Anthem Agrees to Record $16 Million Settlement for Alleged HIPAA Violations

Posted by Matthew Siegel and Gregory M. Fliszar on October 16, 2018
HIPAA / No Comments

In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the Office for Civil Rights, which is a record settlement for alleged HIPAA violations. According to the Department of Health and Human Services (“HHS”), the previous high was a $5.55 million settlement paid in 2016. In addition to the monetary payment, Anthem has also agreed to take “substantial” corrective action to help prevent a similar breach from occurring in the future.

The settlement arose out of a 2014 breach involving the electronic protected health information (“ePHI”) of nearly 79 million people. On January 29, 2015, Anthem discovered that hackers had gained accessed to its IT system through a persistent threat attack. Further investigation revealed that hackers had sent spear phishing emails to one of Anthem’s subsidiaries and at least one employee took the bait. Through that seemingly simple act, the hackers were then able to infiltrate Anthem’s system and compromise its stored ePHI, consisting of names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information. Continue reading…

Don’t Misrepresent Your U.S. – E.U. Privacy Shield Status: FTC Brings An Enforcement Action

Posted by Ryan Blaney on July 06, 2018
cybersecurity, Federal Trade Commission, FTC, Privacy, Uncategorized / No Comments

As US companies continue to spend time and effort complying and responding to all of the new privacy laws and regulations both in the United States and aboard (i.e. GDPR and California Consumer Privacy Act of 2018) companies cannot forget the basics.  If you represent something in your Privacy Policy it better be accurate, up to date, and not misleading!

On July 2, 2018, the Federal Trade Commission (FTC) issued a number of press releases and a proposed settlement with California-based employee training company ReadyTech Corporation.  In announcing the settlement, FTC Chairman Joe Simons said, “Today’s settlement demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield.”  According to the FTC, this is the 4th case enforcing the Privacy Shield and 47th case enforcing international privacy frameworks such as the Safe Harbor framework and the Asia Pacific Economic Cooperation Cross Border Privacy Rules.

The ReadyTech settlement should be a warning for other companies that make representations in their Privacy Policies about the Privacy Shield, GDPR, CCPA and other data security and privacy frameworks.  By way of background, the Privacy Shield framework allows companies to transfer personal data lawfully from the EU to the United States.  To join the Privacy Shield framework, a company must self-certify to the U.S. Department of Commerce that it complies with the Privacy Shield Principles and related requirements that have been deemed to meet the EU’s adequacy standard.  A company, like ReadyTech, that claims it has self-certified to the Privacy Shield Principles, but failed to self-certify to the U.S. Department of Commerce, may be subject to an enforcement action by the FTC. Continue reading…

Governor Wolf Signs Amendment to PA Medical Marijuana Act

Posted by J. Nicole Martin and Chris Raphaely on July 05, 2018
DOH, Medical Marijuana, Pennsylvania / No Comments

On June 22, 2018 Governor Wolf signed HB 2477 (“Amendment”) into law breathing new life into Chapter 20 of the Medical Marijuana Act (“Act”), the country’s first-of-its-kind law for cannabis research. This follows Commonwealth Court Judge Patricia McCullough’s May 22, 2018 issuance of a preliminary injunction halting the Department of Health’s (“DOH”) implementation of the Act’s Chapter 20 regulations. Chapter 20 of the Act governs the registration and operation of clinical registrants, the certification of academic clinical research centers (“ACRC”), and partnerships between clinical registrants and ACRCs for research purposes. A clinical registrant is a grower/processor and dispensary that will have a contractual relationship with an ACRC. An ACRC is an accredited medical school in the Commonwealth of Pennsylvania that “operates or partners with an acute care hospital licensed within this Commonwealth.” As of May this year, DOH had already certified eight medical schools as ACRCs under the Act. Continue reading…

Court Temporarily Enjoins CMS from Withholding Medicare Payments from Home Health Agency

Posted by Robert A. Chu on June 19, 2018
Medicare / No Comments

medicareA home health agency has scored a second win in its fight to prevent CMS from withholding Medicare payments (to effectuate a recoupment of alleged overpayments), at least for the time being.  We previously reported on the home health agency’s first win before the Fifth Circuit (which reversed the Northern District of Texas’s jurisdictional dismissal of the lawsuit).  See Family Rehab., Inc. v. Azar, 886 F.3d 496 (5th Cir. 2018).  We now report on its second win: the Northern District of Texas’s decision, on remand, to grant the home health agency’s temporary restraining order (TRO) motion and to at least temporarily enjoin CMS from withholding further Medicare payments.  See Family Rehab., Inc. v. Azar, No. 3:17-CV-3008-K, 2018 BL 196462 (N.D. Tex. Jun. 4, 2018), TRO extended by Order of Jun. 18, 2018.

To recap, a Zone Program Integrity Contractor (ZPIC) in 2016 alleged that the Medicare program had overpaid a home health provider, Family Rehab, nearly $7.9 million.  Family Rehab asked for a redetermination from its Medicare Administrative Contractor (MAC).  The MAC, however, affirmed the ZPIC’s conclusion.  The provider then asked a Qualified Independent Contractor (QIC) to reconsider the decision.  The QIC slightly reduced the demand to over $7.6 million.  Since the MAC by regulation can begin recouping overpayments after the QIC issues its decision, the MAC then noticed its intention to begin recouping the alleged overpayment.  Family Rehab then requested an ALJ hearing. Continue reading…

Tags:

New Jersey Enacts “Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act”

Posted by Dana Petrillo on June 06, 2018
Healthcare / No Comments

On June 1, 2018, New Jersey Governor Phil Murphy signed into law the Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act (the “Act”), available at: http://www.njleg.state.nj.us/bills/BillView.asp?BillNumber=A2039, which becomes effective on the 90th day after enactment.

The Act enhances consumer protections related to surprise out-of-network healthcare charges, and affects health care facilities, health care professionals, and health insurance carriers. Requirements under the Act specific to facilities, professionals, and carriers are summarized below.

Health care facilities or carriers that violate any provision of the Act will be liable for not more than $1,000 for each violation, where each day on which a violation occurs is considered a separate violation, up to $25,000 per occurrence. Health care professionals who violate the Act will be liable for up to $100 per violation, where each day on which a violation occurs is considered a separate violation, up to $2,500 per occurrence. Other penalties may be initiated by the Commissioner of Banking and Insurance, the Commissioner of Health, or the relevant professional or licensing board, as appropriate, pursuant to rules that may be adopted under the Act.

The Act also creates an arbitration process to resolve out-of-network billing disputes, so healthcare providers should be prepared for the new, multi-step arbitration process that will be utilized in New Jersey. Continue reading…

Tags:

Court of Appeals Finds Jurisdiction in Medicare Appeals Backlog Case

Posted by Robert A. Chu on April 25, 2018
Medicare / No Comments

medicareThe Fifth Circuit has recently held that its courts have jurisdiction to hear a lawsuit seeking to enjoin Medicare from recouping funds until after a hearing because (1) the provider’s claim is collateral to the underlying recoupment and (2) the recoupment may result in the provider’s bankruptcy and in a disruption to its patients.

In 2016, a Zone Program Integrity Contractor (ZPIC) concluded that Medicare had overpaid Family Rehab (a home health provider) nearly $7.9 million.  Family Rehab asked for a redetermination from its Medicare Administrative Contractor (MAC); the MAC affirmed the ZPIC’s conclusion.  The provider then asked a Qualified Independent Contractor (QIC) to reconsider the decision.  The QIC slightly reduced the demand to over $7.6 million.  The MAC then noticed its intention to begin recouping the overpayment.  (The MAC can begin recouping overpayments after the QIC issues its decision.)  Family Rehab then requested an ALJ hearing.

Despite the statutory requirement for an ALJ to issue a decision within 90 days of a request for a hearing, the hearing is not projected to occur until at least 3 to 5 years from now.  Since the recoupments will continue during the delay, the provider faces the possibility of going bankrupt and terminating operations before it could even conclude the 4-part Medicare appeal process (which has been described by the court as Byzantine).  The recoupments would cut off nearly all of the provider’s revenue stream.  Faced with these issues, Family Rehab sued the Secretary of Health and Human Services (HHS) in federal court and sought a temporary restraining order and an injunction to prevent the recoupment of any overpayments until the conclusion of the administrative appeals process. Continue reading…

Tags: , , , , ,

MedPAC Report: A Wake Up Call for Telehealth

Posted by Rene Quashie on April 02, 2018
Telehealth / No Comments

report coverThe recent Medicare Payment Advisory Commission (“MedPAC” or “Commission”) report should serve as a shot across the bow to telehealth advocates seeking broader Medicare coverage of telehealth. In reading the telehealth chapter, it is clear to me that the MedPAC commissioners are not fully sold on telehealth because, among other reasons, they recommend that the Medicare program proceed cautiously before any expansion of the telehealth benefit. The report also makes certain conclusions that are sure to vex many in the telehealth community.

For those not familiar with MedPAC, it is an independent congressional agency that advises Congress on Medicare-related issues, and it is influential in lawmakers’ consideration of Medicare issues.  By way of quick background, the 21st Century Cures Act of 2016 required the Commission to provide information regarding: 1) the extent to which Medicare covers telehealth; 2) the extent to which commercial insurers cover telehealth; and 3) ways in which the telehealth coverage policies of commercial insurance plans may be incorporated into the Medicare program. This required the Commission to do a broad-reaching examination of the telehealth sector beyond Medicare.

As a preliminary matter, the Commission notes that in 2016, 108,000 beneficiaries accounted for approximately 300,000 telehealth visits totaling $27 million in reimbursement under the Medicare physician fee schedule. Most of the services were basic physician office and mental health services.  More interesting was the Commission’s observation that Medicare beneficiaries using telehealth tended to be under the age of 65, Medicare/Medicaid dual eligibles, and “to disproportionately have chronic mental health conditions.”

Continue reading…

Tags: ,

Hospital Tier Status in Payor Network Agreements

Posted by J. Nicole Martin and Chris Raphaely on March 21, 2018
Healthcare / No Comments

gavel and bookBergen County Superior Court Judge Robert Contillo issued a recent decision deemed favorable by Horizon Healthcare Services Inc. (“Horizon”) in a case involving three healthcare providers (“Providers”) that challenged Horizon’s newer tiered health coverage plan for hospitals: OMNIA. The Providers alleged that Horizon unfairly designated them as Tier 2 Providers, a tier in which OMNIA Members access providers while incurring higher out-of-pocket costs than they would when accessing those providers in Tier 1. Although certain other claims may proceed, Judge Contillo dismissed the breach of contract claim because he determined that Horizon did not breach the network hospital agreements by “failing to include [the Providers] in Tier 1” because “[t]he plain and unambiguous language [under the agreement] does not guarantee that [the Providers] be included in Horizon’s new products, networks or subnetworks.”

This decision illustrates that tiered designation disputes between hospitals and payors may hinge on the language of the applicable network hospital agreements. Hospitals and other providers are encouraged to review their existing contracts and address this issue in future contracts to determine the level of discretion payors may have in including them in tiered and limited network products. As insurers continue to develop new products designed to lower costs, this will continue to be an important consideration for most providers.

Tags: , ,

2018 Telemedicine Benchmark Survey Shows Industry Trends

Posted by Rene Quashie on March 20, 2018
Telemedicine / No Comments

doctor typing on laptop telemedicineEach year, REACH Health publishes an industry benchmark survey that provides great insight into what telemedicine industry leaders are thinking.  Its most recently published survey is no different.  The 2018 survey was conducted among healthcare executives, physicians, and other professionals during December 2017 and January 2018.  Survey participants spanned the industry with almost half representing health systems and hospitals. Here are some takeaways from the survey:

  • 70 percent of respondents view telemedicine as a top or high priority.
  • About half are taking an enterprise approach to telemedicine, a significant increase from last year’s survey.
  • A majority of organizations plan to increase or maintain investments in telemedicine.
  • Improving patient outcomes and providing access to rural patients were the two top objectives for telemedicine programs cited by respondents.
  • 60 percent view the designation of a full-time dedicated program manager as a key to success of a telemedicine program.
  • Improved patient satisfaction was the most cited contributor to ROI, consistent with the past few surveys.
  • Facility settings that require more specialized treatment tended to have more mature telemedicine programs. Related to that, certain specialties such as stroke, behavioral health, radiology, and neurology, have more mature telemedicine programs.
  • Integrated audio/video for live engagement was the technology feature considered the most valuable to an organization with over 90 percent of respondents agreeing.

Continue reading…

DOH Finalizes Temporary Regulations for Clinical Registrants and Academic Clinical Research Centers

Posted by J. Nicole Martin and Chris Raphaely on March 16, 2018
PA Medical Marijuana Program / No Comments

The Pennsylvania Department of Health (DOH) published the much anticipated final version of the temporary regulations under the Medical Marijuana Act applicable to Clinical Registrants and Academic Clinical Research Centers (ACRC) in Pennsylvania (“Temporary Regulations”). The Clinical Registrant/ACRC relationship was first developed in Pennsylvania with a specific focus on research.  A Clinical Registrant is a unique category of Medical Marijuana Organization under Pennsylvania law that is granted a permit to act as both a grower/processor and dispensary. An ACRC is “an accredited medical school” in Pennsylvania that “operates or partners with an acute care hospital licensed and operating” in Pennsylvania. The Temporary Regulations require Clinical Registrants and ACRCs to enter into Research Contracts together and provide some broad guidance about the content of those written agreements. Additionally, the Temporary Regulations address certification of ACRCs, capital requirements, approvals for clinical registrants, and the process for Clinical Registrant applicants who wish to convert their already issued grower/processor or dispensary permits to Clinical Registrant permits.

For more information about the Temporary Regulations or the Medical Marijuana Act, contact Chris Raphaely, J. Nicole Martin or another member of Cozen O’Connor’s Cannabis Industry Team.

Tags: , , ,

« Previous Page