Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.
On October 23, 2019, the U.S. Department of Health and Human Services has imposed a civil money penalty of over $2 million against Jackson Health System in Florida for repeated HIPAA violations.
The HIPAA violations mentioned in the HHS Press Release include: 1-Loss of paper patient records in December 2012; 2-Loss of additional paper patient records in January 2013; 3-A media report containing patient information (a photo shared on social media); 4-Employees accessing the information of one patient without a job related purpose; 5- An employee’s improper access and sale of patient records in 2011.
“OCR’s investigation revealed a HIPAA compliance program that had been in disarray for a number of years,” said OCR Director Roger Severino. The state of the compliance program allowed for the failure of several HIPAA requirements, including provision of timely and accurate HIPAA breach notifications, performance of regular risk assessments, investigation of identified risks, audits of system activity records, and imposing appropriate restrictions on workforce members’ access to patient information. The government’s final determination is available here.
When a HIPAA breach is discovered and reported, the government will often take the time to review a covered entity’s history of compliance or non-compliance. This may include an investigation into prior issues, effectiveness of policies and procedures, and employee issues. Overlooking one suspected breach may result in the imposition of sanctions on any later breach. This is why it’s so important for a healthcare business to understand its HIPAA obligations and take them seriously.
When was the last time your business conducted a security risk assessment to understand its potential risk areas for security breaches? If you’ve never had one, or haven’t had one recently, the time is now to conduct one. “When was your last security risk assessment?” is often the first thing that the government will ask in response to a breach.
Federal fines for noncompliance with HIPAA are based on the level of negligence perceived by the Federal government at the time of the breach. Fines and penalties range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million. Simply put, your healthcare business can’t afford to bury its head and hope that it won’t be hit.
HHS found that a home health agency incorrectly billed Medicare and did not comply with Medicare Billing requirements for beneficiaries that were not homebound and for others that did not require skilled services at all.
In August and September 2018, physicians and the owner of a home health agency were each sentenced on multiple counts of conspiracy and healthcare fraud and ordered to pay $6.5 million in restitution. One physician was sentenced to 132 months in prison following trial. A physician who pled guilty was sentenced to 27 months in prison following a guilty plea. The home health agency owner was sentenced to 42 months in prison. The defendants paid and received kickbacks in exchange for patients and billed Medicare more than $8.9 million for services that were medically unnecessary, never provided, and/or not otherwise reimbursable. Additionally, certain defendants provided prescriptions for opioid medications to induce patient participation in the scheme.
In September 2018, the co-owner and administrator of a home health agency was sentenced to 24 months in prison, ordered to pay over $2.2 million in restitution, and ordered to forfeit over $1.1 million. The co-owners participated in a home healthcare fraud conspiracy that resulted in Medicare paying at least $2.2 million on false and fraudulent claims. The owners and their co-conspirators paid kickbacks to doctors and patient recruiters in exchange for patient referrals, billed Medicare for services that were medically unnecessary, and caused patient files to be falsified to justify the fraudulent billing.
Back in February 2018, the owner of more than twenty home health agencies was sentenced to 240 months in prison and ordered to pay $66.4 million in restitution, jointly and severally with his co-defendants, after pleading guilty to one count of conspiracy to commit health care fraud and wire fraud. A patient recruiter for the home health agencies, who also owned a medical clinic and two home health agencies of her own, was sentenced to 180 months in prison. Another patient recruiter, who also was the owner of two home health agencies, was sentenced to 115 months in prison. These conspirators paid illegal bribes and kickbacks to patient recruiters in return for the referral of Medicare beneficiaries many of whom did not need or qualify for home health services. Medicare paid approximately $66 million on those claims.
Illegal kickbacks in exchange for referrals of Medicare beneficiaries, lack of medical necessity for home health services, failing to meet the guidelines, fraudulent billing, billing for services beneficiaries did not receive and fraudulent documentation continues to plague the home healthcare industry.
Deciding you want to open your own medspa or start a medical practice is the first and most important step in creating something unique and building a brand. Understanding how to properly “start” that business from a legal perspective, and doing so correctly can be the difference between success and failure.
As a physician in a private, solo-practice, or the business owner of a medspa startup, proper strategy is key. Understanding your corporate structure, developing a business plan, and compliance with the laws will help eliminate pesky obstacles that will slow your growth.
When working with start-ups the following steps should be given plenty of time and attention. read more
Many physician groups and health care companies will enter the market at some point to sell their business. In the rare case, the selling group will already have a buyer who is ready and willing to pay and close on the business sale. More often than not however, most sellers will utilize the services of a business broker to help find a suitable buyer, and will compensate the broker on a commission basis upon closing. Unlike real estate closings, whereby the main concern is the title of the property being conveyed, medical practice sales require much more detailed representation on all aspects of the business, including but not limited to, real property, existing contracts, existing patients, and medical equipment.
Before signing a business broker listing agreement, ensure that the following points are considered to avoid potential pitfalls: read more
There has been much talk about the future of health care real estate investment trusts (REIT) and the evolution of the real estate market, as well as the way patient care is being provided in today’s world. With greater demand for outpatient and ambulatory surgical centers, the healthcare REIT market is forecasted to be a bullish market. Additional reasons for positive forecasts include an aging population with greater demand, a track record of high performance, and cost of equity capital. Investing in income-generating real estate can be a great way to increase net worth. For many, investing in real estate, particularly commercial real estate, seems to be out of reach financially. However, with the right partnerships and guidance, it is possible. REITs (pronounced “reets”) allow mall investors today to pool their resources with other small investors in order to invest in large-scale commercial real estate as a group.
Thinking about selling a medical practice? Here are some steps for preparing your business in advance of a transaction.
Visit your financial planner.
Be sure that you can afford to leave the business, if you are retiring. Most times, buyers will require a comprehensive non-compete and you should be absolutely certain that you are financially prepared to retire or sell before you sign that restrictive covenant.
Visit your accountant.
Get your financial history in order. Review and re-review your tax returns and profit statements for the past three years to ensure that the business is appropriately reflected in those records. Take the time to clean up any “creative” bookkeeping so that the buyer is given a complete and accurate picture of the business they are buying into. You are likely going to have to make a representation that your financial disclosures are true, so take the time to get comfortable with that representation early on. read more
Private money (e.g. private equity) is in full swing purchasing medical practices with large profit margins (e.g. dermatology). This is NOT the same thing as when physician practice management companies (PPMCs) bought practices the 90s. Back then, the stimulus for the seller was (a) uncertainty re practice profits in the future, and (b) the stock price. Selling practices got some or all of the purchase price in stock, with the hopes the purchasing company stock would far exceed the multiplier applied to practice “earnings” (the “multiple”). Buyers promised to stabilize and even enhance revenues with better management and better payer contracting. If the optimism of the acquiring company and selling doctors was on target, everyone won because the large stock price made money for both the buyer and seller. The private equity “play” today is a little different.
Today’s sellers are approaching the private equity opportunity the same way they did with PPMCs, except for the stock focus since most private equity purchases don’t involve selling doctors obtaining stock. Sellers hope their current practice earnings will equate to a large “purchase price.” And they hope the buyer have better front and back office management that will result in more stable and even enhanced earnings. And for this, the private equity buyer takes a “management fee,” which they typically promise (though not in writing) to offset with enhanced practice earnings. read more
The transition from paper medical records to electronic medical records has brought with it many conveniences and some unintended consequences. One example of an unintended consequence is cloning in the medical record. Cloning is copying and pasting previously recorded information from a prior patient note into a new patient note.
Providing quality medical care is only one part of the job. Appropriately documenting that care in order to be paid for your efforts is another. And while medical professionals are trained at length to provide care, hardly any are aware of the potential pitfalls associated with improper documentation.
Private money (e.g. private equity) is back chasing those selling medical practices and medical business acquisitions. This time around it is very different from similar activity in the 90s. Back then, the movement was public companies aggregating gross income dollars, which for a time drove stock prices. Today’s private money buyers are looking to maximize profitability through achieving efficiency and aggregating large groups for leverage and the development of new income streams. Though stock (in the form of warrants and options or stock itself) if often on the table, it doesn’t have to be. Buyers are doing all cash deals, albeit to some degree on an earnings basis. If you want the full price, you have to remain involved and do what you can to maintain revenues and perhaps even drive them up.
Physicians especially have to know what they’re dealing with and then have at least a basic understanding of the issues that will drive these deals. To begin with, “private equity” simply means private investors (typically a group that pools their capital) that buy a portion or all of a company. Their investments are usually much larger than venture capital firm deals. They are not publicly traded entities. What do they want? To invest money in mature businesses, grow a company’s profitability and then “flip” their ownership to another buyer, typically in three to five years form their launch date. In contrast, venture capital firms usually invest in start-ups, buy 100% of the company and require control. read more
As healthcare professionals, we take pride and care in the detail in maintaining our employee files. Certain items must be separated from the others, files securely locked and out of reach from co-workers hands. Personnel’s personal information must be protected. We all know these things and probably already have a procedure in place for compliance.
Whether your facility has been deemed accredited (Joint Commission, for example) or just starting up, employee files must be maintained, reviewed, audited, and kept according to retention requirements. Knowing which laws apply aids in keeping your business compliant. For example, pursuant to ERISA laws, there is no specific time period to maintain records that reflect age, marital status and/or service records. The Social Security Acts states that employees’ social security numbers must be kept four years from the tax due date or payment of tax, whichever is later. So, there’s a lot of tracking going on. read more