Health Care Law Blog

On May 31, 2013, the Boards of Trustees of The Federal Insurance and Federal Supplementary Medicare Insurance Trust Funds (Boards of Trustees) issued the most recent report (the "Report") on the financial condition of the U.S. Medicare Program. The Board of Trustees oversees the financial operations of the Medicare Part A and Supplementary Medical Insurance (SMI), which is Medicare Part B and D. The Social Security Act requires the Board of Trustees to report annually to the Congress on the financial status of the Medicare Program. The Report is 280 pages packed heavily with information and actuarial data analyzing the crippled patient, the U.S. Medicare Program, concluding that the Medicare Hospital Insurance Trust Fund will not run out of money until 2026, two years later than the last projection. The slightly improved forecast (from the prior report) is due apparently to slower growth in U.S. health care costs, according to current the Board's analysis.

But whether and when the Medicare Program will go broke is apparently not possible to determine with reasonable certainty. There are too many variables. The Board, comprising or advised by the best the best minds on the subject, have said as much. The Board concedes in the Report:

Projections of Medicare Costs are highly uncertain, especially when looking out more than several decades. One reason for the uncertainty is that scientific advances will make possible new interventions, procedures, and therapies. Some conditions that are untreatable today will be handled routinely in the future. Spurred by economic incentives, the institutions through which care is delivered will evolve, possibly becoming more efficient. While most health care technological advances to date have tended to increase expenditures, the health care landscape is shifting. No one knows whether these future developments will, on balance, increase or decrease costs.

The Report, p. 2.
The Report further indicates that the ACA "The ACA introduced even larger policy changes and projection uncertainty. . . . This legislation [the ACA] contains roughly 165 provisions affecting the Medicare program by reducing costs, increasing revenues, improving benefits, combating fraud and abuse, and initiating a major program of research and development to identify alternative provider payment mechanisms, health care delivery systems, and other changes intended to improve the quality of health care and reduce costs." Id.

Continue reading "Medicare Trust Fund Is Still Running Out of Money -- Just Not as Soon As Previously Thought" »

The concierge practice of medicine is the wave of the future. This is very good news for the American consumer and tax payer.

As the price tag for Medicare has increased, so has the pressure on federal lawmakers to do something to avoid the looming fiscal disaster that attends rising health care costs. Since the U.S. Taxpayer demands that Medicare costs somehow be contained while, ironically, the U.S. Voter (same person, different hat) views Medicare as a sacrosanct entitlement to consume health care, the lawmaker "solution" has thus far focused the cost-cutting pressure on the supply side of health care, including cutting physician reimbursement. See, e.g. The Plea for Repeal of the Medicare Sustainable Growth Rate, May 4, 2013 post, this Blog. The trend of private insurers and other non-government payers is to follow what Medicare does (at least with respect to setting physician reimbursement rates and billing rules). An unintended consequence of the downward pressure on physician reimbursement together with modern health care's increasing red tape/regulation and associated costs and headaches has been to drive primary care physicians out of private practice altogether. They are fed up. Many doctors have found (or are looking for) hospital employment. Others have retired. This trend has been referred to as the "silent exodus" of physicians and threatens to profoundly impact patient access care in a negative way. See National Survey Points to a "Silent Exodus" of Physicians, Merritt Hawkins, September 24, 2012.

Thankfully, some physicians are discovering that the concierge practice of medicine can be a smart, rewarding way to own and operate a private medical practice as a business that, rather than suffering the severe strains of the third-party-payer model, is free to actually focus on practicing medicine. For many doctors, the concierge medical practice model is returning private practice to its correct state -- a real practice of medicine, medical judgment and care that is patient focused and free from the intrusion into the business of rendering care that a commercial or governmental third-party payer necessarily creates.

Continue reading "A Viable Solution For Doctors and Patients to the Third-Party Payer Mess: Concierge Medicine" »

Some health plans would have doctors believe that all terms and conditions in health plan contracts are immutable. That is not true. Health plan contract language can and should be negotiated under some circumstances. All physicians are strongly cautioned against blindly signing health plan contracts or any "paper work" that comes across your desk concerning rates, charges, reimbursement or network participation on the assumption that you have no choice. All physicians should be vigilant about establishing an organized contracting methodology that will identify contract issues that may warrant concern and discussion with a health plan representative about possible language changes. There is strength in numbers: the more physicians proactive about negotiating health plan contract provisions, the more effective all physicians will be in contracting with payers.

The contracting guidelines below are recommended to physicians and their office administrators as a starting point for establishing effective contracting protocol for medical practices. Where there are particular concerns about the potential effect of contract language, there is no substitute for obtaining legal advice.

1. Reject the premise that health plan contracts are non-negotiable.

You can negotiate health plan contract language. If you assume all health plan contract language is a take-it-or-leave-it proposition, you will necessarily be unable to determine what particular provisions a health plan might be willing to negotiate with you.

2. Develop and follow a specific office contracting protocol.

Readiness is the first step to good contracting practices. Set up, then faithfully use, a plan for your office, to include the following elements:

• appoint a trusted, long-term employee to be responsible for contracting
• systematically collect, organize and store all health plan contracts and all correspondence and notices from the health plans
• carefully read every contract (or, at a minimum, have your appointed employee do so) against a Contract Review Checklist (see below), and list any questions or issues of concern
• monitor all contracts -- most are evergreen and will automatically renew unless one party terminates or proposes modification
• know when contracts expire, calendar expiration dates and deadlines for giving any required notice of cancellation

3. Establish strong rapport with a health plan representative.

You will accomplish much more if you are dealing with an individual you know and with whom you have good rapport. Good practices to develop rapport with health plan representatives include the following:

• have face to face meetings with the representative when possible
• be prepared for all meetings with the representative
• remember that you are negotiating a relationship not a transaction
• as much as possible, channel contact with a health care plan through one person in your office and one with the health plan
• train the health plan representative to believe that you are reasonable
(by, for example, periodically making small language proposals)
• differentiate your practice - the health plan needs to want your participation
• demonstrate that you do things professionally

4. Realistically assess your ability to negotiate a provision.

Various factors influence whether and to what extent a health plan will negotiate particular contract provisions. Before you raise an issue with a health plan, assess your negotiating position.

• What is the value of the contract to your practice?
• What percentage of your business does the health plan represent?
• Do the fees cover your true cost of doing business?
• Are the health plan's administrative requirements realistic?
• Does the health plan steer patients to you?
• What is the impact of dropping a plan on referrals - do you need to stay in plan because referring doctors will also refer patients from good plans?
• What are the strengths of your practice that might make you more attractive to the health plan?
• Do you add value to the health plan's network (e.g., you are the only specialist within so many miles).

Continue reading "Money-Making Tip for Physicians: Develop/Utilize Good Contracting Protocol With Health Plans " »

In Georgia, seven insurers have announced plans to participate in the Health Insurance Exchange that will exist by virtue of the Affordable Care Act (ACA). The ACA authorized creation of State health insurance "exchanges" (HIX) - an online market place in which consumers can shop for and buy health insurance. The following insurers have indicated they will participate in the Georgia HIX: Blue Cross and Blue Shield of Georgia, Kaiser Foundation Health Plan, Peach State, Alliant, Coventry, Aetna and Coventry. The insurance plans will debut as part of the Georgia HIX in 2014.

When the health insurance plans are available, small businesses, families and individuals will have a new way to get insurance. The ACA intends for consumers to be able to compare the benefits and costs of competing plans and use an online calculator to assist them in determining which plan is best for them. The ACA will expand health insurance coverage, increasing the number of insured patients. Presently, nearly two million non-elderly Georgia residents are uninsured. Purported benefits of the ACA that will affect Georgia patients and providers include: greater ease in obtaining coverage for individuals difficult to insure due to pre-existing conditions; continued cost-saving home- and community-care programs;greater resources for Medicaid, lowering costs of prescription drugs and raising reimbursement to some health care providers; enhanced preventive care coverage; and allowing young adults to stay on parents' health plans

For physicians, however, more insured patients under the auspices of the ACA is not all good news. While much remains to be seen, some problems have been predicted. For example, some physicians may experience delayed payment under the ACA, under which individuals have a three-month grace period to individuals who have not paid their premiums. Health plans may hold off on processing claims who have not paid for two months. After three months, a health plan may deny claims and leave the doctor to seek payment from the patient. Under traditional insurance, the health plan would remain liable to pay the doctor even if the premium has not been paid. Patients are not accustomed to keeping up with and paying insurance premiums. Further, under the ACA the patient may be able to sign up for another plan in the HIX and begin seeing another doctor. Many of the newly insured patients will also be individuals who have not had insurance before (or for a considerable time) and may therefore involve more complicated health issues.

Continue reading "Physicians Brace: the Changing Insurance Landscape Under Georgia's ACA Insurance Exchange " »

The American Medical Association (AMA) and numerous other medical associations, including the Medical Association of Georgia (MAG), are a strong voice for repealing the Medical Sustainable Sustainable Growth Rate (SGR). Led by the AMA, a very large group of influential medical associations wrote Congress late last year advocating that the SGR is "an enormous impediment to successful health care delivery and payment reforms that can improve the quality of patient care while lowering growth in costs." The call for repealing SGR is increasingly strong and urgent.

SGR is the method used by the U.S. Centers for Medicare and Medicaid Services (CMS) to set Medicare reimbursement rates for doctors with a formula purportedly tied to economic growth. The SGR issue derives from a well-intended but seriously flawed attempt to curb federal spending. Pursuant to the Balanced Budget Act of 1997, CMS employs SRG as a method to ensure yearly increases in Medicare expenses do not exceed increases in the level of growth in the U.S. Gross Domestic Product. Under the SGR scheme, if spending increases more than a set level, physician payments are adjusted downward; if spending is below a set level, rates are increased.

At first, the SGR formula arguably worked - to a degree - but only while the U.S. economy grew. After the US economy stalled in 2002, SGR number crunching changed for the worst as Medicare expenses exceeded projections, a trend that has continued. As a result, virtually every year for the last decade there has been a risk to physicians of very significant cuts in Medicare reimbursement rates required by law. Rather than repealing or revamping SGR, however, Congress has repeatedly effectuated a last minute, legislative patch "fix" to avert a crisis, deferring a permanent solution for future political wrangling. For example, with the latest "fix," the American Taxpayer Relief Act of 2012, Congress delayed a 26.5 percent cut in Medicare physician payments for one year. The Congressional Budget Office projects that physician payments under Medicare will be reduced by about 25% in January 2014. Again, some fix will be needed, as the cuts would cause many medical practices to close, denying patients access to medical care. The recurrence of this political issue continues to frustrate physicians in a big way. Many have left the Medicare program; others threaten to do so. Access to medical care is thus diminished, contrary to the essential purpose of Medicare.

Continue reading "The Plea for Repeal of the Medicare Sustainable Growth Rate" »

As a general rule of thumb for legal issues, being proactive tends to be much less expensive than being reactive. This general rule certainly applies to health care providers, their business associates and, now, business associate subcontractors with respect to changes required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HIPAA Omnibus Final Rule (Final Rule), implementing provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act passed in 2009, became law last week on March 26, 2013. The Final Rule significantly modifies HIPPA requirements for compliance and security measures intended to protect health information (PHI), especially business associate agreements. Health care covered entities and their business associates and subcontractors have six months to become compliant with the rule, or face large fines (up to $1.5 million). The deadline for compliance is September 23, 2013, and the clock is ticking. Quickly.

According to the U.S. Department of Health & Human Services (HHS), the Final Rule is intended to bolster privacy and security protections for PHI under HIPAA by greatly enhancing the government's ability to enforce the law. Health care provider audits are expected to dramatically increase in the coming months and years. Assuming that an audit will not happen is a mistake for any health care provider. Fines for HIPAA violations can be considerable, up to $1.5 million.

Under the Final Rule, parts of the HIPAA "Security Rule" (security requirements for electronic PHI) and "Privacy Rule" (security requirements for privacy of PHI) will now apply directly to business associates so that business associates will be potentially liable for civil and criminal penalties for any non-compliance with the HIPAA regulations, rather than just a breach of contract. Additionally, many subcontractors of business associates will now be covered. Liability for data breaches and other non-compliance can lie with the subcontractor, the business associate or the covered health care entity.

So, who is a "business associate"?

This is an important question because many changes under the Final Rule will profoundly impact not only covered entities and existing business associates, but other entities that now meet the definition of "business associate" and downstream business associate subcontractors whose services touch PHI. The Final Rule broadened the definition of "business associate" so that anyone who creates, receives, maintains, or transmits PHI might be deemed subject to HIPAA rules as a business associate. For example, the new definition includes companies or persons that "maintain" PHI, such as a data storage company or a company that provides data transmission services.

Legal counsel should be consulted to determine what business partners and vendors might be deemed "business associates" by HHS in the event of an audit. The reality is that many (probably most) business associates are currently not compliant with HIPAA and, if they consider the issue at all, may be in denial. HHS has decided it will deal with the issue more aggressively. Prudent health care providers must promptly inventory their business relationships to identify all business partners and vendors that meet the broadened definition of "business associate" under HIPAA rules and ascertain whether business associates are compliant with HIPAA's risk assessment and other compliance protocol. This process should include evaluation of existing business associate agreements and, ultimately, health care providers should insist that every business associate demonstrate compliance.

Do your business associate agreements need to be updated?

Covered entities, business associates and subcontractors have until September 23, 2013 to execute business associate agreements compliant with the Final Rule. Under the Final Rule, business associate agreements must be updated to require that:

- the business associate comply with applicable requirements of the Security Rule.

- business associate ensure subcontractors that create, receive, maintain or transmit electronic PHI on behalf of the business associate agree to comply with the requirements of the Security Rule.

- the business associate ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the business associate agree to the same restrictions and conditions that apply to the business associate with respect to such PHI.

- the business associate report breaches of unsecured PHI.

- the business associate carry out a covered health care entity's obligation under the Privacy Rule (e.g., serving as the privacy official)

- the business associate comply with the requirements of the Privacy Rule that apply to the performance of such obligation.

It is estimated that up to 500,000 existing Business Associates will have to have new business associate agreements.

Continue reading "THE CLOCK IS TICKING: Less Than Six Months to Comply with New HIPAA Requirements for Business Associate Agreements " »

The U.S. Department of Health and Human Services (HHS) published the HIPAA final omnibus rule (Final Rule) on January 25, 2013. The Final Rule deals with required changes for medical practices and other health care providers that HHS determined are necessary to secure protected health information (PHI). As a result of the Final Rule, many health care providers must update existing business associate agreements, revise existing notices of privacy practice, and require some business associates' subcontractors to execute business associate agreements. For many medical practices and health care businesses, this process may be a tedious undertaking and, therefore, should begin promptly. The deadline for compliance is September 23, 2013.

A "business associate" is a person or entity that acts on behalf of or provides services to a health care provider (a "covered entity") who, by doing so, obtains access to PHI. The purpose of a business associate agreement is to ensure business associates will appropriately safeguard PHI and limit permissible uses and disclosures of PHI, to protect patient privacy and related purposes advanced by HIPAA. A business associate is directly liable under HIPAA and subject to civil (and potentially criminal) penalties for data breaches and other violations of HIPAA.

The Final Rule is published in the Federal Register (78 FR 5565) and is 523 pages. Under the Final Rule, a "business associate" includes a broader scope of entities. "Business associate" now includes subcontractors and entities that create, receive, maintain, or transmit PHI. How this change will impact particular situations may require determinations on an ad hoc basis. All physicians, physician groups, other health care providers, and health care businesses, should promptly marshal their existing business associate agreements for review and analysis to determine which agreements must be changed to comply with the Final Rule. Additionally, all business arrangements need to be inventoried and reviewed for a determination as to whether the relationship necessitates a business associate agreement under the Final Rule. For every business arrangement that will require a new business associate agreement, the business associate should be contacted now regarding the requirement of a business associate agreement.

Continue reading "THE TIME IS NOW: MANY HEALTH CARE PROVIDERS AND HEALTH CARE BUSINESSES MUST PROMPTLY REVISE BUSINESS ASSOCIATE AGREEMENTS TO COMPLY WITH HIPAA" »

Our health care system's slow-but-sure conversion from paper to electronic health records (EHR) continues throughout the United States. The push toward EHR is strong, both as an inevitable industry trend toward efficiency and because of the mandate of federal law. EHR is obviously an integral part of health care reform changes. See January 31, 2013 post. Unintended adverse consequences of going paperless have appeared, however, including an apparent trend by doctors and other health care providers to haphazardly copy and paste identical notes from one patient visit to another.

This phenomenon -- dubbed "sloppy and paste," "sloppy pasting," "copy-forward" and "cloning" -- is a new problem in the industry and appears to be a strong trend. Although EHRs facilitate quick moves through patient records, the tempting ease of copy/pasting lends itself to mistakes. While many such mistakes may be innocuous, as an expansive trend copy/pasting EHR seems to have some meaningful unintended consequences, ranging from serious embarrassment, the appearance of billing fraud, or patient harm.

For example, since by definition coordinated patient care (another integral part of health care reform for which there is strong impetus) involves multiple health care professionals communicating with each other via the patient's chart, the ability of each provider to rely upon the accuracy of information conveyed in the chart is critical. Proper management of all patient care in an integrated way requires an effective, accurate and timely exchange of information. The reliance of each provider upon inaccurate or misleading information copy/pasted into chart as a short cut can lead to confusion and mistakes and actually prevent "coordinated" care. In one reported example, a physician visited a patient in a coma who had postoperative complications. After reviewing the patient's chart, the doctor visited with the patient's very concerned family and commented to them that the patient was only in the third day of recovery, unaware that that the patient had been in recovery for over five weeks. For more than five weeks, the note "post-op day No. 2" was copied and brought forward each day. The highly embarrassed doctor's credibility with the family was gone.

Continue reading ""SLOPPY PASTING" EHR: A Risky Shortcut" »

A single unencrypted laptop computer containing electronic protected health information (ePHI) cost The Hospice of North Idaho (HONI) $50,000. HONI agreed to pay the U.S. Department of Health and Human Services (HHS) a $50,000 fine to settle potential breaches of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

HONI regularly used laptops in field work. However, according to HHS, HONI did not conduct an accurate and thorough analysis of the risk to the confidentiality of ePHI posed by mobile devices on an on-going basis as part of its security management process in violation of HIPAA. HONI also failed to implement security measures sufficient to ensure the confidentiality of ePHI that it created, maintained and transmitted using portable devices, another alleged HIPAA breach. In addition to the fine, HHS required HONI to enter into a corrective action plan.

The HONI settlement is notable as the first settlement of an alleged HIPAA violation based on breach of ePHI affecting fewer than 500 individuals. The government discovered in its investigation that HONI simply failed to conduct any risk assessment to safeguard ePHI and failed to have policies and procedures to address mobile devices. Leon Rodriquez, the Director of the HHS Office for Civil Rights, explained: "This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information."

Continue reading "HHS announces first HIPAA breach settlement involving less than 500 patients" »

The Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S. Department of Health and Human Resources (HHS) to conduct audits to ensure health care providers, health care industry organizations, and their business associates comply with HIPAA. The HHS Office for Civil Rights (OCR) audit program scrutinizes policies and procedures (or lack of same) of HIPAA-covered entities. Audit protocol looks at many elements (which may vary based on the type of covered entity audited) categorized as privacy requirements, security requirements, and breach notification requirements. The OCR makes available its audit protocol for public review online. OCR awarded KPMG a $9.2 million contract to create HIPAA auditing protocols and to handle audits. The government is keen on these audits; audits will increase in the near future.

According to OCR, "To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules." Be prepared. Do not wait for an audit notice. A few of the many factors potentially relevant if your medical practice or other health care business is selected for the review include:

Is there a signed business associate agreement with each business associate?

Do you encrypt protected health information (PHI)?

Do you have policies and procedures in place for employees (new employees, existing employees, terminated employees, etc.)?

Do you have policies in place with regard to the removal of PHI from the medical practice site (e.g. a smartphone)?

Do you have a written policy for ascertaining and reporting a security breach?

Do your policies cover everything you do with PHI?

Do you really do things consistently with your existing policies?

Continue reading "BEWARE the HIPAA police: MORE AUDITS COMING. Get a risk assessment." »

On January 15, 2013, Dr. Joel I. Bertstein, a La Jolla, California oncologist, pled guilty to a charge that he introduced an unapproved drug into interstate commerce and administering it to patients. The drug is a cancer fighting drug known as "Mabthera." Mabthera has not been approved by the U.S. Food and Drug Administration (FDA) for use in the United States and is intended for marketing in Turkey. Rituxa is the approved U.S. drug that contains the same active ingredient and is used to fight lymphomas and leukemias.

According to the government's allegations, Bernstein and his corporate medical practice, Dr. Joel I. Bernstein, M.D. Inc., imported Mabthera at a deep discount, dispensed the drug to unwitting patients, billed Medicare as if the drug was legitimate, and retained profits from the transactions. The government alleged that during the period from 2007 to 2011, Bernstein purchased $3.4 million of unapproved cancer drugs, for significantly less than market value in the U.S., and submitted claims to Medicare at the full reimbursement price using Medicare codes for approved cancer drugs. The government charged that Bernstein submitted reimbursement claims of $1.7 million to Medicare.

The financial recovery for the federal tax payer is not the sole objective for the government's prosecution of this type of Medicare fraud. Additionally, the government seeks to combat a strong nationwide trend that exposes U.S. patients to risks associated with the use of drugs not vetted and approved by the FDA. Patient welfare is at stake. Indeed, the government considers the problem of counterfeit drugs to be of "epidemic" scale. Numerous federal agencies, including the Department of Justice, the Federal Bureau of Investigation, the FDA, and Homeland Security, are involved in the effort to combat a national crisis of importation counterfeit and unapproved drugs. The government has undertaken significant efforts to discovery fraudulent Medicare schemes that cost the federal taxpaper billions of dollars every year and compromise patient safety.

The FDA's procedures for approving a drug apply not only to the drug itself but also to labeling and packaging, the facility where the drug was manufactured and shipping protocol. Some oncology medications must be transported at a particular temperature. When a patient consumes an unapproved drug, he is taking a serious chance that the proper conditions for the manufacture and shipment of the drug have not been met. In Dr. Berstein's case, the government asserted that unapproved chemotherapy drugs "may be fake, ineffective, unsafe and dangerous."

Continue reading "Combatting a National Trend of Physicians Dispensing Unapproved Foreign Drugs" »

Physicians and dentists often decide to choose a new place to practice. Sometimes it might be in the same area but a different part of town or it can be in another city or state. Whether you are considering opening a new office or simply relocating, it is extremely important to do your homework before making this decision.

Here are a few tips from an experienced Georgia health care lawyer to consider.

One of the primary factors in making this decision is physician density. In areas where there are not as many doctors, it will be far easier to cultivate a new patient base. This is especially true if there are no physicians in the area with your expertise. In areas saturated with doctors, you are provided with the opportunity to expand your area of expertise and set yourself apart from the others.

Another thing to consider is an area with high unemployment. This would mean the people in that area would be less likely to have insurance coverage. This would make them less likely to make routine visits. This may all change under the Patient Protection and Affordable Care Act (PPACA).

Nobody really wants to talk about the costs involved for medical malpractice but it is a decision that has to be faced if considering a move. If you are moving in the same city or same area, this is not of significant concern. However, if you are considering moving to another state or a smaller town, the costs of malpractice insurance could vary greatly.

Lastly, consider what your earnings will be in the area you are considering. Physician compensation in the Midwest is higher than the Southwest. In reality a reputable physician can make a good living in any area he or she chooses to go to. One way to get inside information is to visit with other doctors in the area considering that they might not be entirely honest with their answers.

Unfortunately there is no cookie cutter format for determining the best place for a physician to be; there are issues specific to each practice that will need to be answered. The bottom line is that an experienced physician or dentist will flourish and succeed in any area that they choose.

Continue reading "Things to Consider When Moving Your Medical/Dental Practice " »

The final Health Insurance Portability and Accountability Act (HIPAA) rule was announced on January 17, 2013, modifying the original 1996 version. The rule becomes effective on March 26, 2013, with full compliance mandated by September 23, 2013. After that, enforcement will commence.

Under the new rule, patients have new rights to their health information, greater privacy protection and the government has increased ability to enforce the law.

It is time to begin implementing a reporting plan for covered entities and business associates. Such a plan should consider four factors. Those factors to be considered in determining whether a breach must be reported include: (1) the type of protected health information (PHI) involved; (2) who used the PHI or to whom the PHI was disclosed; (3) whether the PHI was viewed or acquired; and (4) whether the risk to the PHI was mitigated, such as through assurances by trusted third parties that the PHI was destroyed.

Some other changes to be aware of are:

• Business associates are liable for HIPAA privacy and security rule requirements.

• A business associate includes subcontractors that create, receive, maintain or transmit PHI on the behalf of a business associate.

• Subcontractors for business associates are bound by the same compliance obligations no matter how far away the services are from the covered entity.

• A breach is any wrongful use or disclosure of PHI unless the covered entity or business associate assures that there was no compromise of the PHI or a small chance that it was.

• Covered entities have to protect the PHI of a decedent for 50 years following the date of death.

• Patients can request a copy of their electronic medical record (EMR) in an electronic form.

• For all practical purposes the sale of a patient's PHI is prohibited without their authorization.

• Penalties are enhanced for noncompliance depending upon the level of culpability up to the civil monetary cap of $1.5 million per violation.

Navigating the expanded HIPAA rule and making certain that you are in compliance by September 23, 2013 can be a daunting task for small and large healthcare businesses, physicians, dentists and hospitals.

Continue reading "Final HIPAA Rule Becomes Effective March 26, 2013" »

While only slightly more than two-thirds of primary care physicians in the United States used electronic medical records (EMR) in 2012, this is an increase of 50% over the 46% that reported using them in 2009. This data is documented in a Commonwealth Fund International Health Policy Survey, which was published in Health Affairs.

The use of electronic medical records can make physicians' offices more efficient and improve the quality of patient care by making their medical history available to any physician treating them. Unfortunately, many physicians still prefer to maintain voluminous files containing patient information and illegible handwritten comments and progress notes.

Make no mistake about it, electronic medical records are the way of the future for medical practices of all sizes. With the passage of the Patient Protection and Affordable Care Act (PPACA), and its constitutionality ruling by the United States Supreme Court last June 28, 2012, healthcare reform is on its way. A mandate requiring electronic medical records for all practitioners is a part of PPACA and is set to take effect in 2014. Some mandates included in the Health Insurance Portability and Accountability Act (HIPAA) have been included in and strengthened under the PPACA.

Funding for the EMR legislation will cover a span of 10 years. By the end of that time, it is hoped that all practices will have implemented electronic medical records. Incentive programs are available through the federal government. Some professionals meeting federal requirements for EMRs can get up to $44,000 through the Medicare Electronic Health Records Incentive Program. Others who are providing service to patients in a Health Professional Shortage Area might qualify for incentives in excess of $44,000. Incentives for institutions are significantly higher, starting at $2 million, but the requirements are stiffer than for individual professionals.

Naturally there are requirements established by the federal government to make certain the incentive funding is being used properly. For example, there are specific formats for use in the areas of medical billing, patient medical history and employee communication.

Ultimately, the use of modern technology to comply with the electronic records mandate of PPACA will make our healthcare system better, provide better care to the patients and make it more affordable to all.

Continue reading "The Electronic Medical Records (EMR) Mandate" »

Federal law enforcement agents arrested one Chicago-area resident and six Detroit-area residents based on allegations of home health care fraud. In an 18-count indictment unsealed on January 17, 2013, the federal government contends that the seven parties effectuated a scheme to defraud Medicare based on claims for in-home health services at Royal Home Health Care Inc., Prestige Home Health Care Services Inc., Platinum Home Health Services Inc. and Empirical Home Health Care Services Inc. According to the indictment, Medicare was defrauded of over $22 million based on false claims for services since August 2008.

The Medicare Program is a federal health care program that provides benefits to the disabled and persons over age 65. It is administered by the Centers for Medicare and Medicaid Services ("CMS"), a division of the United States Department of Health and Human Services Office of Inspector General ("HHS-OIG"). In order for a health care provider to participate in Medicare, the provider must agree to abide by Medicare polices and procedures, rules, and regulations published by the federal government. When a provider is certified as a participant in the program, the provider receives a provider identification number for billing purposes, known as a "PIN." A provider uses the PIN to submit claims for reimbursement to the government for services rendered to a patient, or "beneficiary." A Medicare beneficiary has a Medicare beneficiary number that is used for billing purposes.

Combating Medicare fraud has been a major priority and focus of the federal government for many years. Since March 2007, the federal government's Medicare Fraud Strike Force, which involves HHS-OIG, the FBI and other federal law enforcement, have charged more than 1,480 defendants who have falsely billed Medicare for over $4.8 billion. This indictment is part of the effort of the government's Medicare Fraud Strike Force to effectively combat Medicare Fraud in an effort to curb the spiraling costs of the Medicare Program and otherwise for the benefit of the federal taxpayer.

According to the indictment, the home health care companies purported to provide in-home physical therapy, occupational therapy, speech pathology and/or skilled nursing services to patients. Royal, Prestige, Platinum and Empirical were Medicare providers that submitted claims directly to Medicare using PINs and beneficiary numbers. The individuals named in the indictment were either owners and/or officers of the home health care companies, or were employed as therapists or patient recruiters. The indictment charges that the defendants offered and paid kickbacks and bribes in the forms of cash payments and/or prescription narcotics to Medicare beneficiaries for the purpose of such beneficiaries arranging for the use of their Medicare beneficiary numbers by the conspirators as the bases of claims for physical therapy and other services. The indictment further alleges that Medicare claims were submitted to the government for physical therapy services and other services that were not provided and/or were not medically necessary. The indictment states that the defendants used false medical documents to support the fraudulent claims.

Continue reading "Seven Arrested, Charged with $22 Million Detroit-area Home Health Care Fraud Scheme" »