Category:

Genetic Testing HIPAA Warning: Legal Considerations

January 14th, 2019 by

genetic testing hipaaBy: Jacqueline Bain

You might have recently received a holiday gift of a direct-to-consumer genetic testing kit from Ancestry.com or 23andMe.com (or any other number of companies). So exciting! In our melting pot society, one can’t help but be curious about where they come from and if they are more likely than any other person to be subject to any number of ailments.

Not so fast though! Before you swab yourself and send away your genes for testing, you might consider what you’re exposing yourself to. Direct-to-consumer genetic testing companies, which provide genetic testing directly to consumers without any intervening healthcare provider, are not bound by HIPAA. They are not considered “covered entities”, and therefore not required to use the same protections for genetic information the way a hospital or your doctor would. read more

Litigation Alert: Pharmacies with Prescription Refill Reminder Programs Take Note

January 14th, 2019 by

Prescription Refill Reminder ProgramsBy: Michael Silverman

Pharmacies using automated dialers for prescription refill reminders and relying on the statutory prescription refill reminder exemption to the TCPA’s prohibition on the use of automated dialing equipment as an impenetrable blanket against liability need to think again.

The case of Smith v. Rite Aid Corporation, 2018 WL 5828693 (W.D.N.Y. Nov. 7, 2018), revolves around a Rite Aid pharmacy’s use of a prescription refill reminder program to contact a patient to pick up a prescription. The pharmacy placed several calls per week intended to remind the patient to come into the store to pick up their prescription. However, an innocent bystander instead of the intended recipient of the mediation received the calls; either due to error in taking the phone number down or a due to the number being reassigned (which happens to thousands of numbers on a daily basis!). The unintended recipient of the multiple prescription refill reminder calls filed a class action lawsuit under the federal Telephone Consumer Protection Act (“TCPA”), which provides for statutory penalties of $500-$1,500, per call. read more

Time out! Keeping Healthcare Lead Generation in Check

December 7th, 2018 by

healthcare lead generationBy: Michael Silverman

There are perfectly compliant ways to engage with healthcare marketers, and then there’s this; here are some of the latest real-life examples:

“DME BRACE CAMPAIGN – $40 to $150 PER LEAD PER BRACE”

“DME DIABETIC LEADS $40 PER LEAD, INSURANCE AND DOC INFO INCLUDED”

“PAIN CREAM/LIDOCANE LEADS FOR SALE, RX INCLUDED”

These marketers are seemingly holding auctions for the sale of federally protected patient health information out to the highest bidder! Couldn’t make this stuff up – if you’re in this industry, a quick gander at your (business) social media platforms will quickly confirm it. read more

Marketing for DME & Pharmacy Providers: Know Your Subcontractor!

November 13th, 2018 by

marketing for dmeBy: Michael Silverman

Regulatory compliance is a mandatory investment for any healthcare business owner looking to stay out of serious and personal legal peril, let alone one hoping to keep their company viable.

Yet there is seemingly an onslaught of providers that blatantly run afoul of many of these regulations, knowingly or not, or those that believe they may have found a loophole.

Concerning the latter, there is an important mantra that such DME and pharmacy providers should remember and live by: “[W]hat a provider cannot do directly, it cannot do indirectly through an intermediary.”

Marketing for DME – What exactly am I talking about?

DME providers enrolled with CMS (should) know they cannot solicit or ‘cold call’ Medicare Part B beneficiaries, per the Federal Anti-Solicitation Statute, and that they cannot offer anything of value to a potential patient that could induce them to utilize them as a provider, in accordance with the Beneficiary Inducement Statute. read more

Fighting Back Against CMS Recoupment: A New Option

November 13th, 2018 by

CMS recoupmentBy: Matt Fischer

Fighting a large extrapolated overpayment demand from a Medicare Administrative Contractor (MAC)?  Facing bankruptcy?  Appealed to the Office of Medicare Hearing and Appeals (OMHA) with no hearing date in sight?  For providers and business owners who answer yes, there is a new potential remedy…a temporary injunction.

Multiple health care businesses have scored wins this year in their fight to prevent CMS from recouping payments before having an opportunity for an Administrative Law Judge (ALJ) hearing.  The similarity?  They each sought a temporary injunction in federal court.  Arguing that the alleged recoupments would cause the businesses to close, employees to lose their jobs and patients would be forced to change their providers, the businesses were granted temporary injunctions enjoining CMS from starting recoupment until the ALJ appeal stage had reached a conclusion.       read more

PHI Breach Penalty Dollars Rolling in for Healthcare Enforcement

November 1st, 2018 by

PHI BreachBy: Dave Davidson

It has been a busy autumn for the enforcement of health care privacy rights.  Recent activities range from settling the claim for the largest HIPAA violation in US history, to penalties imposed for filming TV shows, to actions initiated by state governments.  All of these actions confirm the serious position taken by regulators nationwide to protect the privacy of protected health information (PHI).

The Big One

On October 15, 2018, Anthem, Inc., an independent licensee of Blue Cross, paid $16 million to settle its claim with the HHS Office of Civil Rights (OCR), for a breach that compromised the PHI of 79 million people.  This was the largest reported breach in history.  The PHI breach occurred in 2015, when hackers initiated a “spearfishing” attack via fraudulent emails.  The government found that Anthem lacked appropriate information system procedures to identify and respond to security breaches, and minimum access controls to stop these kinds of attacks.

In addition to the financial penalty, Anthem agreed to a corrective action plan, in which it agreed to perform a risk analysis, and incorporate the results of the analysis into its existing processes, in order to achieve a “reasonable and appropriate level” of HIPAA compliance.

This settlement is in addition to the $115 million settlement Anthem reached last year with the victims of the breach. read more

Pharmacy Billing Basics: Know Your Payor!

October 10th, 2018 by

pharmacy billingBy: Michael Silverman

In giving consideration to whether healthcare regulations apply to a proposed course of conduct it’s absolutely vital for a pharmacy to know its payor! This is especially so in the context of patient marketing and the various regulatory prohibitions on paying for healthcare referrals. Unfortunately, some pharmacy owners remain a bit mixed up about who the ultimate payor is for the medications they dispense, and, depending on that pharmacy’s billing operations, such mistakes can have devastating consequences.

A large part of this confusion might be attributed to the fact that in most instances, a pharmacy is not billing the ultimate payor directly (unlike a DMEPOS provider that may be directly submitting claims to Medicare Part B), but rather, the pharmacy is billing an intermediary entity called a Pharmacy Benefit Manager (“PBM”), which is usually a commercially run entity (non-government owned) that manages and adjudicates claims on behalf of health insurance plans that cover pharmacy benefits. read more

Anti-Kickback Statute and Healthcare Marketing: 3 Legal Considerations

September 6th, 2018 by

healthcare marketingBy: Matt Fischer

Healthcare marketing arrangements that violate the Anti-Kickback Statute (AKS) can lead to serious financial and criminal consequences.  Understanding the types of marketing arrangements that courts have found to be in violation of the statute and the potential implications are critical for marketers to know in order to operate in the healthcare industry.

Under the AKS, it is a criminal offense to knowingly and willfully offer, pay, solicit, or receive any remuneration to induce referrals of items or services reimbursable by the Federal health care programs.  Where remuneration is paid purposefully to induce referrals of items or services paid for by a Federal health care program, the AKS is violated.  By its terms, the AKS ascribes criminal liability to parties on both sides of an impermissible transaction.  An example of a highly scrutinized arrangement involves percentage compensation.  For regulators, percentage compensation arrangements provide financial incentives that may encourage overutilization and increase program costs.

Here are 3 important things to know: read more

State Court Ruling on Patient Brokering Act Threatens Healthcare Facilities and Providers

July 25th, 2018 by

patient brokering actA recent ruling by a state trial court handling the Palm Beach County Sober Home Task Force prosecutions against providers of addiction treatment and sober home services is creating lots of confusion and alarm around the state and could have very far reaching consequences for the entire healthcare industry well beyond addiction treatment.

The issue presented by the prosecution focuses on whether a person charged with violating the state’s Patient Brokering Act (PBA) can be found guilty even if he/she didn’t know what he was doing was unlawful. The PBA broadly prohibits paying someone for patient referrals, very much like the federal Anti-Kickback statute.  If allowed, the client would have gotten legal advice, paid for it, followed it, and still not be able to show a judge or jury that, despite all their best efforts, they simply followed the law as instructed.

Can a healthcare facility or provider be guilty of violating a criminal law [the PBA] if they’d gotten legal advice and followed it?  Traditionally, the answer would be a clear “no.”  The argument against the State’s position would be something like “How can someone intend to violate a criminal law if they got legal advice regarding how to comply with it and then followed that advice?”  The argument of the state might look something like “We don’t even think the judge or jury ought to be able to hear that the person got legal advice and followed it.”  The court punted the issue to the appellate court. read more

Med Spa Compliance: Are you Operating Within the Law?

July 9th, 2018 by

med spa complianceBy: Jacqueline Bain

On May 19, 2018, Delray Beach medical spa owner Jennifer Aspen was booked into the Palm Beach County Jail and charged with practicing medicine without a license. Ms. Aspen is the manager of Mermaid’s Skin & Wellness, a medical spa located in Delray Beach, Florida. The charges against Ms. Aspen stem from the fact that a Delray Beach police officer presented to Mermaid’s Skin & Wellness for a testosterone shot. Ms. Aspen stated to the officer that she would perform the injection. Ms. Aspen is a certified nursing assistant in the State of Florida. Her license is currently listed as “delinquent” on the Department of Health’s website, meaning that (as of today) she failed to renew her license after its May 30, 2018 expiration date. Certified nursing assistants are not generally allowed to administer testosterone in the State of Florida.

One of the legal issues that presents frequently in our office is med spa compliance; who can open and operate a medical spa if it is just a cash business, meaning that it does not submit claims for reimbursement to any government or commercial payor. Misunderstandings run rampant in the medical spa industry and many times patients are administered treatment from persons who are not supposed to be providing it. read more