Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.
The COVID-19 pandemic has presented hospitals and health care facilities with challenges that go beyond providing comprehensive care to patients suffering from the virus. One of the most common challenges is how to handle patient visitors. Denying or limiting visitors could be seen as a violation of patient rights, and denying access to a visit by clergy could rise to the level of religious discrimination. After receiving a number of complaints in this regard, the HHS Office of Civil Rights (OCR) recently provided some technical assistance to two hospitals that faced this issue.
In the first case, a COVID-positive patient in a Maryland hospital was separated from her newborn son. Shaken by the separation, the patient requested that a priest be permitted to visit the baby, so he could baptize the child. But the hospital had instituted a ban on all hospital visitation in response to the pandemic, so the request was denied. read more
Out of network physician owned specialty hospitals are unique in that there are less stringent legal requirements on the facility, but patient care obligations remain the same. This means that patient care must be prioritized over profits and all actions taken by the hospital and any physician investor must showcase that order of priority.
Given the amount of scrutiny placed in physician owned specialty hospitals in the past two decades, these facilities are well served to identify and implement a process to remedy compliance concerns. Even when a facility does not submit claims to any Federal health insurance provider and is out of network with all commercial insurance companies, it is still required to follow the laws of the state where it is located.
The best plan for surviving scrutiny in such situations is to have a plan. Proactively seek out applicable laws and regulations, and determine how your hospital will abide by them. Compliance can be tailored to fit your facility.
Overutilization and Self-Referrals
A physician who shares ownership in a hospital may have a financial incentive to refer patients for services if he or she receives a percentage of the revenue generated. Laws including the Federal Stark Law and Anti-Kickback Statute were promulgated to combat unnecessary referrals. A 2003 study by the Department of Health and Human Services concluded that physician-investor referrals to hospitals in which they have an investment interest are similar to those physicians without investment interests. Nevertheless, the fear of overutilization and unnecessary self referral remains at the forefront of the regulators’ minds at both the State and Federal level. read more
Florida may become the “next Texas” on the issue of physician owned specialty hospitals. “Next Texas,” since there are a number of examples where the concept launched (and also flopped). Done right, such facilities could be a better fit for many patients, depending of course on patient co morbidity issues. In theory, they would be the perfect bridge between surgery centers and regular acute care hospitals. But the ability of such specialty focused care suggests a better staffing model and more targeted and efficient overhead, instead of the broad-based overhead of an acute care hospital at is spread out aver all cases, including those where overhead allocation is viewed as “just an expense.” read more
On November 15, 2019 Centers for Medicare and Medicaid Services (CMS) issued a final rule requiring hospitals to publicly disclose “standard charges, including payer-specific negotiated rates for items and services. Hospitals will be required to comply by January 1, 2021. The proposed rule is subject to 60 days of comment.
The final rule requires hospitals to make public in a machine-readable file online all standard charges (including gross charges, discounted cash prices, payer-specific negotiated charges) for all hospital items and services. It requires hospitals to de-identify minimum and maximum negotiated charges for at least 300 “shoppable” services. read more
Pharmacies using automated dialers for prescription refill reminders and relying on the statutory prescription refill reminder exemption to the TCPA’s prohibition on the use of automated dialing equipment as an impenetrable blanket against liability need to think again.
The case of Smith v. Rite Aid Corporation, 2018 WL 5828693 (W.D.N.Y. Nov. 7, 2018), revolves around a Rite Aid pharmacy’s use of a prescription refill reminder program to contact a patient to pick up a prescription. The pharmacy placed several calls per week intended to remind the patient to come into the store to pick up their prescription. However, an innocent bystander instead of the intended recipient of the mediation received the calls; either due to error in taking the phone number down or a due to the number being reassigned (which happens to thousands of numbers on a daily basis!). The unintended recipient of the multiple prescription refill reminder calls filed a class action lawsuit under the federal Telephone Consumer Protection Act (“TCPA”), which provides for statutory penalties of $500-$1,500, per call. read more
It has been a busy autumn for the enforcement of health care privacy rights. Recent activities range from settling the claim for the largest HIPAA violation in US history, to penalties imposed for filming TV shows, to actions initiated by state governments. All of these actions confirm the serious position taken by regulators nationwide to protect the privacy of protected health information (PHI).
The Big One
On October 15, 2018, Anthem, Inc., an independent licensee of Blue Cross, paid $16 million to settle its claim with the HHS Office of Civil Rights (OCR), for a breach that compromised the PHI of 79 million people. This was the largest reported breach in history. The PHI breach occurred in 2015, when hackers initiated a “spearfishing” attack via fraudulent emails. The government found that Anthem lacked appropriate information system procedures to identify and respond to security breaches, and minimum access controls to stop these kinds of attacks.
In addition to the financial penalty, Anthem agreed to a corrective action plan, in which it agreed to perform a risk analysis, and incorporate the results of the analysis into its existing processes, in order to achieve a “reasonable and appropriate level” of HIPAA compliance.
This settlement is in addition to the $115 million settlement Anthem reached last year with the victims of the breach. read more
The concept of gainsharing in the health care industry has been around for decades. Under a typical gainsharing program, a hospital and participating physicians will develop a cost-savings plan in relation to a specific procedure or service line. As the savings are realized, the hospital will then share a portion of the measurable savings with those physicians. The goal of gainsharing has always been to align physician and hospital interests, in order to improve the quality and efficiency of clinical care.
Gainsharing has not always been viewed favorably by the government. In fact, in a 1999 Special Advisory Bulletin, the Office of Inspector General (OIG) took the position that gainsharing arrangements violated the law, and that the payments could even constitute kickbacks to the participating physicians. Since then, the government has not backed off its position that gainsharing programs might violate the law. However, the OIG has also determined that it would not seek sanctions in a growing number of gainsharing arrangements. read more
Not too long ago, when something would go wrong in a hospital, a patient’s medical record might note the facts of what had happened (“Mrs. Jones was found on the floor of her hospital room with a swollen wrist. An x-ray revealed a wrist fracture.”), while the hospital’s incident report would analyze why it happened in order to prevent further harm (“Orderly Green forgot to raise the guardrails on Mrs. Jones’ bed. Mrs. Jones fell out of her bed as a result of the displaced guardrail. Let’s put in place a policy that all guardrails must be raised if an orderly steps more than three feet from a patient’s bed.”). Should Mrs. Jones decide to sue the hospital, she and her attorney would have access to the medical record, but not necessarily the incident report.
Incident reports like the one mentioned above have long been meant as a learning tool for facilities to analyze unfortunate occurrences on their premises and learn from their mistakes to prevent future harm. However, these reports often contain admissions of fault, or near admissions of fault. So how can a hospital balance its need to improve on past practices without opening itself to a mountain of liability? Florida’s state laws seemingly contrast with Federal laws. read more