Articles Posted in Uncategorized

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR), recently announced a settlement with St. Elizabeth’s Medical Center (SEMC) over violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). SEMC is a tertiary care hospital located in Massachusetts. OCR’s investigation began in November 2014, when OCR alleged that SEMC violated HIPAA’s Privacy, Security and Breach Notification Rules. As part of the settlement, SEMC agreed to pay $218,400 and adopt a corrective action plan to address the deficiencies in SEMC’s HIPAA compliance program.

On July 10, 2015, OCR released an HHS OCR Bulletin containing the allegations against SEMC, the parties’ settlement agreement and SEMC’s corrective action plan. OCR’s investigation stemmed from a complaint against SEMC filed on November 16, 2012. The allegations pertain to SEMC’s use of internet-based document sharing programs that contain electronic protected health information (ePHI). OCR found that SEMC used the internet-based applications without analyzing the privacy and security risks, as required by HIPAA. Further, critical to SEMC’s liability under HIPAA, OCR alleged that SEMC “failed to timely identify and respond to the known security incident, mitigate the harmful effects of the security incident, and document the security incident and its outcome.” The settlement agreement also covers a separate HIPAA breach that occurred in August 2014, when SEMC notified HHS of a breach of unsecured ePHI located on a personal laptop and USB flash drive.

The settlement between OCR and SEMC is predicated on SEMC’s continued compliance with the settlement agreement’s corrective action plan. As part of the plan, SEMC agreed to perform robust “self-assessment” to determine the SEMC’s workforce members’ knowledge of and compliance with SEMC policies and procedures regarding: transmitting ePHI using unauthorized networks; storing ePHI on unauthorized information systems; removal of ePHI from SEMC; prohibition on sharing accounts and passwords for ePHI access or storage; encryption of portable devices that access or store ePHI; and security incident reporting related to ePHI. The self-assessment includes unannounced site visits to various SEMC departments, randomly selected interviews of SEMC workforce members, and inspection of portable devices that can access ePHI in the departments impacted by the breach. SEMC is also required to provide a report documenting its self-assessment to HHS within 150 days of the settlement.

In June, the U.S. Court of Appeals for the District of Columbia Circuit ruled on two regulations implemented by the Centers for Medicare and Medicaid Services (CMS) under the federal Stark law (Stark) in 2008. Following a challenge by the Council for Urological Interests (the Council), a urology trade association, the court rejected CMS’ prohibition on per-click equipment rental leases but upheld CMS’ new interpretation of “entity furnishing designated health services” and thus the prohibition against “under-arrangement” transactions.

Stark prohibits physicians from referring Medicare or Medicaid patients for designated health services to an entity with which the physician has a financial relationship unless an exception applies. An exception to Stark exists for equipment leases. Under CMS’ 2008 regulation challenged by the Council, CMS barred per-click rental arrangements based on CMS’ analysis that Congress did not intend to protect arrangements where the lessor’s amount of income fluctuated based on the amount of patients referred by the lessor to the lessee. CMS claimed to base its determination to bar per-click equipment leases on a 1993 U.S. House of Representatives conference report (Conference Report).

The court reviewed CMS’ per-click equipment lease prohibition under the two-step Chevron legal test used to determine whether a court must grant deference to a government agency’s interpretation of a statute. First, the court determined that Stark did not forbid CMS from banning per-click leases, as the statute does not expressly permit per-click leases and also allows the Secretary of the U.S. Department of Health and Human Services (the Secretary) to impose, by regulation, other requirements as needed to protect against program or patient abuse. However, the court determined that the per-click ban failed under step-two of the Chevron analysis, as the agency’s statutory interpretation was not permissible or reasonable in light of Congress’s intent. The court’s decision focused on the Conference Report cited by CMS. The Conference Report explained, “in reference to the rental-charge clause for the equipment rental exception, ‘[t]he conferees intended that charges for space and equipment leases may be based on…time-based rates or rates based on units of service furnished, so long as the amount of time-based or units of service rates does not fluctuate during the contract period.'” The court’s decision highlighted how the Secretary’s interpretation of the Conference Report had changed over time, pointing out that in 2001, the Secretary explained, “given the clearly expressed congressional intent in the legislative history, we are permitting ‘per use’ payments.” The court found that the Conference Report makes clear that unit of service rates are what cannot fluctuate during the contract period, and noted that the Secretary’s new interpretation of the Conference Report ignored the word “rates” completely. In rejecting the ban on per-click leases, the court stated that the agency’s “jargon is plainly not a reasonable attempt to grapple with the Conference Report; it belongs instead to the cross-your-fingers-and-hope-it-goes-away school of statutory interpretation.”

In June, the New York Attorney General announced a widespread settlement with Aspen Dental Management, Inc. (“Aspen Dental”) based on the Attorney General’s finding that the dental practice management company engaged in the unauthorized practice of dentistry and illegal fee splitting under New York law.

The Attorney General’s investigation evidences enforcement of the corporate practice of medicine doctrine, which exists in many states and prohibits corporations owned by non-professionals from employing or otherwise contracting with physicians to practice medicine and charging for professional services, except in limited circumstances. In New York, like many states, the corporate practice of medicine doctrine emanates from prior court decisions, laws regulating professional corporations, and laws restricting the division of fees generated from professional services. The prohibition on the corporate practice of medicine is grounded in public policy concerns based on the principle that when a lay corporation holds a financial interest in a physician’s profits, the entity has a direct interest in and ability to control medical decision-making and impact the quality of care provided to patients.

The Attorney General’s announcement highlights the regulatory challenges faced by medical practice management companies that receive percentage of revenue compensation. In this case, Aspen Dental provided business support and administrative services to several independently owned dental practices. The Attorney General, however, determined that Aspen Dental held an impermissible level of control over the clinics, which included sharing in the clinics’ profits, marketing the clinics under the Aspen Dental trade name, incentivizing or otherwise pressuring clinic staff to increase sales of dental services or products, implementing revenue-oriented scheduling systems, and the hiring and oversight of clinical staff. Additionally, the Attorney General cited Aspen Dental’s control over the practice’s bank accounts and implementation of non-competition and non-solicitation agreements that effectively prohibited the practices from competing with any other dental practice affiliated with Aspen Dental.

Recently, on June 1, the Center for Medicare & Medicaid Services (CMS) published its long anticipated Medicaid managed care proposed rules. This is the first time CMS proposed revisions to the Medicaid managed care regulations since 2002. The proposed rules includes several measures intended by CMS “to modernize the Medicaid managed care regulatory structure in order to facilitate and support delivery system reform initiatives to improve health outcomes and the beneficiary experience, while effectively managing costs.” Among other things, the proposed rule would make a number of changes designed to align Medicaid managed care operating standards with those used in other markets.

For example, the proposed rule includes modifications to the current regulations governing the grievance and appeals systems for Medicaid managed care. The goal is to further align and increase uniformity in the grievance and appeals systems with Medicare Advantage managed care plans and private health insurance and group health plans in order to make the process more consistent across markets. Of particular note, most capitated, risk-bearing forms of Medicaid managed care–whether full or partial risk–would be expected to offer an internal appeals process with specified time frames, with external appeal to the state Medicaid fair hearing process in the event of an adverse determination. The rule would introduce new appeals timeframes, timeframes for plan compliance with favorable beneficiary rulings, and would clarify the right of beneficiaries to introduce new evidence at each stage of appeal.

In addition, the proposed rule would require all states to offer a 60-day time period to request external review through a fair hearing (some states now allow a far shorter time period) and would clarify members’ right to their case file, medical records, and other documents such as the plan documents used to conduct coverage determinations. The expedited appeal time frame would be tightened, as would notice and recordkeeping requirements. Simultaneously, the proposed rule would also require beneficiaries to exhaust internal appeals procedures before seeking a state fair hearing. This is a significant change since some states now allow beneficiaries to bypass the internal process.

On February 9, 2015, the U.S. Department of Health and Human Services Office of Inspector General (OIG) delivered an advisory opinion finding that a physician or provider previously excluded from participating in Medicare, Medicaid, and all other federal health care programs was permitted to share in federal payments with his former medical practice when the payments were based on services furnished prior to the individual’s exclusion even though payment was received by the practice after the exclusion. The Petitioner sought guidance from the OIG as to whether sharing in these payments with the practice would violate the terms of the Petitioner’s exclusion from federal health care programs and would potentially subject the Petitioner to additional administrative sanctions or other liability.

The Petitioner was a physician who was prohibited from participating in all federal health care programs for 20 years under the terms of a criminal plea and civil False Claims Act settlement (Settlement). The Settlement resolved various allegations of fraud against the Petitioner and required the Petitioner to divest all his ownership in the medical practice. The divestiture was ultimately accomplished through an asset purchase agreement between the Petitioner and specified buyers. The asset purchase agreement was executed shortly after the effective date that Petitioner became an excluded provider under the terms of the Settlement, which prohibited his or her participation in federal health care programs. Under the terms of the purchase agreement, the Petitioner was permitted to share in a portion of the Practice’s returns after the Petitioner divested his or her ownership in the Practice as long as those payments were for services that the Petitioner or Practice provided to patients and billed to federal health care programs before the Petitioner became an excluded provider.

The OIG’s February 9th, 2015, advisory opinion began its analysis by citing federal statutes that prohibit payment by all federal health care programs for items or services furnished: (1) by an excluded provider; or (2) at the medical direction or under the prescription of an excluded person. The effects of becoming an excluded provider was not elaborated upon in the February 9th advisory opinion, however the OIG more fully addressed and explained the effect of provider exclusions in its May 8, 2013, Special Advisory Bulletin titled “Effect of Exclusion from Participation in Federal Health Care Programs.”

On October 6, 2014, the Improving Medicare Post-Acute Care Transformation Act of 2014 (IMPACT Act) was signed into law. The bill moved swiftly through both houses due to its joint development by the House Ways and Means Committee and the Senate Finance Committee. The Post-Acute Care (PAC) community also voiced strong support for the IMPACT Act.

Currently, PAC payments to Medicare are typically based on the setting of care. This payment system often results in PAC providers supplying comparable services, but receiving dramatically different reimbursement amounts due to their setting of care. Under the IMPACT Act, the US Department of Health and Human Services (HHS) is tasked with promulgating a reporting system for PAC providers, which includes long-term care hospitals, skilled nursing facilities, inpatient rehabilitation facilities, and home health agencies. PAC providers will be required to report standardized data regarding patient care assessment, resource use, and quality measures. This data collection will allow providers and policymakers to analyze and compare the cost, quality, and type of services offered across a range of PAC providers. It is important to note that the IMPACT Act does not apply to critical access hospitals.

Specifically with regards to quality measures, PAC providers will be required to report on the following issues:

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced that it will be initiating Phase 2 of the compliance audits mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH). The first phase of audits was carried out in 2011 and 2012, and targeted covered entities. While Phase 2 will expand the targeted entities to include business associates, it will utilize information gathered during Phase 1 to narrow the scope of audits in order to review the areas of greatest risk to protected health information (PHI).

Following Phase 1, OCR’s findings noted that, generally, the smaller the covered entity, the more compliance issues it had with all 3 Health Insurance Portability and Accountability Act (HIPAA) Standards: privacy, security, and electronic transactions. Furthermore, OCR observed that over 60% of the violations related to security standards. Additionally, nearly 40% of the findings related to privacy standards occurred simply due to lack of knowledge regarding the privacy standards.

Applying this information, OCR will narrow the focus of their compliance audits in Phase 2. The audits will occur between October 2014 and June 2015, and will address:

Healthcare providers across the State of Michigan are continuing to experience terminations and non-renewals from UnitedHealthcare’s Medicaid, MIChild, and Medicare Advantage plans. As previously discussed on this blog, the network exclusions are part of UnitedHealthcare’s nationwide move to narrow networks. Narrow networks limit the amount of physicians available to plan subscribers, which some argue allow plans to better control costs and thus provide premiums that are competitive in the new insurance marketplaces. The real issue, however, is that the manner in which UnitedHealthcare is effectuating its narrow network eliminates patient choice by forcing patient’s to stay with UnitedHealthcare until their anniversary date, despite the fact that they enrolled in UnitedHealthcare with the intent to be treated by their long-term primary care physicians.

In Michigan, providers receiving Terminations Without Cause and Nonrenewals from UnitedHealthcare are granted a limited appeal right via their Participation Agreements. The appeal process, however, is “limited to a review by a UnitedHealthcare panel to determine whether UnitedHealthcare acted in accordance with the provisions of your Participation Agreement.” Accordingly, although an appeal must be filed in order to protect the provider’s appeal rights, the appeal itself may not be effective and providers must look to alternate methods in order to protect physician and patient rights.

Our firm represents multiple primary care physicians facing without cause exclusions from UnitedHealthcare. As the appeal right provided by UnitedHealthcare is insufficient, our firm has contacted the Michigan Department of Community Health (DCH) as well as representative from the State’s Attorney General office in order protect our clients’ and their patients’ rights and achieve a solution that either provides a meaningful appeal process or reinstates patients’ rights to choice of provider.

On Tuesday, the Centers for Medicare and Medicaid Services (CMS) ordered its Medicare Administrative Contractors (MACs) to take a second look at all of the claims that the MAC denied under the Probe and Educate review process. These re-reviews are being done to ensure that the MACs’ claim denials, and the education provided to the hospitals up to this point, is consistent with CMS’s recent clarifications regarding the two-midnight rule and physician orders and certification requirements. During the re-reviews, if the MAC determines that its previous decision to deny the claim was improper, the MAC may reverse the denial and issue payment outside of the Medicare appeals process.

While the re-review process is in effect, hospitals should contact their MAC to determine whether a re-review has taken place. Until this confirmation is received, hospitals should not file a redetermination appeal request. CMS announced that it will waive the 120 day timeframe for filing a redetermination appeal for any redetermination requests received before September 30, 2014 for Probe and Educate denials that occurred on or before January 30, 2014. If a hospital has already filed an appeal for a claim denial on or before January 30, 2014, that claim will also be subject to a re-review by the MAC. Upon re-review, if the MAC upholds its original denial decision, that claim will be automatically transferred to a redetermination appeal.

Hospitals should welcome the news for these re-reviews. First, there is the possibility that healthcare providers will be reimbursed for claims that were improperly denied upon initial review. Secondly, the re-review process will be less formalistic, and thus less costly and time-consuming than the normal appeal process.

On January 10, 2014, the Centers for Medicare & Medicaid Services (CMS) proposed significant changes to the Medicare Prescription Drug Benefit (Part D) Program. The proposed changes, such as the “any willing pharmacy” contracting requirement, could significantly impact how Part D Prescription Drug Plan Sponsors operate and interact with their contractors, beneficiaries, and the government. Comments on the Proposed Rule are due to CMS by 5 p.m. EST on March 7, 2014.

The Proposed Rule provides a new interpretation of the non-interference provision in the statute relating to the Department of Health and Human Services (HHS) relationship with drug manufactures, pharmacies, and Sponsors. Since 2004, this statute has been interpreted to extend to negotiations between any of those parties. However, if the Proposed Rule is implemented, the non-interference provision would be interpreted as to apply only to pharmaceutical manufacturer’s negotiations with pharmacies and Sponsors and would not apply to negotiations between Sponsors and pharmacies.

CMS also proposed a dramatic change to its interpretation and application of two statutory provisions: the provision establishing Sponsors’ obligation to contract with “any willing pharmacy,” and the provision allowing Sponsors to create tiered pharmacy networks. Historically, CMS has interpreted these two provisions as requiring Sponsors to include any pharmacy willing to meet the Sponsors’ “standard” terms and conditions in the Sponsor’s pharmacy network. Sponsors were still able to contract with a limited number of “preferred” pharmacies with alternate terms and conditions, such as lower cost-sharing obligations for covered Part D drugs. In the Proposed Rule, CMS suggests Sponsors who have “standard” and “preferred” pharmacies would be required to allow every pharmacy to have the opportunity to contract under the “preferred” terms and conditions, thus eliminating Sponsors’ ability to develop exclusive arrangements with select business partners. Furthermore, any pharmacy offering “preferred” cost-sharing would be required to meet a price “ceiling” established by the Sponsor, which must be less than the lowest price (the “floor price”) the Sponsor has with “standard” cost-sharing pharmacies. CMS also proposed that Sponsors require pharmacies contracting under the preferred terms and conditions to offer lower prices on all drugs in return for the lower cost-sharing.