With the New Year underway, the deadline is quickly approaching for HIPAA covered entities to file their annual breach reports with the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”).

While breaches involving 500 or more individuals must be reported no later than 60 calendar days from the date of discovery, breaches involving less than 500 individuals can be documented throughout the course of the year and submitted 60 days after the end of the calendar year.[1] This means that covered entities have until February 28, 2018 to complete their annual breach reporting obligations.

If you need assistance completing or filing your breach reports, please contact Julie Sullivan at 303.749.7255 or your usual Husch Blackwell attorney.

[1] 45 C.F.R. §§ 164.408(b),(c), available at https://www.law.cornell.edu/cfr/text/45/164.408.

As is par for the course with the start of a new presidential administration, many changes to employment laws are anticipated, with several already underway. The most recent of which is the test used to determine whether interns must be classified as employees for purposes of the Federal Labor Standards Act. The question of when a person stops being an intern and starts being an actual employee has long been a gray area. On January 5, 2018, the U.S. Department of Labor (DOL) announced in a press release it was rescinding its previous six-part test used to determine whether interns at for-profit companies are employees and thus subject to federal minimum wage and overtime laws. Instead, the DOL will now use the so-called “primary beneficiary” test favored by several appeals courts. Continue Reading Department of Labor Announces Stricter “Primary Beneficiary” Test for Interns

The National Labor Relations Board (“NLRB”) recently adopted a new and employer welcomed standard for determining whether facially neutral workplace rules unlawfully interfere with the exercise of employee rights that may be protected by the National Labor Relations Act (“NLRA”).

Going forward, the NLRB will consider the following factors:

  • the nature and extent of the potential impact on NLRA rights, and
  • legitimate justifications associated with the rule.

Continue Reading NLRB Establishes New Test for Determining Whether Workplace Rules Violate the NLRA

The Inspector General took an unprecedented step Tuesday, rescinding a favorable Advisory Opinion first issued in 2006 that had provided assurances to the patient assistance charity, Caring Voice Coalition, that its drug subsidy program would not expose the organization to liability under the Anti-Kickback Statute. Continue Reading OIG Rescinds Favorable Advisory Opinion for Patient Assistance Charity, Caring Voice Coalition

Recent press reports are speculating that CVS Health Corporation is seeking to acquire the health insurer Aetna.  The rumored transaction would create a new type of health care company that doesn’t currently exist:  one that combines a commercial health insurer with a retail pharmacy chain and a pharmacy benefit manager (PBM).  According to most reports, CVS would pay $66 – $70 billion to acquire Aetna (with Aetna stockholders receiving cash and CVS stock).  It’s said that the parties are trying to enter into a definitive agreement by year-end.     Continue Reading CVS Health – Aetna Transaction: Understanding the Business and Legal Issues

On November 2, 2017, the House Ways and Means Committee released draft text of H.R. 1, the Tax Cuts and Jobs Act, proposing significant changes to the Internal Revenue Code. Of particular concern to private hospitals, healthcare systems and educational institutions operating as 501(c)(3) entities is the bill’s proposed termination of the tax exemption available to “qualified 501(c)(3) bonds,” which would substantially increase borrowing costs for these entities. Please visit our website to read the legal alert authored by Jonathan W. Giokas.

On October 17, 2017, the IRS announced that it will not accept electronically filed tax returns for the year 2017 (to be filed in 2018) that fail to address the health coverage requirements of the Affordable Care Act (“ACA”). The “IRS Statement on Health Care Reporting Requirement” notes that “‎[t]axpayers remain obligated to follow the law and pay what they may owe at the point of filing‎. The 2018 filing season will be the first time the IRS will not accept tax returns that omit this information.” The prior guidance called into question whether the IRS would enforce the individual mandate provisions of the ACA. The new guidance makes clear that it will do so.

Continue Reading IRS Issues New Statement Regarding Health Care Reporting Requirements

Mere months after the Kindred Healthcare decision enforcing an arbitration agreement between a nursing home and holders of a late resident’s power-of-attorney, the U.S. Supreme Court heard argument in another case that healthcare employers will want to watch. The Court’s decision in Epic Systems Corp. v. Lewis will determine the enforceability of arbitration agreements that provide for individual arbitration alone. The NLRB and certain employees claim that precluding joint, class, or collective claims in the courts or in arbitration violate employees’ rights to collective action under Section 7 of the National Labor Relations Act. Husch Blackwell will keep you updated on the status of the law once the decision comes down from the Court. For now, you can learn more about the concerns of the Justices and the unusual position of two U.S. government agencies in this blog on Husch Blackwell’s Labor Relations Law Insider.

As most healthcare providers know, HIPAA requires that covered entities or business associates  conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate.[1] Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis. Continue Reading Top 5 Reasons to Conduct a Thorough HIPAA Security Risk Analysis

The 60-day repayment rule was implemented by the Centers for Medicare and Medicaid Services (CMS) effective March 14, 2016 to clarify Medicare providers’ obligations to investigate, report, and refund identified overpayments under the Affordable Care Act. The rule specifically details what it means to “identify” an overpayment and explains how to report and return identified overpayments to CMS.1 The rule also states that an overpayment must be reported and returned if it is identified within six years of the date it was received. This time period is generally referred to as the “lookback” period. Continue Reading Lookback Periods for Medicaid Overpayments