Tag Archives: corrective action plan

Compliance with Conditions of Participation Necessary for Reinstatement of Terminated Medicare Billing Privileges or Revoked Medicare Provider Number and Participation Agreement

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

We have recently experienced an alarming increase in the number of Medicare providers receiving notices that their Medicare billing privileges are being terminated.  These include home health agencies (HHAs), independent diagnostic testing facilities (IDTFs), ambulance and emergency transport providers, physicians, pharmacies, durable medical equipment (DME) providers, medical groups, physical therapists and therapy providers.  In most cases, this is because the health care provider has failed to update its address with the Medicare Program.  To see a prior article we wrote on this, click here.

Most often this occurs when a site visit by the Medicare administrative contractor (MAC) (previously called the carrier or fiscal intermediary) arrives at the business location on file with Medicare and finds the provider’s business location has changed.  Other times the termination is because of a minor technical violation of Medicare rules, such as being closed when a site inspector shows up, failing to have hours of operation posted, failing to have a required insurance policy in place, failing to be open at the time the inspector shows up, or other similar reasons.

If the health provider does nothing to appeal the revocation, then there is a required waiting period of at least one year before it can even reapply to the Medicare Program.  The termination may also have extremely serious consequences regarding participation in the state Medicaid Program, licensure, other contracts, clinical privileges, participation on insurance provider panels and related businesses.

We recommend immediately retaining an experienced health attorney to help you prepare and file a corrective action plan (CAP), request for reconsideration of the decision and an appeal, if necessary.  We recommend that you include proof of currently meeting every required condition of participation (COP) for your health specialty, service or item.  We include copies of written policies adopted, new forms, new procedures, insurance policies, copies of CMS forms 855 that were previously submitted, and other documents that may be required by the COP.  Please see our prior blog/article on submitting CAPs.

For access to each of the conditions of participation (COP) and conditions for coverage (CFC), click on the following link, or cut and paste it into your internet browser:

http://www.cms.gov/Regulations-and-Guidance/Legislation/CFCsAndCoPs/index.html?redirect=/CFCsAndCoPs/

About the Author:  George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.

Advertisements

Alleged HIPAA Privacy Violations at the Center of a Recent Physician Group Settlement with HHS

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

A small physician group has reached a settlement with the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) over alleged Health Insurance Portability and Accountability Act of 1996 (HIPAA) violations. The settlement was reached on April 17, 2012 and requires Phoenix Cardiac Surgery (PCS) to pay OCR $100,000 and enter into a one-year corrective action plan (CAP).

The Resolution Agreement and Corrective Action Plan can be viewed here.

HIPAA Complaint Against PCS Stemmed from Internet Calendar Postings

OCR’s investigation of PCS was launched in 2009 after a complaint was received. Click here to view a HIPAA complaint that you can file online. The complaint alleged that PSC had disclosed protected health information (PHI) on patients on the Internet. After investigating the complaint, the OCR alleged that PCS violated the HIPAA privacy and security rules. According to the OCR, PCS posted clinical and surgical appointments on a publicly accessible, Internet calendar. The OCR also alleged that PCS employees e-mailed protected health information to their personal e-mail accounts.

Furthermore, PCS allegedly did not have adequate administrative, physical and technical safeguards in place to protect patient data. The OCR alleged that PCS did not appoint a security officer as required by HIPAA or perform an accurate and thorough risk assessment, also required by HIPAA. The CAP required by the settlement will require PCS to implement policies to ensure full compliance with HIPAA’s privacy and security rules.

Are You In Compliance with HIPAA?

The Health Insurance Portability and Accountability Act of 1996, sometimes referred to as the Kennedy-Kassenbaum Act, was enacted into law as Public Law (P.L.) 104-191, 110 Stat. 1936. Among its many different provisions, it included basic minimums to ensure the privacy of personal medical information. Its main privacy provisions are codified in federal law in different sections of the U.S. Code.

Medical Practices Should Use Caution When Working With Electronic Health Information

This case provides a good example of the downside of information technology (IT). While electronic health information assists in increasing accessibility and efficiency, it can also increase a practice’s risk of violating HIPAA’s Privacy Rule and Security Rule.

All medical practices that utilize electronic health information need to ensure that they have effective IT security, education, policies and procedures in place to protect themselves from HIPAA’s violations.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources Include:

HHS Press Office. “HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards.” U.S. Department of Health and Human Services. (Apr. 17, 2012). Press Release. From
http://www.hhs.gov/news/press/2012pres/04/20120417a.html

Lewis, Nicole. “Online Calendar Mistakes Cost Doctors Group $100,000.” Information Week. (Apr. 23, 2012). From
http://www.informationweek.com/news/healthcare/security-privacy/232900727

Sterling, Robyn. “HHS Settlement for Lack of HIPAA Safeguards.” Proskauer Privacy Law Blog. (Apr. 25, 2012). From
http://www.jdsupra.com/post/documentViewer.aspx?fid=e548966a-d7eb-4f47-a0af-de15db487dbb/

About the Author:  George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.