Mere months after the Kindred Healthcare decision enforcing an arbitration agreement between a nursing home and holders of a late resident’s power-of-attorney, the U.S. Supreme Court heard argument in another case that healthcare employers will want to watch. The Court’s decision in Epic Systems Corp. v. Lewis will determine the enforceability of arbitration agreements that

As most healthcare providers know, HIPAA requires that covered entities or business associates  conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate.[1] Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis.

The 60-day repayment rule was implemented by the Centers for Medicare and Medicaid Services (CMS) effective March 14, 2016 to clarify Medicare providers’ obligations to investigate, report, and refund identified overpayments under the Affordable Care Act. The rule specifically details what it means to “identify” an overpayment and explains how to report and return identified overpayments to CMS.1 The rule also states that an overpayment must be reported and returned if it is identified within six years of the date it was received. This time period is generally referred to as the “lookback” period.

Hurricane Harvey. On August 26, 2017, the Secretary of Health and Human Services (HHS) issued a waiver of certain compliance requirements, retroactive to August 25, 2017, for providers in areas of Texas affected by Hurricane Harvey.  A similar waiver was issued August 28, 2017, for providers in Louisiana, retroactive to August 27, 2017.  Along with these waivers, the Secretary of HHS issued disaster declarations for the states of Texas and Louisiana pursuant to section 319 of the Public Health Service Act, and the President issued disaster declarations for the states of Texas and Louisiana pursuant to the Robert T. Stafford Disaster Relief and Emergency Assistance Act.

On July 13, the Centers for Medicare & Medicaid Services (“CMS”) put out its 2018 Medicare Hospital Outpatient Prospective Payment System Proposed Rule. The Rule proposes, among other things, to dramatically reduce Medicare Part B reimbursement of drugs procured by hospitals at 340B prices—from the current rate of Average Sales Price (“ASP”) plus 6 percent to ASP minus 22.5 percent.  By CMS’s estimate, this could result in savings to the Part B program of $900 million and a corresponding cut to the 340B hospitals which currently receive those payments (and ostensibly use them in furtherance of the 340B program’s goal of assisting safety net providers in stretching their scarce resources).  

On May 27, 2017 the Texas Governor signed SB 1107 into law, making certain telehealth arrangements possible after the Texas Medical Board imposed limitations on telehealth services in June 2015.  Specifically, SB 1107 adds new §§111.005-7 to the Texas Occupations Code allowing a physician to prescribe drugs as part of a telehealth encounter involving only telephonic or text-based communication between the physician and patient if:  (i) the physician has access to patient medical records and uses either clinically relevant photographic or video images or the patient’s relevant medical records; and (ii) the physician provides the patient with guidance on appropriate follow-up care and, if the patient consents and has a primary care physician, provides to the patient’s primary care physician within 72 hours after the encounter a medical record or other report containing an explanation of the treatment provided by the physician, including the physician’s evaluation, analysis, or diagnosis.

On June 12, 2017, the Department of Health and Human Services Office of Inspector General (OIG) published a report with the objective of determining whether the Centers for Medicare & Medicaid Services (CMS) made proper incentive payments to providers for “meaningful use” of a certified electronic health record (EHR).  The report, entitled “Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did not Comply with Federal Requirements,” estimates that CMS improperly paid $729 million in EHR incentive payments to providers who did not actually comply with the requirements of meaningful use.

The Department of Justice (DOJ) recently announced a $155 million settlement agreement with an electronic health records (EHR) vendor, eClinicalWorks (ECW), to settle False Claims Act allegations against the company initially brought by a whistleblower/qui tam relator.  The whistleblower was a software technician for the City of New York City who was implementing ECW software in a prison healthcare system.  The DOJ subsequently intervened and filed suit.  The May 31, 2017 announcement is the first of its kind, holding an EHR vendor accountable for claims made about their certifications.

Provider clients of ECW relied on the assertions made by ECW that their EHR software met the criteria of the Office of the National Coordinator of Health Information Technology (ONC) certification program.  Based on ECW’s software and the assertion of EHR certification, providers believed they had achieved “meaningful use” and received incentive payments under the Medicare and Medicaid EHR Incentive Programs. 

On June 5, 2017, the U.S. Supreme Court held that the employee benefit plans of church-affiliated hospitals and healthcare facilities may be exempt from the federal Employee Retirement Income Security Act of 1974 (ERISA), in Advocate Health Care Network et al. v. Stapleton et al. More background information can be found in our December legal alert on this case.

On May 23, 2017, Texas Governor Greg Abbott signed Senate Bill (SB) 507, expanding the current law dealing with “balance billing.”

Balance billing occurs when an insured patient receives care from a physician, hospital or other healthcare provider, who is not part of a patient’s health plan provider network. The out-of-network provider then bills the