As most healthcare providers know, HIPAA requires that covered entities or business associates conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate. Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis. Continue Reading Top 5 Reasons to Conduct a Thorough HIPAA Security Risk Analysis
The 60-day repayment rule was implemented by the Centers for Medicare and Medicaid Services (CMS) effective March 14, 2016 to clarify Medicare providers’ obligations to investigate, report, and refund identified overpayments under the Affordable Care Act. The rule specifically details what it means to “identify” an overpayment and explains how to report and return identified overpayments to CMS.1 The rule also states that an overpayment must be reported and returned if it is identified within six years of the date it was received. This time period is generally referred to as the “lookback” period. Continue Reading Lookback Periods for Medicaid Overpayments
Hurricane Harvey. On August 26, 2017, the Secretary of Health and Human Services (HHS) issued a waiver of certain compliance requirements, retroactive to August 25, 2017, for providers in areas of Texas affected by Hurricane Harvey. A similar waiver was issued August 28, 2017, for providers in Louisiana, retroactive to August 27, 2017. Along with these waivers, the Secretary of HHS issued disaster declarations for the states of Texas and Louisiana pursuant to section 319 of the Public Health Service Act, and the President issued disaster declarations for the states of Texas and Louisiana pursuant to the Robert T. Stafford Disaster Relief and Emergency Assistance Act.
On July 13, the Centers for Medicare & Medicaid Services (“CMS”) put out its 2018 Medicare Hospital Outpatient Prospective Payment System Proposed Rule. The Rule proposes, among other things, to dramatically reduce Medicare Part B reimbursement of drugs procured by hospitals at 340B prices—from the current rate of Average Sales Price (“ASP”) plus 6 percent to ASP minus 22.5 percent. By CMS’s estimate, this could result in savings to the Part B program of $900 million and a corresponding cut to the 340B hospitals which currently receive those payments (and ostensibly use them in furtherance of the 340B program’s goal of assisting safety net providers in stretching their scarce resources). Continue Reading CMS Proposes Drastic Reduction to Medicare Part B Reimbursement of 340B Drugs
On May 27, 2017 the Texas Governor signed SB 1107 into law, making certain telehealth arrangements possible after the Texas Medical Board imposed limitations on telehealth services in June 2015. Specifically, SB 1107 adds new §§111.005-7 to the Texas Occupations Code allowing a physician to prescribe drugs as part of a telehealth encounter involving only telephonic or text-based communication between the physician and patient if: (i) the physician has access to patient medical records and uses either clinically relevant photographic or video images or the patient’s relevant medical records; and (ii) the physician provides the patient with guidance on appropriate follow-up care and, if the patient consents and has a primary care physician, provides to the patient’s primary care physician within 72 hours after the encounter a medical record or other report containing an explanation of the treatment provided by the physician, including the physician’s evaluation, analysis, or diagnosis. Continue Reading Texas Legislature Gives Telehealth a Call Back
On June 12, 2017, the Department of Health and Human Services Office of Inspector General (OIG) published a report with the objective of determining whether the Centers for Medicare & Medicaid Services (CMS) made proper incentive payments to providers for “meaningful use” of a certified electronic health record (EHR). The report, entitled “Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did not Comply with Federal Requirements,” estimates that CMS improperly paid $729 million in EHR incentive payments to providers who did not actually comply with the requirements of meaningful use. Continue Reading OIG Turns Focus to Providers for Improper Meaningful Use Payments
The Department of Justice (DOJ) recently announced a $155 million settlement agreement with an electronic health records (EHR) vendor, eClinicalWorks (ECW), to settle False Claims Act allegations against the company initially brought by a whistleblower/qui tam relator. The whistleblower was a software technician for the City of New York City who was implementing ECW software in a prison healthcare system. The DOJ subsequently intervened and filed suit. The May 31, 2017 announcement is the first of its kind, holding an EHR vendor accountable for claims made about their certifications.
Provider clients of ECW relied on the assertions made by ECW that their EHR software met the criteria of the Office of the National Coordinator of Health Information Technology (ONC) certification program. Based on ECW’s software and the assertion of EHR certification, providers believed they had achieved “meaningful use” and received incentive payments under the Medicare and Medicaid EHR Incentive Programs. Continue Reading Warning EHR Vendors: Evaluate Certifications and Sales/Marketing Activities to Avoid Millions in Liability
On June 5, 2017, the U.S. Supreme Court held that the employee benefit plans of church-affiliated hospitals and healthcare facilities may be exempt from the federal Employee Retirement Income Security Act of 1974 (ERISA), in Advocate Health Care Network et al. v. Stapleton et al. More background information can be found in our December legal alert on this case.
On May 23, 2017, Texas Governor Greg Abbott signed Senate Bill (SB) 507, expanding the current law dealing with “balance billing.”
Balance billing occurs when an insured patient receives care from a physician, hospital or other healthcare provider, who is not part of a patient’s health plan provider network. The out-of-network provider then bills the patient directly for the portion of medical expenses not covered by insurance, typically at a much higher rate.
In 2009, Texas passed legislation establishing a Texas Department of Insurance (TDI) mediation system aimed at resolving balance billing issues. The 2009 legislation made mediation available to patients who were balanced billed by six types of facility-based providers: radiologists, anesthesiologists, pathologists, ER physicians, neonatologists and assistant surgeons. Effective September 1, 2017, SB 507 expands access to balance billing mediation eligibility to all types of out-of-network providers treating patients at in-network hospitals and other facilities, including freestanding ERs. SB 507 also allows mediation for emergent care balance bills over $500 at any healthcare facility, whether in or out of network. The legislation will cover Texans with PPO plans receiving care from an out-of-network provider at an in-network facility. It will also cover the Teachers Retirement System, in addition to the Employee Retirement System covered by the original legislation.
SB 507 also expands disclosure requirements on network status by health plans, facilities, and other healthcare providers. These new requirements include, among other things, that a bill sent to a patient contain an explanation of the mediation process, and a statement that is substantially similar to the following:
“You may be able to reduce some of your out-of-pocket costs for an out-of-network medical or health care claim that is eligible for mediation by contacting the Texas Department of Insurance at (website) and (phone number, including requiring that the following statement be added to balance bills.”
Providers should become familiar with the new balance billing requirements to determine how they will impact current billing practices. A full copy of SB 507 is available at Texas Legislature Online.
Beginning on June 1, 2017, health care providers of services and suppliers must submit all information necessary for the Centers for Medicare and Medicaid Services (“CMS”) to analyze actual or potential violations of the federal physician self-referral law (the “Stark Law”) using approved forms designed to streamline the CMS Voluntary Self-Referral Disclosure Protocol (the “SRDP”). If you are currently working on a self-disclosure filing for CMS, you must convert that disclosure to this new format or risk CMS rejecting the disclosure in its entirety. The new forms, contained within Form CMS-10328 available here, must be used for all voluntary Stark Law self-disclosures submitted on or after June 1, 2017, except disclosures by physician-owned hospitals and rural providers regarding a failure to disclose physician ownership on the provider’s website or in any public advertisement. Continue Reading Revised SRDP Process Begins June 1