Price Transparency Rules are Here

Posted by Robert A. Chu on November 15, 2019
Uncategorized / No Comments

CMS today issued its Price Transparency Requirements for Hospitals Final Rule, which will go into effect on January 1, 2021. (CMS had initially proposed that it go into effect January 1, 2020, but agreed that that deadline was too “challenging”).  Hospitals will be required to post on a public website, among other things, the “payer-specific negotiated charges” for each payer and plan.  These negotiated rates have typically been subject to lock and key treatment through confidentiality agreements.  Noncompliance with the rules may result in corrective action plans (CAPs), civil monetary penalties (CMPs) of $300 per day (indexed to an inflation factor), and a public notice of the CMP on a CMS website. Under the rules, CMS can issue “subsequent” CMPs for continued noncompliance. A link to the Final Rule is here:

The Trump Administration has also issued a proposed “Transparency in Coverage” rule that would require plans to give consumers access to a tool providing an estimate of their cost-sharing liability for all covered healthcare items and services.  It would also require plans to list on a website their negotiated rates for in-network providers and the allowed amounts paid for out-of-network providers.  A link to the Proposed Rule is here:

We will continue to analyze and monitor these rules.  Stay tuned.

CMS Guidance on “Shared Space” – Comment Period Closing July 2, 2019

Posted by Danielle Sapega on June 24, 2019
CMS / No Comments

CMS recently issued long-awaited draft guidance on hospital co-location with other hospitals or healthcare facilities, providing some potential insight on the otherwise ambiguous prohibition on “shared space.” This prohibition loosely stems from the requirement that a Medicare participating hospital is evaluated “as a whole” for compliance with the Conditions of Participation (“CoP”), among other state and federal regulatory requirements. Previously, it was believed that the provider based regulations at 42 C.F.R. § 413.65 governed this prohibition (this section was cited in a 2016 memorandum from the Pennsylvania Department of Health), but the CMS guidance did not cite this particular section.

In recent years, CMS has started to crack down on provider based hospital departments that physically share space with non licensed or separately owned hospital facilities, generally prohibiting shared staff, waiting rooms, check-in desks, patient bathrooms, and other similar items and costs. Although the prohibition was not absolute (CMS had permitted certain things to be shared, such as staff lounges and shared main lobbies), hospitals that sought to attain and maintain compliance struggled with the lack of clear guidance from CMS, and had to rely largely on word of mouth, occasional information distributed by State Survey Agencies, or even citations received if the hospital was caught with prohibited shared space or staffing. This was especially troubling in light of the fact that remediation potentially involved large scale, expensive construction and a hiring and staffing model revamp, among other mandatory modifications.

Continue reading…

New Pennsylvania Laws: Is Your Organization Compliant?

Posted by Danielle Sapega on June 07, 2019
Pennsylvania / No Comments

In 2018, Governor Tom Wolf signed a multitude of bills into law that significantly impact Pennsylvania health care providers. Compliance deadlines for these new laws vary. Implementing any new policies or procedures often takes longer than anticipated, so we strongly recommend taking steps to determine whether your organization is out of compliance. While not all-encompassing, the following laws represent those of particular significance:

Act 90 – Anatomical Gifts: this act represents a significant update to Pennsylvania’s anatomical gift law. Additions include a new section addressing specific requirements around vascularized composite allograft donation, an update to the statutory list of designated health care representative decision makers, and new medical record documentation requirements.

Continue reading…

Court Orders Stay of Order Declaring Individual Mandate Unconstitutional and Inseverable

Posted by Robert A. Chu on January 03, 2019
ACA / No Comments

affordable care actWe previously reported that District Court Judge Reed O’Connor of the Northern District of Texas declared on December 14, 2018 (1) that the Affordable Care Act’s (ACA) individual mandate is unconstitutional and (2) that the remaining provisions of the ACA are “inseverable” and therefore invalid.

Following the Order, commenters largely believed that the Order had no immediate effect.  Supporting this view, the U.S. Department of Health and Human Services (HHS) said that the Order does not have any impact on 2019 enrollment or coverage and that the Order does not have any immediate effect on its enforcement of any portion of the ACA.  Continue reading…

Federal Court Enjoins Medicare Recoupment

Posted by Robert A. Chu on December 31, 2018
Medicare / No Comments

Health insurance application form with money and stethoscopeA Houston federal judge preliminarily enjoined the government from recouping alleged Medicare overpayments made to an ambulance service company facing bankruptcy.  See Adams EMS, Inc. v. Azar, No. H-18-1443, 2018 BL 391263 (S.D. Tex. 2018).

As you may be aware, there is a massive backlog in the Medicare appeals process for alleged overpayments.  The government can begin recouping at step 3 of the arduous 4-step administrative appeal process for overpayment demands.  In a nutshell, the process involves: (1) seeking a redetermination from the Medicare Administrative Contractor (MAC), (2) asking for reconsideration from a Qualified Independent Contractor, (3) requesting a hearing before an administrative law judge (ALJ) of the Office of Medicare Hearings and Appeals, and (4) appealing to the Medicare Appeals Council.  The law requires a decision on Step 3 within 90 days, but there is currently a 3-5 year backlog. Continue reading…

CMS Releases Final ACO Regulations

Posted by Chris Raphaely on December 21, 2018
CMS / No Comments

This morning CMS released a final rule regarding its most popular program for accountable care organizations (ACOs), the Medicare Shared Savings Programs. The final rule is based on the proposed rule for the program that was published in August.  The final rule adopts the major structural overhaul contained in the proposed rule, the reduction of the program to two tracks, Basic and Enhanced, the 1 year limitation for most established (ACOs) to remain in an “upside only” risk model and the 2 year limitation for most new ACOs to remain in an “upside only” risk model. The final rule increased the percentage of savings that will be shared with an ACO in an “upside only” model from 25% as proposed to 40%.  The rule also gives approved ACOs the ability to operate patient incentive programs which include cash payments up to $20 from certain ACO professionals and federally qualified health centers for qualifying primary care services,  provides some ACOs with more flexibility with respect to reimbursement for telehealth services, and includes numerous other detailed changes to the program’s operations. Continue reading…


“A Slow Game of Jenga:” Has a Federal Judge Toppled the Affordable Care Act?

Posted by Robert A. Chu on December 18, 2018
ACA / No Comments

wood blocks gameLast Friday, in Texas v. United States, Judge Reed O’Connor of the Northern District of Texas (1) declared the Affordable Care Act’s (ACA) individual mandate to be unconstitutional.  In so doing, the Judge, a President George W. Bush appointee, also (2) declared the remaining provisions of the ACA to be “inseverable” and therefore invalid.

Individual Mandate.  As you might recall, the Supreme Court’s 2012 NFIB v. Sebelius decision held that the individual mandate and the shared-responsibility penalty (when viewed as a whole) were constitutional because they fell within Congress’ power to tax.  The provision at the time was found to be a “tax” because, among other things, it produced revenue for the government.  (Under the shared responsibility penalty, non-exempt individuals without health insurance had to pay this tax.).  The Tax Cuts and Jobs Act of 2017 subsequently amended the ACA by reducing the shared-responsibility payment to zero, starting in 2019.  According to the District Judge, when the shared-responsibility payment becomes zero, the individual mandate and the shared-responsibility payment together can no longer be classified as a “tax” and therefore lacks a constitutional hook. Continue reading…

Medicare’s New Virtual Check-In Code: 7 Things You Need to Know

Posted by Marc Goldsand on November 12, 2018
CMS / No Comments

On November 1, 2018, CMS issued a 2,379 page final rule titled “Revisions to Payment Policies under the Medicare Physician Fee Schedule, Quality Payment Program and Other Revisions to Part B for CY 2019.”  While there are some interesting changes related to remote patient monitoring for chronic kidney disease patients and loosening of originating site requirements for certain behavioral health services, most notable is the new “virtual check-in” code (HCPCS code G2012). Traditionally, CMS viewed brief telephone calls as non-billable, deeming the services rendered by providers to patients on such calls to be merely ancillary and included in an office visit. Conversely, the only way to bill for the exchange was to conduct the office visit.

The stated purpose of the “virtual check-in” code is for the billing provider herself (not her clinical staff) “to assess whether the patient’s condition necessitates an office visit.” To the extent the in-person visits are rendered unnecessary by the “virtual check-in,” both CMS and the patient save money. Continue reading…


Anthem Agrees to Record $16 Million Settlement for Alleged HIPAA Violations

Posted by Matthew Siegel and Gregory M. Fliszar on October 16, 2018
HIPAA / No Comments

In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the Office for Civil Rights, which is a record settlement for alleged HIPAA violations. According to the Department of Health and Human Services (“HHS”), the previous high was a $5.55 million settlement paid in 2016. In addition to the monetary payment, Anthem has also agreed to take “substantial” corrective action to help prevent a similar breach from occurring in the future.

The settlement arose out of a 2014 breach involving the electronic protected health information (“ePHI”) of nearly 79 million people. On January 29, 2015, Anthem discovered that hackers had gained accessed to its IT system through a persistent threat attack. Further investigation revealed that hackers had sent spear phishing emails to one of Anthem’s subsidiaries and at least one employee took the bait. Through that seemingly simple act, the hackers were then able to infiltrate Anthem’s system and compromise its stored ePHI, consisting of names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information. Continue reading…

Don’t Misrepresent Your U.S. – E.U. Privacy Shield Status: FTC Brings An Enforcement Action

As US companies continue to spend time and effort complying and responding to all of the new privacy laws and regulations both in the United States and aboard (i.e. GDPR and California Consumer Privacy Act of 2018) companies cannot forget the basics.  If you represent something in your Privacy Policy it better be accurate, up to date, and not misleading!

On July 2, 2018, the Federal Trade Commission (FTC) issued a number of press releases and a proposed settlement with California-based employee training company ReadyTech Corporation.  In announcing the settlement, FTC Chairman Joe Simons said, “Today’s settlement demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield.”  According to the FTC, this is the 4th case enforcing the Privacy Shield and 47th case enforcing international privacy frameworks such as the Safe Harbor framework and the Asia Pacific Economic Cooperation Cross Border Privacy Rules.

The ReadyTech settlement should be a warning for other companies that make representations in their Privacy Policies about the Privacy Shield, GDPR, CCPA and other data security and privacy frameworks.  By way of background, the Privacy Shield framework allows companies to transfer personal data lawfully from the EU to the United States.  To join the Privacy Shield framework, a company must self-certify to the U.S. Department of Commerce that it complies with the Privacy Shield Principles and related requirements that have been deemed to meet the EU’s adequacy standard.  A company, like ReadyTech, that claims it has self-certified to the Privacy Shield Principles, but failed to self-certify to the U.S. Department of Commerce, may be subject to an enforcement action by the FTC. Continue reading…