OIG Releases Proposed Gainsharing Regulation

Posted by Chris Raphaely on December 15, 2014
CMP, HHS, Medicaid, Medicare, OIG / No Comments

In early October, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) released a proposed rule that included, among other provisions, a proposed gainsharing regulation (“Proposed Rule”), and a specific request for comments on a definition of what it means to “reduce or limit services” under the statutory prohibition against certain “gainsharing” arrangements among hospitals and physicians. The OIG’s goal with this Proposed Rule and subsequent final rule is to “interpret the statutory [gainsharing] prohibition broadly enough to protect beneficiaries and the Federal health care programs, but narrowly enough to allow low risk programs that further the goal of delivering high quality health care at a lower cost.” More specifically, the OIG seeks to implement a “narrower interpretation of the phrase “reduce or limit services.” Industry analysts are touting the final regulation as a potential game changer in the battle to deliver “high quality health care at a lower cost.”

The existing gainsharing civil monetary penalty statute (“Gainsharing CMP”) is a law that broadly “prohibits hospitals and critical access hospitals from knowingly paying a physician to induce the physician to reduce or limit services provided to Medicare or Medicaid beneficiaries who are under the physician’s direct care.” Violation of the Gainsharing CMP by a hospital that makes such payment, and a physician that in turn knowingly accepts the payment, results in CMPs that are no greater than $2,000 per each beneficiary for whom such payment is made.

Determining what does and what does not constitute a payment designed to reduce or limit services can be difficult, particularly because, as HHS has taken pains to point out, the statute technically prohibits payments from hospitals to physicians to limit any services, not just medically necessary services. However, as far back as 2005 the Medicare Payment Advisory Commission and the Chief Counsel to the OIG have supported gainsharing when safeguards are in place to evaluate risks posed by such programs, including “measures that promote accountability, adequate quality controls, and controls on payments that may change referral patterns,” and to date, the OIG has approved 16 gainsharing arrangements through the advisory opinion process.

More recently, under Section 3022 of the Affordable Care Act, the secretary of HHS established  waivers under the Medicare Shared Savings Program (MSSP) with respect to the Gainsharing CMP under certain conditions. These waivers have limited applicability as they apply only to accountable care organizations that participate in the MSSP. The final gainsharing regulations presumably will cover all hospitals and could potentially have a much broader impact upon hospital physician compensation arrangements. Overall, the Proposed Rule and the OIG’s request for comments on what should and should not constitute prohibited payments from hospitals to physicians to reduce or limit services is yet another example of how the regulatory  landscape is changing to adapt to a reimbursement model that is evolving from a fee-for-service dominated model to one in which pay-for-performance will play a much larger role.

The comment period closed under the Proposed Rule in early December, and the final rule is expected in 2015.

 

Tags: , , , , , , , , , , ,

With a New Year Rolls in a New OIG Work Plan

Posted by Health Law Informer Author on December 12, 2014
ACA, HHS, HIPAA, Medicaid, Medicare, OIG / No Comments

Recently, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) released its Work Plan for Fiscal Year 2015 (“Work Plan”).  The OIG protects the integrity of HHS programs by identifying fraud and abuse and by suggesting improvements to HHS programs.  The Work Plan informs the public of new and ongoing reviews that OIG plans to pursue during the current fiscal year.

For Fiscal Year 2015 and beyond, OIG intends to focus on emerging payment, eligibility, management, and IT systems security vulnerabilities in the ACA programs, such as the health insurance marketplace.  OIG stated that it would also focus on the efficiency and effectiveness of payment policies in inpatient and outpatient settings, for prescription drugs, and in managed care.

Some specific new items of note include: (1) identifying clinical laboratories that routinely submit improper Medicare claims, (2) reviewing the rate of and reasons for transfers from group homes or nursing facilities to emergency departments as a potential indicator of poor quality, (3) identifying Medicaid MCO payments made on behalf of deceased or ineligible beneficiaries, and (4) assessing the extent to which hospitals comply with the contingency planning requirements of HIPAA.

The Work Plan is a valuable resource annually published by the OIG for providers to identify potential compliance risk areas.

Cozen O’Connor recently published another blog of the Work Plan with the Work Plan’s specific focus on HIPAA and/or information technology that the OIG will examine and address during Fiscal Year 2015.

Tags: , , , , , , , , , , , , ,

OIG’s New Work Plan Focuses on the Security of Health Information

Posted by Health Law Informer Author on December 04, 2014
CMS, HHS, HIPAA, OIG / No Comments

On October 31, 2014, The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Work Plan for fiscal year (FY) 2015.  The Work Plan summarizes “new and ongoing reviews of activities that OIG plans to pursue with respect to HHS programs and operations during the current fiscal year and beyond.”  In the Work Plan OIG identified several areas related to HIPAA and/or information technology that it will examine and address during FY 2015.

As a new addition to the Work Plan, OIG will determine the extent to which hospitals comply with the contingency requirements of HIPAA.  HIPAA’s Security Rule requires covered entities and their business associates to have in place a contingency plan that establishes policies and procedures for responding to an emergency or other event (such as, for example, natural disasters, system failures, terrorism) that damages systems containing electronic protected health information (ePHI).  These policies and procedures must, at a minimum, include data backup plans, data recovery plans and plans to continue to protect the security of ePHI while operating in emergency operations mode.  In the Work Plan OIG advises that it will compare contingency plans used by hospitals with government and industry recommended practices. 

As part of the Work Plan, OIG will continue to examine whether the Centers for Medicare & Medicaid Services’ (CMS) oversight of hospitals’ security controls over networked medical devices is sufficient to protect ePHI.   The OIG noted that computerized medical devices such as dialysis machines, radiology systems and medication dispensing systems that use hardware, software and networks to monitor a patient’s condition and transmit and/or receive data using wired or wireless communications pose a growing threat to the security and privacy of personal health information. 

OIG also plans to continue to perform audits of covered entities receiving incentive payments for the use of electronic health records (EHRs) and their business associates (including cloud providers) to determine whether they are adequately protecting ePHI created or maintained by certified EHR technology.  In addition, OIG will review the adequacy of CMS’ oversight of states’ Medicaid system and information controls.  Prior OIG audits found that states often fail to have in place adequate security features, potentially exposing Medicaid beneficiary information to unauthorized access.

As to future endeavors, the Work Plan stated that other areas under consideration for new work include the security of electronic data, the use and exchange of health information technology, and emergency preparedness and response efforts.  In addition, OIG advises that in FY 2015 and beyond, it will continue to focus on IT systems security vulnerabilities in health care reform programs such as health insurance marketplaces. 

Tags: , , , , , , , , , , , , ,

CMS Releases New Proposed Medicare Shared Savings Program Regulations

Posted by Chris Raphaely on December 03, 2014
Accountable Care Organizations, CMS, Medicare / No Comments

The Centers for Medicare and Medicaid Services (“CMS”) released proposed  regulations for the Medicare Shared Savings Program (“MSSP”) on Monday December 1, 2014.  The proposed regulations are scheduled to be published in the Federal Register on December 8, 2014, and those wishing to submit comments to the agency will have sixty days after their publication in the Federal Register to do so. CMS stated that the regulations will generally be effective sixty days after they are published in final form.

CMS’ discussion and the proposed regulations span over 400 pages and cover many   operational details of the MSSP.  Some selected highlights are noted below:

  • CMS proposes to permit ACOs currently enrolled in the MSSP’s “upside risk only” model to continue to participate in the “upside risk only” model for a second “agreement period” with a reduced shared savings rate.
  • CMS proposes to create a new “track 3” “upside/downside” risk model with higher rates of savings and the prospective attribution of beneficiaries.
  • CMS proposes to place a “greater emphasis on primary care services delivered by nurse practitioners, physician assistants and clinical nurse specialists in the beneficiary assignment process, and to eliminate the exclusivity requirement for certain specialists that were previously required to be exclusive to one ACO on the basis that they render some services that are considered primary care services.
  • CMS proposes to eliminate the requirement that ACOs send out data sharing “opt out” letters to beneficiaries and would require beneficiaries to opt out of data sharing exclusively by contacting CMS as opposed having the option to opt out by contacting the ACOs directly.

The health care industry will be digesting CMS’ voluminous and in some cases highly technical proposed changes to the MSSP over the next 60 days and the Health Law Informer will continue to provide more details regarding these regulations and the industry’s reaction to them.

To read the complete text of the proposed regulations click here.

Tags: ,

OCR Publishes Bulletin Regarding Privacy in Light of Ebola Outbreak

Posted by Health Law Informer Author on November 18, 2014
CDC, HHS, OCR / No Comments

In response to the recent Ebola outbreak in West Africa and in light of patients being treated in several hospitals in the U.S., the HHS, OCR (OCR) recently issued a HIPAA Bulletin to remind us that HIPAA covered entities and business associates must maintain the privacy of protected health information (PHI) even in emergency situations (“Guidance”). According to the OCR, the Guidance serves as a reminder “that the protections of the [HIPAA] Privacy Rule are not set aside during an emergency.”

The OCR explains that the HIPAA Privacy Rule requires a balance between the protection of the privacy of PHI against the necessary uses and disclosures of such information “to treat a patient, to protect the nation’s public health, and for other critical purposes” during emergency situations.  Although the OCR introduces no new requirements under the HIPAA Privacy Rule, the Guidance lays out the circumstances under which patient information may be shared in emergencies, such as for/due to:

  •  Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
  • Disclosures to the Media or Others Not Involved in the Care of the Patient/Notification
  • Imminent Danger
  • Public Health Activities (i.e., to a public health authority; at the direction of a public health authority, to a foreign government agency; and to persons at risk)
  • Treatment

The OCR reminds us that most disclosures require covered entities to make “reasonable efforts to limit the information disclosed to that which is the ‘minimum necessary.’” Further, covered entities are also required to: (i) implement “reasonable” safeguards necessary to protect PHI from intentional/unintentional uses and disclosures that are impermissible under HIPAA; and (ii) continue to apply administrative, physical and technical safeguards to protect e-PHI under the HIPAA Security Rule.

Further, according to the OCR, under the Project Bioshield Act of 2004 and Section 1135(b)(7) of the Social Security Act, the Secretary of HHS may waive certain HIPAA Privacy Rule provisions during public health or other emergencies. Such limited waivers require both the President to declare an emergency or disaster and the Secretary of HHS to declare a public health emergency. Additional information regarding the limited waivers appears in the Guidance.

As Ebola remains an emergency of both national and international concern, it not surprising that federal agencies continue to publish updated Ebola guidance. This Guidance reminds all of us, especially covered entities and business associates, that even in emergency situations, patient privacy must be protected, unless the limited waiver is invoked, and if not, covered entities and business associates will face consequences for violating the HIPAA Privacy Rule. For additional information regarding the HIPAA Privacy Rule in the context of emergency situations, see the HHS website.  Also see similar guidance (Bulletin and Bulletin  published by HHS in 2005 in response to Hurricane Katrina.

 

Tags: , , , , , , , , , , , ,

CDC Publishes Updated Interim Guidance Regarding Potential Ebola Exposure

Posted by Health Law Informer Author on October 28, 2014
CDC, WHO / No Comments

According to the World Health Organization, the Ebola outbreak is “the biggest and most complex . . . in history,” and in August, the World Health Organization declared the Ebola outbreak in West Africa to be a “Public Health Emergency of International Concern.” Following news last week that New Jersey and New York each announced Ebola exposure and quarantine measures, on Monday, the CDC published updated interim guidance for the monitoring and movement of persons with potential exposure to the Ebola virus (“Guidance”). According to the CDC, the Guidance is updated to include the addition of the following:

  •  A “low (but not zero) risk” category;
  •  A “no identifiable risk” category;
  •  Modifications to the recommended public health actions in each of the high risk, some risk and low (but not zero) risk categories; and
  • Recommendations for specific groups and settings (i.e., healthcare workers providing care to Ebola patients in U.S. facilities and healthcare workers providing care to Ebola patients in countries with widespread transmission).

The CDC further explained that the Guidance provides a “framework for determining appropriate public health actions based on risk factors and clinical presentation.” The Guidance also includes a reference chart outlining recommended public health actions based on exposure category. The CDC correctly noted that primary jurisdiction to address this matter remains with state and local authorities. Under the Tenth Amendment to the U.S. Constitution, states have police power to protect the health (i.e., public health/infectious disease control, including quarantine) of its population.

As Ebola remains a “Public Health Emergency of International Concern,” it is likely that additional and/or updated Ebola guidance will be published by the CDC, as well as orders issued by other states and local authorities.

Tags: , , , ,

CDC Publishes Revised Ebola Guidelines and Announces New Monitoring Program

Posted by Health Law Informer Author on October 23, 2014
CDC / No Comments

The CDC recently announced stricter guidelines on the use of personal protective equipment for United States healthcare workers providing healthcare services to patients with Ebola (“Guidelines”). According to the CDC, the Guidelines have three core principles:

  • All healthcare workers undergo rigorous training and are practiced and competent with personal protective equipment, including putting it on and taking it off in a systemic manner
  • No skin exposure when personal protective equipment is worn
  • All workers are supervised by a trained monitor who watches each worker putting personal protective equipment on and taking it off.

Continue reading…

Tags: , , , ,

CMS Withdraws Proposed Medicare Secondary Payer Rule

Posted by Health Law Informer Author on October 17, 2014
CMS, Medicare / No Comments

On October 8, 2014, the Centers for Medicare & Medicaid Services (“CMS”) withdrew its Notice of Proposed Rule Making (“NPRM”) from the Office of Management and Budget that was to address how Medicare’s future interests should be protected pursuant to the Medicare Secondary Payer (“MSP”) Act (42 U.S.C. § 1395y(b)(2)) in workers’ compensation, liability (including self-insurance), automobile and no-fault insurance cases (see Notice).  While it is expected that CMS will submit another proposed rule, it does not seem likely that an ultimate final rule will be forthcoming anytime soon.

Although CMS has published guidelines for how to address claims in workers’ compensation cases where future medical expenses are claimed or released in a settlement judgment or other award, it has not released much guidance on addressing future medical expenses in liability, self-insurance, automobile and no-fault insurance cases.  The resulting lack of any clear guidance has resulted in many settlements being prolonged or even coming to a grinding halt as the parties differed over how—or whether— to address Medicare’s interest in future medical expenses.  It was hoped this would change after CMS released an Advance Notice of Proposed Rulemaking in June of 2012 addressing the issue of protecting Medicare’s interest in future medical expenses.  Yet, the recent notice that CMS has withdrawn its proposed rule is disappointing to the stakeholders, including claimants, insurers and attorneys looking for clarity and guidance from CMS on this issue.  Even without guidance addressing future medicals, parties to a settlement must still fulfill their MSP obligations, which include addressing Medicare’s interests in future medical expenses.

Tags: ,

CMS Announces Program to Fund ACO Growth, Extends Fraud and Abuse Waivers

Posted by Chris Raphaely on October 16, 2014
Accountable Care Organizations, CMS, OIG / No Comments

The Centers for Medicare & Medicaid Services (“CMS”) announced a new initiative, the ACO Investment Model, on October 15, 2014.  Under the model, ACOs which are made up of “providers [who] lack adequate access to … capital” may receive additional funding from the CMS “to invest in infrastructure necessary to successfully implement population care management.” The eligibility criteria are as follows:

  • The ACO must be accepted into and participate in the Medicare Shared Savings Program. The ACO’s first performance period in the Medicare Shared Savings Program must have started in either 2012, 2013 or 2014 or will start in 2016.
  • The ACO has completely and accurately reported quality measures to the Medicare Shared Savings Program in the most recent performance year, if the ACO started in the Medicare Shared Savings Program in 2012, 2013 or 2014, excluding ACOs that will start in 2016.  The ACO has a preliminary prospective beneficiary assignment of 10,000 or fewer beneficiaries for the most recent quarter, as determined in accordance with the Shared Savings Program regulations.
  • The ACO does not include a hospital as an ACO participant or an ACO provider/supplier (as defined by the Shared Savings Program regulations), unless the hospital is a critical access hospital (CAH) or inpatient prospective payment system (IPPS) hospital with 100 or fewer beds.
  •  The ACO is not owned or operated in whole or in part by a health plan.
  •  The ACO did not participate in the Advance Payment Model.

Continue reading…

Tags: , , , ,

Skilled Nursing Facility Reaches Largest Failure of Care Settlement in DOJ History

Posted by Health Law Informer Author on October 13, 2014
DOJ, HHS, Medicaid, Medicare / No Comments

On Friday October 10, 2014, the Department of Justice (DOJ) and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG) jointly announced a $38 million settlement with a skilled nursing facility (SNF), Extendicare Health Services Inc. (Extendicare) and its subsidiary Progressive Step Corporation (ProStep). Extendicare owns and operates 146 SNFs in eleven states. Prostep offers Extendicare residents occupational, physical and speech rehabilitation services.

The settlement stemmed from allegations in two qui tam cases: United States ex rel. Lovvorn v. EHSI, et. al. C.A. 10-1580 (E.D. Pa); and United States ex rel. Gallick et al., v. EHSI et al., C.A. 2:13cv-092 (S.D. Ohio). The allegations were that Extendicare (1) “billed Medicare and Medicaid for materially substandard nursing services that were so deficient that they were effectively worthless”; and (2) “billed Medicare for medically unreasonable and unnecessary rehabilitation therapy services.” Continue reading…

Tags: , , , , , , , , ,

« Previous Page Next Page »