Health Care Professionals Take Note of the New HIPAA Rules

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law, and Lance O. Leider, J.D., The Health Law Firm

With the popularity of electronic health records (EHRs), social media and everything in between, the U.S. Department of Health and Human Services (HHS) has released stronger rules and protections governing patient privacy. On January 17, 2013, the HHS announced the omnibus rule to strengthen the privacy and security protection established under the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Click here to read the entire 563-page rule.

Now, I can’t say that I’ve read the entire document yet, but I can tell you about the major parts of the omnibus rule, and what it means to you.

It is Your Responsibility to Keep Patient Information Safe.

HHS is expanding the government’s jurisdiction over healthcare providers, health plans and other entities that process health insurance claims to include their contractors and subcontractors with whom providers share protected health information. As the industry embraces new care delivery models, including accountable care organizations (ACOs) and integrated delivery systems, data is exchanged between physicians, hospitals and additional providers to improve care and reduce costs. This all has to be done while keeping patient data safe. According to the HHS, some of the largest breaches involve business associates and not the covered entities themselves.

The government is committed to doing more HIPAA compliance audits and collecting more fines.  The fines the government collects will help to fund the audit process. Because of this rule, we will see audits of business associates and their subcontractors, not just covered entities.

Under the new rule, penalties have been increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.

The “Wall of Shame” is a Public Display of Breaches.

The changes also improve the Health Information Technology for Economic and Clinical Health (HITECH) breach notification requirements by making it clear when breaches must be reported to the Office for Civil Rights (OCR), according to the HHS.

Once reported to the OCR, the breaches are then placed on what is commonly known in the healthcare industry as the “Wall of Shame.” It’s a comprehensive list of privacy breaches each affecting more than 500 people. We’re currently working on a “Wall of Shame” blog, so more on that later.

Patient Demographics and Marketing.

One part of the final rule also sets new regulations for how patient information can be used for marketing and fundraising. It ensures that such information cannot be sold without a patient’s permission. According to an article in Fierce Healthcare, this provision is a huge win for patient advocates and privacy groups who blast hospitals for mining patient data to target affluent or privately insured patients. Hospitals using health and demographic data from patients’ records to target advertising could be in hot water.

Click here to read the entire Fierce Healthcare article.

If Your are Unsure, Get a HIPAA Risk Assessment.

Since the HIPAA laws have changed, you need to edit your privacy forms and procedures. Many health providers simply don’t have the time to re-review their policies and revise documents. A HIPAA risk assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws.  Federal regulations require that covered entities have this assessment done. A HIPAA risk assessment can significantly reduce, if not entirely eliminate, your exposure to regulatory and litigation sanctions.

When the OCR auditor comes to visit your office to check for HIPAA compliance, they will ask for your risk assessment. Do you have one? Does your staff know who your HIPAA compliance officer is? Call an experienced health law attorney to complete a risk assessment of your practice today. To learn more on HIPAA risk assessments, click here to read a blog we wrote.

Take a Closer Look at Your Privacy Practices.

Healthcare providers, now is the time to revise your Notice of Privacy. The final rule will be effective on March 26, 2013. Covered entities and their business associates will have until September 21, 2013, to comply.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sound Off.

What do you think about the new HIPAA rules? Do you think these updates were necessary? Do you think it will be difficult for health professionals to comply? Please leave any thoughtful comments below.

Sources:

HHS Press Office. “New Rule Protects Patient Privacy, Secures Health Information.” U.S. Department of Health and Human Services. (January 17, 2013). From: http://www.hhs.gov/news/press/2013pres/01/20130117b.html

Struck, Kathleen. “HIPAA Rules Fortify Patient Privacy.” MedPage Today. (January 21, 2013). From: http://www.medpagetoday.com/PracticeManagement/InformationTechnology/36940

Conn, Joseph. “New Rule: Hospital, Physician Partners Face Penalties for Privacy Leaks.” Modern Healthcare. (January 17, 2013). From: http://www.modernhealthcare.com/article/20130117/NEWS/301179957/new-rule-hospital-physician-partners-face-penalties-for-privacy&utm_source=home&utm_medium=web&utm_campaign=most-popular-box

Caramenico, Alicia. “New HIPAA Rule a Delicate Balance Between Privacy, Sharing.” Fierce Healthcare. (January 18, 2013). From: http://www.fiercehealthcare.com/story/new-hipaa-rule-delicate-balance-between-privacy-sharing/2013-01-18

Authors: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone:  (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Florida Pharmacy Owner Accused of Medicare Fraud

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

A family that owns a number of South Florida pharmacies is allegedly under investigation for Medicare fraud, according to a number of sources. On January 17, 2013, federal authorities raided one pharmacy location in Naples, Florida. Drug Enforcement Administration (DEA) agents removed boxes of documents and computers from the pharmacy, according to Naples News. The pharmacy owner and his mother are allegedly being investigated by the U.S. Office of Inspector General (OIG) of the Department of Health and Human Services (HHS).

Click here to read the entire Naples News article.

Pharmacy Owner and Mother Allegedly Submitted False Claims to Medicare, Medicaid and Tricare.

According to NBC2, a South Florida television station, the pharmacy owner and his mother were both allegedly part of a scheme that defrauded Medicare. The family allegedly submitted claims to Medicare Part D after beneficiaries had died. This information came from a letter sent to Medicare Part D providers from the Centers for Medicare and Medicaid Services (CMS) on October 17, 2012. The letter was obtained by NBC2. The scheme allegedly also involved submitting false claims to Medicaid and Tricare.

Click here to watch the NBC2 news story.

Investigation is Ongoing.

The pharmacy that was raided is part of a chain of stores owned by the same family. So far, only the pharmacy located on Rattlesnake-Hammock Road in Naples is being investigated. That location is reportedly still closed, but the other pharmacy locations are open.

Neither the DEA nor the OIG of the HHS has released a press release on this investigation.

As in all media reports, please remember that all persons are presumed to be innocent until proven guilty in a court of law.

Pharmacies Are Being Raided and Shutdown  All Over the State.

If  you have watched the news at all lately or have been reading our blog, you can tell there have been an increased number of raids on pharmacies, arrests of pharmacists and emergency suspension orders issued from the Department of Health (DOH).

Recently, the DEA served a Walgreens distribution center in Florida with an immediate suspension order (click here to read more on this story), and pulled the controlled substance licenses from two Central Florida CVS Pharmacies (to learn more, click here).

In my personal opinion, the recent raids and investigations at pharmacies are especially hard on the independent operators. If the large retail giants can’t survive, the small independent pharmacies stand little chance.

Talk with an Experienced Health Law Attorney About Medicare, Medicaid and Tricare Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

What Do You Think?

As a pharmacy owner, pharmacy employee or health care facility owner, what do you think of the increased effort to find fraud? Do you think all facilities, not just pharmacies, are under the microscope? Please leave any thoughtful comments below.

Sources:

Freeman, Liz. “Sunshine Pharmacy in East Naples Remains Close, Day After Federal Raid.” Naples News. (January 19, 2013). From: http://www.naplesnews.com/news/2013/jan/19/sunshine-pharmacy-east-remains-closed-raid-federal/

Ritter, Rick. “Naples Pharmacy Busted for Medicare Fraud.” NBC2. (January 20, 2013). From: http://www.nbc-2.com/story/20627104/detectives-investigating-medicare-fraud-at-naples-pharmacy

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2012 The Health Law Firm. All rights reserved.

American Hospital Association (AHA) Sues U.S. Government for Denied Medicare Payments by RACs, ZPICs and Other Auditors

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On November 1, 2012, the American Hospital Association (AHA) filed a lawsuit against the U.S. Department of Health and Human Services (HHS) claiming that private auditors hired to crack down on improper Medicare payments are denying hospitals millions of dollars in medically necessary care, this is according to a number of sources. The AHA is seeking a court order declaring the practice invalid, saying it violates the Medicare Act.

Four hospital systems in Michigan, Missouri and Pennsylvania have joined the AHA as plaintiffs in the suit. The suit has been filed in federal court in Washington, D.C.

To read the AHA complaint against the HHS, click here.

AHA Wants Doctors to Be Able to Focus on Patient Care.

The lawsuit alleges Recovery Audit Contractors (RACs), private auditors used by the HHS, forced hospitals to repay Medicare for the costs of in-patient services by determining that Medicare beneficiaries should have been treated as out-patients instead of being admitted into hospitals as in-patients. The services provided to out-patients are much less, of course, and the bills for out-patient services are usually much lower.

In the official press release AHA argues when patients need treatment, the first step for a doctor is to decide whether to admit the patient to the hospital or to provide care in an out-patient facility. AHA believes doctors’ decisions are often more complicated for Medicare beneficiaries because the doctor is routinely second-guessed by RACs months or even years later. The president and CEO of AHA said this practice is “indefensible.”

Click here to read the entire press release from the AHA.

Neither the Centers for Medicare and Medicaid (CMS) nor the Department of HHS has commented on the pending litigation.

AHA Fed Up with Redundant Audits that Drain Time, Funding and Patient Care.

In October 2012, prior to the lawsuit, the executive vice president of the AHA wrote a letter to the Office of Inspector General (OIG) in response to the Work Plan for Fiscal Year 2013. In the work plan the OIG reviewed the effectiveness of various Medicare contractors, including RACs, Medicare Administrative Contractors (MACs) and Zone Program Integrity Contractors (ZPICs).

The letter states that these programs auditing payment accuracy are well intentioned, but hospitals are fed up with the RACs’ inaccuracy in determining whether the hospital received any overpayments. The letter also claims that hospitals are overwhelmed by the significant overlap and duplication of efforts between the RACs, MACs and ZPICs. These redundant audits drain time, funding and attention to patient care, according to the AHA.

According to the OIG review, hospitals reported appealing more than forty percent (40%) of all RAC denials, with a seventy-five percent (75%) success rate in the appeals process.

Click here to read the letter from the AHA to the OIG.

How to Take Action Once a Notice of a Medicare Audit Has Been Received.
When a physician, medical group or other healthcare provider receives a notice of an audit and site visit from a RAC, MAC or ZPIC, things happen fast with little opportunity to prepare. To help, read our checklist of what to do when notified of a Medicare or ZPIC audit. Click here for part one and click here for part two.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

What you think about the lawsuit again the HHS? Do you support AHA’s decision to question the RACs’ auditing system? Please leave any thoughtful comments below.

Sources:

Mitchell, Alicia. “Hospitals Sue Federal Government for Unfair Medicare Practices.” American Hospital Association. (November 1, 2012). Press Release from: http://www.thehealthlawfirm.com/uploads/AHA%20Sues%20Govnt%20PR.pdf

Pollack, Richard. “Letter: AHA Supports OIG Review of Effectiveness of Medicare Contractors, Including RACs, In 2013 Work Plan.” American Hospital Association. (October 24, 2012). Letter from: http://www.thehealthlawfirm.com/uploads/AHA%20letter%20to%20OIG%20on%20RACs.pdf

Morgan, David. “Hospitals Sue Government Over Private Medicare Audits.” Reuters. (November 1, 2012). From: http://uk.reuters.com/article/2012/11/01/us-usa-healthcare-medicare-idUKBRE8A01BZ20121101

Harris, Andrew. “American Hospital Association Sues U.S. Over Medicare.” Bloomberg. (November 1, 2012). From: http://www.bloomberg.com/news/print/2012-11-01/american-hospital-association-sues-u-s-over-unpaid-medicare.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.