Category:

The Risk Of Not Paying Attention to HIPAA Violations

October 30th, 2019 by

HIPAA, HIPAA violations, HIPAA compliance

By Jacqueline Bain

On October 23, 2019, the U.S. Department of Health and Human Services has imposed a civil money penalty of over $2 million against Jackson Health System in Florida for repeated HIPAA violations.

The HIPAA violations mentioned in the HHS Press Release include:
1-Loss of paper patient records in December 2012;
2-Loss of additional paper patient records in January 2013;
3-A media report containing patient information (a photo shared on social media);
4-Employees accessing the information of one patient without a job related purpose;
5- An employee’s improper access and sale of patient records in 2011.

“OCR’s investigation revealed a HIPAA compliance program that had been in disarray for a number of years,” said OCR Director Roger Severino. The state of the compliance program allowed for the failure of several HIPAA requirements, including provision of timely and accurate HIPAA breach notifications, performance of regular risk assessments, investigation of identified risks, audits of system activity records, and imposing appropriate restrictions on workforce members’ access to patient information. The government’s final determination is available here.

When a HIPAA breach is discovered and reported, the government will often take the time to review a covered entity’s history of compliance or non-compliance. This may include an investigation into prior issues, effectiveness of policies and procedures, and employee issues. Overlooking one suspected breach may result in the imposition of sanctions on any later breach. This is why it’s so important for a healthcare business to understand its HIPAA obligations and take them seriously.

When was the last time your business conducted a security risk assessment to understand its potential risk areas for security breaches? If you’ve never had one, or haven’t had one recently, the time is now to conduct one. “When was your last security risk assessment?” is often the first thing that the government will ask in response to a breach.

Federal fines for noncompliance with HIPAA are based on the level of negligence perceived by the Federal government at the time of the breach. Fines and penalties range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million. Simply put, your healthcare business can’t afford to bury its head and hope that it won’t be hit.

Why Overlooking Website Terms of Use and Privacy Policy Pages Can Cost You

October 11th, 2019 by

By: Jacqueline Bain

Privacy Policy, Terms of Use, Website, WWWAs many healthcare businesses invest in their websites, two areas that are often added as a quick afterthought (or overlooked completely) are the Terms of Use and Privacy Policy. But a potential slip up in these areas can cost you dearly.

Terms of Use

This section is a contract between you and the users of your website regarding what they can expect from the website and how they will act while on the website. You can use this section to protect you and your business from a variety of potential disasters including (but not limited to): limitless liability and intellectual property infringement.

You can use this section to limit any liability that you might create by having a website. For instance, if you give some medical advice (i.e., “Lowering your cholesterol reduces your risk for a heart attack.”), you can use your Terms and Conditions to limit a user’s reliance on that advice without additional medical intervention (“We are not your treating physician—if you have questions about your cholesterol levels, contact your physician.”).

You can also use this section to inform your users about any intellectual property protections that you might have. If your technology or services have pending or protected status, you’ll need to make your users aware of this information.

Finally, this section should establish the laws under which your website agrees to be governed. Even if the internet knows no boundaries, your website should establish its own. If your business is located in Florida, you can choose to be bound by Florida and Federal laws. It could limit any potential exposure in other states or nations.

Privacy Policy

This section is required by law to inform your website users what kind of data you will collect and how you will use it. A well-crafted Privacy Policy helps you avoid liability under a complex array of state and federal laws dealing with users’ private information.

The Children’s Online Privacy Protection Act (COPPA) protects minors under the age of 13 from having personal information collected without parental consent. How can a website operator be expected to know whether a user is 13 or under? If you plan on collecting any information from your uses, your Terms and Conditions should have a section prohibiting anyone under age 13 from accessing and using your site. It’s a simple fix that can potentially save you huge penalties.

What information will you collect? Does your website use cookies? Will you share any data with outside sources? If yes, your privacy policy is where you tell that to your users!

In healthcare, a website’s Privacy Policy is hugely important. With laws like HIPAA and its state counter parts, including the Florida Information Protection Act, healthcare providers are held to a higher privacy standard than almost any other industry. Take the time to work with your legal advisors to ensure that your privacy policy is tailored to your business and contains language consistent with what you are actually doing to safeguard information.

 

Federal Agencies Scrutinizing Home Healthcare Fraud & Kickbacks

October 11th, 2019 by
home healthcare, HHS, heathcare

checking mans blood pressure

By Karina P. Gonzalez

Federal agencies are continuing to target home healthcare industry fraud in “hot zone areas.”

Recently, the U.S. Department of Health and Human Services Office of Inspector General (HHS) released its report. It identified Florida, Texas and select areas in Southern California and the Midwest as areas where home healthcare fraud is more likely to occur. It is obvious that the watch dog agencies will continue to monitor home healthcare spending in these hot zones.

HHS found that a home health agency incorrectly billed Medicare and did not comply with Medicare Billing requirements for beneficiaries that were not homebound and for others that did not require skilled services at all.

In August and September 2018, physicians and the owner of a home health agency were each sentenced on multiple counts of conspiracy and healthcare fraud and ordered to pay $6.5 million in restitution. One physician was sentenced to 132 months in prison following trial. A physician who pled guilty was sentenced to 27 months in prison following a guilty plea. The home health agency owner was sentenced to 42 months in prison.   The defendants paid and received kickbacks in exchange for patients and billed Medicare more than $8.9 million for services that were medically unnecessary, never provided, and/or not otherwise reimbursable. Additionally, certain defendants provided prescriptions for opioid medications to induce patient participation in the scheme.

In September 2018, the co-owner and administrator of a home health agency was sentenced to 24 months in prison, ordered to pay over $2.2 million in restitution, and ordered to forfeit over $1.1 million. The co-owners participated in a home healthcare fraud conspiracy that resulted in Medicare paying at least $2.2 million on false and fraudulent claims. The owners and their co-conspirators paid kickbacks to doctors and patient recruiters in exchange for patient referrals, billed Medicare for services that were medically unnecessary, and caused patient files to be falsified to justify the fraudulent billing.

Back in February 2018, the owner of more than twenty home health agencies was sentenced to 240 months in prison and ordered to pay $66.4 million in restitution, jointly and severally with his co-defendants, after pleading guilty to one count of conspiracy to commit health care fraud and wire fraud. A patient recruiter for the home health agencies, who also owned a medical clinic and two home health agencies of her own, was sentenced to 180 months in prison. Another patient recruiter, who also was the owner of two home health agencies, was sentenced to 115 months in prison. These conspirators paid illegal bribes and kickbacks to patient recruiters in return for the referral of Medicare beneficiaries many of whom did not need or qualify for home health services.  Medicare paid approximately $66 million on those claims.

Illegal kickbacks in exchange for referrals of Medicare beneficiaries, lack of medical necessity for home health services, failing to meet the guidelines, fraudulent billing, billing for services beneficiaries did not receive and fraudulent documentation continues to plague the home healthcare industry.

 

Operation Double Helix – Unprecedented Genetic Testing Fraud

October 10th, 2019 by

By: Karina P. Gonzalez 

According to the Department of Justice (DOJ) genetic testing is the next frontier for healthcare fraud.

In a fraudulent operation that the Department of Justice calls, “unprecedented”, elderly or disabled patients nationwide were lured into providing their DNA for testing in a widespread genetic testing fraud scheme powered by a large telemarketing network. The doctors involved were paid to write orders prescribing the testing without any patient interaction or with only a brief telephone conversation. read more

The State Hemp Plan – SB 1020

June 10th, 2019 by

state hemp plan florida programBy: Susan St. John

As you may have heard, the State Hemp Plan, SB 1020, has passed the Florida House and Senate and is waiting for Governor DeSantis’ action (approval or veto) or inaction (no veto). The Governor’s approval or failure to veto SB 1020 means SB 1020 will become law. So what does this mean for Florida?

SB 1020 is meant to bring Florida’s laws regarding the cultivation and processing of hemp in line with the Federal Farm Bill of 2018 which removed hemp from the DEA’s list of controlled substances and legalized the industrial use of hemp. Currently, hemp is listed as a controlled substance under Florida law. SB 1020 will change that and allow cultivation of hemp and distribution and retail sale of hemp extract. read more

Healthcare REIT Laws – What You Need to Know

June 7th, 2019 by

By: Amanda Bhikhari

There has been much talk about the future of health care real estate investment trusts (REIT) and the evolution of the real estate market, as well as the way patient care is being provided in today’s world. With greater demand for outpatient and ambulatory surgical centers, the healthcare REIT market is forecasted to be a bullish market. Additional reasons for positive forecasts include an aging population with greater demand, a track record of high performance, and cost of equity capital. Investing in income-generating real estate can be a great way to increase net worth. For many, investing in real estate, particularly commercial real estate, seems to be out of reach financially. However, with the right partnerships and guidance, it is possible. REITs (pronounced “reets”) allow mall investors today to pool their resources with other small investors in order to invest in large-scale commercial real estate as a group.

So, what exactly is a REIT?

read more

Stem Cell Litigation Update: FDA Granted an Injunction

June 7th, 2019 by

stem cell litigationBy: Matt Fischer

In a decision expected to cause waves through the rapidly-expanding regenerative medicine industry, a U.S. District Court Judge ruled on June 3rd that the U.S. Food and Drug Administration (FDA) is entitled to an injunction in a lawsuit filed against U.S. Stem Cell Clinic, LLC (US Stem Cell) based in Sunrise, Florida.  In her decision, U.S. District Court Judge Ursula Ungaro agreed that the FDA has the authority to regulate the popular stem cell procedure known as stromal vascular fraction (SVF) – administering processed stem cells derived from adipose tissue (i.e. fat tissue) – and that US Stem Cell is not exempt from regulation.

To recap, in May 2018, the U.S. Department of Justice (DOJ) filed complaints against US Stem Cell and a California stem cell clinic seeking permanent injunctions to prevent the marketing and administration of the SVF procedures without FDA approval.  Prior to the filing of these actions, both companies received warning letters from the FDA.  The letters also addressed the results of inspections and the need to resolve significant deviations from manufacturing practice requirements.  read more

Genetic Testing HIPAA Warning: Legal Considerations

January 14th, 2019 by

genetic testing hipaaBy: Jacqueline Bain

You might have recently received a holiday gift of a direct-to-consumer genetic testing kit from Ancestry.com or 23andMe.com (or any other number of companies). So exciting! In our melting pot society, one can’t help but be curious about where they come from and if they are more likely than any other person to be subject to any number of ailments.

Not so fast though! Before you swab yourself and send away your genes for testing, you might consider what you’re exposing yourself to. Direct-to-consumer genetic testing companies, which provide genetic testing directly to consumers without any intervening healthcare provider, are not bound by HIPAA. They are not considered “covered entities”, and therefore not required to use the same protections for genetic information the way a hospital or your doctor would. read more

Physician Employment Contracts: Hidden Terms

January 11th, 2019 by

physician employment contractBy: David Davidson

Over the past few years, it seems like physician employment agreements are getting shorter and shorter.  While I applaud all efforts towards efficiency and economy, you should not always take those documents at face value.  For example, I recently reviewed a one page employment contract for a client.  That single page basically said, “We are hiring you as our employee for a term of one year, with an annual salary of $$$.”

At first glance, the simplicity of that document might seem refreshing.  That’s especially true if you’re worried about how much time it’s going to take for your lawyer to get through it!  My client’s second glance revealed a multitude of unanswered (and essential) questions.  There was no mention of expected duties, schedules, standards, renewals, terminations, insurance, benefits, vacation time, sick leave, CME, etc. in the employment contract  However, when we reviewed the contract together, we discovered that although those points were not even referenced on that single page, they were still legally, “in there.” read more

Second Proposed Stem Cell Bill Goes to Florida House of Representatives

January 2nd, 2019 by

stem cell billBy: Matt Fischer

On November 29, 2018, Florida Representative Chuck Clemons proposed house bill 65 (“HB 65”) that would significantly tighten regulation on the use of stem cells.  If the stem cell bill is signed into law, Florida will join other states (e.g. California, Texas and Washington) in passing some type of stem cell regulation.  While some bills around the country have centered the regulation on informing prospective customers of the risks associated with these treatments, HB 65 takes a more stringent approach with the threat of criminal exposure and includes certain protections for providers in the form of a “right-to-try” law.

Some of the highlights of HB 65 include: read more