Thursday, December 11, 2014

Failure to update HPSA and MUA Designations
Threatens Rural Health Clinics

For Medicare certification as a rural health clinic (“RHC”), the clinic must be located in a rural area that is designated as a shortage area.[1] Specifically, the Centers for Medicare & Medicaid Services (“CMS”) require that applicants requesting entrance into the Medicare program as a rural health clinic be located in a current shortage area for which a designation is made or updated within the current year or within the previous three years.[2] In other words, to be a current designation, the designation cannot be more than four years old. And, of course, state licensure regulations also require that the RHC be located in a health professional shortage area or a medically underserved area and must be operated in compliance with federal, state and local law.[3]

Thursday, December 4, 2014

Telehealth/Telemedicine: Opportunity for
Physicians & Providers to Add New Service

The cost effectiveness of providing health care via telemedicine or telehealth promises to be an effective tool to increase coverage and reimbursement of healthcare provided remotely or through telehealth. Towers Watson, a national consulting company, recently published a study that suggests that telemedicine could save the health care industry $6 billion annually. “Achieving this savings requires a shift in patient and physician mindsets, health plan willingness to integrate and reimburse such services, and regulatory support in all states,” according to Dr. Allan Khoury, a senior consultant at Towers Watson.[1]

Friday, September 19, 2014

Reminder: Update Your “Grandfathered” HIPAA
Business Associate Agreements Now!

In January 2013, the Department of Health and Human Services published its Final Rule, which significantly increased the privacy and security responsibilities for the “business associates” of “covered entities,” as those terms are defined by HIPAA. A provision within the Final Rule mandated that all covered entities and their business associates revise their business associate agreements to reflect the new responsibilities. Specifically, a business associate must now, among other things:

Wednesday, September 3, 2014

Health Care Industry Familiar with
HIPAA Breaches, Not So Much Hackers

Community Health Systems, which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.

Wednesday, August 20, 2014

FDA Issues Guidance for Drug & Device
Companies’ Social Media Interactions

In June, the U.S. Food and Drug Administration issued two draft guidance documents for the pharmaceutical and medical device industries related to social media. The guidance is part of an asserted effort by FDA to provide more clarity regarding how drug and device manufacturers may appropriately communicate through Internet platforms.

The first document, Internet/Social Media Platforms with Character Space Limitations—Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices, addresses advertising and promotional communications concerning prescription drugs and medical devices on sites where character space is limited, such as Twitter and sponsored search engine results. The guidance specifies, among other things, that each “tweet” must include both benefits and risks of the promoted drug and should include a hyperlink to a more comprehensive list of risks and side effects.

Wednesday, August 13, 2014

Upcoming HIPAA Deadlines for
Employer-Sponsored Group Health Plans

September 22, 2014, Deadline for Certain Business Associate Agreements
The Health Insurance Portability and Accountability Act (“HIPAA”) requires a covered entity, including an employer-sponsored group health plan subject to HIPAA, to enter into a HIPAA-compliant business associate agreement with each of the covered entity’s business associates (i.e., entities that perform services for the health plan and have access to protected health information). In 2013, the Department of Health and Human Services (“HHS”) issued final regulations modifying HIPAA. The regulations required HIPAA-covered entities to amend or restate their business associate agreements to reflect the new regulations.

Tuesday, July 29, 2014

Update: CMS Issues Revised Guidance on
Hospice & Part D Prior Authorization Process

A few weeks ago, we discussed CMS’ newly-issued guidance establishing a prior authorization process for Hospice and Part D providers (read more here). As our previous blog post emphasized, soon after its March 10 implementation, advocacy groups, hospice associations, and members of Congress began urging CMS to suspend the process. According to opponents, the prior authorization requirement creates a barrier for beneficiaries to access necessary medications and leaves them to navigate complicated payor disputes in the midst of their terminal illnesses.

Thursday, July 24, 2014

Labs & Referring Physicians Take Note of OIG’s Special Fraud Alert

Recently, the U.S. Department of Health & Human Services, Office of Inspector General issued a Special Fraud Alert entitled, “Laboratory Payments to Referring Physicians.” The Alert focuses on specimen processing arrangements and registry arrangements. These arrangements, according to the OIG, pose substantial risks for fraud and abuse under the federal Anti-Kickback Statute.

One purpose of the Anti-Kickback Statute is to protect patients from inappropriate medical referrals or recommendations by health care professionals who may be unduly influenced by financial incentives.  When remuneration is paid purposefully to induce or reward referrals of items or services payable by a federal health care program, the statute is violated.  Arrangements between referring physicians and laboratories have long been subject to scrutiny by the OIG for their potential to violate the Anti-Kickback Statute. [1]

Friday, July 18, 2014

New Law Affecting APRNs
Takes Effect July 16, 2014

Senate Bill 7, signed by Governor Beshear on February 26, 2014, becomes effective today. The new law allows for an Advanced Practice Registered Nurse to request to discontinue a Collaborative Agreement for Prescribing Authority for Non-Scheduled drugs after having a CAPA-NS in place for four years. Specifically, the new law states:

After four years of prescribing with a CAPA-NS in collaboration with a physician:

Wednesday, July 16, 2014

New Part D Regulations Face Increased
Scrutiny from Advocacy Groups & Congress

On March 10, 2014, the Centers for Medicare & Medicaid Services issued a memorandum to Part D Plan Sponsors and Medicare Hospice Providers, entitled “Part D Payment for Drugs for Beneficiaries Enrolled in Hospice – Final 2014 Guidance.” The Guidance, effective since May 1, 2014, requires a prior authorization process for Hospice and Part D providers to determine their respective responsibility for drug coverage.  The Guidance followed a 2012 OIG report, entitled “Medicare Could Be Paying Twice for Prescription Drugs for Beneficiaries in Hospice,” which found that Medicare Hospice patients’ medications were sometimes paid for by Part D rather than by the patient’s Hospice program.

Thursday, June 26, 2014

AMA Releases Guiding Principles on Telemedicine

The American Medical Association recently approved “guiding principles” regarding the provision of medical services through telecommunications technologies, i.e., telemedicine. These principles stem from a previous policy report developed by the AMA’s Council on Medical Service and address major issues in telemedicine, including:

  • Ensuring the appropriate coverage of and payment for telemedicine services;
  • Fostering innovation in the use of telemedicine;
  • Protecting the patient-physician relationship; and,
  • Promoting improved care coordination with medical homes.

Wednesday, June 4, 2014

Physician Reminder: On-Site Supervision of PA’s No Longer Required

Physician assistants are increasingly playing an active role in patient care, and states are finally modernizing practice laws, making it easier for them to do so. In March 2013, Governor Steve Beshear approved a law, finalized in House Bill 104, which removed the stringent state requirement that physicians be on-site with PAs during their first 18 months of medical practice.

The law approved a reduced physician supervision time of three months for newly-graduated PAs through May 2014. In addition, under the law, the supervision requirement is eliminated altogether as of June 1, 2014. The bill garnered national attention and even made headlines in The Wall Street Journal (see Melinda Beck, Battles Erupt Over Filling Doctors’ Shoes, The Wall Street Journal, Feb. 4, 2013), as Kentucky was the only state with such a lengthy on-site requirement and one of only three states in the country with any such period of time for new PAs.

Wednesday, May 28, 2014

Electronic Data Breach Leads to
Largest HIPAA Settlement to Date

The Office of Civil Rights of the Department of Health and Human Services recently entered into a $4.8 million dollar settlement with two New York-based health care organizations after a data breach involving electronic protected health information occurred.  The agreement is the largest HIPAA settlement thus far.

New York and Presbyterian and Columbia University are covered entities that participate in a joint arrangement in which CU faculty members serve as attending physicians at NYP.  The entities operate a shared data network and a shared network firewall that is administered by employees of both entities. The shared network links to NYP patient information systems containing ePHI.

Tuesday, May 27, 2014

All Eyes on Hospice Care

In 2013, the Department of Justice and Office of Inspector General charged the nation’s largest for-profit hospice chain, Vitas Innovative Hospice Care, with false Medicare billings, inappropriately luring patients with “aggressive marketing tactics,” and misleading patients and families about Medicare hospice benefits. This suit is just one of many recently filed against hospice providers, indicating that they are being watched keenly by enforcement authorities and government agencies.

Monday, April 28, 2014

No Good Deed Goes Unpunished: Think through Labor
Implications when Forming Partnerships with Other Providers

Imagine an accountable care arrangement with two main partners – a health system with three hospitals and a large multi-specialty physician group practice.  Before they partnered in this arrangement, the health system relied on hospital-based imaging units for outpatient scans. The physician group practice, however, has three outpatient diagnostic imaging centers. These large, modern, and convenient centers perform a large number of procedures, which tends to both lower cost and improve quality.

The partners agree that the health system will start referring outpatient scans to the practice’s imaging centers – the whole point of accountable care arrangements, after all, is to align providers to deliver the best outcomes for patients in the most efficient ways possible.

Tuesday, April 22, 2014

A New Reason to Protect
Protected Health Information

Recently, an Indiana jury awarded a plaintiff $1.8 million in damages after a Walgreens pharmacist inappropriately used her position to find and share the plaintiff’s protected health information (“PHI”). [1]

As health care providers know, the Health Insurance Portability and Accountability Act (“HIPAA”) provides both civil and criminal penalties for improper disclosure of medical information but it does not create a state-based private cause of action for violation of its provisions. Thus, when someone’s PHI is inappropriately shared or disclosed by a health care provider, the individual does not have personal legal recourse against the offending party. The recent Indiana case (herein “Walgreens Co.”) illustrates, however, that HIPAA still has a significant role in state court suits alleging negligence and professional liability as it relates to confidentiality.

Thursday, April 3, 2014

A New HIPAA Security Risk Assessment
Tool for Your Compliance Arsenal

On Friday, the U.S. Department of Health and Human Services announced a new security risk assessment (“SRA”) tool for small and medium size healthcare providers.

The downloadable tool (available for free here) is a self-contained, independent application that is available for Windows and iOS platforms.

The SRA works by asking a series of in-depth questions about the provider’s activities and facilities. The “yes” or “no” answer format for each question reveals whether corrective action is needed in a particular area. Additional resources in the SRA help providers understand the risks associated with the use, disclosure and storage of protected health information.

Wednesday, March 26, 2014

FTC: Don’t Limit APRNs Crucial Role in Health Care

The Federal Trade Commission recently released a policy paper suggesting that state legislators should be cautious when evaluating legislative proposals to limit the scope of practice of Advance Practice Registered Nurses.  The FTC is concerned that by imposing more stringent physician supervision requirements, APRNS are effectively being restricted by another type of health care professional (the physician), thereby denying consumers the benefits of greater competition.  This is especially troubling in light of the significant shortage of primary care practitioners in the U.S.  By allowing APRNs to practice without heavier regulatory burdens, access to health care can be increased and possibly lead to “lower costs, better care, and more innovation,” according to the FTC.

Monday, March 17, 2014

Secure Text Messaging in a HIPAA World? Part II

In an earlier post, I referred to mobile applications such as TigerText and Doc Halo which are being touted as a method of “HIPAA-compliant” texting. These apps allegedly secure protected health information (PHI) sent via text message to ensure providers’ compliance with HIPAA privacy law. Covered entities must realize, however, that the use of these apps alone is not sufficient to pass a HIPAA audit. While HHS has not banned the texting of patient information, it has made clear that an organization should approve it only after “performing a risk analysis or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.”

Friday, March 14, 2014

Secure Text Messaging in a HIPAA World?

Texting is becoming an increasingly acceptable form of communication in the business world.  But can it be relied upon in the health care industry? There are numerous advantages to texting in the fast-paced world of health care. In an environment where time is of the essence, voicemails and pagers can slow down providers’ care and fail to convey adequate information. A text, on the other hand, is both immediate and can be detail-specific. In addition, texting can involve more than one sender and/or receiver in a closed-loop conversation, and, unlike through the paging system, a sender can be notified when the message has been read by the receiver(s). Text messaging can not only improve an entity’s efficiency, but it can also serve as a way to connect easily with patients, thereby improving quality of care.

Thursday, February 27, 2014

The Waiting Game: Reprieve on New RAC Requests and
Insight from the Office of Medicare Hearings and Appeals
Appellant Forum

Two recent developments leave healthcare providers with some welcome relief but much uncertainty in the Medicare claims audits and appeals arena. Effective on February 21, 2014, CMS ordered Recovery Audit Contractors ("RACs") to temporarily stop all medical record requests amid complaints from the provider community about RACs in particular and the overburdened appellate system generally. This development followed the Office of Medicare Hearings and Appeals ("OMHA") hosting a highly anticipated Medicare Appellant Forum ("Forum") on February 12, 2014 in Washington, D.C. to provide an opportunity for appellants to communicate and share ideas directly with OMHA in light of crippling delays in the appeals process. OMHA officials explained multiple factors behind the delays of more than two years in processing hearing requests and offered several initiatives in development to bring greater efficiency and transparency to the process. However, an appellant community looking for immediate fixes expressed its dissatisfaction with seemingly distant solutions. 

Wednesday, February 19, 2014

Regulation, Suboxone Clinics & Unintended Consequences

As we all know, prescription drug abuse is a significant problem in Kentucky; so significant that the Kentucky Legislature enacted the toughest and most cumbersome requirements for prescribing controlled substances in the United States.  By authorizing the Kentucky Board of Medical Licensure through its regulatory process to promulgate additional standards for prescribing, Kentucky’s physicians have become the most regulated and policed of any in the country and probably the entire Western Hemisphere.  In 2013, the number of Kentucky deaths from overdoses of controlled substances actually declined for the first time in many years.  Some have suggested that the decline is a direct result of the stringent prescribing regulations, but this is pure speculation.

Friday, February 7, 2014

Coming to a Medical Practice Near You: HIPAA and Hi-Tech Audits

On December 26, 2013, the U.S. Health and Human Services Office of Civil Rights announced its first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health Act. Adult & Pediatric Dermatology, P.C., of Concord, Massachusetts agreed to settle potential violations with a $150,000 penalty and corrective action plan.

Friday, January 31, 2014

Part II: Understanding All-Payer Claims Databases

Earlier this week, we discussed the benefits of all-payer claims database (“APCD”) systems.  Nine states currently have APCDs in place, but Kentucky is not one of them.  These systems provide a multitude of information on the cost, use, and quality of health care in a given state, but the question remains: how do providers feel about APCDs?

APCDs were developed before the enactment of the Affordable Care Act, but with the subsequent national focus on quality and cost containment, it is easy to see why these systems have gained tremendous popularity in recent years.

Part I: Understanding All-Payer Claims Databases

Over the last decade, many states have established all-payer claims database (“APCD”) systems that collect medical, pharmaceutical, and dental eligibility and claims information.  Payers, including insurance providers, third-party administrators, prescription drug plans, Medicaid, and Medicare, are responsible for depositing eligibility and claims data into a collective system. The data can then be used to generate important information about cost and quality of care. By gathering detailed information in one place, a statewide picture emerges – information on service providers, patient demographics, and other important healthcare data.

Wednesday, January 8, 2014

The Sun is Not Setting on the EHR Safe Harbor

The Centers for Medicare & Medicaid Services and the U.S. Department of Health & Human Services Office of the Inspector General recently announced that the regulation allowing certain healthcare entities to donate electronic health records (with the entity subsidizing up to 85% of the donor’s costs) to physicians has been extended to December 31, 2021. The regulation, which provided a safe harbor from the Stark Law and anti-kickback statute, was set to expire on December 31, 2013.

Monday, January 6, 2014

“Essential Benefits” Will Lead to
More Patients for Some Providers

In a 2009 speech to the American Medical Association, President Obama promised, “If you like your health care plan, you’ll be able to keep your health care plan, period. No one will take it away, no matter what.” This declaration came as the health care law was being written, and similar statements were repeated by the President after the bill became law.

By August, waves of cancellation notices were being mailed to policy holders stating that they could not keep their current health care plan, after all. This came as no surprise to those in the insurance and health care industry who have spent countless hours working to implement Affordable Care Act provisions. It was inevitable that many policies would have to be cancelled in light of the ACA’s ten essential health benefits provision and ban on pre-existing conditions.