Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.
You do everything right. You’re careful to dot your i’s and cross your t’s. Compliance is hard-wired because you’re in an industry that’s highly regulated and you’ve built into your operations a series of compliance checks and balances. However, even with strong controls in place, compliance efforts sometimes fall short– and whether you’re a physician group, a pharmacy, a durable medical equipment company, a home health agency, or any other health care provider, someday you might find yourself face-to-face with law enforcement officials or regulatory enforcement authorities. What do you do? How do you assure the most successful outcome with minimal business disruption?
Compliance is the foundation to mitigating the risks inherent in any health care operation. Compliance can reduce the likelihood that regulators or law enforcement suddenly appear on your doorstep. But preparation for emergencies and uncertainties is the key to reducing the risk that non-compliance leads to lengthy business interruption. Although you may be saying “if”, you really should be thinking and acting more like “when”. It costs everything to be ill-prepared and it costs very little to be well-prepared. The following preparation can prevent much of the uncertainty that arises in these cases.
POLICIES AND PROCEDURES
First and foremost, make sure you have well-developed policies and procedures for what to do in such instances. You should review these policies and procedures with your employees regularly, focusing on the importance of compliance. Out of fear and uncertainty, employees can do things that create unnecessary challenges. Educating them as to what their rights and responsibilities are will mitigate those risks. Make sure your policies and procedures include the designation of who is in charge (“person in charge”) when the government does show up. read more
A recent Department of Justice $500,000 settlement with a cardiology practice underscores the need for ensuring tighter compliance by medical practices. There, the practice billed Medicare for cardiology procedures for which interpretive reports were also required. Medicare paid for the procedures, but upon audit, CMS could not find the requisite interpretive reports. The False Claims Act case settled for $500,000, but it’s likely that (1) the reimbursement by Medicare was far less, and (b) the legal fees behind the settlement weren’t too far behind the settlement amount! Had the practice self-audited each year, would they have found the discrepancy?
Medical practices have felt the weight of price compression and regulatory load more than probably any segment in the healthcare sector. They are doing far more for far less. And regulations expand faster than viruses! Hence, many have a strategy of regulatory compliance that can best be characterized as a combination of facial compliance (“We bought the manual and put it on the shelf”) and hope (“They’re not really serious about this, are they?”). Unless you’re part of a practice of more than 20 doctors, it’s likely that you can do more to ensure regulatory compliance.
As healthcare professionals, we take pride and care in the detail in maintaining our employee files. Certain items must be separated from the others, files securely locked and out of reach from co-workers hands. Personnel’s personal information must be protected. We all know these things and probably already have a procedure in place for compliance.
Whether your facility has been deemed accredited (Joint Commission, for example) or just starting up, employee files must be maintained, reviewed, audited, and kept according to retention requirements. Knowing which laws apply aids in keeping your business compliant. For example, pursuant to ERISA laws, there is no specific time period to maintain records that reflect age, marital status and/or service records. The Social Security Acts states that employees’ social security numbers must be kept four years from the tax due date or payment of tax, whichever is later. So, there’s a lot of tracking going on. read more
Medical web-based businesses have been on the rise, while the number of HIPAA enforcement actions by the US Department of Health and Human Services (HHS) has risen exponentially as well. Since the beginning of this year, HHS has announced several large settlements with companies that failed to comply with HIPAA Compliance requirements. For example, in January, HHS announced a $2.2 million settlement with a health insurance company when a breach resulted from a stolen portable USB device containing PHI. Also, In February, HHS announced a penalty of $3.2 million against a medical center for a breach that arose from a theft of an unencrypted laptop containing PHI. This enforcement activity is becoming the norm, so it is best to ensure that your medical website is legally compliant.
If you are handling any PHI on or through your website, you must ensure that your website is up to speed with HIPAA compliance. Here are some recommendations to address the security and privacy of PHI that your website may manage (please note that this is not a comprehensive list): read more
In 1986 President Ronald Reagan signed the Emergency Medical Treatment and Active Labor Act (EMTALA) into law. Since then, the application of the law has been expanded and refined. It was one of the first laws giving the government the authority to dictate certain operations of a hospital. While other laws and regulations such as the Anti-Kickback Statute and the Stark Law have become more of a focus for health care providers, EMTALA remains an area of active enforcement. All providers with hospital privileges should therefore be aware of its application.
The policy behind the law is fairly straightforward. Hospitals with emergency departments should not be able to turn away patients needing care because of their inability to pay (no more “wallet biopsies” as part of triage). Likewise, hospitals should not be able to “dump” patients on other facilities for reasons other than for advanced care.
The requirements of the law are also very basic. If a patient comes to an emergency department and requests an examination or treatment for a medical condition, the hospital must provide an appropriate medical screening exam, within its capability, to determine whether or not the patient has an emergency medical condition. The screening provided goes beyond simple triage, and must be performed by a clinical provider such as a physician, nurse practitioner, or physician’s assistant. read more
Does your healthcare entity have a governing Board? How involved is that Board in overseeing your business? Would your Board members be able to respond to questions about your business’ compliance-related activities? Recently, the Office of the Inspector General (“OIG”), in conjunction with a host of non-profit healthcare associations, released guidance on achieving compliance for healthcare governing boards. The guidance is not based on abstract principals of compliance, instead it points to applicable federal law, OIG guidance, case law, and sentencing guidelines.
Each and every healthcare organization, whether or not it accepts reimbursement from government payors, must have in place regulatory compliance measures designed to protect the population it serves, and the persons paying for and providing those services. All levels of a healthcare organization must be cognizant of their roles in the organization’s continuing commitment to compliance. Even Board members, who often do not experience the inner-workings of the entities they represent, have an obligation and duty to the organization to act in a manner that stressed compliance. Applicable federal and state laws, how they apply to an organization, and how the organization reacts to its obligations imposed by those laws, must be of paramount importance to a governing Board.
The OIG compliance guidance for healthcare Boards tracks 4 areas over which boards should have specific oversight: read more
When a healthcare provider cares for a patient, many times, the provider will set out directives for the patient to follow in order to live a healthier life. These changes may include changes in lifestyle, eating habits, and obedience in taking medications. A patient’s compliance with these directives instructs the provider on how to care for the patient in the future. A patient who does not follow these directives may suffer health consequences.
Similarly, the government sets out legal regulations for healthcare providers. The government expects healthcare providers to comply with its regulations, and providers who don’t can suffer consequences as a result. The regulations governing health care providers are vast and dynamic. In order to keep abreast of the changes in law, and to evidence an intent to comply with law, healthcare providers should strongly consider instituting compliance programs in their businesses.
Compliance with healthcare laws is important. Any number of consequences can result in the event that a healthcare provider is out of compliance—the most devastating being that the Department of Health and Human Services Office of the Inspector General (“OIG”) has the authority to exclude healthcare providers from participation in Medicare and other federal health care programs. Ignorance of the law does not absolve a healthcare provider of liability. read more
Though it can be tempting to offer help to patients in this era of sky high healthcare costs, out-of-network physicians must remember that they should not only be collecting copayments and deductibles from their patients at the time of service and before they leave the office, but also that collecting these payments is their obligation. For physicians and other providers who engage in the practice of failing to collect payments there is a significant legal exposure under federal and state laws including civil litigation brought by commercial health plans, managed care organizations and medical benefit managers regarding routine waiver of these payments. read more
Florida physicians are being approached to become owners of pharmacies to which they may refer, often compounding pharmacies, but may be unaware of the regulatory issues involved. Physicians need to be aware of the core laws that apply, which include the Florida Patient Self Referral Act (FPSRA), the Florida Anti Kickback Statute, the Patient Brokering Act and the Federal Investment Interest Safe Harbor. read more
In an effort to help individuals access their health information so that they can become more actively involved in managing their own health care, several agencies within the Department of Health and Human Services promulgated a rule that modifies the Clinical Laboratory Improvement Amendments (“CLIA”) and the Health Insurance Portability and Accountability Act (“HIPAA”) in a way that supersedes Florida State laws governing the disclosure of laboratory test results directly to patients.