Office of Civil Rights |

Banner Health Pays $1.25 Million To Settle Cybersecurity Breach Impacting Nearly 3 Million Individuals

February 3, 2023

Phoenix-based nonprofit health system Banner Health and its affiliates (“Banner Health”) paid $1.25 million and agreed to take corrective actions to resolve its exposure to potentially much greater Health Insurance Portability and Accountability Act (HIPAA) Security Rule civil monetary penalty exposure for a 2016 cyber hacking breach that compromised the personal health information of 2.81 million consumers. OCR used its February 2 announcement of the Banner Health settlement to warn health care providers, health plans, health care clearinghouses (“covered entities”) and business associates covered by HIPAA to guard their own systems containing protected health information against breach by cyber hacking.

Banner Health Settlement

Banner Health is one of the largest non-profit health systems in the country, with over 50,000 employees and operating in six states. Banner Health is the largest employer in Arizona and one of the largest in northern Colorado.

In November 2016, OCR initiated an investigation of Banner Health following the receipt of a breach report stating that a threat actor had gained unauthorized access to electronic protected health information, potentially affecting millions. The hacker accessed protected health information that included patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medications, diagnoses and conditions, and health insurance information.

OCR’s investigation found evidence of long-term, pervasive noncompliance with the HIPAA Security Rule across Banner Health’s organization, a serious concern given the size of this covered entity. Organizations must be proactive in their efforts to regularly monitor system activity for hacking incidents and have measures in place to sufficiently safeguard patient information from risk across their entire network.

The potential violations OCR identified specifically included:

A lack of an analysis to determine risks and vulnerabilities of electronic protected health information across the organization;
Insufficient monitoring of its health information systems’ activity to protect against a cyber-attack;
Failure to implement an authentication process to safeguard its electronic protected health information; and
Failure to have security measures in place to protect electronic protected health information from unauthorized access when it was being transmitted electronically.

Under the Resolution Agreement and Corrective Action Plan negotiated to resolve these potential violations, Banner Health paid $1,250,000 to OCR. Banner Health also agreed to implement a corrective action plan, which identifies steps Banner Health will take to resolve these potential violations of the HIPAA Security Rule and protect the security of electronic patient health information that will be monitored for two years by OCR to ensure compliance with the HIPAA Security Rule. Under the corrective action plan, Banner has agreed to take the following steps:

Conduct an accurate and thorough risk analysis to determine risks and vulnerabilities to electronic patient/system data across the organization
Develop and implement a risk management plan to address identified risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI
Develop, implement, and distribute policies and procedures for a risk analysis and risk management plan, the regular review of activity within their information systems, an authentication process to provide safeguards to data and records, and security measures to protect electronic protected health information from unauthorized access when it is being transmitted electronically, and
Report to HHS within thirty (30) days when workforce members fail to comply with the HIPAA Security Rule.

OCR Warns Other HIPAA-Covered Entities

In the health care sector, hacking is now the greatest threat to the privacy and security of protected health information. OCR’s announcement of the settlement reports 74 percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents.

The announcement also notes OCR offers an array of resources to help health care organizations bolster their cybersecurity posture and comply with the HIPAA Rules,

The settlement and OCR’s announcement warn other covered entities and business associates to use these and other necessary resources to protect their systems with protected health information from cyber hacking and other breaches.

In conjunction with reminding other covered entities of these resources, the settlement announcement quotes OCR Director Melanie Fontes Rainer as a warning, “Hackers continue to threaten the privacy and security of patient information held by health care organizations, including our nation’s hospitals, … It is imperative that hospitals and other covered entities and business associates be vigilant in taking robust steps to protect their systems, data, and records, and this begins with understanding their risks, and taking action to prevent, respond to and combat such cyber-attacks. … Cyber security is on all of us, and we must take steps to protect our health care systems from these attacks.”

OCR’s enforcement record confirms these are not idyl threats. Breaches of the Security or Breach Notification Rules often result in significant civil monetary penalty assessments or negotiated settlements to mitigate civil liability exposures arising out of such breaches. See e.g., Clinical Laboratory Pays $25,000 To Settle Potential HIPAA Security Rule Violations (May 25, 2021); Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People (January 15, 2021); Aetna Pays $1,000,000 to Settle Three HIPAA Breaches(October 28, 2020); Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People (September 25, 2020); HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual – (September 23, 2020); Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach (July 27, 2020); Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements (July 23, 2020).

Alerts issued by OCR regarding heightened security risks in recent months and a growing tide of highly publicized breaches send a strong warning to other covered entities and their business associates to reconfirm the adequacy of their own HIPAA privacy, security, breach notification and other procedures and protections by among other things:

Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected
violations or other indicia of potential security concerns.
Tracking and reviewing on a systemized, well-documented basis actual and near-miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
Establishing and providing well-documented monitoring of compliance that includes board-level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
Establishing and providing well-documented timely investigation and redress of reported
violations or other compliance concerns.
Establishing contingency plans for responding in the event of a breach.
Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.

Because of susceptibilities in systems, software and other vendors of business associates, suppliers and other third parties, covered entities and their business associates should use care to assess and manage business associate and other vendor-associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.

Beyond these HIPAA exposures, breaches and other HIPAA noncompliance carries other liability risks. Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders. For instance, the Department of Health & Human Services has warned health care providers participating in Medicare or other federal programs and Medicare Advantage health plans that HIPAA compliance is a program term of participation.

Health care providers and health insurers can face liability under state data privacy and breach, negligence or other statutory or common laws. In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards.

Health plans also face a myriad of other exposures from failing to use appropriate cyber safeguards. Plan fiduciaries of employment-based health plans covered by the Employee Retirement Income Security Act (“ERISA”) risk liability under ERISA’s fiduciary responsibility rules. The Department of Labor Employee Benefit Security Administration (“EBSA”) now audits the adequacy of the cybersecurity and other HIPAA compliance of health plans and their third-party administrators and other business associates as part of EBSA’s oversight and enforcement of ERISA. Department of Labor Assistant Secretary for EBSA Lisa Gomez confirmed audit and enforcement of cybersecurity obligations is a key priority in EBSA’s current work plan in her February 4, 2023 comments to the American Bar Association.

Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other public companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations.

Furthermore, appropriate cyber security practices also may be advisable elements for organizations to include in their Federal Sentencing Guideline Compliance Programs to mitigate potential organization liability risks under federal electronic crime and related laws.

In the face of these risks and warnings, all covered entities and their business associates should reassess and confirm the adequacy of their and their business associates’ cyber security defenses and breach response preparations.

More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely-known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on health and managed care and employer benefits legal, public policy and operational concerns in the healthcare, employer benefits, and insurance and financial services industries. She speaks and publishes extensively on HIPAA and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Leave a Comment » | Cyber crime, data breach, data security, DME, Doctor, Employer, ERISA, Federal Sentencing Guidelines, Health Care Finance, Health Care Provider, Health Insurance, Health IT, Health Plan, Health Plans, HHS, HIPAA, HIPAA Cyber Crime, HITECH Act, home health, Hospice, Hospital, hospitals, Licensing, Meaningful Use, Medicaid, Medicaid Advantage, Medical Licensure, Medical Malpractice, Medical Privacy, Medical Records, Medicare, Medicare Advantage, OCR, Peer Review, Physician Licensing, retaliation, Technology, Telemedicine, Whistleblower | Tagged: ARRA, Breach Notification, CMS, Compliance, Corporate Compliance, Data Breach, Data Security, Doctor, DOJ, EHR, Electronic Health Records, Employer, false claims act, Federal Sentencing Guidelines, Health Care, Health Care Compliance, Health Care Fraud, Health Care Provider, Health Care Reimbursement, Health Insurance, Health IT, Health Plan, Health Plans, HHS, HIPAA, HIPAA Privacy, HITECH Act, Hospital, Hospitals, licensure, Medicaid, Medical Privacy, Medicare, OCR, Office of Civil Rights, OIG, PHI, Physician, Physicians, Privacy, Protected Health Information | Permalink
Posted by Cynthia Marcotte Stamer

Provider Pays $750K To Settle HIPAA Business Associate Rule Breach Charges

April 21, 2016

Health Care Providers, Health Plans, Healthcare Clearing Houses & Business Associates Should Verify Plan’s HIPAA Business Associate Rule Compliance

Health care providers as providers and as health plan sponsors, health plans and their sponsors, health care clearinghouses and their business associates should reconfirm and ensure they can prove they have all required business associate agreements in place and otherwise properly are administering all policies, practices, safeguards and procedures for handling, using and disclosing electronic and other protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules (Privacy Rule) in light of the April 20, 2016 Department of Health & Human Services Office of Civil Rights (OCR) announcement of its latest resolution agreement settling charges against a health care provider for sharing protected health information with a business associate without first implementing the required business associate agreement.

OCR Charges Brought For Business Associate Agreement Violations

HIPAA’s Privacy Rules generally apply to “covered entities,” which under HIPAA are health plans and insurers, health care providers, health care clearinghouses (Covered Entities) and “business associates,” which are individuals or entities that perform services that aid the Covered Entity to perform its duties as a Covered Entity.

The Resolution Agreement and Corrective Action Plan (Resolution Agreement) with Raleigh Orthopaedic Clinic, P.A. of North Carolina (Raleigh Orthopaedic) announced by OCR on April 20th requires Raleigh Orthopaedic to pay $750,000 to settle charges OCR it violated the Privacy Rule by handing over protected health information of approximately 17,300 patients to a potential business partner without first executing a business associate agreement.

Raleigh Orthopaedic is a provider group practice that operates clinics and a surgery center in the Raleigh, North Carolina area. OCR initiated its investigation of Raleigh Orthopaedic after receiving a breach report on April 30, 2013. OCR’s investigation indicated that Raleigh Orthopaedic violated the Privacy Rules by releasing the x-ray films and related protected health information of 17,300 patients to an entity that promised to transfer the images to electronic media in exchange for harvesting the silver from the x-ray films. Raleigh Orthopaedic failed to execute a business associate agreement with this entity before turning over the x-rays and PHI.

OCR says this sharing of the x-ray files and other protected health information by Raleigh Orthopaedic violated the Privacy Rules.

Specifically, the Privacy Rules prohibit Covered Entities and their business associates from using, accessing and disclosing protected health information except as specifically permitted in the Privacy Rules. As part of these rules, the “Business Associate” requirements of the Privacy Rule prohibit Covered Entities from disclosing or allowing business associates to use, and business associates from receiving or using protected health information unless the parties first enter into a written business associate agreement that complies with the requirements of the Privacy Rules.

The Resolution Agreement settles OCR charges that Raleigh Orthopaedic violated this Business Associate Agreement requirement by sharing the x-rays and other protected health information with the service provider without first entering a business associate agreement. Under the Settlement Agreement, Raleigh Orthopaedic must pay a $750,000 payment, as well as revise its policies and procedures to: establish a process for assessing whether entities are business associates; designate a responsible individual to ensure business associate agreements are in place prior to disclosing PHI to a business associate; create a standard template business associate agreement; establish a standard process for maintaining documentation of a business associate agreements for at least six (6) years beyond the date of termination of a business associate relationship; and limit disclosures of PHI to any business associate to the minimum necessary to accomplish the purpose for which the Covered Entity hires the business associate.

Although the Resolution Agreement only addresses charges OCR brought against the Covered Entity, Raleigh Orthopaedic, business associates need to keep in mind that both Covered Entities and business associates now are responsible for ensuring compliance with the business associate agreement requirements of the Privacy Rules since the Stimulus Bill amended HIPAA to make most provisions of the Privacy Rule directly applicable to business associates as well as Covered Entities.

Take Aways For Covered Entities & Their Business Associates

OCR’s announcement of the Resolution Agreement includes a strong message for other Covered Entities and business associates of the importance of taking seriously their responsibility under the Privacy Rule to ensure that the business associate agreement requirements of the Privacy Rule are met before business associates are allowed to receive, access or use protected health information. The announcement quotes Jocelyn Samuels, Director of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) as stating. “It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected.” and “HIPAA’s obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise.”

In light of the Business Associate Rule and Director Samuels’ comments, Covered Entities and business associates alike should review the adequacy of their documentation, policies and practices regarding dealings with service providers who are or could collect, receive or use electronic or other protected health information to propose or perform services in the capacity as a business associate. Certainly both Covered Entities and business associates to ensure that they possess and are able to produce if needed signed business associate agreements for each current business associate agreement as well as that appropriate policies, practices and procedures are in place to ensure that all required business associate agreements are implemented before any disclosure or use of protected health information to the business associate in the future. As part of these activities, both Covered Entities and business associates also should ensure their policies and practices appropriately provide for the retention of signed copies of all business associate agreements and other records, and the implementation of all other processes and procedures required to position the entity to be able to demonstrate it not only had policies requiring compliance, but appropriately implemented and administered those policies in accordance with the Privacy Rule.

When conducting this review, Covered Entities and business associates also generally should consider the advisability of also reviewing their business associate agreements and the adequacy of these arrangements in light of any other contractual confidentiality and or contractual rights and commitments, regulatory requirements and other operational and risk management concerns that impact or interrelate with the relationship between the business associate and the Covered Entity. It is important to ensure that appropriate steps are taken to evaluate and properly integrate the confidentiality and other commitments that the Privacy Rules mandate a business associate agreement include with audit, performance assessment, and other data access or disclosure, trade secrets, confidentiality, performance standards and guarantees, indemnity and other contractual obligations of other agreements that could impact or be impacted by the business associate agreements. Steps also should be taken to incorporate appropriate processes and procedures for ensuring that the Covered Entity and members of its workforce understand and consistently administer and document their use of appropriate processes to ensure that the business associate agreement and other requirements of the Privacy Rules are fulfilled. In the case of employer sponsored plans subject to the Employee Retirement Income Security Act of 1974, for instance, the selection and proper oversight of business associates and the management of plan data both are subject to the fiduciary responsibility rules of ERISA. Meanwhile, insurers, business associates and other plan vendors also generally should anticipate that beyond HIPAA, they also may be subject to data security, privacy and other mandates and exposures under state HIPAA-like rules for protected health information, as well as other obligations under insurance, data security, identity theft, breach, privacy and other state laws.

The process of evaluating the adequacy of current arrangement and considering the advisability of changes to tighten existing practices in many cases will result in the discovery and discussion of potentially sensitive information about the adequacy of current or past compliance with the Privacy Rules or other matters. For example, it is possible that in the course of review, parties may be unable to locate a signed business associate agreement governing a relationship that the Privacy Rules require be subject to a business associate agreement or in the course of review, information indicating breaches of protected health information or other Privacy Rule violations may have occurred. For this reason, most Covered Entities and their business associates will want to consider arranging for this review and analysis to be conducted within the scope of attorney-client privilege by or under the direction of qualified legal counsel with HIPAA experience that has entered into a business associate agreement with the Covered Entity or business associate.

About The Author

The author of this update,Cynthia Marcotte Stamer, is a noted Texas-based management lawyer and consultant, author, lecturer and policy advocate, recognized as among the “Top Rated Labor & Employment Lawyers in Texas” by LexisNexis® Martindale-Hubbell® and as among the “Best Lawyers In Dallas” for her work in the field of “Tax: Erisa & Employee Benefits” and “Health Care” by D Magazine who works, writes and speaks extensively about HIPAA and other data privacy and security concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s legal and management consulting work throughout her career has focused on helping health industry, insurance and other organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer helps health industry and other organizations manage. Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well-known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.

A Fellow in the American College of Employee Benefit Counsel, Ms. Stamer also brings to the table extensive knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.

Throughout her career, Ms. Stamer has advised these and other clients about health care, health plan, financial information, trade secret, privacy and other related compliance, data breach response and remediation and related compliance, risk management and related concerns. In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others.

Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.

Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns. She will share updates on HIPAA and other health care and data security concerns when returns to speak and chair at the 4th Annual Healthcare Privacy and Security Forum scheduled on May 20, 2016 in Los Angeles.

Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by email cstamer@solutionslawyer.net or by telephone at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:

Leave a Comment » | Doctor, Health Care, Health Care Provider, HIPAA, HIPAA Cyber Crime, Physician, Uncategorized | Tagged: Assisted Living, clinic, Data Breech, Data Security, Doctor, Health Care, Health Care Clinic, healthcare, HIPAA, Medical Privacy, Nurse, Office of Civil Rights, PHI, Physician, Privacy, Protected Health Information, Radiology, Skilled Nursing | Permalink
Posted by Cynthia Marcotte Stamer

OCR’s Proposed Sex & Other Discrimination Rules Spell Headaches & New Risks For Health Care Providers, Insurers & Others

September 3, 2015

November 6, 2015 is the deadline for health care providers, health insurance exchanges, Medicare Advantage plans, Medicaid Advantage plans, health insurers providing coverage in the health insurance marketplaces, their contractors and other concerned parties to comment on a proposed rule on Nondiscrimination in Health Programs and Activities published today by the Department of Health and Human Services (HHS) to implement the federal prohibition against sex discrimination in health programs and activities enacted under Section 1557 of the Patient Protection and Affordable Care Act (ACA) and tightening other nondiscrimination requirements that generally apply to Health Insurance Marketplaces, any health program that HHS itself administers, and any health program or activity, any part of which receives funding from HHS, such as hospitals that accept Medicare patients or doctors who treat Medicaid patients, and health insurance issurers participating in the Health Insurance Marketplaces, Medicare or Medicaid Advantage Plans and other entities covered by the HHS Office of Civil Rights (OCR) civil rights rules (covered entities) and various other programs and activities administered by HHS’ Office of Civil Rights (OCR).

Since OCR already aggressively investigates and enforces federal prohibitions against discrimination based on race, color, national origin, disability, age and sex against covered entities as part of the Obama Administration’s broader civil rights agenda, covered entities can look forward to OCR’s adoption of the proposed rules to add even more teeth and fire to the already aggressive enforcement by OCR of health care providers, insurers and other parties subject to the civil rights laws enforced by OCR. See. e.g., Health Care Employer’s Discrimination Triggers Medicare, EEOC Prosecutions; Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled; OCR Settlements Show Health Care & Disabled Housing Providers Face Growing Disability Discrimination Risks Given the often multimillion dollar penalties and other heavy sanctions that OCR already has imposed against a long and ever-growing list of state and other health care, child care, elder care, insurance and other entities for violating the discrimination or other civil rights rules administered by OCR, health care and other providers, Medicare and Medicaid Advantage and other insurers, and other covered entities generally will want both to carefully review and comment as appropriate on the proposed rules, as well as review and tighten as advisable their existing practices to reduce the risk of being sanctioned, excluded or both for violation of these nondiscrimination and other civil rights requirements by OCR. In this respect, covered entities will want both to evaluate their risks and responsibilities under the specific rules about Section 1557’s sex discrimination prohibits, as well as changes that more broadly affect the interpretation and enforcement of the nondiscrimination rules enforced by OCR generally.

Sex and Gender Identity Discrimination

Concerning the new prohibition against sex discrimination added by Section 1557 of the ACA, the proposed rule expressly provides that covered entities must treat woman equally with men in the health care they receive generally as well as specifically comments on the obligations of covered insurers with respect to sex discrimination including gender identity. While other provisions of the ACA bar certain types of sex discrimination in insurance, for example by prohibiting women from being charged more than men for coverage, the proposed regulation makes clear that the protections of Section 1557 reach even more broadly to prohibit sex discrimination both in the health coverage patients obtain as well as in the health services they seek from providers.

Not unexpectedly in light of the Supreme Court’s ruling in Obergefell and the Obama Administration’s proactive agenda on the advance of rights for lesbian, bisexual, gay and transsexual (LBGT) individuals, the proposed rule makes clear that OCR construes prohibited sex discrimination under Section 1557 to include discrimination based on gender identity as well as to address various coverage and care practices that OCR views as prohibited sex discrimination of LBGT individuals. In this respect, the proposed rule makes clear HHS’s commitment, as a matter of policy, to preventing discrimination based on sexual orientation by providing, among other things that Individuals may not be subject to discrimination based on gender identity by any covered entities including insurance policies and their issuers. OCR also highlights various policy provisions and other practices by insurers that it views as prohibited sex discrimination against transsexual individuals such as categorical exclusions on coverage of all care related to gender transition. Similarly, the proposed rule also states that health care providers, insurers and other covered person must treat all individuals consistent with their gender identity, including in access to facilities. Beyond the already proposed safeguards against sex discrimination based on gender identity, OCR also requests comment on how a final rule can incorporate the most robust set of protections against discrimination that are supported by the courts on an ongoing basis.

Other Nondiscrimination Rule Expansions

Beyond its requirements relating to sex discrimination, the proposed rule also addresses a host of other concerns relating to the civil rights rules more generally. As an initial matter, the proposed rule invites individuals in protected classes to file complaints and pursue other enforcement by confirming that OCR interprets Section 1557 as allowing individuals to seek legal remedies for discrimination under Section 1557. While OCR already has been allowing this in practice, this blessing of the right of individuals to seek legal remedies unquestionably will encourage the filing of more complaints and other private actions.

The proposed rule also would add more teeth to the already aggressive enforcement by OCR of its position that covered entities must accommodate community deficiencies of persons with cognitive, speech, hearing or other disabilities and English proficiency limitations on their ability to communicate on health care matters by establishing more detailed minimum standards for the provision of language services, such as oral interpreters and written translations to persons with limited English proficiency and to provide individuals with hearing or other disabilities affecting their ability to communicate to provide auxiliary aids and services, including alternative formats and sign language interpreters, and the accessibility of programs offered through electronic and information technology. These proposed requirements are designed to provide more teeth and compliance with OCR’s expectation that covered entities will affirmatively act to offer accommodations needed to ensure the ability of individuals to communicate when the individual’s ability to understand or respond is impaired by disabilities or limited English proficiency.

Also, the proposed regulations specifically addresses various practices by Medicare and Medicaid Advantage plans and other insurers offering coverage in the marketplace that OCR views as discriminatory. For instance, the proposed rule states that insurers participating or offering coverage through any Health Insurance Marketplace cannot engage in any marketing practices or benefit designs that discriminate on the basis of race, color, national origin, sex, age, or disability. This prohibition would extend to all the plans of insurers participating in the Marketplace are covered by the proposed rule.

Beyond the already proposed expansion in the current regulatory expectations, OCR also invites input about additional requirements to broaden the safeguards in the proposed regulations by requesting comment on whether Section 1557 should include an exemption for religious organizations and what the scope of any such exemption should be as well as comment on how a final rule can incorporate the most robust set of protections against discrimination that are supported by the courts on an ongoing basis.

Unquestionably these and other changes proposed in the proposed regulation likely will impact the practices and risks of virtually all covered entities. The proposed rule is open for public comment through November 6, 2015. Covered entities and other interested persons will want to promptly review the specifics of the proposed regulation in light of OCR’s already existing investigation and enforcement activities and their current or contemplated practices. To the extent appropriate, covered entities will want to ensure that they carefully prepare and submit all revelevant comment or other feedback promptly submitted on or before the November 6, 2015 comment deadline. Whether or not a covered entity elects to comment of the proposed regulations, however, all covered entities also should begin tightening and adapting their existing policies and practices to respond to the positions revealed by the proposed regulations, as OCR’s enforcement activities reflect that OCR will act to enforce many of these expectations even as it pursues adoption of the proposed regulations in final form.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Board Certified in Labor & Employment Law, and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 28 years experience advising health industry clients about these and other matters. Her experience includes more than 23 years experience advising and defending hospitals, nursing home, home health, rehabilitation and other health care, housing, insurance and other clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to discrimination and other charges from OCR, HUD, EEOC, DOJ, private claimants and others. She also advises and assists a broad range of health industry and other clients to respond to and defend Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR, CMS & other HHS agencies, Department of Labor, IRS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting for several years with OCR. Ms. Stamer also works extensively with health care providers, health plans and insurers, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance, investigations, defense, and other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on discrimination and other civil rights, pandemic and other contagious disease, HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance, quality, reimbursement, and a broad range of other industry internal controls, compliance, risk management, employment, patient safety, staffing, credentialing, board governance, antitrust, contracting and other legal and operational concerns for a multitude of clients and associations ranging from the Association of State & Territorial Health Plans, Los Angeles County Health Department, ISSA, HIMMS, the ABA, the American Health Lawyers Association, the Medical Group Management Association, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here. You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Examples of some of these recent health care related publications include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Uncategorized | Tagged: accommodate, age discrimination, Civil Rights, cognitive disorder, Disability Discrimination, Discrimination, English as Second Language, gender identity discrimination, Health Care, Health insurer, hearing imparied, HHS, Hospital, housing, insurer, language impaired, Limited English Proficiency, Medicaid, Medicaid Advantage, Medicare, Medicare Advantage, National Origin Discrimination, OCR, Office of Civil Rights, Physicians, rage discrimination, real estate, religious discrimination, same-sex, sex discrimination, treatment | Permalink
Posted by Cynthia Marcotte Stamer

New HIPAA Settlement Highlights Internet Applications Safeguards, Whistleblower & Management Oversight Compliance Risks

July 10, 2015

Health care providers, health insurers, group health plans and health care clearinghouses (Covered Entities), their business associates and their leaders need to ensure the adequacy of the security of internet portals and applications used to create, use, access or disclose protected health information (PHI) and should establish and administer ongoing procedures to monitor and maintain adequate PHI security on an ongoing basis in light of a new Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rule (“HIPAA Rules”) Resolution Agreement with St. Elizabeth’s Medical Center (SEMC) announced today (July 10, 2015) by the Department of Health & Human Services Office of Civil Rights (OCR). Concurrently, the Resolution Agreement also reaffirms the growing involvement of employees and other workforce members as HIPAA “whistleblowers” as well as the need for Covered Entities, business associates and their leaders to ensure that they include and administer documented requirements for board reporting and oversight in their HIPAA compliance and risk management activities.

To settle OCR charges that the Brighton, Massachusetts’s based hospital system violated the HIPAA Rules resulting from OCR’s investigation of a November 16, 2012 complaint made to OCR by SEMC workforce members, SEMC has agreed to pay $218,400 and to implement a “robust corrective action plan” to correct deficiencies in its HIPAA security and other compliance revealed in the investigation.

According to OCR, OCR opened the investigation after employees complained to OCR that SEMC violated HIPAA by allowing workforce members to use an internet-based document sharing application to share and store documents containing electronic protected health information (ePHI) of at least 498 individuals without having analyzed the risks associated with such a practice. According to OCR, its investigation of the complaint revealed among other things that:

SEMC improperly disclosed the PHI of at least 1,093 individuals;
SEMC failed to implement sufficient security measures regarding the transmission of and storage of ePHI to reduce risks and vulnerabilities to a reasonable and appropriate level; and
SEMC failed to timely identify and respond to a known security incident, mitigate the harmful effects of the security incident, and document the security incident and its outcome. Separately, on August 25, 2014, SEMC submitted notification to HHS OCR regarding a breach of unsecured ePHI stored on a former SEMC workforce member’s personal laptop and USB flash drive, affecting 595 individuals. A review of detailed corrective action plan imposed under the Resolution Agreement provides helpful insights about some of the steps that OCR is likely to expect Covered Entities and business associates to take to meet its security expectations for internet applications and portals. Beyond imposing a $218,400 penalty (“Resolution Amount”) against SEMC, the Resolution Agreement requires among other things that SEMC in accordance with the Resolution Agreement and to OCR satisfaction.

In announcing the Resolution Agreement, OCR Director Jocelyn Samuels sent a clear message to Covered Entities and their business associates to confirm and maintain the adequacy of security of internet portals and applications used in connection with PHI. “Organizations must pay particular attention to HIPAA’s requirements when using internet-based document sharing applications,” said OCR Director Jocelyn Samuels. “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”

To self-assess the adequacy of its policies and workforce and operations compliance with HIPAA including conducting unannounced audits of SEMC workforce members’ familiarity and compliance with SEMC policies and procedures on transmitting ePHI using unauthorized networks; storing ePHI on unauthorized information systems, including unsecured networks and devices; removal of ePHI from SEMC; prohibition on sharing accounts and passwords for ePHI access or storage; encryption of portable devices that access or store ePHI; security incident reporting related to ePHI;
The adequacy of workforce compliance with these policies by conducting unannounced site visits to various SEMC departments, inspections of certain laptops, smartphones, storage media and other portable devices as well as on workstations and other devices containing ePHI;
To identify and report to OCR any material compliance issues with the policies and recommendations for improving these policies and procedures, oversight and supervision, or training;
Develop and implement to OCR satisfaction corrections to policies, practice and training along with oversight mechanisms reasonably tailored to ensure that all SEMC workforce members follow such policies and procedures, and only use and disclose ePHI appropriately;
Collect and retain for OCR review and approval certain documentation of compliance; and
Conduct documented investigations of potential violations, redress and report to OCR about investigations and violations.

First, management should take special note that members of the SEMC workforce made the complaint to OCR that prompted OCR’s investigation.

As in other health care compliance areas, required workforce training coupled with HIPAA’s anti-retaliation and whistleblower protections provide encouragement if not incentives for disgruntled or well-meaning employees or other workforce members and business partners of covered entities or business associates make complaints about suspected HIPAA or other compliance concerns internally or to OCR. Management needs to take appropriate steps to ensure that its policies and processes include appropriate privacy and human resources procedures to manage both its HIPAA compliance obligations and potential retaliation and other human resources exposures that can result if these concerns are mishandled. Employee & Other Whistleblower Complaints Common Source of HIPAA Privacy & Other Complaints. Effective health plan and employer HIPAA and human resources compliance, reporting internal investigation and risk management policies and practices are critical to manage both HIPAA and other compliance exposures and the retaliation and other human resources risks that inevitably arise when employees or other workforce members or business partners raise compliance concerns or participate in compliance investigations internally or externally.

Second, the Resolution Agreement also reflects the clear expectation that management of Covered Entities and business associates make compliance with HIPAA a priority. Consistent with its recent practice, the Resolution Agreement requires management oversight and accountability for ensuring compliance with the Resolution Agreement and HIPAA by requiring an officer to attest to the fulfillment of the requirements of the Resolution Agreement. This emphasis upon requiring leadership oversight and prioritization of HIPAA compliance tracks the broader general expectations regarding responsibilities for management and boards concerning compliance with HIPAA and other federal health care increasingly articulated by HHS and other federal agencies enforcing laws subject to the Federal Sentencing Guidelines like HIPAA, See e.g. Practical Guidance for Health Care Governing Boards on Compliance Oversight. While OCR officials have indicated that the need for officer attestation like that required by the Resolution Agreement may not be required in all cases, the inclusion of these requirements coupled with these other developments sends a strong message that Boards and other management should ensure that their processes include appropriate evidence and document retention of management oversight.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Board Certified in Labor & Employment Law, and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 27 years’ experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here. You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources. Examples of some of these recent health care related publications include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Academic medicine, Ambulatory care, ASC, data breach, data security, Health Care, Health Plan, HIPAA, hospitals, managed care, OCR, Privacy | Tagged: Corporate Governance, Data Breach, Data Security, Federal Sentencing Guidelines, Health Care Clearinghouse, Health Care Providers, health care technology, Health Plans, HIPAA, Mobile Devices, Office of Civil Rights, Privacy, Protected Health Information, Technology | Permalink
Posted by Cynthia Marcotte Stamer

IRS Publishes 2014 Branded Prescription Drug Fee Guidance

August 5, 2013

The Internal Revenue Service (IRS) today released Notice 2013-51. “Branded Prescription Drug Fee; Guidance for the 2014 Fee Year,” which contains guidance on the branded prescription drug fee imposed under section 9008 of the Patient Protection and Affordable Care Act (ACA) for the 2014 fee year.

Branded Prescription Drug Fee Background

ACA requires that covered entities that engage in the business of manufacturing or importing branded prescription drugs pay the branded prescription drug fee. The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51, published on August 18, 2011 (76 FR 51245), provide the method by which each covered entity’s annual fee is calculated. These regulations also define terms for the administration of the fee.

Regulation section 51.2T(g) defines fee year as the calendar year in which the fee for a particular sales year must be paid and section 51.2T(m) defines sales year as the second calendar year preceding the fee year.

Section 51.3T of the Regulation requires that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.

Section 51.6T provides that for each sales year the Internal Revenue Service (IRS) will make a preliminary fee calculation for each covered entity and will tell each covered entity of this calculation by the date prescribed in guidance published in the Internal Revenue Bulletin. This notification will also include additional prescribed information. As used in this notice, “notice of preliminary fee calculation” includes the additional prescribed information.

Section 51.7T provides that upon receipt of its preliminary fee calculation, each covered entity will have an opportunity to dispute this calculation by submitting to the IRS an error report with prescribed information. Sections 51.7T(b) and (c) set out the information that a covered entity must submit to support each asserted error. Section 51.7T(d) provides that each covered entity must submit reports and error reports, if anyin the form and way required by the IRS.

Section 51.8T provides that the IRS will send each covered entity its final fee calculation no later than August 31st of each fee year and also provides that covered entities must pay their fee by September 30th of the fee year.

2014 Deadlines & Procedures

Notice 2013-51 provides guidance for covered entities for 2014 on:

Submission of Form 8947, “Report of Branded Prescription Drug Information,”
The time and manner for notifying covered entities of their preliminary fee calculation,
The time and manner for submitting error reports for the dispute resolution process; and
The time for notifying covered entities of their final fee calculation.

For the 2014 fee year, the Notice states that a covered entity that chooses to submit Form 8947 must file the form by November 1, 2013.

For the 2014 fee year, the Notice states that the IRS will mail each covered entity a paper notice of its preliminary fee calculation by March 3, 2014. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to Regulation section 51.4T.

A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by February 17, 2014. The Notice instructs that this request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the notice says the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by March 3, 2014.

For the 2014 fee year, the Notice also states a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 15, 2014. When the IRS mails each covered entity a notice of its preliminary fee calculation by March 3, 2014, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM and sent by mail as instructed in the Notice.

The Notice also indicates that the IRS will notify each covered entity of its final fee calculation for 2014 by August 29, 2014, after which each covered entity must pay this fee by September 30, 2014 in accordance with Regulation section 51.8T(c),

For More Information Or Assistance

If you need assistance responding to regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

August 5, 2013

Medicare payments to inpatient psychiatric facilities (IPFs) will rise by 2.3% for fiscal year (FY) 2014 under the final Inpatient Psychiatric Facilities Prospective Payment System (PPS) Updated for Fiscal Year Beginning October 1, 2013 (FY 2013) posted by the Centers for Medicare & Medicaid Services (CMS) July 29 here.

The notice updates the prospective payment rates for Medicare inpatient hospital services provided by inpatient psychiatric facilitates for discharges occurring during the fiscal year (FY) beginning October 1, 2013 through September 30, 2014.

Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:

The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.

IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

August 1, 2013

Highlights of the final 2014 IPFPPS adjustments under 42 CFR 412.428 include the following:

The FY 2008-based Rehabilitation, Psychiatric, and Long Term Care (RPL) market basket update of 2.6 percent adjusted by a 0.1 percentage point reduction as required by section 1886(s)(2)(A)(ii) of the Social Security Act (the Act) and a 0.5 percentage point reduction for economy-wide productivity as required by section 1886(s)(2)(A)(i) of the Act.
The fixed dollar loss threshold amount in order to maintain the appropriate outlier
percentage.
The electroconvulsive therapy payment by a factor specified by CMS.
The national urban and rural cost-to-charge ratio medians and ceilings.
The cost of living adjustment factors for IPFs located in Alaska and Hawaii, if
appropriate.
The description of the ICD-9-CM and MS-DRG classification changes discussed in
the annual update to the hospital inpatient PPS regulations.
Use of the best available hospital wage index and information regarding whether an adjustment to the Federal per diem base rate is needed to maintain budget neutrality.
The MS-DRG listing and comorbidity categories to reflect the ICD-9-CM revisions effective October 1, 2013.
Retaining the 17 percent adjustment for IPFs located in rural areas, the 1.31 adjustment factor for IPFs with a qualifying emergency department, the coefficient value of 0.5150 for the teaching adjustment to the Federal per diem rate, the MS-DRG adjustment factors and comorbidity adjustment factors currently paid to IPFs for FY 2013.

IPFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

CMS Publishes FY 2014 Final Inpatient Rehabiliation Facility Prospective Payment Rule

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

1 Comment | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, psychiatric, psychiatric ocr | Permalink
Posted by Cynthia Marcotte Stamer

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

August 1, 2013

Inpatient Rehabilitation Facilities (IRFs) take note. The Centers for Medicare & Medicaid Services yesterday (July 31, 2013) published its final Inpatient Rehabilitation Facility (IRF), Inpatient Rehabilitation Facility Prospective Payment System for Federal Fiscal Year 2014 Final Rule (Rule). The Rule, which with its preamble is 272 pages, among other things:

Updates the prospective payment rates for (IRFs) for federal fiscal year (FY) 2014 (for discharges occurring on or after October 1, 2013 and on or before September 30, 2014) as required by the statute.
Revises the list of diagnosis codes that may be counted toward an IRF’s “60 percent rule” compliance calculation to determine “presumptive compliance,” update the IRF facility-level adjustment factors using an enhanced estimation methodology;
Revises sections of the Inpatient Rehabilitation Facility-Patient Assessment Instrument,
Revises requirements for acute care hospitals that have IRF units;
Clarifies the IRF regulation text regarding limitation of review;
Updates references to previously changed sections in the regulations text; and
Revises and updates quality measures and reporting requirements under the IRF quality reporting program.

The regulatory amendments in this Rule generally are effective as follows:

Its revisions to the list of diagnosis codes used to determine presumptive compliance under the “60 percent rule” are applicable for compliance review periods beginning on or after October 1, 2014; and
The updated IRF prospective payment rates are applicable for IRF discharges occurring on or after October 1, 2013 and on or before September 30, 2014 (FY 2014).
The changes to the Inpatient Rehabilitation Facility-Patient Assessment Instrument, the amendments to §412.25, and the revised and updated quality measures and reporting requirements under the IRF quality reporting program are applicable for IRF discharges occurring on or after October 1, 2014.

IRFs, their operators, management and investors should review the new rules, update their practices and budgets and make other arrangements to respond effectively to the Rule.

For More Information Or Assistance

About Solutions Law Press

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | Corporate Compliance, Doctor, Durable Medical Equipment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Rehabilitation Act, Reimbursement, Substance Abuse | Tagged: accommodation, ADA, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Inpatient Rehabilitation Facilities, Justice Department, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Prospective Payment, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

Tighten Disability Compliance To Avoid ADA Suits, Program Disqualification & Other Risks

July 30, 2013

The Department of Justice’s July 29, 2013 announcement that it is suing Dr. Hal Brown and Primary Care of the Treasure Coast of Vero Beach, Florida (PCTC) for violating the Americans With Disabilities Act (ADA) by discriminating and retaliating against two deaf patients reminds physicians, clinics, hospitals and other health industry providers, their landlords, and other vendors to tighten their understanding, practices of federal and state disability discrimination laws to avoid getting nailed for improper discrimination. Following on the Department of Health & Human Service’s recently announced exclusion of a physician that illegally discriminated against a HIV-positive patient, health care providers are on notice that Federal officials are gunning for health care providers who illegally discriminate against patients and others with disabilities.

With the Justice Department, HHS and others targeting discrimination in the health care industry, physicians and their practices, clinics, hospitals and other private and public health care providers, and their landlords and other vendors should update their understanding of disability discrimination responsibilities and exposures, and then review and tighten policies, practices, workforce training and oversight, and other risk management and compliance practice to help prevent and mitigate exposures to disability and other discrimination claims.

Health Care Providers & Industry Under Fire For Disability Discrimination

While the heavy emphasis generally placed upon the enforcement of disability laws by the Obama Administration has heightened the risks of all U.S. businesses, health care providers are particularly at risk to disability discrimination liability as a result of the Barrier-Free Health Care Initiative of the Justice Department and related health industry disability enforcement initiatives of HHS and other federal agencies.

Health care provider, like other U.S. businesses, face sweeping responsibilities under the various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws. Section 504 of the Rehabilitation Act generally requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs. Rather, the ADA requirements and disability discrimination prohibitions generally apply to all U.S. health care and other businesses even if they do not receive federal financial assistance. Under the ADA, health care providers and other covered businesses generally have a duty other to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities.

Specifically under the ADA:

The public accommodation provisions generally both prohibit discrimination against individuals with disabilities when delivering health care or other services, as well as require health industry and other businesses to provide reasonable accommodations to individuals with disabilities unless the health care provider proves its actions are defensible under an exception to these general rules.
The employment discrimination provisions generally prohibit health care industry and other employers from discriminating against qualified individuals with a disability and require employers to provide reasonable accommodations for disabled workers unless the health care provider can prove that its conduct qualifies under one of the allowable exceptions to the general prohibition against discrimination.
The anti-retaliation rules prohibit retaliation against an individual because he opposes an act that is unlawful under the ADA or because he made a charge, testified, assisted or participated in any way in an investigation, proceeding or hearing under the ADA. These provisions also make it unlawful to coerce, intimidate, threaten or interfere with any individual exercising their rights protected by the ADA.

Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

Justice Department ADA Suit Against Brown & PCTC

The ADA lawsuit against Dr. Brown and PCTC comes on the heels of the Justice Department’s Celebration of the 23rd Anniversary of the ADA last week and is an example of one of a growing number of lawsuits and other actions against health care providers resulting from the Justice Department “Barrier-Free Health Care Initiative” and related Department of Health & Human Services (HHS) enforcement efforts focusing on ensuring access to health care for individuals with disabilities.

The Department of Justice suit charges Dr. Brown and PCTC with violating the public accommodation and anti-retaliation provisions of ADA by discriminating against a deaf couple, Susan and James Liese by discriminating against a deaf couple, Susan and James Liese and then retaliating against the couple for engaging in activities protected under the ADA.

According to the Justice Department’s complaint, Dr. Brown and PCTC terminated Mr. and Mrs. Liese as patients because the couple pursued ADA claims against a hospital located next door to and affiliated with PCTC for not providing effective communication during an emergency surgery. The complaint alleges that after learning that the Lieses threatened the hospital with an ADA suit based on failure to provide sign language interpreter services, PCTC and Dr. Brown, who was the Liese’s primary doctor at PCTC, immediately terminated the Lieses as patients.

The Justice Department says this termination of the Lieses as patients violated the ADA. According to Jocelyn Samuels, Acting Assistant Attorney General for the Civil Rights Division, “A person cannot be terminated as a patient because he or she asserts the right to effective communication at a hospital.”

While it remains to be seen if the Justice Department will be successful in its suit against Dr. Brown and PCTC, it has experienced significant success in disability discrimination actions against other health care providers.

Justice Department Barrier-Free Health Care Initiative Successes Growing

Justice Department suits like the ADA suit against Dr. Brown and PCTC are increasingly common and successful.

While the Justice Department across the years has prosecuted various health care providers for illegal discrimination under the ADA, it has turned up the heat with its nationwide Barrier-Free Health Care Initiative. According to the Justice Department, it intends that the prosecutions under the Barrier-Free Health Care Initiative to focus and leverage the Justice Department’s resources together and send a clear message that disability discrimination in health care is illegal and unacceptable.

Since the Justice Department announced its Barrier-Free Health Care Initiative last year, for instance, the Justice Department has entered into 18 settlements under the Barrier-Free Health Care Initiative. These include three agreements requiring health care providers to provide auxiliary aids and services, including sign language interpreters, to individuals who are deaf to ensure effective communication in health care settings including two settlements in the last month.

On June 27, 2013, the U.S. Attorney’s Office for the Western District of Tennessee announced that Heart Center of Memphis has agreed to provide qualified sign language and oral interpreters as well as other auxiliary aids and services to patients who are deaf, have hearing loss or have speech disabilities to resolve a Justice Department complaint charging the Heart Center violated the ADA by telling a deaf patient that it was his responsibility to arrange a sign language interpreter for his appointment. After several unsuccessful attempts to get the Heart Center to provide a qualified sign language interpreter as required by law, the patient cancelled his appointment.

On June 26, 2013, the U.S. Attorney’s Office for the Northern District of Georgia announced it had reached a disability discrimination settlement agreement with Midtown Neurology P.C. The settlement resolved a complaint alleging that Midtown Neurology P.C. failed to provide, over multiple appointments, a qualified sign language interpreter for a patient who is deaf. At one appointment, the patient underwent a painful neurological test. Because there was no interpreter, the patient could not communicate that she was frightened and in pain, and that she wanted the doctor to stop the procedure. Under the agreement, Midtown Neurology P.C. will provide auxiliary aids and services, including qualified interpreters, to individuals who are deaf or hard of hearing where necessary to ensure effective communication.

In previous months, the Justice Department also has reached settlement agreements resolving charges health care providers violated the ADA by failing to provide interpreters or other accommodations for deaf or other communication impaired patients with Burke Health and Rehabilitation Center (May 3, 2013); Monadnock Community Hospital (April 5, 2013); Manassas Health and Rehab Center (April 5, 2013); Gainesville Health and Rehab Center (April 5, 2013); the Center for Orthopaedic and Sports Medicine, Inc. (April 5, 2013); Northern Ohio Medical Specialists (April 5, 2013); Northshore University Healthsystems (June 28, 2012); Steven Senica, M.D., and Senica Bruneau, Ltd. (June 11, 2012); Trinity Regional Medical Center and Trinity Health Systems (March 29, 2012); Henry Ford Health System (February 1, 2012); and Cheshire Medical Center, Keene Health Alliance, and Dartmouth-Hitchcock Clinic D/B/A Dartmouth-Hitchcock Keene (October 31, 2011)

In addition, the Justice Department also particularly is aggressive in prosecuting health care providers that discriminate against individuals with HIV. In the past six months, the Department reports it has reached five settlement agreements with medical providers to address HIV discrimination.

For instance, the Justice Department on July 26, 2013 announced that Barix Clinics, an organization that operates bariatric treatment facilities in Michigan and Pennsylvania, will pay $35,000 to victim-complainants and a $10,000 civil penalty, train its staff on the ADA and implement an anti-discrimination policy to settle Justice Department charges that Barix Clinics unlawfully refused to perform bariatric surgery on a man at its Langhorne, Pa., facility because he has HIV. The Department also determined that Barix Clinics cancelled bariatric surgery for another individual at its Ypsilanti, Michigan facility because he has HIV.

The Barix Clinic settlement added to a long list of earlier settlements of ADA charges stemming from discrimination against HIV patients including Glenbeigh (settlement regarding exclusion of an individual from an alcohol treatment program because of the side effects of his HIV medication, March 13, 2013); Woodlawn Family Dentistry (dentist office’s unequal treatment of people with HIV in the scheduling of future dental appointments, February 12, 2013); Castlewood Treatment Center (eating disorder clinic’s refusal to treat a woman for a serious eating disorder because she has HIV, February 6, 2013); and Fayetteville Pain Center (unlawful exclusion of a person with HIV from treatment, January 31, 2013).

While most announced Justice Department settlements involve the denial of interpreters to deaf or other communication impaired patients and discrimination in the treatment of HIV patients, the Justice Department also has shown a willingness to prosecute health care providers who engage in other types of disability discrimination. For instance, on April 3, 2012, the Justice Department reached a settlement with Richard Noren, M.D., Henry Kurzydlowski, M.D., and Pain Care Consultant, Inc., which resolved charges that they violated the ADA by failing to make reasonable changes to policies, practices, and procedures to enable a child with diabetes to participate in summer camp. Furthermore, although not necessarily reflected in the currently published, officially announced settlements of the Justice Department, health care providers have reported that the Justice Department and HHS also have become increasingly aggressive in investigating disability claims of visually or other physically, cognitively, or emotionally disabled patients arising from the failure of health care providers to accommodate their need for support or comfort animals.

Justice Department Plans To Keep Heat On Health Care Providers

All signs are that the Justice Department intends to continue, if not expand its Barrier-Free Health Care Initiatives. In fact, the suit against Dr. Brown and PCTC comes on the heels of the Justice Department’s filing of an ADA disabilities discrimination lawsuit against the State of Florida alleging the state is in violation of the ADA in its administration of its service system for children with significant medical needs.

The Justice Department lawsuit against the State of Florida charges that Florida’s programs have resulted in nearly 200 children with disabilities being unnecessarily segregated in nursing facilities which should be served in their family homes or other community-based settings. The Justice Department further alleges that the state’s policies and practices place other children with significant medical needs in the community at serious risk of institutionalization in nursing facilities. The department’s complaint seeks declaratory and injunctive relief, as well as compensatory damages for affected children.

“Florida must ensure that children with significant medical needs are not isolated in nursing facilities, away from their families and communities,” said Eve Hill, Deputy Assistant Attorney General for the Civil Rights Division. “Children have a right to grow up with their families, among their friends and in their own communities. This is the promise of the ADA’s integration mandate as articulated by the Supreme Court in Olmstead. The violations the department has identified are serious, systemic and ongoing and require comprehensive relief for these children and their families.”

Health Industry Disability Discrimination Risks: Beyond The Justice Department

While private plaintiffs as well as the Justice Department and other agencies increasingly successfully sue health care providers for violating the ADA and other disability discrimination laws, the often significant damages and defense costs that often arise from these suits are only part of the exposure that health care providers should consider and manage. Among other things, health care providers accused or found to engage in disability discrimination also generally also risk significant adverse publicity, loss or curtailment of federal or state program participation, reimbursement or other contractual or administrative penalties, licensing board and accreditation sanctions, burdensome corrective action and ongoing reporting and oversight and other consequences.

Perhaps most notably, HHS also is stepping up enforcement against health care providers that discriminate against the disabled. Like the actions of the Justice Department, many of these enforcement actions focus heavily on discrimination against HIV patients as well as deaf or other individuals whose disabilities impairs their ability to communicate effectively with health care providers.

For instance, on July 18, 2013, HHS announced the termination of Medicaid funding to a California surgeon who intentionally discriminated against an HIV-positive patient by refusing to perform much-needed back surgery. The HHS Departmental Appeals Board concluded that the surgeon violated Section 504 of the Rehabilitation Act of 1973, which prohibits disability discrimination by health care providers who receive federal funds. The order follows an Office for Civil Rights (OCR) investigation of a complaint filed by a patient who alleged that the surgeon refused to perform back surgery after learning that the patient was HIV-positive. OCR found that the surgeon discriminated against the patient on the basis of his HIV status in violation of federal civil rights laws. See HHS Press Release; HHS Departmental Appeals Board Decision; OCR Violation Letter of Findings.

HHS’s exclusion of the surgeon from federal program participation is part of a long-standing policy of OCR of pursuing disability discrimination actions against providers that discriminate against patients with HIV. For instance OCR previously has announced that an Austin, Texas orthopedic surgeon had agreed to ensure that individuals living with HIV/AIDS have equal access to appropriate medical treatment in order to resolve charges brought in an OCR Violation Letter of Finding charging the surgeon with violating the Rehabilitation Act by refusing to perform knee surgery on an HIV-positive patient. See Settlement Agreement.

OCR, like the Justice Department, also is aggressive in pursuing Rehabilitation Act claims against health care providers for failing to provide interpreters or other appropriate accommodations for deaf or other patients with disabilities that impair their ability to communicate. In March, for instance, OCR announced a settlement agreement with national senior care provider, Genesis HealthCare (Genesis) which resolved an OCR complaint that Genesis violated Section 504 of the Rehabilitation Act by failing to provide a qualified interpreter to a resident at its skilled nursing facility in Randallstown, Maryland. See, Genesis Settlement.

OCR construes Section 504 of the Rehabilitation Act of 1973, as among other things requiring that facilities take appropriate steps to ensure effective communications with individuals. According to OCR, throughout the patient’s stay at the facility, an OCR investigation showed center staff relied on written notes and gestures to communicate with the resident, even while conducting a comprehensive psychiatric evaluation with him. Moreover, by not being provided a qualified interpreter, evaluations of his care and discussions on the effects of his numerous medications and the risks caused by not following recommended treatments and prescription protocols had harmful effects on the patient’s overall health status. According to OCR Director Leon Rodriguez, “This patient’s care was unnecessarily and significantly compromised by the stark absence of interpreter services.” OCR concluded that in order for the patient and staff to be able to communicate effectively with each other regarding treatment, a qualified sign language interpreter would have been necessary.

Under the terms of the agreement, Genesis must require all facilities to provide interpreters and other suitable communications accommodations to language disabled patients, form an auxiliary aids and services hotline; create an advisory committee to provide guidance and direction on how to best communicate with the deaf and hard of hearing community; designate a monitor to conduct a self-assessment and obtain feedback from deaf and hard of hearing individuals and advocates and conduct outreach to promote awareness of hearing impairments and services that are available for deaf and hard of hearing individuals. In addition Genesis will be required to pay monetary penalties for noncompliance with any terms of the agreement.

In announcing the Genesis settlement, Director Rodriguez warned, “My office continues its enforcement activities and work with providers, particularly large health care systems like Genesis, to make certain that compliance with nondiscrimination laws is a system wide obligation.

The Genesis Agreement is typical of a multitude of settlements resulting from OCR enforcement against health care providers for failing to accommodate deaf, speech or other communication impaired patients. See, e.g. Cattaraugus County Department of Aging Settlement Agreement; District of Columbia Children and Family Services Agency Settlement Agreement (February 8, 2013); Memorial Health System Colorado Springs Voluntary Resolution Agreement (November 7, 2012); Advanced Dialysis Centers Settlement Agreement (February 17, 2012).

When evaluating the need to provide interpreters, health care providers also should consider the advisability of offering interpreters for patients whose primary language is not English. OCR’s discrimination enforcement efforts often extend to other language impaired persons such as English as a Second Language patients. In addition to its efforts on behalf of individuals with disabilities impacting their ability to communicate, OCR recently announced a national initiative under which it will conduct compliance reviews of critical access hospitals as part of its efforts to strengthen language access for individuals whose primary language is not English. See OCR Launches Nationwide Compliance Review Initiative To Strengthen Language Access Programs At Critical Access Hospitals.

Health care providers also should ensure that their take appropriate steps to accommodate other disabilities. For instance, the use of support animals by veterans, children, and other patients with physical, emotional or cognitive disorders on the rise, health care providers need to ensure that their policies, practices, training, facilities leases and other vendor contracts, posting and other arrangements are updated to accommodate patients requiring the use of support or comfort animals. OCR’s enforcement actions already have extended to protection of the rights of disabled individuals to have the aid and assistance of their service animals when receiving services from health care providers. For instance, under a settlement agreement with the St. Mercy Medical Center (Mercy) in Fort Smith, Arkansas resolving an OCR complaint that it violated Section 504 and the Rehabilitation Act of 1973, Mercy committed to revise it policies and procedures to comply with Section 504 and to provide staff comprehensive training on their obligations to provide services without discrimination to qualified persons with disabilities. This settlement follows an OCR investigation into a complaint filed by an individual whose service animal was not allowed to go with him into the hospital. See, Mercy Settlement Agreement. This recent newscast video highlights how the failure to update postings, training, and other practices could result in a host of negative publicity and enforcement actions from refusing or limiting the ability of a person with a disability to have the support of his comfort animal within a health care facility. North Texas Vet Cries Foul After Service Dog Rejection. This type of adverse publicity not only can do serious damage to a health care provider’s public image, it also is likely to trigger the type of investigation that lead to the Mercy enforcement action.

Other Disability Discrimination Risks

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR, the Justice Department and other agencies to pursue investigations and enforcement of disability discrimination and other laws, physicians and other licensed professionals can expect that they may face disciplinary action by their applicable licensing boards, whose rules typically now make disability or other wrongful discrimination against patients a violation of their rules. Meanwhile, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

Act To Manage & Mitigate Disability Risks

In the face of these growing risks , physicians, hospitals and their medical staffs, and other health care providers should review and tighten their policies, leases and other vendor contracts, practices and training to minimize their exposure to prosecution or other sanctions for disability discrimination.

In light of the expanding readiness of OCR, the Justice Department and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures.

Given a series of recent changes in the provisions of the ADA, discrimination regulations, and enforcement standards, this process generally should begin by reviewing the health care provider’s understanding and policies regarding disability and other discrimination to ensure that they comply with current legal and credentialing requirements and standards. Once the organization confirms its understanding of current rules is up-to-date, the health care provider also should critically evaluate its operations to identify where its postings, policies, training, practices and operations need to be updated or tightened to meet these standards or avoid other risks.

In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To meet and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here. About Solutions Law Press

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Leave a Comment » | ADA, DME, Doctor, Durable Medical Equipment, Employer, Employment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Real Estate, Rehabilitation Act, Substance Abuse | Tagged: accommodation, ADA, Civil Rights, controlled substance, DEA, Disability, Discrimination, Drug Testing, drugs, HHS, Hospital, Justice Department, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Physician, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

With Risks Rising, Listen To 9/19 OCR Webinar On Civil Rights Enforcement In Health Care

September 18, 2012

With the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) and other federal agencies stepping up their civil rights and discrimination compliance audits and enforcement activities and private plaintiff discrimination suits against health care providers and other health industry organizations rising, health care, housing, health insurance and other organizations subject to these requirements are encouraged to learn more about HHS’ view and enforcement of these civil rights rules by participating in the webcast on “Addressing Health Disparities through Civil Rights Compliance and Enforcement” on Wednesday, September 19 from 3:00 p.m. to 4:30 p.m. eastern daylight savings time (EST).

September 19 Webinar

According to HHS, the September 19, 2012 webinar will be jointly hosted by the Health Resources and Services Administration Office of Equal Opportunity, Civil Rights & Diversity Management (OEOCRDM) Office of Federal Assistance Management (OFAM) and the HHS Office for Civil Rights (OCR) Office of the Assistant Secretary for Financial Resources (ASFR).

Topics of discussion will include:

How non-compliance can contribute to health disparities and disparities in quality care;
Opportunities to ensure HHS-funded programs are in compliance with civil rights laws;
How HHS OCR enforces compliance in your neighborhood.
A panel of OCR and ASFR experts answering questions

To join the webcast click here.

Rising Civil Rights Law Exposures Require Management

Public and private health care and housing providers may face discrimination exposures under various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws. Section 504 requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance. The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact virtually all public and private health care providers as well as a broad range housing and related service providers.

As part of a broader emphasis on the enforcement of disability and other federal discrimination laws by the Obama Administration, OCR is making investigation and prosecution of suspected disability discrimination by health industry organizations a priority. OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with Section 504 of the Rehabilitation Act of 1973 (Section 504) and the Americans with Disabilities Act of 1990 (ADA) as well as various other federal nondiscrimination and civil rights laws.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

As a result of its stepped up enforcement of the ADA, Section 504 and other civil rights and nondiscrimination rules, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. While OCR continues to wage this enforcement battle in the programs it administers, the Departments of Justice, Housing & Urban Development (HUD), Education, Labor and other federal agencies also are waging war against what the Obama Administration perceives as illegal discrimination in other areas. Along side their own enforcement activities, OCR and other federal agencies are maintaining a vigorous public outreach to disabled and other individuals protected by federal disabilities and other civil rights laws intended to make them aware of and to encourage them to act to enforce these rights. To be prepared to defend against the resulting risk of claims and other enforcement actions created by these activities, health care, housing and other U.S. providers and businesses need to tighten compliance and risk management procedures and take other steps to prepare themselves to respond to potential charges and investigations.

Recent Settlements Highlight Risk

Within recent settlement agreements, entities agreed to take steps to come into compliance with Section 504 and ADA, including: review and revision of policies and procedures; training staff on their non-discrimination obligations; providing a grievance procedure for patients; and other corrective actions specific to each entity’s violations. To learn more details about these actions and settlements, see here.

These and other enforcement actions by OCR and other agencies demonstrate the significant increased federal emphasis on the enforcement of federal discrimination laws against private and public health care and housing providers, state and local governments and other businesses under the Obama Administration. In keeping with this renewed emphasis, the DCF settlement is the latest in a series of federal disability, national origin and other discrimination charges and settlements OCR, has brought over the past year against physicians, public and private hospitals, insurers, federally financed housing providers and other parties providing services financed under programs administered by OCR. As HUD, the Equal Employment Opportunity Commission (EEOC) and other federal agencies also similarly have increased emphasis in federal discrimination law enforcement during this period, health care providers and other federal program service providers need to be prepared to defend their programs and practices to withstand federal discrimination charges or other investigations by federal agencies, private plaintiffs or both.

As for employment discrimination, violators of these and other federal discrimination prohibitions applicable to the offering and delivery of services and products also face exposure to large civil damage awards to private plaintiffs as well as federal program disqualification, penalties and other federal agency enforcement. Unfortunately, while most businesses and governmental leaders generally are sensitive to the need to maintain effective compliance programs to prevent and redress employment discrimination, the awareness of the applicability and non-employment related disability and other discrimination risk management and compliance lags far behind.

Many private health care organizations assume that OCR’s enforcement actions are mostly a problem for state and local government agencies because state and local agencies and service providers frequently have been the target of OCR discrimination charges. However the record shows OCR enforcement risks are high for both public and private providers.

OCR can and does investigate and brings actions against a wide variety of public and private physicians, hospitals, insurers and other private health care and other federal program participants. In October, 2009, for instance, OCR announced that an Austin, Texas orthopedic surgeon whose practice group sees an average of 200 patients per week, had entered into a settlement agreement to resolve OCR charges that he violated Section 504 of the Rehabilitation Act by denying medically appropriate treatment from patients solely because they are HIV-positive.

Invest in Prevention To Minimize Liability Risks

In light of the expanding readiness of OCR to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Leave a Comment » | ADA, DME, Doctor, Durable Medical Equipment, Employer, Employment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Real Estate, Rehabilitation Act, Substance Abuse | Tagged: ADA, controlled substance, DEA, Discrimination, Drug Testing, drugs, Health Care, HHS, Hospital, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Physician, Prescription Drugs | Permalink
Posted by Cynthia Marcotte Stamer

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

September 17, 2012

Physician practices and other health care providers, health plans, health care clearinghouses and their business associates have yet another $1 million plus reminder of the importance of taking proper steps to secure electronic protected health information and take other steps required to comply with the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively referred to as “MEEI”) will pay the U.S. Department of Health and Human Services’ (HHS) $1.5 million and take a series of corrective actions to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule under the resolution agreement available here (“Resolution Agreement”) announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) on September 17, 2012.

MEEI Resolution Agreement

The Resolution Agreement settles charges that resulted from an OCR investigation commenced in response to a HIPAA breach report submitted by MEEI reporting the theft of an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects. The laptop information included patient prescriptions and clinical information.

OCR’s investigation indicated that MEEI failed to take necessary steps to comply with certain requirements of the HIPAA Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices , and adopting and implementing policies and procedures to address security incident identification, reporting, and response. OCR’s investigation indicated that these failures continued over an extended period of time, demonstrating a long-term organizational disregard for the requirements of the Security Rule.

To settle the charges, MEEI will pay a $1.5 million settlement to OCR. In addition, the Resolution Agreement also requires MEEI to adhere to a corrective action plan which includes reviewing, revising and maintaining policies and procedures to ensure compliance with the Security Rule, and retaining an independent monitor who will conduct assessments of MEEI’s compliance with the corrective action plan and render semi-annual reports to HHS for a 3-year period.

High Dollar Resolution Agreements Increasingly Common

The MEEI Resolution Agreement follows on the resolution agreement previously announced this year with Arizona-based Phoenix Cardiac Surgery, P.C. (PCS). That resolution agreement required PCS to pay $100,000 and take corrective action to implement policies and procedures to safeguard the protected health information of its patients to settle OCR charges PCS violated HIPAA.

Health care providers and other HIPAA-covered entities should heed the MEEI, PSC and other recent settlements as the latest signal of the risks that health care providers and other covered entities run by failing to adequately implement and administer appropriate HIPAA compliance practices.

Following the announcement by OCR last month that Blue Cross Blue Shield of Tennessee (BCBST) would pay $1,500,000 to resolve HIPAA violations charges, and the latest in a series of Resolution Agreements announced by OCR in recent years, the PCS highlights the willingness to sanction health care providers and other covered entities of all sizes. “The case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, director of OCR. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

Like the PCS, BCBST and other announced resolution agreements, the MEEI Resolution Agreement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures. For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here or contact Ms Stamer here or at (469) 767-8872.

[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters. Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.

[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

Leave a Comment » | Academic medicine, ARRA, Disease Management, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Employee Benefits, Employer, Health Care, Health Care Provider, Health Insurance Exchange, Health IT, Health Plan, Health Plans, HIPAA, HITECH Act, Home Health, Hospital, Hospital, Indian Health, Meaningful Use, Mental Heatlh, Pharmacy, Physician, Privacy | Tagged: Breach Notification, Health Care, Health Insurance Portability & Accountability Act, HIPAA, OCR, Office of Civil Rights, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

August 13, 2012

The Justice Department’s announced prosecution and settlement of a disability discrimination lawsuit against Baltimore County, Maryland for allegedly violating the Americans With Disabilities Act (ADA) by screening emergency medical technicians (EMTs) and other public safety workers provides another reminder to health care providers and other public and private organizations of the need to strengthen their disability discrimination management practices to defend against rising exposures to actions by the U.S. Department of Justice, Department of Health & Human Services Office of Civil Rights (OCR), Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

In the employment arena, a settlement announced August 7 with Baltimore County is particularly notable as part of this trend, both for its challenge of medical exams and inquiries for EMTs and others in health care and other areas where safety could be a concern, as well as its objection to medical inquiries made to workers on medical leave during the course of that leave.

Baltimore County Nailed For Health Screening of Public Safety Workers

Employment disability discrimination risk management clearly must be a key element of health care and other organization’s disability discrimination risk management and risk assessments should not take for granted the defensibility of practices previously assumed defensible as required by law or for health and safety reasons. Rather, health care and other employers that require employees to submit to medical examinations, question employees about physician or mental conditions or disabilities, or engage in other similar activities should check the defensibility of those practices in light of the growing challenges to these and other employee screening practices by the Obama Administration and private plaintiff attorneys like the Justice Department disability discrimination complaint that lead to a $475,000 settlement against Baltimore County, Maryland announced by the Justice Department on August 7, 2012. According to the Justice Department, Baltimore County, Maryland will pay $475,000 and change its hiring procedures to resolve a Justice Department lawsuit filed that charged the county violated the ADA by requiring employees to submit to medical examinations and disability-related inquiries without a proper reason, and by excluding applicants from EMT positions because of their diabetes.

ADA Employment Discrimination Generally

Title I of the ADA prohibits employers from discriminating against individuals on the basis of disability in various aspects of employment. The ADA’s provisions on disability-related inquiries and medical examinations show Congress’s intent to protect the rights of applicants and employees to be assessed on merit alone, while protecting the rights of employers to make sure that individuals in the workplace can efficiently do the essential functions of their jobs. An employer generally violates the ADA if it requires its employees to undergo medical examinations or submit to disability-related inquiries that are not related to how the employee performs his or her job duties, or if it requires its employees to disclose overbroad medical history or medical records. Title I of the ADA also generally requires employers to make reasonable accommodations to employees’ and applicants’ disabilities as long as this does not pose an undue hardship or the employer the employer otherwise proves employing a person with a disability with reasonable accommodation could not eliminate significant safety concerns. Employers generally bear the burden of proving these or other defenses. Employers are also prohibited from excluding individuals with disabilities unless they show that the exclusion is consistent with business necessity and they are prohibited from retaliating against employees for opposing practices contrary to the ADA. Violations of the ADA can expose businesses to substantial liability.

As reflected by the Baltimore County settlement, violations of the employment provisions of the ADA may be prosecuted by the EEOC or by private lawsuits and can result in significant judgments. Employees or applicants that can prove they were subjected to prohibited disability discrimination under the ADA generally can recover actual damages, attorneys’ fees, and up to $300,000 of exemplary damages (depending on the size of the employer).

Baltimore County Nailed For Medical Fitness Screening Of EMTs, Other Public Safety Workers

The U.S. Justice Department lawsuit against Baltimore County, Maryland is one in a growing series of lawsuits in which the Justice Department or Equal Employment Opportunity Commission (EEOC) is aggressively challenging medical examination and other medical screenings by private and public employers. In its lawsuit against the County, the Justice Department complaint identified 10 current and former police officers, firefighters, EMTs, civilian employees and applicants who were allegedly subjected to inappropriate and intrusive medical examinations and/or other disability-based discrimination. Justice Department officials claimed the County required some employees to undergo medical examinations or respond to medical inquiries that were unrelated to their ability to perform the functions of their jobs. The complaint also alleged the County required employees to submit to medical examinations that were improperly timed, such as requiring an employee who was on medical leave and undergoing medical treatment to submit to a medical exam even though the employee was not attempting to return to work yet.

According to the complaint, many affected employees – some of whom had worked for the County for decades – submitted to the improper medical exams for fear of discipline or termination if they refused. The complaint also alleges that the county retaliated against an employee who tried to caution against the unlawful medical exams and refused to hire two qualified applicants for EMT positions because they had diabetes.

In the proposed consent decree filed on August 7, 2012 and awaiting District Court approval, the County seeks to resolve the lawsuit by agreeing to:

Pay $475,000 to the complainants and provide more work-related benefits (including retirement benefits and back pay, plus interest);
Adopt new policies and procedures on the administration of medical examinations and inquiries;
Refrain from using the services of the medical examiner who conducted the overbroad medical examinations in question;
Stop the automatic exclusion of job applicants who have insulin-dependent diabetes mellitus; and
Provide training on the ADA to all current supervisory employees and all employees who participate in making personnel decisions.

Obama Administration Aggressively Enforcing & Interpreting Employment & Other Disability Discrimination Laws

The Baltimore County suit is reflective of the aggressive emphasis that the Obama Administration is placing on challenging employers that require employees to undergo medical screening, respond to medical inquiries or engage in other practices that the EEOC, Justice Department or other Obama Administration officials under Title I of the ADA, as well as its heavy emphasis upon enforcement of the ADA and other disability discrimination laws against U.S. businesses and state and local government agencies generally.

The Justice Department action against Baltimore County is part of the Obama Administration’s sweeping effort to enforce employment and other disability discrimination laws against businesses and state and local government agencies alike. While the Administration’s disability law enforcement reaches broadly, disability discrimination enforcement is particularly notable in the area of employment law. This enforcement targets both public employers like Baltimore County, and private employers. In the private employer arena, for instance, the EEOC earlier this year sued Wendy’s franchisee, CTW L.L.C., (Texas Wendy’s) for allegedly violating the ADA by denying employment to a hearing-impaired applicant. In its suit against Texas Wendy’s, the EEOC seeks injunctive relief, including the formulation of policies to prevent and correct disability discrimination as well as an award of lost wages and compensatory damages for Harrison and punitive damages against CTW L.L.C. In the suit, the EEOC charged that the general manager of a Killeen, Texas Wendy’s refused to hire Michael Harrison, Jr. for a cooker position, despite his qualifications and experience, upon learning that Harrison is hearing-impaired.

According to the EEOC, Harrison, who had previously worked for a different fast-food franchise for over two years, was denied hire by the general manager. Harrison said that after successfully interviewing with the Wendy’s shift manager, he attempted to complete the interview process by interviewing with Wendy’s general manager via Texas Relay, a telephonic system used by people with hearing impairments. Harrison’s told the EEOC that during the call he was told by the general manager that “there is really no place for someone we cannot communicate with.”

As illustrated by the suits against Baltimore County, Texas Wendy’s and many other public and private employers, employers must exercise care when making hiring, promotion or other employment related decisions relating to persons with hearing or other conditions that could qualify as a disability under the ADA.

Defending disability discrimination charges has become more complicated due to both the aggressive interpretation and enforcement of the ADA under the Obama Administration and amendments to the ADA that aid private plaintiffs, the EEOC, the Justice Department and others to prove their case. Provisions of the ADA Amendments Act (ADAAA) that expand the definition of “disability” under the ADA, signed into law on September 25, 2008, broadened the definition of “disability” for purposes of the disability discrimination prohibitions of the ADA to make it easier for an individual seeking protection under the ADA to establish that a person has a disability within the meaning of the ADA. The ADAAA retains the ADA’s basic definition of “disability” as an impairment that substantially limits one or more major life activities, a record of such an impairment, or being regarded as having such an impairment. However, provisions of the ADAAA that took effect January 1, 2009 change the way that these statutory terms should be interpreted in several ways. Most significantly, the ADAAA:

Directs EEOC to revise that portion of its regulations defining the term “substantially limits;”
Expands the definition of “major life activities” by including two non-exhaustive lists: (1) The first list includes many activities that the EEOC has recognized (e.g., walking) as well as activities that EEOC has not specifically recognized (e.g., reading, bending, and communicating); and (2) The second list includes major bodily functions (e.g., “functions of the immune system, normal cell growth, digestive, bowel, bladder, neurological, brain, respiratory, circulatory, endocrine, and reproductive functions”);
States that mitigating measures other than “ordinary eyeglasses or contact lenses” shall not be considered in assessing whether an individual has a disability;
Clarifies that an impairment that is episodic or in remission is a disability if it would substantially limit a major life activity when active;
Changes the definition of “regarded as” so that it no longer requires a showing that the employer perceived the individual to be substantially limited in a major life activity, and instead says that an applicant or employee is “regarded as” disabled if he or she is subject to an action prohibited by the ADA (e.g., failure to hire or termination) based on an impairment that is not transitory and minor; and
Provides that individuals covered only under the “regarded as” prong are not entitled to reasonable accommodation.

The ADAAA also emphasizes that the definition of disability should be construed in favor of broad coverage of individuals to the maximum extent permitted by the terms of the ADA and generally shall not require extensive analysis. In adopting these changes, Congress expressly sought to overrule existing employer-friendly judicial precedent construing the current provisions of the ADA and to require the EEOC to update its existing guidance to confirm with the ADAAA Amendments. Under the leadership of the Obama Administration, the EEOC and other federal agencies have embraced this charge and have significantly stepped up enforcement of the ADA and other federal discrimination laws.

The ADAAA amendments coupled with the Obama Administration’s emphasis on enforcement make it likely that businesses generally will face more disability claims from a broader range of employees and will possess fewer legal shields to defend themselves against these claims. These changes will make it easier for certain employees to qualify as disabled under the ADA. Consequently, businesses should act strategically to mitigate their ADA exposures in anticipation of these changes. Given the Obama Administration’s well-documented, self-touted activism of the EEOC, Justice Department and other federal agencies in prosecuting disability discrimination and promoting a pro-disability enforcement agenda, businesses are encouraged to review and tighten their employment disability discrimination compliance procedures and documentation.

Likewise, businesses should be prepared for the EEOC and the courts to treat a broader range of disabilities, including those much more limited in severity and life activity restriction, to qualify as disabling for purposes of the Act. Businesses should assume that a greater number of employees with such conditions are likely to seek to use the ADA as a basis for challenging hiring, promotion and other employment decisions. For this reason, businesses should exercise caution to carefully document legitimate business justification for their hiring, promotion and other employment related decisions about these and other individuals who might qualify as disabled taking into account both the broadened disability definition and the aggressive interpretative stance of the Obama Administration. Businesses also generally should tighten job performance and other employment recordkeeping to promote the ability to prove nondiscriminatory business justifications for the employment decisions made by the businesses.

Businesses also should consider tightening their documentation regarding their procedures and processes governing the collection and handling records and communications that may contain information regarding an applicant’s physical or mental impairment, such as medical absences, worker’s compensation claims, emergency information, or other records containing health status or condition related information. The ADA generally requires that these records be maintained in separate confidential files and disclosed only to individuals with a need to know under circumstances allowed by the ADA.

As part of this process, businesses also should carefully review their employment records, group health plan, family leave, disability accommodation, and other existing policies and practices to comply with, and manage exposure under the new genetic information nondiscrimination and privacy rules enacted as part of the Genetic Information and Nondiscrimination Act (GINA) signed into law by President Bush on May 21, 2008. Effective November 21, 2009, Title VII of GINA amends the Civil Rights Act to prohibit employment discrimination based on genetic information and restricts the ability of employers and their health plans to require, collect or retain certain genetic information. Under GINA, employers, employment agencies, labor organizations and joint labor-management committees face significant liability for violating the sweeping nondiscrimination and confidentiality requirements of GINA concerning their use, maintenance and disclosure of genetic information. Employees can sue for damages and other relief like currently available under Title VII of the Civil Rights Act of 1964 and other nondiscrimination laws. For instance, GINA’s employment related provisions include rules that will:

Prohibit employers and employment agencies from discriminating based on genetic information in hiring, termination or referral decisions or in other decisions regarding compensation, terms, conditions or privileges of employment;
Prohibit employers and employment agencies from limiting, segregating or classifying employees so as to deny employment opportunities to an employee based on genetic information;
Bar labor organizations from excluding, expelling or otherwise discriminating against individuals based on genetic information;
Prohibit employers, employment agencies and labor organizations from requesting, requiring or purchasing genetic information of an employee or an employee’s family member except as allowed by GINA to satisfy certification requirements of family and medical leave laws, to monitor the biological effects of toxic substances in the workplace or other conditions specifically allowed by GINA;
Prohibit employers, labor organizations and joint labor-management committees from discriminating in any decisions related to admission or employment in training or retraining programs, including apprenticeships based on genetic information;
Mandate that in the narrow situations where limited cases where genetic information is obtained by a covered entity, it maintain the information on separate forms in separate medical files, treat the information as a confidential medical record, and not disclosure the genetic information except in those situations specifically allowed by GINA;
Prohibit any person from retaliating against an individual for opposing an act or practice made unlawful by GINA; and
Regulate the collection, use, access and disclosure of genetic information by employer sponsored and certain other health plans.

These employment provisions of GINA are in addition to amendments to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Employee Retirement Income Security Act of 1974 (ERISA), the Public Health Service Act, the Internal Revenue Code of 1986, and Title XVIII (Medicare) of the Social Security Act that are effective for group health plan for plan years beginning after May 20, 2009. Added together, employment related disability discrimination are large and growing, meriting stepped up risk assessment and management.

Health Care & Other Organizations Also Targeted For Violations Of Public Accommodation & Other Federal Disability & Other Disability Discrimination Laws

In addition to the well-known and expanding employment discrimination risks, public and private health care and housing providers also increasingly face disability discrimination exposures under various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws that the Obama Administration views as high enforcement priorities.

Section 504 requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance. The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact virtually all public and private health care providers as well as a broad range housing and related service providers.

As a result of its stepped up enforcement of the ADA, Section 504 and other civil rights and nondiscrimination rules, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. While OCR continues to wage this enforcement battle in the programs it administers, the Departments of Justice, Housing & Urban Development, Education, Labor and other federal agencies also are waging war against what the Obama Administration perceives as illegal discrimination in other areas. Along side their own enforcement activities, OCR and other federal agencies are maintaining a vigorous public outreach to disabled and other individuals protected by federal disabilities and other civil rights laws intended to make them aware of and to encourage them to act to enforce these rights. To be prepared to defend against the resulting risk of claims and other enforcement actions created by these activities, health care, housing and other U.S. providers and businesses need to tighten compliance and risk management procedures and take other steps to prepare themselves to respond to potential charges and investigations.

Recent Settlements Highlight Risk

Enforcement of Discrimination & Other Civil Rights Laws Obama Administration Priority Putting Public & Private Providers At Risk

These and other enforcement actions by OCR and other agencies demonstrate the significant increased federal emphasis on the enforcement of federal discrimination laws against private and public health care and housing providers, state and local governments and other businesses under the Obama Administration. In keeping with this renewed emphasis, the DCF settlementis one of a growing list of federal disability, national origin and other discrimination charges and settlements OCR, has brought over the past year against physicians, public and private hospitals, insurers, federally financed housing providers and other parties providing services financed under programs administered by OCR. As the Department of Housing and Urban Development (HUD), the Equal Employment Opportunity Commission (EEOC) and other federal agencies also similarly have increased emphasis in federal discrimination law enforcement during this period, health care providers and other federal program service providers need to be prepared to defend their programs and practices to withstand federal discrimination charges or other investigations by federal agencies, private plaintiffs or both.

Obama Administration Also Aggressively Prosecutes Disability Discrimination In Other Business Operations

Guarding against disability discrimination in employment is not the only area that businesses need to prepare to defend against. The Obama Administration also has trumpeted its commitment to the aggressive enforcement of the public accommodation provisions of the ADA and other federal disability discrimination laws. In June, 2012, for instance, President Obama himself made a point of reaffirming his administration’s “commitment to fighting discrimination, and to addressing the needs and concerns of those living with disabilities.”

As part of its significant commitment to disability discrimination enforcement, the Civil Rights Division at the Justice Department has aggressively enforced the public accommodation provisions of the ADA and other federal disability discrimination laws against state agencies and private businesses that it perceives to have improperly discriminated against disabled individuals. For instance, the Justice Department entered into a landmark settlement agreement with the Commonwealth of Virginia, which will shift Virginia’s developmental disabilities system from one heavily reliant on large, state-run institutions to one focused on safe, individualized, and community-based services that promote integration, independence and full participation by people with disabilities in community life. The agreement expands and strengthens every aspect of the Commonwealth’s system of serving people with intellectual and developmental disabilities in integrated settings, and it does so through a number of services and supports. The Justice Department has a website dedicated to disabilities law enforcement, which includes links to settlements, briefs, findings letters, and other materials. The settlement agreements are a reminder that private businesses and state and local government agencies alike should exercise special care to prepare to defend their actions against potential disability or other Civil Rights discrimination challenges. All organizations, whether public or private need to make sure both that their organizations, their policies, and people in form and in action understand and comply with current disability and other nondiscrimination laws. When reviewing these responsibilities, many state and local governments and private businesses may need to update their understanding of current requirements. Statutory, regulatory or enforcement changes have expanded the scope and applicability of disability and various other federal nondiscrimination and other laws and risks of charges of discrimination.

To help mitigate the expanded employment liability risks created by the ADAAA amendments, businesses generally should act cautiously when dealing with applicants or employees with actual, perceived, or claimed physical or mental impairments to decrease exposures under the ADA. Management should exercise caution to carefully and proper the potential legal significance of physical or mental impairments or conditions that might be less significant in severity or scope, correctable through the use of eyeglasses, hearing aids, daily medications or other adaptive devices, or that otherwise have been assumed by management to fall outside the ADA’s scope. Employers should no longer assume, for instance, that a visually impaired employee won’t qualify as disabled because eyeglasses can substantially correct the employee’s visual impairment.

Invest in Prevention To Minimize Liability Risks

In light of the expanding readiness of the EEOC, Justice Department, OCR, HUD and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here. About Solutions Law Press

Leave a Comment » | ADA, DME, Doctor, Durable Medical Equipment, Employer, Employment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Real Estate, Rehabilitation Act, Substance Abuse | Tagged: ADA, Civil Rights, controlled substance, County Hospital, DEA, Discrimination, Drug Testing, drugs, Government, Health Care, HHS, Hospital, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Physician | Permalink
Posted by Cynthia Marcotte Stamer

OCR Settlements Show Health Care & Disabled Housing Providers Face Growing Disability Discrimination Risks

October 19, 2011

A continuing series of federal investigations and enforcement actions highlight the need for health care providers and other health industry organizations to strengthen their disability discrimination management practices to defend against rising exposures to actions by the U.S. Department of Health & Human Services Office of Civil Rights (OCR) and other agencies as well as private law suits.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

Federal Disability & Other Laws Prohibit Health Care Provider Discrimination

As a result of its stepped up enforcement of the ADA, Section 504 and other civil rights and nondiscrimination rules, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. While OCR continues to wage this enforcement battle in the programs it administers, the Departments of Justice, Housing & Urban Development, Education, Labor and other federal agencies also are waging war against what the Obama Administration perceives as illegal discrimination in other areas. Along side their own enforcement activities, OCR and other federal agencies are maintaining a vigorous public outreach to disabled and other individuals protected by federal disabilities and other civil rights laws intended to make them aware of and to encourage them to act to enforce these rights. To be prepared to defend against the resulting risk of claims and other enforcement actions created by these activities, health care, housing and other U.S. providers and businesses need to tighten compliance and risk management procedures and take other steps to prepare themselves to respond to potential charges and investigations.

Recent Settlements Highlight Risk

Enforcement of Discrimination & Other Civil Rights Laws Obama Administration Priority Putting Public & Private Providers At Risk

These and other enforcement actions by OCR and other agencies demonstrate the significant increased federal emphasis on the enforcement of federal discrimination laws against private and public health care and housing providers, state and local governments and other businesses under the Obama Administration. In keeping with this renewed emphasis, the DCF settlement is the latest in a series of federal disability, national origin and other discrimination charges and settlements OCR, has brought over the past year against physicians, public and private hospitals, insurers, federally financed housing providers and other parties providing services financed under programs administered by OCR. As the Department of Housing and Urban Development (HUD), the Equal Employment Opportunity Commission (EEOC) and other federal agencies also similarly have increased emphasis in federal discrimination law enforcement during this period, health care providers and other federal program service providers need to be prepared to defend their programs and practices to withstand federal discrimination charges or other investigations by federal agencies, private plaintiffs or both.

Invest in Prevention To Minimize Liability Risks

For More Information Or Assistance

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here. About Solutions Law Press

Leave a Comment » | ADA, DME, Doctor, Durable Medical Equipment, Employer, Employment, Genetic Information, Health Care, Health Care Finance, Health Care Provider, Health Care Quality, Home Health, Hospital, Hospital, Licensing, Medicaid, Medical Licensure, Medical Malpractice, Medicare, Medicare Advantage, OCR, OIG, Physician, Physician Licensing, Real Estate, Rehabilitation Act, Substance Abuse | Tagged: ADA, controlled substance, DEA, Discrimination, Drug Testing, drugs, Health Care, HHS, Hospital, licensure, Medical Board, Medical Practice, OCR, Office of Civil Rights, pain management, pharmacist, pharmacy, Physician, Prescription Drugs | Permalink
Posted by Cynthia Marcotte Stamer

Rhode Island DHS Must Provide Translation, Other Services For Limited English, Other Language Impaired Persons

January 24, 2011

Rhode Island Department of Human Services (RIDHS) must change its policies and procedures to improve language access services for clients with limited English proficiency (LEP) under a resolution agreement (Resolution Agreement) with the Department of Health & Human Services Office for Civil Rights (OCR) available for review here. The Resolution Agreement highlights the need for health care providers and others receiving financial assistance or participating in other OCR-regulated programs to provide adequate translation and other mechanisms to provide effective access to services for limited English speaker, hearing impaired, and other language limited populations in light of recent OCR enforcement actions under the Civil Rights Act of 1964 (Title VII), the Americans With Disabilities Act (ADA) and other federal discrimination laws.

Under Federal Law, all programs operated by other agencies that receive Federal financial assistance from HHS, are prohibited by Title VI and its implementing regulation from administering their programs in ways that have the effect of delaying or denying services to persons on the basis of their race, color, or national origin.

RIDHS Settlement With OCR

The Resolution Agreement announced by OCR on January 24, 2011 resolves a complaint filed with OCR by the Rhode Island Chapter of the American Civil Liberties Union (RI ACLU). In the complaint, RI ACLU alleged that RIDHS’ termination of four Southeast Asian staff interpreters denied meaningful access to programs for eligible LEP clients. While the investigation for the complaint concluded that RIDHS was not in violation of Title VI, OCR reported that its simultaneous review of RIDHS’ compliance with existing agreements revealed RIDHS had not adequately implemented improved access to its programs and services for people with LEP.

Under the Resolution Agreement, RIHDS commits to provide people with LEP — those who have a limited ability to read, write, speak, or understand English —improved access to RIDHS programs and services, including access to Medicaid and other social service programs. RIDHS also has agreed to make meaningful efforts to create a robust training program for current and new employees that will educate staff on a provider’s duties under Title VI of the Civil Rights Act of 1964.

RIDHS also agreed to improve its policies and procedures for assessing language and translation needs; improve its methods for overseeing the provision of language access services, including complaints; ensure a more comprehensive approach to providing timely language assistance services; conduct outreach to notify LEP clients of the availability of free language assistance; ensure that use of family or friends as interpreters is allowed only where specifically requested by the client and after being informed that RIDHS will provide free language assistance services at no cost; to translate vital program documents; and to establish mandatory staff training on their obligations under Title VI.

Health Care Providers Should Act to Manage Risks as Obama Administration Makes Enhanced Investigation and Enforcement of Federal Discrimination Laws a Priority

The latest to be announced in a series of other similar enforcement actions, the Resolution Agreement reminds health care providers that that OCR requires them to ensure the adequacy of translation services for language and hearing impaired populations and to provide other accommodations reasonably necessary to enable disabled, language impaired or other special populations protected by federal Civil Rights laws to effectively access services.

Under the Obama Administration, OCR and other federal agencies are showing a heightened willingness to investigate and act to enforce disabilities, national origin and other charges of federal discrimination violations by health care providers and others. Review Obama Administration Civil Rights Enforcement Agenda here. While OCR took a series of enforcement actions under the predecessor Bush Administration, this announced renewed emphasis on federal discrimination law enforcement coupled by the series of actions taken by OCR and other federal agencies since January, 2009 reflects that OCR and other agencies are acting on the direction of President Obama to make prevention and redress of disabilities and other discrimination in employment, public services, public accommodations and telecommunications a priority. Read About Other Recent OCR Federal Discrimination Enforcement Activities Here. See also, e.g., recent discrimination policies and enforcement activities by the Department of Justice, the Equal Employment Opportunity Commission, and the Department of Housing and Urban Development.

Health care providers and others regulated by these federal discrimination laws should consider auditing the adequacy of existing practices, reaffirming their commitment to compliance to workforce members and constituents, retraining workforce and taking other appropriate steps to help prevent illegal discrimination within their organization and to position their organization to respond and defend against potential discrimination investigations or charges.

For Help With Compliance, Investigations Or Other Needs

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises, trains and defends health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including her highly popular programs on “Sex Drugs & Rock ‘N Role: Managing Personal Misconduct in Health Care,” “Managing Physician Performance” and others. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Leave a Comment » | ADA, Disability Discrimination, Health Care, Physician | Tagged: Civil Rights, Discrimination, Health Care, OCR, Office of Civil Rights, Title VII | Permalink
Posted by Cynthia Marcotte Stamer

Banner Health Pays $1.25 Million To Settle Cybersecurity Breach Impacting Nearly 3 Million Individuals

Banner Health Settlement

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Provider Pays $750K To Settle HIPAA Business Associate Rule Breach Charges

OCR’s Proposed Sex & Other Discrimination Rules Spell Headaches & New Risks For Health Care Providers, Insurers & Others

New HIPAA Settlement Highlights Internet Applications Safeguards, Whistleblower & Management Oversight Compliance Risks

IRS Publishes 2014 Branded Prescription Drug Fee Guidance

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

CMS Publishes FY 2014 Final Inpatient Psychiatric Facility Prospective Payment Rule

CMS Publishes FY 2014 Final Inpatient Rehab Facility Prospective Payment Rule

Tighten Disability Compliance To Avoid ADA Suits, Program Disqualification & Other Risks

With Risks Rising, Listen To 9/19 OCR Webinar On Civil Rights Enforcement In Health Care

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

OCR Settlements Show Health Care & Disabled Housing Providers Face Growing Disability Discrimination Risks

Rhode Island DHS Must Provide Translation, Other Services For Limited English, Other Language Impaired Persons

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update

Banner Health Settlement

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update