You might have recently received a holiday gift of a direct-to-consumer genetic testing kit from Ancestry.com or 23andMe.com (or any other number of companies). So exciting! In our melting pot society, one can’t help but be curious about where they come from and if they are more likely than any other person to be subject to any number of ailments.
Not so fast though! Before you swab yourself and send away your genes for testing, you might consider what you’re exposing yourself to. Direct-to-consumer genetic testing companies, which provide genetic testing directly to consumers without any intervening healthcare provider, are not bound by HIPAA. They are not considered “covered entities”, and therefore not required to use the same protections for genetic information the way a hospital or your doctor would.
Pharmacies using automated dialers for prescription refill reminders and relying on the statutory prescription refill reminder exemption to the TCPA’s prohibition on the use of automated dialing equipment as an impenetrable blanket against liability need to think again.
The case of Smith v. Rite Aid Corporation, 2018 WL 5828693 (W.D.N.Y. Nov. 7, 2018), revolves around a Rite Aid pharmacy’s use of a prescription refill reminder program to contact a patient to pick up a prescription. The pharmacy placed several calls per week intended to remind the patient to come into the store to pick up their prescription. However, an innocent bystander instead of the intended recipient of the mediation received the calls; either due to error in taking the phone number down or a due to the number being reassigned (which happens to thousands of numbers on a daily basis!). The unintended recipient of the multiple prescription refill reminder calls filed a class action lawsuit under the federal Telephone Consumer Protection Act (“TCPA”), which provides for statutory penalties of $500-$1,500, per call.
There are perfectly compliant ways to engage with healthcare marketers, and then there’s this; here are some of the latest real-life examples:
“DME BRACE CAMPAIGN – $40 to $150 PER LEAD PER BRACE”
“DME DIABETIC LEADS $40 PER LEAD, INSURANCE AND DOC INFO INCLUDED”
“PAIN CREAM/LIDOCANE LEADS FOR SALE, RX INCLUDED”
These marketers are seemingly holding auctions for the sale of federally protected patient health information out to the highest bidder! Couldn’t make this stuff up – if you’re in this industry, a quick gander at your (business) social media platforms will quickly confirm it.
Private money (e.g. private equity) is in full swing purchasing medical practices with large profit margins (e.g. dermatology). This is NOT the same thing as when physician practice management companies (PPMCs) bought practices the 90s. Back then, the stimulus for the seller was (a) uncertainty re practice profits in the future, and (b) the stock price. Selling practices got some or all of the purchase price in stock, with the hopes the purchasing company stock would far exceed the multiplier applied to practice “earnings” (the “multiple”). Buyers promised to stabilize and even enhance revenues with better management and better payer contracting. If the optimism of the acquiring company and selling doctors was on target, everyone won because the large stock price made money for both the buyer and seller. The private equity “play” today is a little different.
Today’s sellers are approaching the private equity opportunity the same way they did with PPMCs, except for the stock focus since most private equity purchases don’t involve selling doctors obtaining stock. Sellers hope their current practice earnings will equate to a large “purchase price.” And they hope the buyer have better front and back office management that will result in more stable and even enhanced earnings. And for this, the private equity buyer takes a “management fee,” which they typically promise (though not in writing) to offset with enhanced practice earnings.
Earlier this month, Attorney General Jeff Sessions announced the formation of the Opioid Fraud and Abuse Detection Unit, which is a pilot program of the United Stated Department of Justice. AG Sessions noted that there are three components to approach the opioid crisis that our nation faces: prevention, treatment and enforcement.
Prevention. AG Sessions noted briefly that the DOJ is undertaking that component through raising awareness, through drug take-back programs, and through DEA’s 360 Strategy program, which incorporates law enforcement, diversion control and community outreach to tackle the cycle of violence and addiction in US cities. He also stated that law enforcement is a component of prevention.
Treatment. AG Sessions articulated that treatment can help break the cycle of addiction and crime and help people get their lives back together.
Enforcement. AG Sessions dove deep in the area of enforcement, reasoning that enforcing our laws helps keep drugs out of the hands of our citizens, decreases their availability, drives up their price, and reduces their purity and addictiveness. He added, “Enforcement will make a difference in turning the tide in this epidemic.”
Most of the commercial payors are paying PHP (Partial Hospitalization Plan) and IOP (Intensive Treatment Plan) at a bundled daily rate. Many of the plans are now adding urine drug screens to the bundled daily rate and imposing a cap on the number of screens that can be done during an admission. Plans are paying rates that are much nearer to a Medicare rates. Payments based on a reasonable percentage of a provider’s charge are becoming harder to find, as the calculation of what is a usual and customary rate of payment continues to decline.
Yet, a great portion of substance abuse facilities are operating with more clinical staff, at a higher level through licensure, with better Electronic Medical Systems, more programs to combat some of the symptoms of addiction and with a greater awareness of compliance with state and federal guidelines. Even with these necessary improvements, reimbursements continue to decline.
Did you know as a residential addiction substance abuse treatment provider, your facility must know what is, and what is not, above your ceiling tiles? Does your facility have a “No Smoking” sign at the main entrance? Do you know which way the doors are supposed to close? Want to grow your business? Plan on expanding? You will need an ILSM (Interim Life Safety Measure) completed; and, the ILSM must include an infection control acknowledgment.
The Bottom Line About ILSM for Substance Abuse Treatment
In simplicity, buildings serving patients must comply with the NFPA 101 (2012 edition) Life Safety Code. Has your substance abuse treatment organization identified a Safety Officer? Has the Safety Officer identified Life Safety Code problems? If your answer is “No” to these two basic questions, it may be time for your practice to implement a Life Safety program.
Known as “Minimum Fire Safety Standards for Residential Alcohol and Drug Abuse Treatment and Prevention Programs, mental Health Residential Treatment Facilities and Crisis Stabilization Units”, this rule chapter must be applied and adhered to in all 24 hour, 7 day per week healthcare facilities, just like a traditional hospital.
Less than a year ago that medical device developer, Olympus Corp, agreed to pay a $646 million settlement to resolve claims of illegal kickbacks to physicians and hospitals. This is considered to be the largest settlement amount in the history of violations to the Anti-kickback Statute. The federal Anti-Kickback Statute (“Anti-Kickback Statute”) is a criminal statute that prohibits the exchange (or offer to exchange), of anything of value, in an effort to induce or reward the referral of federal health care program business. Conviction for a single violation under the Anti-Kickback Statute may result in a fine of up to $25,000 and imprisonment for up to five (5) years. In addition, a conviction will result in mandatory exclusion from participation in federal health care programs. The government may also assess civil money penalties, which could result in treble damages plus $50,000 for each violation of the Anti-Kickback Statute.
Between 2006 and 2011, Olympus offered consulting deals among many other bribes to influence physicians to order and prescribe Olympus medical devices. These consulting agreements provided for large up-front payments to physicians under the guise of medical device development. Olympus failed to focus on compliance and didn’t have policies and procedures in place to prevent illegal arrangements such as these. These physicians were retained as consultants, but most provided very little consulting services; they were utilized as device promoters. Physicians have a duty to order medical devices solely on the traditional standards of quality, price, and appropriateness for the medical conditions treated. Moreover, the ordering of medical devices by a physician must never be influenced by personal financial gain.
Healthcare providers have heard the HIPAA disaster stories: a laptop containing patient information is left on the counter at the coffee shop; a thumb drive with patient files goes missing; a rogue employee accesses patient information she has no business accessing; hackers get into a practice’s server and hold the patient information for ransom.
HIPAA is a federal law designed for safe disclosure of patient’s protected health information. The news headlines showcase giant penalties for violations. However, Florida healthcare providers should also know that Florida has its own consumer protection statute, called the Florida Information Protection Act. So while you’re busy worrying about your HIPAA exposure in any of these situations, remember that there is potential State exposure as well.
So what should a healthcare provider do if it believes there has been a hack or some other unauthorized disclosure? Responses vary based on the situation presented, but below is a good jumping off point:
FIPA is the Florida Information Protection Act of 2014. It became elective on July 1, 2014. Many people consider FIPA to be Florida’s state law counterpart to the Federal Government’s Health Information Protection and Administration Act of 1996 (“HIPAA). However, FIPA is, in many respects, more far reaching than HIPAA. Those who transact business in the State of Florida are well-served to be knowledgeable about FIPA.
FIPA affects more than just health care providers and those in the healthcare industry. Under FIPA, any business that acquires, stores, maintains or uses personal information must take reasonable measures to safeguard that information. “Personal information” includes the use of a person’s first and last name (or first initial and last name) in conjunction with his or her social security number, driver’s license or other government identification number, bank account number, credit or debit card number and password or pin, medical history, or health insurance policy number. A convenience store that might have access to a person’s name and credit card number is just as accountable under FIPA as a hospital who might store that person’s medical history and insurance information.
Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.