ALJ Rules Against FTC in LabMD Data Security Action: Sets High Bar for Proving Consumer Harm

Posted by Health Law Informer Author on November 20, 2015
Federal Trade Commission, FTC, HIPAA / No Comments

shutterstock_157454741Last June we wrote about the FTC’s enforcement action against LabMD, a medical testing laboratory, which was forced to wind down its business because of the costs associated with challenging the FTC since 2013. Using its broad enforcement authority under Section 5 of the FTC Act, the FTC alleged that LabMD failed to “provide reasonable and appropriate security for personal information on its computer networks,” which the FTC claimed lead to the data of thousands of consumers being leaked.

On November 13, 2015, Chief Administrative Law Judge D. Michael Chappell ruled in favor of LabMD, dismissing the FTC’s complaint because the FTC “fail[ed] to prove that [LabMD’s] alleged unreasonable data security caused, or is likely to cause, substantial consumer injury, as required by Section 5(n) of the FTC Act, [LabMD’s] alleged unreasonable data security cannot properly be declared an unfair act or practice in violation of Section 5(a) of the FTC Act.” Notably, Judge Chappell concluded that Continue reading…

Tags: , , , , , , , , , ,

The “Other” Safe Harbor: OIG Warns Healthcare Providers and Vendors Against Information Blocking and Federal Anti-Kickback Violations

Posted by Health Law Informer Author on October 15, 2015
Anti-Kickback, False Claims Act, Healthcare, Medicaid, Medical Assistance, Medicare, OIG, Whistleblower / No Comments

golden-whistleblower

For those of us who work in the privacy and security space this past week has been a whirlwind with focus on the ramifications of the European Court of Justice (ECJ) decision invalidating the EU-U.S. Safe Harbor Agreement.  Much has been written on the EU-U.S. Safe Harbor Agreement and much more will be written in the coming weeks.  See Cozen O’Connor’s Cyber Law Monitor recent blog post, The End of Safe Harbor – What Does it Mean?   However, the ECJ decision was not the only news on safe harbor last week.  The U.S. Department of Health and Human Services, Office of Inspector General (“OIG”) issued their thoughts on data arrangements and safe harbor, albeit a much different safe harbor than the EU-U.S. Safe Harbor Agreement.  Healthcare providers and health IT vendors should pay close attention to OIG’s Alert.  See October 6, 2015 OIG Alert.

OIG issued the Alert during National Health IT Week and described it as a “Policy Reminder” on Information Blocking and the Federal Anti-Kickback Statute (42 U.S.C. 1320a-7b (b)).  The Federal Anti-Kickback statute prohibits individuals and entities from knowingly and willfully offering, paying, soliciting, or receiving remuneration to induce or reward referrals of business reimbursable under any Federal health care program (“FHCP”).  The Alert addresses a growing trend in the industry, arrangements involving the provision of software or information technology to a referral source.  Although there is a safe harbor for electronic health records (“EHR”) arrangements it “must fit squarely in all safe harbor conditions to be protected.” 42 CFR § 1001.952(y).

In its alert, OIG focused on the parameters of the safe harbor exception that allows donors to enter into a wide variety of arrangements involving EHR software, IT, and training services, provided there are no restrictions to the use, compatibility, or interoperability of donated items or services.  42 CFR § 1001.952(y)(3).  OIG provided guidance on this issue in 2013, explicitly stating that if the interoperability of an item or service is restricted by the donor or anyone acting on the donor’s behalf, including the recipient, then the donation violates the exemption and thus will be actionable under the Federal anti-kickback statute.

OIG’s Alert highlights practices outlined in its 2013 guidance that would be actionable under the Federal anti-kickback statute.  For example, an agreement between a donor and a recipient to limit a competitor from interfacing with the donated items or services would be actionable.  Even an agreement between a donor and an EHR technology vendor to charge non-recipient providers, non-recipient suppliers, or competitors’ high fees may be actionable.

OIG also provided an open invitation to whistleblowers to report fraud by urging persons with knowledge of violations of the safe harbor to be vigilant in reporting potential violations to their office.  Violations will occur when donors engage in information blocking, which refers to practices that unreasonably block the sharing of electronic health information (EHI).  OIG provided three criteria in a 2015 report for identifying practices that qualify as information blocking:

  1. Interference with the ability of authorized people to access, exchange, or otherwise use EHI.
  2. Knowledge, actual or expected under the circumstances, that the practice will be considered information blocking.
  3. No reasonable justification for limiting sharing of EHI.

If all three criteria are met, then the practice in question is considered information blocking.

For more information on this Alert, contact Ryan P. Blaney or any member of Cozen O’Connor’s Health Care team.

Tags: , , , , ,

Executives in the Crosshairs: DOJ Increases the Focus on Individuals to Combat Corporate Wrongdoing

Posted by Chris Raphaely on September 22, 2015
DOJ / No Comments

shutterstock_205655215-300x250Earlier this month, the Deputy Attorney General of the Department of Justice (“DOJ”) released a memorandum (“Guidance”) setting forth six key steps to which DOJ attorneys should adhere in the investigation of corporate misconduct. At the same time, the Guidance underscores the importance of having corporate compliance policies and procedures that stress individual accountability and provides critical information for any organization that finds itself under investigation by the DOJ.

The overarching theme of the Guidance is that every act of a corporation or other organization is carried out by one or more individuals and that by focusing on individual conduct and holding specific individuals accountable for corporate misconduct when it is found to have occurred, the DOJ will investigate and combat corporate wrongdoing more effectively.  The six key steps contained in the Guidance are as follows:

  • “to qualify for any cooperation credit, corporations must provide to the [DOJ] all relevant facts relating to the individuals responsible for the misconduct;
  • criminal and civil corporate investigations should focus on individuals from the inception of the investigation;
  • criminal and civil attorneys handling corporate investigations should be in routine communication with one another;
  • absent extraordinary circumstances or approved departmental policy, the [DOJ] will not release culpable individuals from civil or criminal liability when resolving a matter with a corporation;
  • [DOJ] attorneys should not resolve matters with a corporation without a clear plan to resolve related individual cases, and should memorialize any declinations as to individuals in such cases; and
  • civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual’s ability to pay.”

The Guidance will apply to matters that are pending as of September 9, 2015 as well as all future DOJ investigations of corporate wrongdoing.

For more information on this Guidance, contact Chris Raphaely, Nicole Martin, or any member of Cozen O’Connor’s Healthcare law team.

Tags: , , , , , , , , , , ,

The Time is Right for Hospitals to Ensure 501(r) Compliance

Posted by Chris Raphaely on September 14, 2015
IRS / No Comments

hospital-pic-300x215Updated requirements for hospitals to maintain their tax-exempt status under Section 501(r) of the Internal Revenue Code are nothing new. They were enacted as part of the Affordable Care Act in 2010. However, at the end of 2014, the IRS issued a final rule (“Final Rule”) interpreting, clarifying and updating these requirements. As we’ve seen before with other enforcement agencies, after passing final regulations, it is expected that the IRS will devote more attention to enforcement and be more exacting when it measures compliance.

Hospitals will be subject to the Final Rule beginning with tax years starting after December 29, 2015. Prior to such time “reasonable, good faith interpretations” of the 501(r) requirements will suffice, but thereafter strict compliance with the specific terms of the Final Rule, which contain several changes from the proposed rule, will be required. Consequently, now is an opportune time for hospitals to take what is likely to be at least a second look at 501(r) compliance in the last four or five years.

Briefly, the significant changes under the Final Rule involve the following:

  • Translation requirements for financial assistance policies (FAPs), as well as the FAP applications and FAP summaries;
  • Rules regarding application of the requirements to partnership that operate hospitals;
  • FAP eligibility determinations;
  • Notices regarding potential extraordinary collection actions;
  • Contractual provisions for transactions involving the sale or third-party collection of hospital receivables; and
  • Changes to methodologies used to determine “amounts generally billed”, which are the 501(r) imposed limits on the amounts individuals qualifying for financial assistance can be billed for emergency care or other medically necessary care.

For more information on these important requirements, contact Chris Raphaely, Nicole Martin, or any member of Cozen O’Connor’s Healthcare law team.

Tags: , , , , , , , , , , ,

Physician Group to Pay $750,000 to Settle a HIPAA Violation

Posted by Health Law Informer Author on September 03, 2015
HHS, HIPAA, OCR / No Comments

In August 2012, a Physician Group—comprising of nearly 20 physicians—reported its HIPAA breach to HHS, which resulted from a laptop bag containing the employee’s laptop and a computer server backup being stolen from an employee’s car in July 2012. According to the Resolution Agreement between HHS and the Physician Group, the laptop did not contain ePHI, but the portable, unencrypted server backup in the employee’s bag did. The backup contained ePHI for 55,000 individuals. To settle this matter, the Physician Group has agreed to pay $750,000.

Although stolen laptops and lack of encryption is nothing new in the world of HIPAA breaches, this situation stands out for a few reasons:

  •  The Physician Group did not conduct “an accurate and thorough” risk assessment;
  •  The significance of encryption extends not only to desktop computers and laptops, but also to portable devices, including but not limited to computer server backups; and
  • This is a notable fine for a Physician Group of less than 20 physicians.

For more information regarding this incident and HIPAA compliance, including the importance of encryption and risk assessments, contact J. Nicole Martin or any member of Cozen O’Connor’s healthcare law team.

 

 

Tags: , , , , , , ,

Ignorance Is Not Bliss: The Clock under the ACA’s “60 Day Rule” Can Start Ticking Well Before the Exact Amount of Overpayment is Identified

Posted by Chris Raphaely on August 05, 2015
ACA, Affordable Care Act, False Claims Act, Medicaid, Medicare / No Comments

shutterstock_186812807

On August 3, 2015, a federal judge in the Southern District of New York ruled that the United States’ and state of New York’s complaints in intervention can move forward against a group of hospitals, under the federal False Claims Act (“FCA”) and New York’s FCA corollary. The hospitals allegedly failed to report and return Medicaid overpayments that were brought to their general attention over two years before all of the relevant repayments were made.

The judge’s opinion denying the defendants’ motions to dismiss in Kane v. Health First, et al. and U.S. v. Continuum Health Partners Inc. et. al., should be of particular note to providers because it contains extensive discussion and guidance as to how at least one federal judge interprets the Affordable Care Act’s (“ACA”) “60 day rule.” Specifically, the ACA’s rule requires any provider who receives an overpayment from Medicare or Medicaid to repay such overpayment within 60 days of the “date on which the overpayment was identified.” Further, retention of such an overpayment beyond the sixty-day period can result in liability under the FCA.

Continue reading…

Tags: , , , , , , , , ,

Third Circuit Invalidates HHS’ Medicare Wage Index Reclassification Rule

Posted by Health Law Informer Author on August 04, 2015
HHS, Hospital, Medicare / No Comments

shutterstock_182426978On July 23, 2015, the Third Circuit invalidated, as being contrary to the Medicare statute, the U.S. Department of Health and Human Services’ (HHS) Medicare wage index “reclassification rule,” 42 C.F.R. § 412.230(a)(5)(iii). That rule was designed to prevent (and did prevent) urban hospitals that had strategically reclassified as being rural from being reclassified again (based on their newly acquired rural status) to a particular urban area, to benefit from a higher Medicare standardized amount and wage index.

In Geisinger Community Medical Center v. Secretary United States Department of Health and Human Services, the hospital first reclassified, successfully, as a Section 401 hospital (i.e., an urban hospital that elects to be treated as rural). It then sought to reclassify, based on its newly acquired rural status, to the Allentown urban wage index area. The hospital estimated that such a reclassification would increase its Medicare reimbursements by approximately $2.6 million per year. The Allentown urban area is 27 miles from the hospital. To be reclassified to that area, the hospital had to rely on the relaxed 35 mile maximum distance applicable to rural hospitals; it would not qualify under the maximum 15 mile distance applicable to urban hospitals. The reclassification rule, however, prohibited Section 401 hospitals from reclassifying based on their acquired rural status.

The Third Circuit panel majority, under a Chevron Step One analysis, agreed with the hospital that HHS’ reclassification rule is unlawful. It specifically held that the statutory text of Section 401 unambiguously requires HHS, through broad and mandatory language, to treat Section 401 hospitals like hospitals that are actually located in rural areas. The reclassification rule, therefore, unlawfully prevented the Section 401 hospital from being considered as a rural hospital in its application to reclassify to a different wage index area.

Tags: , , , , , ,

Revamped Telehealth Bill Referred to the House and Energy Commerce Committee and the House Committee on Ways and Means

Posted by Health Law Informer Author on July 09, 2015
CMS, Medicare / No Comments

On July 7, 2015, U.S. Reps. Mike Thompson, Gregg Harper, Diane Black, and Peter Welch announced the introduction of a new version of the July 2014 telehealth legislation (H.R. 5380) called the Medicare Telehealth Parity Act of 2015 (H.R. 2948) (the “Act”). The Act has already been referred to each of the House Energy and Commerce Committee and the House Committee on Ways and Means.

According to Congressman Thompson’s press release, this Act would phase in and expand upon existing telehealth services under Medicare, by, among other changes:

  • Removing the geographic barriers under current law and allowing the provision of telehealth services in rural, underserved, and metropolitan areas;
  • Expanding the list of providers and related covered service that are eligible to provide telehealth services to include respiratory therapists, physical therapists, occupational therapists, speech language pathologists, and audiologists;
  • Allowing remote patient monitoring for patients with chronic conditions such as heart failure, chronic obstructive pulmonary disease, and diabetes; and
  • Allowing the beneficiary’s home to serve as a site of care for home dialysis, hospice care, eligible outpatient mental health services, and home health services.

For quite some time reimbursement barriers prevented the expanded use of telehealth/telemedicine under Medicare beyond reimbursement for limited services, limited modes of telehealth, and the “originating site” restriction. Over the last few years, legislation expanding access and reimbursement under Medicare for telemedicine/telehealth services has been introduced, but never passed. This time could be different as the legislation has not only bipartisan support, but also the support of industry groups, including among others, the American Telemedicine Association and the American Heart Association. Stay tuned for additional updates regarding the Act. For further information, contact J. Nicole Martin or any member of Cozen O’Connor’s healthcare law team.

Tags: , , , , , ,

Progress in Medicare Takes Many Forms: Moving Ahead with Maintenance Care After Jimmo

Posted by Health Law Informer Author on June 29, 2015
Medicare / No Comments

Somehow, although certainly not from a clear reading of the Medicare statute, there was long a perceived rule that Medicare would only cover certain services if the patient was making measurable improvement. This created the perverse circumstance that a provider was discouraged from delivering services that would maintain a patient’s current health level even if the absence of those services would result in the patient declining and then needing even greater services.

Through the hard work and perseverance of six named individual plaintiffs, led by Glenda Jimmo of Vermont, and seven advocacy organizations, the perceived “improvement rule” has been struck down.  (For information on the settlement of the case and the legal ramifications, see information available through the Center for Medicare Advocacy. That’s the good news given the importance of keeping certain patients from getting worse, the bad news is that the settlement of the Jimmo case is not widely enough known.

Reports suggest that claims for skilled maintenance services are still being denied, or, in many instances, providers do not even offer these services to patients based on the assumption that reimbursement will be withheld. As a result of the Settlement, CMS agreed to embark on an education campaign around this ruling. That educational effort will need to be redoubled to get the message out, especially given the reality that many service providers themselves think only in terms of patient improvement and not maintenance, as improvement has long been the primary measure of their effectiveness.

Earlier this week, the Center for Medicare Advocacy convened a group of providers and patient advocates to identify barriers to implementing the Jimmo decision and how to circumvent them. Stay tuned for more!

Tags:

Supreme Court Upholds ACA Subsidies: What’s Next?

Posted by Chris Raphaely on June 26, 2015
ACA, Affordable Care Act / No Comments

On Thursday, June 25, the Supreme Court of the United States issued its much anticipated ruling in King v. Burwell, the second major Court challenge to a core element of the Affordable Care Act (“ACA”).  The Court, by a 6-3 margin, issued a victory for the ACA.

King v. Burwell was not a challenge to the ACA per se.  Rather, the plaintiffs challenged an Internal Revenue Service (“IRS”) rule which permits the provision of subsidies for the purchase of health insurance to lower-income residents of states that use Healthcare.gov, the exchange operated by the federal government.  Essentially, the plaintiffs, and three Justices in a vigorous dissent penned by Justice Scalia, argued that the plain language of the statute limited the subsidies to residents of states that operate their own exchanges.  This would have eliminated subsidies in at least 36 states, and would have had innumerable indirect effects on other provisions of ACA (including eliminating the penalties for violations of the employer mandate in those states).

Although the decision will be of great interest politically and to administrative and constitutional law scholars, it does nothing to change the implementation of the ACA.  The exchange system that is currently in place will move forward unless it is changed legislatively or by executive action. This was welcomed by businesses in the two sectors most directly affected by the ruling, insurance and health care providers, and was reflected  in  sharp one day gains of stock prices for the large insurance companies and for-profit hospital chains.

Another aspect of the ACA that will now definitely move forward as a result of the decision is the scheduled implementation of the employer mandate on January 1, 2016.  Accordingly, affected entities (employers of 50 or more full time equivalents) should continue, and in some cases quickly step up, their compliance efforts by reviewing their employment and benefits policies to make certain that they do not run afoul of the employer mandate once it becomes fully effective.

Tags:

« Previous Page Next Page »