The COVID-19 virus has and will probably continue to change the way healthcare providers and business associates interact and help their patients. As many providers are aware, a HIPAA violation is a serious issue, and can cost a healthcare entity large amounts of time and money to respond to any regulatory investigation. Recognizing that the COVID-19 pandemic has strained every corner of the economy and is THE MOST IMPORTANT issue for almost every industry, the federal government has rolled back some HIPAA protections. It is unclear how long these rollbacks will last, and it is possible that some of them may be permanent, but for now healthcare providers and their business associates can take some comfort that they can focus on delivering care and not dealing with overly burdensome regulations and investigations. The major changes include:
Telehealth. Changes include allowing physicians and other healthcare providers to offer telehealth services across State lines, so State licensing issues should not be a concern. Additionally, Providers are essentially free to choose almost any app to interact with their patients, even if it does not fully comply with the HIPAA rules. The HHS allows the provider to use their business judgment, but of course, such communications should NOT be public facing – which means DO NOT allow the public to watch or participate in the visit!
Disclosures of Protected Health Information (PHI). A good faith disclosure of such information will not be prosecuted. Examples include allowing a provider or business associate to share PHI for such purposes as controlling the spread of COVID-19, providing COVID-19 care, and even notifying the media, even if the patient has not, or will not grant his or her permission.
Business Associate Agreement (BAA). As most healthcare providers know, a BAA agreement between a provider and an entity that may have access to PHI is required by law. During the COVID-19 pandemic, the lack of a BAA is not an automatic violation.
Attorney Richard A. Merlino will present this live webinar for attendees interested in learning about strategies for proactively investigating a healthcare business. He will share information on predictive analytics and implementing compliance programs, as well as the top exposure areas where fraud is most likely to occur so that you can find the fraud before a whistleblower does.
Compliance programs should establish a culture that promotes prevention, detects and resolves healthcare fraud, per the OIG. Pursuant to the Whistleblower Protection Enhancement Act of 2012, the Department of Health and Human Services, Office of Inspector General, has established a Whistleblower Ombudsman to educate Department employees about prohibitions on retaliation for whistleblowing, as well as employees’ rights and remedies if anyone retaliates against them for making a protected disclosure.
You might have recently received a holiday gift of a direct-to-consumer genetic testing kit from Ancestry.com or 23andMe.com (or any other number of companies). So exciting! In our melting pot society, one can’t help but be curious about where they come from and if they are more likely than any other person to be subject to any number of ailments.
Not so fast though! Before you swab yourself and send away your genes for testing, you might consider what you’re exposing yourself to. Direct-to-consumer genetic testing companies, which provide genetic testing directly to consumers without any intervening healthcare provider, are not bound by HIPAA. They are not considered “covered entities”, and therefore not required to use the same protections for genetic information the way a hospital or your doctor would.
Pharmacies using automated dialers for prescription refill reminders and relying on the statutory prescription refill reminder exemption to the TCPA’s prohibition on the use of automated dialing equipment as an impenetrable blanket against liability need to think again.
The case of Smith v. Rite Aid Corporation, 2018 WL 5828693 (W.D.N.Y. Nov. 7, 2018), revolves around a Rite Aid pharmacy’s use of a prescription refill reminder program to contact a patient to pick up a prescription. The pharmacy placed several calls per week intended to remind the patient to come into the store to pick up their prescription. However, an innocent bystander instead of the intended recipient of the mediation received the calls; either due to error in taking the phone number down or a due to the number being reassigned (which happens to thousands of numbers on a daily basis!). The unintended recipient of the multiple prescription refill reminder calls filed a class action lawsuit under the federal Telephone Consumer Protection Act (“TCPA”), which provides for statutory penalties of $500-$1,500, per call.
There are perfectly compliant ways to engage with healthcare marketers, and then there’s this; here are some of the latest real-life examples:
“DME BRACE CAMPAIGN – $40 to $150 PER LEAD PER BRACE”
“DME DIABETIC LEADS $40 PER LEAD, INSURANCE AND DOC INFO INCLUDED”
“PAIN CREAM/LIDOCANE LEADS FOR SALE, RX INCLUDED”
These marketers are seemingly holding auctions for the sale of federally protected patient health information out to the highest bidder! Couldn’t make this stuff up – if you’re in this industry, a quick gander at your (business) social media platforms will quickly confirm it.
Private money (e.g. private equity) is in full swing purchasing medical practices with large profit margins (e.g. dermatology). This is NOT the same thing as when physician practice management companies (PPMCs) bought practices the 90s. Back then, the stimulus for the seller was (a) uncertainty re practice profits in the future, and (b) the stock price. Selling practices got some or all of the purchase price in stock, with the hopes the purchasing company stock would far exceed the multiplier applied to practice “earnings” (the “multiple”). Buyers promised to stabilize and even enhance revenues with better management and better payer contracting. If the optimism of the acquiring company and selling doctors was on target, everyone won because the large stock price made money for both the buyer and seller. The private equity “play” today is a little different.
Today’s sellers are approaching the private equity opportunity the same way they did with PPMCs, except for the stock focus since most private equity purchases don’t involve selling doctors obtaining stock. Sellers hope their current practice earnings will equate to a large “purchase price.” And they hope the buyer have better front and back office management that will result in more stable and even enhanced earnings. And for this, the private equity buyer takes a “management fee,” which they typically promise (though not in writing) to offset with enhanced practice earnings.
Earlier this month, Attorney General Jeff Sessions announced the formation of the Opioid Fraud and Abuse Detection Unit, which is a pilot program of the United Stated Department of Justice. AG Sessions noted that there are three components to approach the opioid crisis that our nation faces: prevention, treatment and enforcement.
Prevention. AG Sessions noted briefly that the DOJ is undertaking that component through raising awareness, through drug take-back programs, and through DEA’s 360 Strategy program, which incorporates law enforcement, diversion control and community outreach to tackle the cycle of violence and addiction in US cities. He also stated that law enforcement is a component of prevention.
Treatment. AG Sessions articulated that treatment can help break the cycle of addiction and crime and help people get their lives back together.
Enforcement. AG Sessions dove deep in the area of enforcement, reasoning that enforcing our laws helps keep drugs out of the hands of our citizens, decreases their availability, drives up their price, and reduces their purity and addictiveness. He added, “Enforcement will make a difference in turning the tide in this epidemic.”
Most of the commercial payors are paying PHP (Partial Hospitalization Plan) and IOP (Intensive Treatment Plan) at a bundled daily rate. Many of the plans are now adding urine drug screens to the bundled daily rate and imposing a cap on the number of screens that can be done during an admission. Plans are paying rates that are much nearer to a Medicare rates. Payments based on a reasonable percentage of a provider’s charge are becoming harder to find, as the calculation of what is a usual and customary rate of payment continues to decline.
Yet, a great portion of substance abuse facilities are operating with more clinical staff, at a higher level through licensure, with better Electronic Medical Systems, more programs to combat some of the symptoms of addiction and with a greater awareness of compliance with state and federal guidelines. Even with these necessary improvements, reimbursements continue to decline.
Did you know as a residential addiction substance abuse treatment provider, your facility must know what is, and what is not, above your ceiling tiles? Does your facility have a “No Smoking” sign at the main entrance? Do you know which way the doors are supposed to close? Want to grow your business? Plan on expanding? You will need an ILSM (Interim Life Safety Measure) completed; and, the ILSM must include an infection control acknowledgment.
The Bottom Line About ILSM for Substance Abuse Treatment
In simplicity, buildings serving patients must comply with the NFPA 101 (2012 edition) Life Safety Code. Has your substance abuse treatment organization identified a Safety Officer? Has the Safety Officer identified Life Safety Code problems? If your answer is “No” to these two basic questions, it may be time for your practice to implement a Life Safety program.
Known as “Minimum Fire Safety Standards for Residential Alcohol and Drug Abuse Treatment and Prevention Programs, mental Health Residential Treatment Facilities and Crisis Stabilization Units”, this rule chapter must be applied and adhered to in all 24 hour, 7 day per week healthcare facilities, just like a traditional hospital.
Less than a year ago that medical device developer, Olympus Corp, agreed to pay a $646 million settlement to resolve claims of illegal kickbacks to physicians and hospitals. This is considered to be the largest settlement amount in the history of violations to the Anti-kickback Statute. The federal Anti-Kickback Statute (“Anti-Kickback Statute”) is a criminal statute that prohibits the exchange (or offer to exchange), of anything of value, in an effort to induce or reward the referral of federal health care program business. Conviction for a single violation under the Anti-Kickback Statute may result in a fine of up to $25,000 and imprisonment for up to five (5) years. In addition, a conviction will result in mandatory exclusion from participation in federal health care programs. The government may also assess civil money penalties, which could result in treble damages plus $50,000 for each violation of the Anti-Kickback Statute.
Between 2006 and 2011, Olympus offered consulting deals among many other bribes to influence physicians to order and prescribe Olympus medical devices. These consulting agreements provided for large up-front payments to physicians under the guise of medical device development. Olympus failed to focus on compliance and didn’t have policies and procedures in place to prevent illegal arrangements such as these. These physicians were retained as consultants, but most provided very little consulting services; they were utilized as device promoters. Physicians have a duty to order medical devices solely on the traditional standards of quality, price, and appropriateness for the medical conditions treated. Moreover, the ordering of medical devices by a physician must never be influenced by personal financial gain.
Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.