physicians and other providers should not be surprised or unprepared to respond to recoupment or other audit and enforcement actions like that recently reported by Nina Youngstrom in AIS Health about the recoupment demands by commercial insurers against a Kansas health care clinic based on the Medicare audit findings of overpayments. See, Secondary Payers Hit Physician Group With Recoupment After Medicare Audit Findings. Rather, physicians and other health care clinics must be ready to prove and defend their billings to private payers as well as Medicare and other government payers.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of compliance, risk management and other workshops, programs and publications.
Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experiencehere. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Posted by Cynthia Marcotte Stamer 
slphealthcareupdate.com 