Compliance

The U.S. Department of Health & Human Services Office of Inspector General (OIG) issued a special fraud alert on June 9, 2015, stating that physician compensation arrangements may result in significant liability. Hopefully this is not a surprise to any physician or entity that treats federal health plan beneficiaries. However, given that, historically, OIG regulatory actions largely (although not exclusively) focused on the entity from which a physician received compensation, such as hospitals, laboratories, durable medical equipment suppliers, pharmacies, etc., the June 9, 2015, fraud alert highlights the potential for physician liability in these arrangements.

It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.

The DOL’s self-imposed February deadline for announcing new FLSA regulations redefining “white collar” exemptions has come and gone with without any action from the DOL. No new deadline has been announced; however, the DOL’s website suggests that it still hopes to release the new regulations soon. Stayed tuned, and we will report back when the

In March 2014, President Obama directed the Secretary of Labor to prepare and propose new FLSA regulations. These new rules were to be announced late last year, but have been repeatedly delayed. Now it appears the new rules will be announced later this month. While the scope of the changes is unknown, it is anticipated the changes will reduce the number of employees who qualify for exempt status.

Having no need to brandish bandanas to obscure identity or firearms to force entry, it was reported Wednesday that cyber bandits, in a sophisticated and well-orchestrated robbery, recently waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, employees and its CEO, Joseph R. Swedish. The haul is reported to have included names, birthdates, social security numbers, medical identification numbers, street and email addresses and employee income data. Fortunately, there’s no indication at this point that credit-card numbers, claims information, test results or diagnostic codes were compromised as part of the crime. That said, to minimize the potential harm, Anthem has called in the FBI and is notifying affected individuals and offering free credit and identity-theft monitoring.

The Texas Health & Human Services Commission’s (HHSC) final rules regarding physician billing for services provided by an APRN or PA became effective Jan. 1, 2015, and include limitations on such billing arrangements. See 39 Tex. Reg. 9884 (Dec. 19, 2014). The adopted rule requires that a physician billing for services provided by an APRN or PA under the physician’s Medicaid billing number must make a decision regarding the patient’s care or treatment on the same date of service as the billable medical visit and documented that decision in the patient’s recordSee Tex. Admin. Code Tit. 1 §354.1062. If a physician billing for such services does not make a decision regarding the patient’s care or treatment on the same date of service, the physician must note on the claim that the services were provided by a supervisee. See Tex. Admin. Code Tit. 1 §354.1001.

On Jan. 26, 2015, Secretary Sylvia M. Burwell announced the goals and a timeline of the U. S. Department of Health & Human Services (“HHS”) to move the Medicare program, and the healthcare system at large, toward paying providers based on quality, rather than quantity, of care they give to patients.

Brian G. Flood of Husch Blackwell LLP‘s Austin office participated in a recent forum on “Managing Fraud and Bribery Risks in the Healthcare Sector.”

The Q&A Forum forms part of a Special Report on Corporate Fraud & Corruption, which appears in the February 2015 issue of Financier Worldwide magazine.

For the Q&A Forum, Financier

Due diligence is often perceived as a mundane part of the mergers & acquisitions (M&A) process, but its importance in healthcare transactions is critical. Due diligence is one of the first steps of any transaction and involves a buyer undertaking an in-depth examination of the target to evaluate the business and uncover potential issues or liabilities. In the healthcare industry, diligence is especially important considering the heavy regulation of the industry, the unique areas of risk, and the significant liabilities that could be imposed upon a buyer if issues and liabilities are not identified before the transaction closes.

The new Rules (for Vending Machines and Menus) are based on changes made as the result of the Affordable Care Act. These changes were made by adding two new sections to Section 403 of the Food, Drug and Cosmetics Act, which describes Mislabeled Foods. The new sections, found under FDCA §403(q)(5)(H), enables the FDA to regulate the labeling requirements for Restaurants, Retail Food Establishments and Vending Machines.

Late last year, the U.S. Food and Drug Administration finalized a new set of Rules pursuant to the new §403 governing how and where caloric content must be displayed. As a result, beginning on Dec. 1, 2015, and Dec. 1, 2016, certain restaurants and vending machine operators, respectively, will be forced to disclose the calorie content of their products to consumers.