Healthcare

Telemedicine Benchmark Study Provides Great Insight

Posted by Rene Quashie on May 09, 2017
ACA, Healthcare, Hospital, Telemedicine / No Comments

A recent telemedicine industry benchmark survey published by REACH Health provides great insight into where the industry has been and where it is headed. The survey was conducted among U.S. healthcare executives, physicians, nurses and other professionals. Organizations represented in the survey were diverse and included representatives from organizations with a $1 billion or more in revenue (about a third of respondents), and almost half with revenues under $50 million.

 

In reviewing the survey report, there were some significant takeaways:

  • Telemedicine is evolving from a specialty offering to a mainstream service.
  • More than half of respondents consider telemedicine to be a top or high priority.
  • Patient-oriented objectives—including improving patient outcomes, improving patient convenience, and increasing patient engagement and satisfaction—are the three top objectives for telemedicine programs.
  • There is an emphasis on better leveraging specialists with a large majority of respondents ranking this a top or high priority.
  • Nearly half of hospital and integrated delivery network respondents who began their telemedicine programs/initiatives with a departmental approach are transitioning to an enterprise approach.
  • The maturity of telemedicine programs varies widely among service lines and settings of care. Generally, settings requiring highly specialized treatment continue to be more mature than those requiring generalized treatment.
  • Telemedicine technology, reporting and analytics, as well as in-house physicians are viewed as highly important to the success of a program, whereas outsourced physician coverage services less so.

Continue reading…

Tags: , , ,

Minnesota Federal Court Says Cross-Plan Offsets Are Unlawful; Certifies Case for Immediate Appeal

Posted by Chris Raphaely on March 23, 2017
Healthcare / No Comments

gavel and bookThe U.S. District of Minnesota has ruled in Peterson v. Unitedhealth Grp. Inc., No. 14-CV-2101 (PJS/BRT), 2017 WL 991043 (D. Minn. Mar. 14, 2017) that ERISA does not permit United Healthcare (“United”) to claw back alleged overpayments related to patients from one plan by reducing or eliminating payments related to patients from different self-insured plans, dealing a potential blow to the use of an effective tool that health insurers have used to recoup alleged overpayments from providers.

In Peterson, the Plaintiffs were healthcare providers who brought suit against United as assignees of patients who were enrolled in United-administered plans. United had allegedly overpaid Plaintiffs for services provided to certain patients, and offset these alleged overpayments by reducing or eliminating payments for services that Plaintiffs provided to other patients, who were members of different United-administered self-insured ERISA plans. This practice is known as cross-plan offsetting. Continue reading…

Chris Raphaely

Chris Raphaely

R. Christopher Raphaely joined Cozen O'Connor's Philadelphia office in 2014 as co-chair of the Health Care Practice Group. Chris joins the firm from Jefferson Health System, where he served as deputy general counsel and general counsel to the system’s accountable care organization and captive professional liability insurance companies.

More Posts

Tags: , ,

Cyber-Security Alert: D.C. Area Hospital Chain MedStar Targeted By Hackers

Posted by Dana Petrillo on March 30, 2016
Healthcare, Hospital / No Comments

MedStar, a Washington, D.C.-area hospital chain, became the latest healthcare industry victim of a cyber-attack when hackers breached its systems with a crippling virus. MedStar operates 10 hospitals in the D.C./Baltimore region, employs 30,000 staff, has 6,000 affiliated physicians, and serviced more than 4.5 million patient visits in 2015.

After being paralyzed by the virus, MedStar’s entire IT system for its 10 hospitals was forced to shut down and revert to paper records. The chain’s approximately 35,000 employees do not have access to emails and cannot look up digital patient records in the attack’s wake. The FBI is assisting the chain by investigating the incident. It’s unclear at the moment whether or not the hackers are demanding ransom from MedStar in exchange for removing the virus.

Monday’s cyber-attack at MedStar comes weeks after Hollywood Presbyterian Medical Center in Los Angeles paid hackers 40 bitcoins, or about $17,000, to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment.

Hackers increasingly target healthcare entities as security protections in healthcare often lag behind those in banking and financial sectors. Healthcare information contains a treasure trove of patients’ personal information, and a complete healthcare record is worth at least ten times more on the black market than credit card information. Also, hospitals are considered critical infrastructure that cannot reasonably be closed or incapacitated for any great length of time, and so may be more inclined to bowing to hackers’ demands for ransom.

This latest attack just goes to show the importance of cybersecurity at hospitals and other healthcare entities. In addition to the recent Hollywood Presbyterian Medical Center attack, data breaches and cyber-attacks have also recently occurred at Excellus Blue Cross Blue Shield, UCLA Health System, Premera Blue Cross, and Anthem Inc.

For more information, please contact Dana Petrillo, or another member of Cozen O’Connor’s Health Law team.

Dana Petrillo

Dana Petrillo

Dana Petrillo joined Cozen O'Connor's Health Law Practice in 2014 as an associate in the Philadelphia office. Dana's experience includes ensuring clients’ compliance with federal and multi-state health care laws and regulations, including Medicare, Medicaid, licensure, HIPAA, STARK, Anti-Kickback, and False Claims Act laws and regulations.

More Posts - Website

Tags: , , , , , , , , , , ,

Will Congress Come Together for Telemedicine?

Posted by Marc Goldsand on February 05, 2016
Healthcare, Medicare, Telehealth, Telemedicine / No Comments

Consistent with what we have been seeing in our own practice, and consumers’ growing demand for better access to telemedicine services, a bi-partisan movement is growing in both houses of Congress to expand telehealth services, improve health outcomes, and reduce healthcare costs. On Wednesday February 5, 2016, U.S. Senators Brian Schatz (D-Hawaii), Roger Wicker (R-Miss.), Thad Cochran (R-Miss.), Ben Cardin (D-Md.), John Thune (R-S.D.), and Mark Warner (D-Va.) introduced the Creating Opportunities Now for Necessary and Effective Care Technologies (CONNECT) for Health Act (s. 2484), which seeks to overhaul Medicare’s treatment of the practice of telemedicine and its related technologies. Companion legislation was introduced in the House of Representatives by U.S. Reps. Diane Black (R-TN), Peter Welch (D-VT), and Gregg Harper (R-MS). According to the Senate bill’s sponsors, the CONNECT for Health Act would:

  1. Create a bridge program to help providers transition to the goals of the Medicare Access and CHIP Reauthorization Act (MACRA) and the Merit-based Incentive Payment System (MIPS) through using telehealth and RPM without most of the 1834(m) restrictions contained in the aforementioned Senate bill;
  2. Allow telehealth and Remote Patient Monitoring to be used by qualifying participants in alternative payment models, without most of the aforementioned 1834(m) restrictions;
  3. Permit the use of remote patient monitoring for certain patients with chronic conditions;
  4. Allow, as originating sites, telestroke evaluation and management sites; Native American health service facilities; and dialysis facilities for home dialysis patients in certain cases;
  5. Permit further telehealth and RPM in community health centers and rural health clinics;
  6. Allow telehealth and RPM to be basic benefits in Medicare Advantage, without most of the aforementioned 1834(m) restrictions; and
  7. Clarify that the provision of telehealth or RPM technologies made under Medicare by a health care provider for the purpose of furnishing these services shall not be considered “remuneration.”

So far, the following organizations have publically endorsed the bill:

  • AARP
  • ACT | The App Association
  • Airstrip
  • Alliance for Aging Research
  • Alliance for Connected Care
  • Alliance of Community Health Plans (ACHP)
  • Alzheimer’s Foundation of America
  • America’s Essential Hospitals (AEH)
  • America’s Health Insurance Plans (AHIP)
  • American Academy of Neurology (AAN)
  • American Academy of Physician Assistants (AAPA)
  • American Association of Diabetes Educators (AADE)
  • American Heart Association/American Stroke Association (AHA)
  • American Medical Association (AMA)
  • American Medical Group Association (AMGA)
  • American Nurses Association (ANA)
  • American Occupational Therapy Association (AOTA)
  • American Osteopathic Association (AOA)
  • American Psychological Association (APA)
  • American Society of Nephrology (ASN)
  • American Telemedicine Association (ATA)
  • American Well
  • Anthem
  • Association for Ambulatory Behavioral Healthcare
  • Association for Behavioral Health and Wellness (ABHW)
  • CAPG
  • Cerner
  • DaVita
  • Federation of State Medical Boards (FSMB)
  • Hawaii Medical Service Association (HMSA)
  • Health Care Chaplaincy Network
  • Healthcare Leadership Council (HLC)
  • Healthcare Information and Management Systems Society (HIMSS)
  • Intel
  • Kaiser Permanente
  • LifeWIRE
  • NAADAC
  • National Association for Home Care & Hospice
  • National Association for the Support of Long Term Care (NASL)
  • National Association of ACOs (NAACOS)
  • National Association of Community Health Centers (NACHC)
  • National Council for Behavioral Health
  • National Council of State Boards of Nursing (NCSBN)
  • National Health IT Collaborative for the Underserved
  • Personal Connected Health Alliance (PCHA)
  • Population Health Alliance
  • Qualcomm Incorporated (and Qualcomm Life)
  • Telecommunications Industry Association (TIA)
  • The ERISA Industry Committee (ERIC)
  • The Evangelical Lutheran Good Samaritan Society
  • The Jewish Federations of North America
  • Third Way
  • University of Mississippi Medical Center (UMMC) Center for Telehealth
  • University of Pittsburgh Medical Center (UPMC)
  • University of Virginia (UVA) Center for Telehealth

The full text of the bill can be found here.

Marc Goldsand

Marc Goldsand joined Cozen O’Connor’s Miami office as an associate in the Health Care Practice Group in 2015. Marc focuses his practice on the corporate representation of physicians and healthcare businesses, bringing value and experience in an array of corporate and regulatory areas, including but not limited to, capital raising, enterprise sales, and mergers and acquisitions, while counseling clients regarding federal and state rules and regulations, including Anti-Kickback, Stark, Affordable Care Act, and HIPAA compliance and data privacy.

More Posts

Tags: , , ,

Is This The Year Florida Recognizes Direct Primary Care?

Posted by Marc Goldsand on February 03, 2016
Affordable Care Act, DPC, Healthcare / No Comments

shutterstock_128160911Florida House Bill 37 and Florida Senate Bill 132, similar bills aiming to expressly authorize and regulate direct primary care medical home plans in the State of Florida (“DPCs”) and both stating that DPCs are not “insurance” under State law, have been smoothly sailing through committees in their respective chambers. The House Bill has already passed through the Select Committee on Affordable Healthcare Access, the Finance and Tax Committee, and the Health and Human Resources Committee. Its next step is a vote in front of the entire House. The Senate Bill cleared the Health and Policy Committee, but no word yet from the Banking and Insurance and Fiscal Policy Committees. At some point before the session ends on March 11, 2016, if they continue to move forward, the bills will be consolidated and approved by both chambers, after which the final bill will be subject to approval or veto of Governor Rick Scott. Passage is by no means certain, but there appears to be an appetite for this law with – so far – no real opposition this year.

 DPCs are private payment agreements between primary care physicians and their patients, whereby patients typically pay low dollar (perhaps $75 to $100) monthly payments directly to the provider for primary care services, in lieu of typical insurance covering primary care services.  In return for the monthly payments (which are easily collected by credit card or cash, without the need for insurance/managed care code-based reimbursement billing), primary care providers offer at little or no additional charge an array of primary care services to the member patients. When paired with a high-deductible “wrap-around” insurance policy, the DPCs comport with the requirements of the Affordable Care Act.     

 

Marc Goldsand

Marc Goldsand joined Cozen O’Connor’s Miami office as an associate in the Health Care Practice Group in 2015. Marc focuses his practice on the corporate representation of physicians and healthcare businesses, bringing value and experience in an array of corporate and regulatory areas, including but not limited to, capital raising, enterprise sales, and mergers and acquisitions, while counseling clients regarding federal and state rules and regulations, including Anti-Kickback, Stark, Affordable Care Act, and HIPAA compliance and data privacy.

More Posts

Tags: , , , ,

The “Other” Safe Harbor: OIG Warns Healthcare Providers and Vendors Against Information Blocking and Federal Anti-Kickback Violations

golden-whistleblower

For those of us who work in the privacy and security space this past week has been a whirlwind with focus on the ramifications of the European Court of Justice (ECJ) decision invalidating the EU-U.S. Safe Harbor Agreement.  Much has been written on the EU-U.S. Safe Harbor Agreement and much more will be written in the coming weeks.  See Cozen O’Connor’s Cyber Law Monitor recent blog post, The End of Safe Harbor – What Does it Mean?   However, the ECJ decision was not the only news on safe harbor last week.  The U.S. Department of Health and Human Services, Office of Inspector General (“OIG”) issued their thoughts on data arrangements and safe harbor, albeit a much different safe harbor than the EU-U.S. Safe Harbor Agreement.  Healthcare providers and health IT vendors should pay close attention to OIG’s Alert.  See October 6, 2015 OIG Alert.

OIG issued the Alert during National Health IT Week and described it as a “Policy Reminder” on Information Blocking and the Federal Anti-Kickback Statute (42 U.S.C. 1320a-7b (b)).  The Federal Anti-Kickback statute prohibits individuals and entities from knowingly and willfully offering, paying, soliciting, or receiving remuneration to induce or reward referrals of business reimbursable under any Federal health care program (“FHCP”).  The Alert addresses a growing trend in the industry, arrangements involving the provision of software or information technology to a referral source.  Although there is a safe harbor for electronic health records (“EHR”) arrangements it “must fit squarely in all safe harbor conditions to be protected.” 42 CFR § 1001.952(y).

In its alert, OIG focused on the parameters of the safe harbor exception that allows donors to enter into a wide variety of arrangements involving EHR software, IT, and training services, provided there are no restrictions to the use, compatibility, or interoperability of donated items or services.  42 CFR § 1001.952(y)(3).  OIG provided guidance on this issue in 2013, explicitly stating that if the interoperability of an item or service is restricted by the donor or anyone acting on the donor’s behalf, including the recipient, then the donation violates the exemption and thus will be actionable under the Federal anti-kickback statute.

OIG’s Alert highlights practices outlined in its 2013 guidance that would be actionable under the Federal anti-kickback statute.  For example, an agreement between a donor and a recipient to limit a competitor from interfacing with the donated items or services would be actionable.  Even an agreement between a donor and an EHR technology vendor to charge non-recipient providers, non-recipient suppliers, or competitors’ high fees may be actionable.

OIG also provided an open invitation to whistleblowers to report fraud by urging persons with knowledge of violations of the safe harbor to be vigilant in reporting potential violations to their office.  Violations will occur when donors engage in information blocking, which refers to practices that unreasonably block the sharing of electronic health information (EHI).  OIG provided three criteria in a 2015 report for identifying practices that qualify as information blocking:

  1. Interference with the ability of authorized people to access, exchange, or otherwise use EHI.
  2. Knowledge, actual or expected under the circumstances, that the practice will be considered information blocking.
  3. No reasonable justification for limiting sharing of EHI.

If all three criteria are met, then the practice in question is considered information blocking.

For more information on this Alert, contact Ryan P. Blaney or any member of Cozen O’Connor’s Health Care team.

Ryan Blaney

Ryan Blaney

Ryan Blaney joined Cozen O'Connor as a member of the firm's Health Law group. Ryan practices in the firm's Washington, D.C., office. He focuses his practice on representing clients in the health care and life sciences industries in a wide range of matters, including health care fraud and abuse, civil and criminal government investigations, qui tam and whistle-blower disputes under the False Claims Act and other federal and state laws and regulations, HIPAA privacy and data security, compliance and transactional services, and antitrust matters.

More Posts - Website

Tags: , , , , ,

Cybersecurity Attack on Anthem, Inc. Highlights the Cybersecurity Risks for All Companies Handling Electronic Medical Records

Posted by Gregory M. Fliszar on February 09, 2015
cyberattacks, cybercriminals, cybersecurity, FBI, Healthcare, HIPAA, HITECH / No Comments

Health care providers, insurers and all who handle information on their behalf were put on notice last week that cybersecurity must be a high priority for their organizations. Anthem, Inc. (“Anthem”), the nation’s second largest health insurer, revealed on February 4, 2015 that its information technology (“IT”) system was victimized by a “very sophisticated” cyberattack that exposed the birthdates, social security numbers, street and email addresses and employee data (including income information) of approximately 80 million customers and employees. Anthem noted that the hackers apparently did not get any health information or credit card numbers in the attack, but that the hack did yield medical information numbers. Anthem discovered the breach on its own on January 29th and contacted the FBI, which has started an investigation into the matter.

Large hospitals and health insurers are not the only ones at risk. As the Anthem attack illustrates, health information is a high priority target for cybercriminals. Currently a complete health record may be worth at least ten times more than credit card information on the black market as health records often include a treasure trove of personal information that can be used for identity theft and to file false health insurance claims. Further, the cybersecurity protections currently in place in the health care industry tend to lag behind those in the banking and financial sector, which makes the information vulnerable to cyberattacks by criminals who view the information as “low hanging fruit.”

Failure to have robust cybersecurity programs in place can have a devastating effect on any organization that experiences a data breach. Anthem has already been hit with putative class action lawsuits in Alabama, California, Georgia and Indiana alleging that Anthem did not have adequate security procedures in place to protect its customers and it is likely that more suits will follow. In addition to the FBI’s investigation into attack, Attorney Generals in New York, Connecticut and Massachusetts have indicated that they will be reaching out to Anthem for more information about the attack, the company’s security measures and how it plans to prevent future attacks.

The Anthem breach was the largest in the health care industry so far and may be a harbinger of things to come. The FBI and other security experts have been warning that the health care industry is a key target for cybercriminals, and a single security incident resulting in a data breach can have significant and immediate consequences that include government investigations, class action lawsuits, and a hit to the organization’s reputation. To manage this risk, we encourage all companies handling health information to create, review and update their data security policies and procedures to ensure that they are doing enough to adequately protect the health information maintained on their IT systems and elsewhere in their organization.

To learn more about strategies you can use to manage your exposure, join me at the upcoming panel discussion on “Cybersecurity and Healthcare: The Key to Limiting Your Risk is being Informed” at the Greater Philadelphia Alliance of Capital and Technologies seminar on Thursday, February 26, 2015 in West Conshohocken, Pennsylvania. Click here to register.

If you cannot make the event or would like to discuss your cybersecurity needs with me directly, please contact me, Greg Fliszar, at [email protected].

Gregory M. Fliszar

Gregory M. Fliszar

Greg Fliszar is member in the firm’s Health Law Group. Greg’s practice focuses on health law litigation and regulatory and compliance matters, as well as compliance with the Medicare Secondary Payer Act and HIPAA. Greg is also a licensed doctoral level clinical psychologist and was a clinical instructor of psychiatry at the MCP-Hahnemann School of Medicine.

More Posts - Website