Monday, December 30, 2013

Top Ten Health Law Issues for Physicians,
Health Systems and Providers in 2014

Change is the one constant that physicians, health systems and other providers face in 2014 as the ACA and its myriad regulations become effective, along with increasing review and scrutiny not just from state and federal regulators, but also private companies with state and federal contracts to review and audit claims, cost reports, and billing practices. Listed below are the top ten areas that physicians and other providers should watch in 2014.

Meaningful Use Audits: Physicians, hospitals, and others that have received incentive payments to integrate electronic medical records into their practices will likely be subject to an audit from either Medicare or Medicaid to assess whether the providers have actually made meaningful use of these funds and systems. Auditors are likely to demand evidence of meaningful use of incentive monies and repayment when providers cannot back up the attestations made for Stage 1 compliance. Providers should be on the lookout for audit request letters sent via email by the contracted auditor. Make sure that whoever has the email address registered with CMS checks for an audit letter. In addition, providers should make sure that all meaningful use attestations are backed up and documentation is maintained for the six years that CMS requires. Some of the required evidence includes EHR vendor agreements, attestation reports on clinical quality measures, statements from EHR vendors, and information used to generate numerator and denominator values for reporting. If an audit letter is received, contact should be made immediately. Providers need to pay attention to these responses; a failure to respond adequately could result in more than just a request for repayment.

Friday, December 6, 2013

Controlling Compounding:
The Drug Quality and Security Act

In October 2012, a fatal meningitis outbreak killed 64 people in the United States and infected more than 750 in 20 states. The outbreak was traced back to contaminated vials of an injectable pain-killing steroid that was compounded by the New England Compounding Center (“NECC”).

Compounding – the process by which a pharmacist combines drug ingredients per a doctor’s prescription to meet the unique needs of an individual – is nothing new. In recent years, however, the practice has experienced a surge in popularity as more Americans have come to expect tailored medicine, and drug shortages create a persistent need to compound unavailable drugs.  Historically, compounding involved a relationship between the compounding pharmacist, physician, and patient – and was done at the local pharmacy.  Now, compounding facilities mix and compound mass quantities of product for interstate sale.

Wednesday, September 4, 2013

PHI May Be In More Places Than You Think

A recent HIPAA settlement serves as an important reminder that protected health information may be stored on “ordinary” office equipment such as printers, photocopiers, scanners and fax machines, and not just on computer hard drives.  On August 14, 2013, the Department of Health and Human Services announced a settlement with the not-for-profit managed care plan Affinity Health Plan, Inc. for over $1.2 million in connection with HIPAA Privacy and Security breaches stemming from PHI stored on a photocopier hard drive.

In 2010, Affinity notified HHS of a security breach after company representatives heard about it on the news.  Apparently, CBS Evening News informed the entity that, as part of an investigative report, CBS had purchased a photocopier previously leased by Affinity and found confidential medical information on the photocopier’s hard drive.  Affinity’s breach disclosure led to an HHS investigation that revealed Affinity failed to assess the potential security risks from PHI stored on the copier hard drive and to implement policies for disposing of the PHI before returning the copier to the office equipment leasing company.  It is estimated that up to 344,579 individuals have been affected by the breach.

Tuesday, August 27, 2013

Two’s Company, Three’s a Crowd:
Compliance Officers, In-House and Outside Counsel

Large scale healthcare providers often have not only one, but three, places to turn when faced with a legal or compliance issue.  They can rely on in-house counsel, outside counsel, or a compliance officer for the right answer.  It is important that each of these entities knows and understands the role they play for the healthcare provider. As the saying goes, two’s company, and three’s a crowd.  Tasks can overlap, and responsibilities can be muddled if roles are not clearly delineated among the three.  At McBrayer, McGinnis, Leslie & Kirkland, PLLC, two of our healthcare attorneys have first-hand knowledge of how these roles intersect because they have served in a capacity other than outside counsel for healthcare providers. The knowledge and experience they gained from these past positions have served them, and their clients, well.

Monday, August 26, 2013

Licensure Requirements for Home Medical
Equipment Providers, Personal Service Agencies

Given the current health care climate, it is no surprise that providers who were unregulated just a few years ago are now subject to certification and licensure requirements.

In April 2012, Kentucky House Bill 282 passed the legislature and was signed into law. The law requires that all home medical equipment providers who sell or distribute home medical equipment products to patients in Kentucky obtain a Home Medical Equipment License from the Kentucky Board of Pharmacy. Home medical equipment providers, which are durable medical equipment companies, provide individuals necessary items such as wheelchairs, hospital beds, and nebulizers.

The bill provides the Board of Pharmacy with the authority to grant reciprocity to out-of-state suppliers with licensing requirements in bordering states under certain circumstances.

Final Rule for Long-Term Care Facilities and
Hospice Providers Takes Effect August 26th

On June 27, 2013, CMS published its final rule for hospice agreements with long-term care providers. LTC facilities are now required to have written agreements specifying what services the hospice and LTC provider will provide to nursing home residents receiving hospice care. This new Condition of Participation aims to improve the quality and consistency of care between LTC and hospice providers by specifically defining responsibilities and roles. The agreement must be signed by authorized representatives for both the LTC facility and hospice before hospice care can be provided to patients. The effective date is August 26, 2013.

Friday, August 16, 2013

Beyond Making the Rounds: Hospitalists
& Quality of Care Under ACA: Part II

In an earlier post, I discussed how hospitalists play a vital role in meeting ACA’s quality of care standards for the inpatient setting. Now, let’s take a look at how PCPs must also work to meet these same standards.

A PCP’s Evolving Role for Inpatient Care
Of course, the industry cannot rely on hospitalists alone to meet ACA standards. It takes a village. PCPs still play a key role in establishing quality inpatient care. When a patient is admitted to the hospital, the PCP’s role in the patient’s care has not ended. Instead, PCPs should see the inpatient stay as a momentary transition in care for which they are responsible for retaining oversight. PCPs should step up, not step back, to ensure continuity of care.

Thursday, August 15, 2013

Beyond Making the Rounds: Hospitalists
& Quality of Care under the ACA

By now, everyone knows the Affordable Care Act’s motto is “increase quality, decrease costs.” As providers transition from the fee-for-service payment model to new payment systems that are tied to quality, one subset of providers will play a pivotal role in bringing health care into a new era: hospitalists.

Hospitalists (physicians who provide care solely to hospital inpatients) are poised to lead the way in ensuring that patient care is no longer a series of disconnected dots, but rather a continuum of ongoing service. As primary care providers and subspecialists increasingly limit time set aside for hospital visits, it is up to hospitalists to improve inpatient efficiency, manage patient expectations and coordinate the overall inpatient experience. The unique nature of hospitalists, still a recently new specialty, makes meeting the lofty expectations of the ACA more attainable.

Monday, August 12, 2013

Kentucky Selected To Participate in ER “Super-users” Program

If you have ever been to an emergency room in the Commonwealth, chances are you have seen a “super-user” – a person who uses emergency rooms for regular health care instead of lower-cost alternatives such as a primary care physician.  Whether they are Medicaid recipients or uninsured, super-users (also known as “super-utilizers” or “frequent flyers”) increase Medicaid expenditures and drive up the overall costs of health care. In 2012, 4,400 Medicaid recipients used an emergency room ten or more times, and Kentucky Medicaid spent more than $219 million on emergency room use.  Super-users do not just waste money.  As anyone who has visited the ER can tell you, they also waste the valuable time and resources of emergency room providers, creating longer wait times for those experiencing true emergencies.

The Pioneer Program Report Card

In 2012, thirty-two organizations were selected to participate as “Pioneers” in a pilot Accountable Care Organization program created through the Affordable Care Act. The program’s goal was to revolutionize the health system and reduce medical costs by basing physician and hospital pay on quality rather than quantity.

ACOs are a centerpiece of the ACA. In an ACO, physicians and health systems coordinate care to patients in an effort to reduce duplication of services or costs. The Pioneer program awarded bonuses to providers offering quality care at reduced costs. If certain quality targets were not met, or costs were not reduced, providers suffered a consequence. ACOs were projected to save Medicare as much as $940 million through 2015 and result in over a billion dollars in bonus payments to providers.

Thursday, August 1, 2013

More About Proposed Payment Changes
for Medicare Home Health Agencies

Earlier this week, I discussed CMS’ proposal to rebase the payment rates for home health services. Here I will discuss CMS’ other proposed changes to home health payment.

Coding Changes
According to CMS, there are several ICD-9 codes that are resulting in “inaccurate overpayments” through their inclusion in the home health prospective payment system. CMS is suggesting removal of two specific ICD-9-CM codes:

(1) those that are too acute for the home health setting; and
(2) diagnosis codes for health conditions that do not require home health intervention, do not impact home health plan of care, and/or would not result in the use of additional home health resources.

ICD-10-CM codes will be included in the payment system starting in October 2014.

Tuesday, July 30, 2013

Proposed Payment Changes for
Medicare Home Health Agencies

The Centers for Medicare and Medicaid recently released a proposed rule involving 2014 payment changes for the Home Health Prospective Payment System. The rule projects that the changes could reduce Medicare payments to home health agencies by 1.5 percent. CMS estimates that 3.5 million beneficiaries currently receive home health services, costing Medicare approximately $18.2 billion in 2012, so a 1.5 percent reduction would be significant ($290 million, to be exact).

The proposed rule reduces reimbursement rates and proposes a number of other changes that will be discussed herein. Home health providers should become familiar with the rule and voice comments or concerns about it to CMS. Comments are due by August 26, 2013.

Friday, July 26, 2013

Sound Inpatient’s Unsound Practices
Lead to $14.5 Million Settlement

On July 3, 2013, the United States Department of Justice announced Sound Inpatient Physicians, Inc. will pay $14.5 million dollars to settle allegations that it over-billed Medicare and other federal health care programs. The Washington-based company employs more than 700 hospitalists and post-acute physicians in facilities in twenty-two states.

Under the whistleblower provisions of the False Claims Act, a former Sound Inpatient regional manager alleged the company was submitting evaluation and management (“E/M”) claims for reimbursement that were unsupported by medical documentation. The government then intervened; no surprise, considering that since January 2009, the Justice Department has recovered a total of more than $14.7 billion through False Claims Act cases.

Wednesday, July 17, 2013

Oxford Health Plans, LLC v. Sutter:
Don’t Forget to Read the Arbitration Provision

On June 10, 2013, the U.S. Supreme Court issued a decision confirming that payment disputes between a payor and its network providers may be resolved through group arbitration if allowed by the arbitrator, even if the use of class procedures is not expressly provided for in the agreement.

In Oxford Health Plans, LLC v. Sutter, John Sutter, a physician who provided medical services under a contract with Oxford Health Plans, sued Oxford on behalf of himself and a proposed class of other doctors alleging violation of the Oxford provider agreement and New Jersey state laws.  The Oxford provider agreement contained a binding arbitration provision so Oxford moved to compel arbitration of Sutter’s claims and the District Court agreed.

Monday, July 15, 2013

Hospitalist Billing Practices Under Scrutiny in
$14.5 Million False Claims Act Settlement

The United States Department of Justice recently announced a $14.5 million settlement with Sound Inpatient Physicians, Inc., ("Sound Inpatient"), a Tacoma, Washington-based hospitalist company. The settlement resulted from the government’s intervention in a qui tam lawsuit filed by a former Sound Inpatient regional manager, which alleged that Sound Inpatient violated the False Claims Act by submitting evaluation and management ("EM") claims for reimbursement that were not supported by adequate medical documentation.

Wednesday, July 10, 2013

The Preventing and Reducing Improper Medicare
and Medicaid Expenditures Act: Will Healthcare
Fraud Prevention Move to PRIME Time?

Members of the U.S. Senate and House of Representatives have introduced new legislation intended to further strengthen the effort to combat waste, fraud, and abuse in the government healthcare programs. The Preventing and Reducing Improper Medicare and Medicaid Expenditures Act ("PRIME") contains a number of provisions that would increase rewards and incentives for those who uncover healthcare fraud, as well as heighten penalties for those who commit it. PRIME would establish stronger fraud and waste prevention strategies within Medicare and Medicaid to help phase out the practice of "pay and chase," i.e., recouping monies already erroneously paid to providers instead of detecting problems on the front end. PRIME also would expand the fraud identification and reporting work of the Senior Medicare Patrol, and would take steps to help states identify and prevent Medicaid overpayments.

Squeezing Blood from a Turnip: Health Care
Reform & Kentucky’s Physician Shortage

Deloitte Consulting, a technology firm helping to establish the new Kentucky Health Benefit Exchange mandated by the Affordable Care Act, recently completed a review that paints quite a grim outlook for the future of healthcare in the Commonwealth. According to the review, Kentucky needs 3,790 additional physicians (including primary care doctors and specialists), 612 more dentists, 5,635 more registered nurses, 296 more physician assistants, and 269 more optometrists to meet current demand. The numbers are stunning on their own, but in light of healthcare reform and Medicaid expansion, they are downright staggering.

Friday, July 5, 2013

Employer Mandate Enforcement Delayed Until 2015

On July 2, 2013, the Obama Administration announced that enforcement of the employer mandate provision of the Affordable Care Act would be delayed until 2015, a year from its projected January 2014 start.

The mandate requires that businesses with 50 or more full-time equivalent employees provide affordable health insurance for those employees or pay penalties. The administration has been under substantial pressure to delay the mandate, in large part because employers are still struggling with understanding and implementing the provisions. Some small businesses had even considered reducing their workforces below the 50-employee threshold or cutting employee hours to escape penalties for not providing coverage.

Wednesday, July 3, 2013

Two Peas in a Pod: Licensing
Healthcare Facilities & Daycare Centers

Healthcare businesses are subject to complex rules and regulations, most of which are constantly changing. Providers of all types and sizes are constantly faced with licensure issues and compliance requirements. There are few industries as regulated as healthcare, but that is not to say that providers stand alone in the issues they face. In fact, one type of industry has a markedly similar oversight process: daycare centers.

In Kentucky, healthcare centers are inspected, monitored, licensed and certified by the Division of Health Care (“DHC”) within the Cabinet for Health and Family Services. DHC is responsible for investigating complaints against healthcare facilities, facility plans review and developing regulations. Also in the Cabinet for Health and Family Services is the Division of Regulated Child Care (“DRCC”). This division is responsible for licensing and investigating complaints against child daycare programs, residential child caring facilities and child-placing agencies.

Friday, June 21, 2013

Know Your People: OIG Issues New
Special Advisory Bulletin on Excluded Persons

The Office of the Inspector General of the Department of Health and Human Services has released a Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs. The Bulletin, issued May 8, 2013, supersedes and replaces a similar bulletin from 1999. It describes the scope and effect of the legal prohibition on payment by Federal health care programs for items or services furnished by excluded persons. The Bulletin also highlights the importance of rigorous screening for excluded persons and provides practical guidance on the frequency and scope of screening that the OIG expects.

Exclusion; Penalties
The OIG has the authority to exclude people or entities that have committed various violations from participation in Federal health care programs such as Medicare or Medicaid. The effect of OIG exclusion is that no Federal health care program payment may be made for any items or services furnished (1) by an excluded person or (2) at the medical direction of an excluded person. If a health care provider arranges or contracts - by employment or otherwise - with a person that the provider knows or should know is excluded, the provider may be subject to civil monetary penalties (CMPs) to the extent that the excluded person provides services payable, directly or indirectly, by a Federal health care program. CMPs can be as high as $10,000 for each item or service furnished by the excluded person, and an assessment of up to three times the amount claimed can be imposed. Other civil or criminal penalties may apply as well.[1]

Thursday, June 13, 2013

EHR Systems: Contracting for Change

Earlier, I discussed the recent decertification of two EHR Technology systems previously certified under ONC standards and, therefore, ineligible for use to meet “meaningful use” requirements.  Recently, these products failed a retest conducted by an ONC-authorized certification body.  The decertification was the first following the push to adopt EHR Technology to qualify for meaningful use incentives and to avoid an eventual reduction in Medicare program reimbursement.

An ONC decertification announcement is certainly a concern for healthcare providers that have purchased and implemented EHR Technology at great expense.  But there are ways providers can protect their organizations and mitigate the legal risks associated with an ONC decertification.

EHR Systems: Is Certification Ever Certain?

The 2009 Health Information Technology for Economic and Clinical Health Act provides the Department of Health & Human Services with the authority to establish programs to improve healthcare quality, safety, and efficiency through the implementation of health IT, including electronic health record technology. Under HITECH, eligible providers can qualify for Medicare and Medicaid incentive payments when they adopt certified EHR technology and use it to achieve specifically outlined objectives, known as “meaningful use requirements.”

To be eligible for meaningful use incentives, healthcare providers must use “certified” EHR Technology.  The Office of the National Coordinator for Health Information Technology is responsible for issuing the rules that establish the standards EHR Technology must meet to be certified and therefore eligible for meaningful use incentives.  ONC also appoints technology review bodies authorized to test and certify EHR Technology for compliance with ONC standards.

Tuesday, June 11, 2013

OIG Updates Self-Disclosure Protocol,
But Discourages Action

On April 17, 2013, the Office of Inspector General (“OIG”) issued an updated Provider Self-Disclosure Protocol (“SDP”). The initial protocol was created in 1998 (“’98 version”) with the goal of having providers voluntarily identify and disclose potential federal health care program fraud and work with the OIG to resolve the identified abuses. Specifically, the SDP offered guidance to providers (both individuals and entities) on how to investigate conduct, quantify damages, mitigate potential penalties, and report to OIG.  Further guidance came in a series of OIG Open Letters to the health care industry in 2006, 2008, and 2009. The updated SDP provisions supersede both the original version and the subsequent Open Letters.

OIG boasts that, since its inception, the SDP has led to over 800 disclosures and a recovery of more than $280 million for the federal health care programs. Those numbers, while impressive, are a drop in the bucket compared to the $25 billion the Department of Justice (“DOJ”) has recovered in prosecuting criminal and civil health care fraud during the same time frame. Given human nature, self-disclosure of potential wrongdoing is not a popular practice, but it appears that the new OIG updates only add to the difficulty of having providers willingly come forth. In today’s post, I’ll provide a brief overview of the updated eligibility and disclosure requirements.

OIG Updates Self-Disclosure Protocol,
But Discourages Action (continued)

On Tuesday, the changes to eligibility and disclosure requirements for the OIG’s Self-Disclosure Protocol (“SDP”) were discussed. Now, let’s take a look at certain disclosures and what has changed from the ’98 version.

Disclosures Involving Excluded Persons
Many SDP disclosures involve violations of employing or contracting with individuals who are on OIG’s List of Excluded Individuals and Entities (“LEIE”).  With the update, OIG has specified what is needed for a complete disclosure of this violation. A disclosure must include, among other things, biographical information on the excluded party, description of the disclosing party’s screening process, and a description of how the conduct was discovered.  The disclosing party must also screen all current employees and contractors against the LEIE.

Tuesday, May 28, 2013

Plan for the Worst, Hope for the Best:
Why You Must Have a HIPAA Risk Assessment

“The single biggest and most common compliance weakness is the lack of a timely and thorough risk analysis.”
     - Leon Rodriguez, head of the U.S. Health and Human Services Office for Civil Rights

When the Office for Civil Rights (“OCR”) auditor drops by your health facility to ensure that you are complying with HIPAA, one thing is for certain: he will be asking to see your Risk Assessment. Do you have one? Is it complete? Has it been used to develop and implement appropriate policies and procedures?

Audit Risks Are Real
OCR is cracking down on covered entities’ and business associates’ compliance with HIPAA. Audits are becoming commonplace and resulting in more and more providers being hit with fines and sanctions. You may think that even if you are subject to an audit, the penalty will only be a slap on the wrist. Think again. The maximum penalty for a HIPAA violation is now $1.5 million. Maybe you are too small a provider to be the target of an audit? Again, think again. In January 2013, Hospice of North Idaho agreed to pay the Department of Health and Human Services (“HHS”) $50,000 to settle potential HIPAA violations stemming from a 2010 incident involving a stolen, unencrypted laptop. It was the first HIPAA breach settlement involving less than 500 people. The hospice did not have a risk assessment in place.

Tuesday, May 21, 2013

Tools for the Trade: Understanding HIPAA

As a result of the intricate details and requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), it comes as no surprise that HIPAA Privacy and Security Rules can cause challenges and confusion for even the most sophisticated providers. With this in mind, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has recently provided tools meant to educate both consumers and providers on HIPAA.

Before OCR published this guidance on HIPAA and HITECH on its website, consumers (i.e., patients) routinely accepted and signed HIPAA Notices of Privacy Practice without understanding what rights HIPAA protects.  As a result, OCR aimed to familiarize consumers with their health information privacy and security rights by posting factsheets (available in eight languages) on their website. With this new online guidance, patients may come into a provider’s facility more informed and educated about their privacy rights and may demand greater privacy protections from their provider.  Thus, the OCR guidance could potentially change the privacy expectations of patients.

Thursday, May 16, 2013

Association Group Coverage Changes

Trade associations in Kentucky are being asked to show that they meet ERISA “bona fide association” requirements in order to continue to provide group health insurance for their members under health reform requirements effective in 2014.  Such group health insurance may be a more affordable option for some businesses as new health reform requirements begin to take effect.

In a nutshell, ERISA requires that an association be considered an “employer” to sponsor a group health plan at the association level.  In order to qualify as an “employer,” an association must meet bona fide association requirements, including like-industry and participant control requirements.  By sponsoring a group health insurance plan at the association (rather than the individual employer) level, associations are able to pass along to their employer members reduced-coverage premiums available under large group plans.

Tuesday, May 7, 2013

Doe v. Guthrie Clinic, Ltd.:
A New Privacy Battleground?

Most healthcare providers are aware of the significant liability implications of a breach of protected health information, including, in some cases, the cost of issuing a breach notification to affected individuals.  Providers have not, however, faced significant liability from patient lawsuits filed directly against a hospital or medical practice for damages arising from a breach of confidentiality.  The reason is, patients face an uphill battle when suing a hospital or medical practice directly because most laws that protect patient information, including HIPAA, do not provide a private right of action for patients to sue the provider.

Wednesday, May 1, 2013

Get Ready to Negotiate: OIG Authorizes Hospitals
to Pay Physicians for Call Coverage

Since the enactment of EMTALA in 1986, hospitals have struggled with providing sufficient call coverage to meet federal requirements as physicians have been increasingly hesitant to take on the added responsibility, cost, and risk of responding to emergency department requests for consultation.  With patients often presenting increasingly acute conditions with no health insurance coverage, physicians understandably find themselves between a rock and a hard place as utilization of hospital emergency departments has skyrocketed, particularly in Eastern Kentucky. And, it is becoming increasingly difficult to see these patients in the hospital emergency departments without also seeing the patients for follow-up in private physician offices, often without payment. Thus, the movement for hospitals to pay for physician call services started amid a tangled web of intricate financial relationships, power struggles between hospitals and medical staff, and a statutory and regulatory maze of the Stark Law and anti-kickback statutes.  Finally, good news is on the horizon as a result of a series of recent Department of Health and Human Services Office of Inspector General’s Advisory Opinions, which essentially give the okay for a hospital to pay a per diem fee to specialists providing unrestricted on-call coverage for hospital emergency departments within certain parameters.  For physicians, these OIG Opinions give clear guidance and should be a tool to negotiate payment for calls within the parameters of fair market value.

Final Rule for Physician Payments
Sunshine Act Recently Released

The long-awaited final regulations for the Physician Payments Sunshine Act (“Sunshine Act” or “Act”) were finally released on February 1, 2013. I previously discussed the Sunshine Act (see Here Comes the Sun, Are You Prepared?, 10/18/2012), but with the final rule now implemented, providers should take a second look at it and reconsider its implications.

The Act requires applicable manufacturers of drugs, devices, biological, or medical supplies covered by Medicare, Medicaid, or the Children’s Health Insurance Program (“CHIP”) to report payments or transfers of value provided to physicians or teaching hospitals. Additionally, applicable manufacturers and group purchasing organizations (“GPOs”) must annually report to CMS certain information regarding ownership or investment interests held by physicians (or their immediate family members).

Monday, April 29, 2013

The Doctor Is Out, But the PA Will See You Now

On March 25, 2013, Governor Steve Beshear signed House Bill 104, a bill that will change how Physician Assistants (“PAs”) practice in the Commonwealth. Under former law, a PA had to be directly supervised by a doctor in the first eighteen months of their medical practice. Kentucky had the longest supervision requirement of any state in the U.S.

The new law establishes that from July 2013 to May 2014, physicians will be required to be on-site as newly-graduated PAs provide care for the first three months of practice. On June 1, 2014, this requirement will be eliminated altogether. In addition, PAs may perform services in a location separate from their supervising physician; this is possible because supervisors may now “supervise” via telecommunication.

Thursday, April 25, 2013

Antitrust Agencies Continue Pursuit of
Improper Joint Contracting by Providers

The Federal Trade Commission ("FTC") and the Department of Justice’s Antitrust Division ("DOJ") continue to pursue competing providers that are not clinically or financially integrated but nevertheless attempt to jointly negotiate contracts with payors.

In January of this year, DOJ pursued price-fixing charges against an independent physicians association ("IPA") allegedly including 350 competing chiropractors in Oklahoma. DOJ alleged that the IPA comprised 45 percent of the chiropractors in Oklahoma. Allegedly, from 2004 to 2011, the IPA negotiated seven payor contracts that fixed prices for chiropractic services. DOJ found particularly troubling a mandatory membership agreement that, among other things, required members to suspend any existing contracts with payors upon joining the IPA and that required members not to accept a reimbursement rate below a stated rate. The IPA's website also supported DOJ's position that the IPA was not clinically or financially integrated as the website stated that members could continue as "an individual practice while associating with other chiropractors to increase contract-negotiating power." As a result, DOJ charged that the IPA was engaged in price-fixing in violation of Section 1 of the Sherman Act. The IPA entered into a settlement agreement prohibiting any future negotiations with payors on behalf of its members.

Monday, April 8, 2013

OIG 2013 Work Plan Gives
Direction for Physicians

The government’s healthcare fraud prevention and enforcement efforts recovered a record $4.2 billion in taxpayer dollars in Fiscal Year 2012, up from nearly $4.1 billion in FY 2011. Over the last four years, the administration’s enforcement efforts have recovered $14.9 billion, up from $6.7 billion over the prior four-year period.  During 2012, the Department of Justice opened 885 new civil healthcare fraud investigations, with 1,023 civil fraud matters pending at the end of the year.  The DOJ also reported a record 647 whistleblower lawsuits and recovered $3.3 billion from lawsuits filed by whistleblowers.

On the criminal side, the DOJ opened 1,121 new criminal healthcare fraud investigations with 2,032 healthcare fraud criminal investigations pending at the end of FY 2012.  The DOJ filed criminal charges in 452 cases involving 892 defendants during that time.

Friday, April 5, 2013

House Bill 1 Revisited: Kentucky
General Assembly Amends “Pill Mill” Bill

In a 2012 Special Session, the Kentucky General Assembly passed House Bill 1, also known as the “pill mill” bill, to rein in the over-prescribing of prescription drugs and the diversion of prescription drugs.

Following passage of House Bill 1, and its being signed into law by Governor Beshear, the Cabinet and various licensure boards issued regulations implementing House Bill 1’s requirements.  After emergency regulations were promulgated, Governor Beshear’s office held a series of stakeholder meetings.  Governor Beshear’s office, as well as various licensure boards, recognized that House Bill 1 and the implementing regulations would require amendment and refinement to address concerns raised by the provider community and other stakeholders.  During the 2013 Regular Session of the General Assembly, some of these concerns were addressed in House Bill 217, which amended portions of House Bill 1.

Monday, April 1, 2013

More on the Final HIPAA Omnibus Rule

To follow up our previous blog on the Final Omnibus Rule (“Rule”) regarding HIPAA and HITECH, 78 Fed.Reg. 17, Part II, 5566-5702 (Jan. 25, 2013), which modifies 45 CFR Parts 160 and 164, we will now discuss the changes to the Breach Notification Rule. The modifications will greatly reshape how Covered Entities and Business Associates view a breach.

New “Breach” Standard
Previously, breach was defined as the “acquisition, access, use, or disclosure of protected health information (“PHI”) in a manner not permitted under [the Privacy Rule] which compromises the security or privacy of the PHI.” Compromising the security or privacy of PHI meant “posing a significant risk of financial, reputational, or other harm to the individual.” 45 CFR §164.402 (emphasis added). The problem, according to HHS, was that some covered entities interpreted the “risk of harm” standard as higher than HHS intended.

HHS Issues Final HIPAA Omnibus Rule

The U.S. Department of Health and Human Services (“HHS”) recently announced its issuance of the highly-anticipated regulations or Final Omnibus Rule (“Rule”) relating to the modification of the HIPAA Privacy, Security, and Enforcement rules under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”). 78 Fed.Reg. 17 Part II (January 25, 2013) modifying 45 CFR Parts 160, 162, 164. The Final Rule, 78 Fed.Reg. 17 Part II, 563 pages in length, makes significant changes of which all providers need to be aware. A complete examination of the sweeping changes cannot be done in one article, so we will make a general summary of the most important changes.

The new HIPAA Rule extends certain provisions of the HIPAA Privacy, Security, and Breach of Notification Rules to Business Associates (“BA”). This means that a BA is now legally accountable for compliance with HIPAA rules.

Wednesday, March 20, 2013

A Pyrrhic Victory: CMS Agreement to Pay
Part B When Part A Denied Falls Short in
Addressing Hospital Concerns

On March 13, 2013, the Centers for Medicare & Medicaid Services (CMS) announced a policy ruling [1] that, while on the surface appearing promising, likely fails to address concerns raised by the American Hospital Association (AHA) and other stakeholders related to CMS' position on reimbursement for Part B services when a hospital’s Part A inpatient claim is denied. In addition to the ruling, CMS released a proposed rule to permanently revise its Part B inpatient billing policy to be consistent with the ruling. [2]

The CMS ruling, CMS-1455-R, follows numerous Medicare Appeals Council and Administrative Law Judge decisions allowing Part B payments in this circumstance. In addition, the ruling comes in the wake of a lawsuit filed by the AHA in November 2012 over CMS' refusal to reimburse hospitals for Part B services when Recovery Auditors (f/k/a as Recovery Auditor Contractors) deny hospitals’ Part A inpatient claims for reasonable and necessary care.

Tuesday, March 19, 2013

An Analysis of Urinalysis:
Considerations for Health Providers

Urinalysis, also referred to as urine drug screening, is an important procedure that health providers use for several reasons: to monitor patients’ medication compliance, detect drug abuse, or identify the presence of disease. There are numerous implications that accompany a urinalysis examination though, and health providers are sometimes left wondering if they should hand over the cup to patients.

First, physicians and providers should anticipate the entire continuum of possible test results, including results outside the original purpose of the urinalysis.  For example, an ob-gyn may perform a urinalysis during a pregnant patient’s routine prenatal visit to determine hormone levels but test results may also indicate recent patient drug use. Further, if the results reveal that the mother is using marijuana, the ob-gyn must be prepared to deal with that information. A patient, even a consenting one, may feel uncomfortable or violated if the provider discusses what the test reveals outside the agreed-upon test purpose. Providers should clearly communicate why they are testing the urine and advise the patient that the test can reveal other things.  This can be accomplished through intake forms or treatment contracts, as well as communications informing the patient through the course of treatment, but it is advisable that the provider disclose the purpose and potential outcomes before testing.

Kentucky Health Cooperative One Step Closer

The Kentucky Department of Insurance just approved Kentucky Health Cooperative’s (“KYHC”) entry into the Commonwealth of Kentucky’s HMO insurance market. With this endorsement, KYHC will now be allowed to offer health plans to hundreds of thousands of Kentuckians beginning in October 2013. Benefits are set to begin in January 2014—the deadline for when most citizens will be required to have health insurance under the Affordable Care Act (“ACA”).

KYHC, based in Louisville, was previously selected by the United States Department of Health and Human Services (“HHS”) to receive loans to create and operate a Consumer Oriented and Operated Plan (“CO-OP”) in the state.  The ACA has appropriated $3.8 billion to finance the CO-OP program and award loans and grants to establish CO-OP entities. A CO-OP performs the same functions as an insurance company, but is a non-profit, member-run organization that focuses on a single state market. The goal of the CO-OP program is to increase competition among insurers, reduce premiums, and raise the standard of health care insurance.

Tuesday, March 12, 2013

Medicaid Expansion in Kentucky

The Supreme Court upheld much of President Obama’s Patient Protection and Affordable Care Act (“PPACA”) in National Federation of Independent Business et al v. Sebelius, but overturned a key element of PPACA’s Medicaid expansion provisions. Originally, PPACA required states to expand Medicaid coverage to individuals at or below 133 percent of the federal poverty level or risk forfeiting existing federal funding for the state’s Medicaid program.  In National Federation, the Supreme Court held that PPACA could not withdraw existing Medicaid funding from states choosing not to expand their programs. This change presents each state with a meaningful choice to opt in or out of PPACA’s Medicaid expansion.

Thursday, February 28, 2013

Senate Finance Committee Takes
In-Depth Look at Fraud & Abuse

Earlier this week, I discussed the HHS and DOJ Annual Report for the Health Care Fraud and Abuse Program.  HHS and DOJ are not the only ones determined to purge the health care industry of its woes.   On January 31, 2013, a group of six current and former members of the Senate Finance Committee released a comprehensive report detailing recommendations on combating waste, fraud and abuse in the Medicare and Medicaid Programs.

The Committee, which has jurisdiction over Medicare and Medicaid, is led by current Chairman Max Baucus (D-MT) and Ranking Member Orrin Hatch (R-UT). They were joined by Senators Tom Coburn (R-OK), Ron Wyden (D-OR), Chuck Grassley (R-IA) and Tom Carper (D-DE). Together this group solicited recommendations from 164 health care industry experts across the country. According to Baucus, the Committee received over 2,000 pages of input and ideas from the nation’s health care community, which offered common sense solutions to strengthen Medicare and Medicaid.

Wednesday, February 27, 2013

Annual Report Details Record Breaking Success
in Health Care Fraud Prevention

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) required the establishment of a national Health Care Fraud and Abuse Control Program (“HCFAC”). The HCFAC Program is a joint Department of Justice (“DOJ”) and Health and Human Services (“HHS”) coordination of federal, state and local law enforcement activities to combat fraud committed against all health plans, both public and private.

Under HIPAA, DOJ and HHS are required to release an annual report which details the amounts deposited and appropriated to the Medicare Trust Fund, among other findings.

Final Sunshine Rule:
Get Ready to Start Tracking Data

On February 8, 2013, after a long delay, the Centers for Medicare & Medicaid Services ("CMS") published in the Federal Register [1] the final rule ("Final Rule") implementing the Physician Payment Sunshine Act ("Sunshine Act") enacted pursuant to section 6002 of the Affordable Care Act. The Final Rule, while largely in line with the proposed rule, [2] makes some helpful clarifications and simplifies the requirements for reporting research payments.

In accordance with the Sunshine Act, the Final Rule has two primary reporting obligations. First, the Final Rule requires applicable manufacturers of drugs, devices, biologicals, or medical supplies covered by Medicare, Medicaid or the Children’s Health Insurance Program ("CHIP") to report annually direct or indirect payments or transfers of value made to non-employee physicians (broadly defined) and teaching hospitals. Second, the Final Rule requires applicable manufacturers and group purchasing organizations ("GPOs") to report annually any ownership and investment interests held by physicians (or any of their immediate family members) in the preceding calendar year as well as information on any direct or indirect payments or other transfers of value to such physician owners or investors (or any of their immediate family members). [3] For applicable manufacturers, there is obviously some overlap between the first and second reporting obligations, but CMS clarifies that applicable manufacturers should include payments or other transfers of value to physician owners or investors in the same report used to satisfy the first obligation.

Monday, January 28, 2013

HHS Issues Final HIPAA/HITECH Rule

The United States Department of Health and Human Services (“HHS”) issued its Final Rule modifying the requirements of the Health Insurance Portability and Accountability Act (“HIPAA”) privacy and security regulations pursuant to the Health Information Technology for Economic and Clinical Health Act (“HITECH”) on January 17, 2013. The Final Rule strengthens the privacy and security requirement of HIPAA governing protected health information (“PHI”) and gives HHS greater enforcement authority to police violations of the privacy and security requirements. The Final Rule will require health care providers and their business associates to re-evaluate their HIPAA compliance policies and procedures to avoid potential liability for violations of HIPAA requirements.

Thursday, January 24, 2013

After A Two-And-A-Half Year Wait, HHS Finalizes
Modifications to HIPAA Rules: Prepare Now For Changes

On January 17, 2013, the U.S. Department of Health and Human Services ("HHS") issued the highly anticipated omnibus final rule (the "Final Rule") to modify the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") pursuant to the Health Information Technology for Economic and Clinical Health Act ("HITECH"). Following the enactment of HITECH, HHS issued interim final rules to implement the breach notification requirements and certain of the enforcement provisions of HITECH (collectively, the "Interim Rules"), and in July of 2010 HHS issued a proposed rule to implement modifications to the privacy and security provisions of HIPAA. Since that time, Covered Entities and their Business Associates and subcontractors have been awaiting the Final Rule to confirm the extent to which these modifications, which are aimed primarily at strengthening the privacy and security protections for protected health information ("PHI") and tightening the HIPAA enforcement provisions, will impact their operations, contractual relationships and potential exposure for HIPAA liability.

The Wrap-Around Slap-Around for
Primary Care Centers

For Kentucky Primary Care Centers (“PCCs”), Rural Health Centers (“RHCs”), and Federally Qualified Health Centers (“FQHCs”), getting the run-around from Medicaid on wrap-around payments is not so unusual.  Frequently, these providers complain that supplemental payments distributed by the Kentucky Department for Medicaid Services (“Medicaid”) are too low, too late or both.

Last week, the situation got worse for PCCs who received a slap in the face from Medicaid in the form of a letter declaring that, effective February 1, 2013, PCCs that do not carry a federal designation as a rural health care provider will no longer receive Medicaid wrap-around payments.

Thursday, January 10, 2013

United States Dismisses False Claims Act Lawsuit
Against Renal Care Group After Seven Years of Litigation

In late December 2012, the United States filed a stipulation of dismissal in United States ex rel. Williams v. Renal Care Group, et al., No. 3:09-cv-00738 (M.D. Tenn.), bringing to close the seven-year-old False Claims Act lawsuit filed against Renal Care Group, Renal Care Group Supply Company, and Fresenius Medical Care Holdings, Inc.

The United States' stipulation of dismissal followed the October 2012 decision by the United States Court of Appeals for the Sixth Circuit (opinion available here), which reversed the district court’s grant of summary judgment in favor of the United States, vacated the $82 million award in damages and penalties levied against the defendants, and entered summary judgment in favor of the defendants on two of the six counts brought by the United States. The district court’s entry of the United States' stipulation of dismissal resulted in the dismissal of the remaining four counts brought against the defendants by the United States.

Tuesday, January 8, 2013

Play or Pay Mandate: IRS Issues Proposed
Regulations on the Affordable Care Act

On December 28, the Internal Revenue Service issued proposed regulations (now available here) providing much-anticipated guidance with respect to the requirement under the Patient Protection and Affordable Care Act of 2010, as amended (the "Affordable Care Act") that large employers offer health plan coverage to certain employees. This employer shared responsibility requirement is often referred to as the "play or pay mandate."

Starting in 2014, under the play or pay mandate, employers with at least 50 full-time equivalent employees must offer an eligible health plan that provides minimum value on an affordable basis to employees and their dependents. An employer that fails to provide the requisite coverage will risk being assessed a penalty if any of its full-time employees (i.e., in general, employees working an average of 30 hours per week) receive subsidized coverage through a health plan exchange. If an employer fails to offer an eligible health plan and at least one full-time employee receives subsidized coverage through a health plan exchange, the annual penalty is $2,000 per full-time employee (less 30 employees). If an employer offers an eligible health plan, but at least one full-time employee receives subsidized coverage through a health plan exchange because the employer’s plan does not provide minimum value or is not affordable, the annual penalty is the lesser of (i) $2,000 per full-time employee (less 30 employees) or (ii) $3,000 per full-time employee receiving subsidized coverage through a health plan exchange.