Compliance

In an Aug. 27, 2015, decision, a majority of the Board found that the Purple Communications standard, with respect to an employer’s email system, would apply without exception to healthcare providers and, in particular, for acute care hospitals. Contrary to the cogent arguments put forth by member Johnson in his dissent, the majority found there should be no exception to the presumption set forth under Purple Communications that employees have a statutory right to use an employer’s email system for Section 7 related communications during non-working time. The majority also found that the hospital failed to show “special circumstances” to rebut this presumption, notwithstanding the fact that evidence was submitted of studies finding a correlation between employee distractions and patients’ safety and identifying computers and other electronic communication devices as sources of such distraction.

Proposed Stark exception could impact hospital and physicians timeshare/ part-time agreement arrangements

In July 2015, the Centers for Medicare & Medicaid Services (“CMS”) published a proposed rule pertaining to payment policies under the 2016 Medicare Physician Fee Schedule (“Proposed Rule”) (80 Fed. Reg. 41,685). In addition to changes to the Medicare Physician Fee Schedule and other Medicare Part B payment policies, the Proposed Rule addresses modifications to the Stark Law and provides guidance on CMS’s interpretation of existing Stark Law exceptions.

The U.S. Court of Appeals for the District of Columbia Circuit issued an opinion June 12, 2015, lambasting the Centers for Medicare & Medicaid Services’ (“CMS”) rationale in implementing the ban on “per-click” space and equipment leases under the Stark Law. This ban, which went into effect Oct. 1, 2009, was effectively challenged by the Council for Urological Interests (“Council”), which was also behind the successful challenge against the application of the Stark Law to hospital lithotripsy services in 2002.

Among the more colorful descriptions used by the Court in describing CMS’s position were that it was “incomprehensible,” “tortured”, and “the stuff of caprice.” And on an even more scathing note, the Court described CMS’s reading of the legislative history of the Stark Law as belonging to the “cross-your-fingers-and-hope-it-goes-away school of statutory interpretation.”

A New York district court issued the first judicial opinion Monday, Aug. 3 on the Affordable Care Act’s “60-day rule,” which requires that a Medicare or Medicaid overpayment be reported and returned within 60 days of the date on which the overpayment was “identified.” The decision by Judge Edgardo Ramos provided a definition of what it means to “identify” an overpayment and thus begin the 60-day time period in which overpayments must be reported and returned. Given that the 60-day rule maintains that any person who knowingly fails to comply with this obligation within the 60-day timeframe has violated the False Claims Act (“FCA”), the potential implications of Judge Ramos’s decision are significant.

National healthcare publication Modern Healthcare yesterday announced Husch Blackwell LLP is the seventh-largest healthcare law firm in the U.S. according to its 2015 rankings, up from No. 12 last year. Utilizing differing measurement techniques, American Health Lawyers Association also ranked healthcare practices, placing Husch Blackwell as fifth-largest in the country in its 2015 list, released

The U.S. Department of Health & Human Services Office of Inspector General (OIG) issued a special fraud alert on June 9, 2015, stating that physician compensation arrangements may result in significant liability. Hopefully this is not a surprise to any physician or entity that treats federal health plan beneficiaries. However, given that, historically, OIG regulatory actions largely (although not exclusively) focused on the entity from which a physician received compensation, such as hospitals, laboratories, durable medical equipment suppliers, pharmacies, etc., the June 9, 2015, fraud alert highlights the potential for physician liability in these arrangements.

It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.

The DOL’s self-imposed February deadline for announcing new FLSA regulations redefining “white collar” exemptions has come and gone with without any action from the DOL. No new deadline has been announced; however, the DOL’s website suggests that it still hopes to release the new regulations soon. Stayed tuned, and we will report back when the

In March 2014, President Obama directed the Secretary of Labor to prepare and propose new FLSA regulations. These new rules were to be announced late last year, but have been repeatedly delayed. Now it appears the new rules will be announced later this month. While the scope of the changes is unknown, it is anticipated the changes will reduce the number of employees who qualify for exempt status.

Having no need to brandish bandanas to obscure identity or firearms to force entry, it was reported Wednesday that cyber bandits, in a sophisticated and well-orchestrated robbery, recently waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, employees and its CEO, Joseph R. Swedish. The haul is reported to have included names, birthdates, social security numbers, medical identification numbers, street and email addresses and employee income data. Fortunately, there’s no indication at this point that credit-card numbers, claims information, test results or diagnostic codes were compromised as part of the crime. That said, to minimize the potential harm, Anthem has called in the FBI and is notifying affected individuals and offering free credit and identity-theft monitoring.