Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.
The COVID-19 virus has and will probably continue to change the way healthcare providers and business associates interact and help their patients. As many providers are aware, a HIPAA violation is a serious issue, and can cost a healthcare entity large amounts of time and money to respond to any regulatory investigation. Recognizing that the COVID-19 pandemic has strained every corner of the economy and is THE MOST IMPORTANT issue for almost every industry, the federal government has rolled back some HIPAA protections. It is unclear how long these rollbacks will last, and it is possible that some of them may be permanent, but for now healthcare providers and their business associates can take some comfort that they can focus on delivering care and not dealing with overly burdensome regulations and investigations. The major changes include:
Telehealth. Changes include allowing physicians and other healthcare providers to offer telehealth services across State lines, so State licensing issues should not be a concern. Additionally, Providers are essentially free to choose almost any app to interact with their patients, even if it does not fully comply with the HIPAA rules. The HHS allows the provider to use their business judgment, but of course, such communications should NOT be public facing – which means DO NOT allow the public to watch or participate in the visit!
Disclosures of Protected Health Information (PHI). A good faith disclosure of such information will not be prosecuted. Examples include allowing a provider or business associate to share PHI for such purposes as controlling the spread of COVID-19, providing COVID-19 care, and even notifying the media, even if the patient has not, or will not grant his or her permission.
Business Associate Agreement (BAA). As most healthcare providers know, a BAA agreement between a provider and an entity that may have access to PHI is required by law. During the COVID-19 pandemic, the lack of a BAA is not an automatic violation.
Access to telehealth for Medicare beneficiaries was further increased by the Trump Administration April 30, 2020. These new changes allows all health care professionals eligible to bill Medicare for services to provide services via telehealth communications and to bill the Medicare program for such services. Additionally, certain services may now be provided using audio technology only.
For a list of services eligible for reimbursement by the Medicare Program, including services requiring audio technology only, download here. There are approximately 180 different codes reimbursable by Medicare if provided via telehealth communications.
The transition from paper medical records to electronic medical records has brought with it many conveniences and some unintended consequences. One example of an unintended consequence is cloning in the medical record. Cloning is copying and pasting previously recorded information from a prior patient note into a new patient note.
Providing quality medical care is only one part of the job. Appropriately documenting that care in order to be paid for your efforts is another. And while medical professionals are trained at length to provide care, hardly any are aware of the potential pitfalls associated with improper documentation.
In December 2016, the US Congress passed the 21st Century Cures Act, which, among other things, provided for increased funding for treatment and research of mental health and substance abuse disorders. That law also required the HHS Office of Civil Rights (OCR) to provide guidance in regards to HIPAA compliance in regards to those types of treatment. In October 2017, President Donald Trump declared the opioid addiction epidemic to be a public health emergency, which will also result in additional resources being allocated to addressing the crisis.
In connection with both the new law and the President’s declaration, OCR published its HIPAA guidance in December 2017. The guidance is intended to clarify how and when protected health information (PHI) can be shared in regards to patients in substance abuse and mental health treatment. According to OCR Director Roger Severino, “HHS is using every tool at its disposal to help communities devastated by opioids, including educating families and doctors on how they can share information to help save the lives of loved ones.” read more
So, you’ve received a letter from the Zone Program Integrity Contractor or “ZPIC” to review for the accuracy and justification of services reimbursed by the Medicare program. In other words, a dreaded ZPIC Audit or ZPIC Investigation. Now What?!
First, remain calm. Chances are an audit by ZPIC will go well if you have been diligent in completing patients’ medical records, justifying medical necessity, and your billing is accurate and well supported by the patients’ medical records. Even if errors are discovered, most errors do not represent fraud, that is, the errors were not committed knowingly, willfully and intentionally. Still, a ZPIC audit can be daunting and if Medicare has noticed a pattern of billing that it considers suspect, or there has been a complaint against you, the ZPIC audit will be rigorous, and often adversarial. The ZPIC’s job is to protect the program from potential fraud. It will conduct data analysis, including statistical outliers within a well-defined group, or other analysis to detect patterns within claims or groups of claims that might suggest improper billing. Data analysis can be undertaken as part of a general review of claims pre or post submission, or in response to information about specific problems arising from complaints, provider or beneficiary input, fraud alerts, CMS reports, Medicare Area Contractors, or independent governmental or nongovernmental agencies. read more
“Prevention is better than cure” is a maxim that has reigned in the healthcare industry for thousands of years; however, this phrase echoes through the halls of the legal profession as well.
Healthcare practices often neglect to appreciate the value of their confidential information as assets and the need to protect these assets. Although HIPAA and HITECH compliance aids in maintaining the confidentiality of patient records, it does not protect a provider’s trade secrets.
Trade secrets of a healthcare practice may include any of the following: patient lists, financial information, contract rates, contract terms client lists, collection rates, marketing tactics, pricing/discount information, and methods of doing business. If leaked, this information may be used by competitors to secure advantages over a healthcare practice. For example, patient lists could be used to solicit a practice’s patients or contract rates and terms can be used by a competitor to undercut the rates of a practice. read more
Recently, a Florida-based physician practice specializing in pain management was ordered to pay the Federal Government $7.4 after it was determined that the group’s physicians were ordering medically unnecessary drug screens and billing Medicare for those tests. Federal prosecutors contended that the group’s physicians had appropriately ordered initial drug screens on many patients, but had inappropriately ordered more extensive (and more expensive) follow up tests nearly 100% of the time. Moreover, patient medical records did not reflect the need for more extensive testing. read more
The US Department of Health and Human Services, Office of Civil Rights is the chief enforcer of HIPAA. The Office’s recent enforcement of HIPAA with respect to a Massachusetts derm practice is illustrative of how the government views HIPAA and how vulnerable medical practices are. read more
As premiums and deductibles rise and coverage shrinks, more and more patients have difficulty paying for their health care. You can provide financial relief to your patients if you wish, but you should only do so in accordance with a uniform hardship policy.
As a general rule, the practice should not routinely waive co-pays or deductibles, or offer discounts based on a patient’s statement that the patient is suffering from financial hardship. If the practice does routinely offer discounts or waivers of deductibles without properly investigating a patient’s financial wherewithal, the practice runs the risk of violating its payor contracts, being accused of committing insurance fraud, and/or paying an illegal kickback to induce patients to come to the practice. Some payor contracts require the practice to bill the payor the lowest rate that the practice bills any of its patients, a so-called “most favored nation provision.” Typical Medicare participation agreements are subject to this type of provision. If the practice waives deductibles or co-pays, then insurers often take the position that the amount being billed by the practice to the insurer ought to be reduced by the amount waived. In addition, a regulator could conceivably accuse the practice of waiving co-pays and deductibles as a means of inducing patients to seek treatment from the practice in violation of anti-kickback laws. read more
The Florida Board of Medicine reviewed Rule 64B8-9.003, Florida Administrative Code which provides standards for the adequacy of medical records. The underlined portions below are the new standards required for medical records as it relates to compounded medications. These standards are effective September 9, 2013. read more