Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle

July 6, 2014

Health care providers, health plans, heath care clearinghouses and their business associates heed both the lesson about properly protecting protected health information and the more subtle lesson about the role of employees and other whistleblowers in bringing these violations to the attention of regulators contained in the latest Health Insurance Portability & Accountability Act (HIPAA) resolution agreement.

Late last month, the Department of Health & Human Services Office of Civil Rights (HHS) announced that complaints of a retiring physician over the mishandling of her patient records by Parkview Health System, Inc. (Parkview) prompted the investigation that lead Parkview to agree to pay $800,000 to settle charges that it violated HIPAA’s Privacy Rule.

The resolution agreement settles charges lodged by HHS based on an OCR investigation into the retiring physician’s allegations that Parkview violated the HIPAA Privacy Rule by failing to properly safeguard the records when it returned them to the physician following her retirement.

As a covered entity under the HIPAA Privacy Rule, HIPAA requires that Parkview appropriately and reasonably safeguard all protected health information in its possession, from the time it is acquired through its disposition.

In an investigation prompted by the physician’s complaint, OCR found that Parkview breached this responsibility in its handling of certain physician patient records in helping the physician to transition to retirement.

According to OCR, in September 2008, Parkview took custody of medical records pertaining to approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice.

Subsequently on June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue. OCR concluded this conduct violated the Privacy Rule.

To settle OCR’s charges that these actions violated HIPAA, OCR has agreed to pay the $800,000 resolution amount and to adopt and implement a corrective action plan requiring Parkview to revise their policies and procedures, train staff, and provide an implementation report to OCR.

The resolution agreement highlights the role that current or former physicians, employees or others can play in helping OCR to identify HIPAA violations.  Health care providers and other covered entities and their business associates should take into account the likelihood that physicians on their own or other facility medical staffs, their employees and other participants in the care delivery system often may have and be motivated to report to government sensitive information about violations of HIPAA or other laws.  Since HIPAA and most other laws prohibited covered entities from forbidding or retaliating against a person for objectiving to or reporting the concern and offer whistleblowers potential participation in the reporting and prosecution of violations, employees or other workforce members increasingly make the complaints bring violations to OCR and other regulators.

Whether from an internal employee complaint, a  patient or competitor complaint or other source, HIPAA violations carry significant liability risks.  The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates.  In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.  Furthermore, enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need assistance in auditing or assessing, updating or defending your HIPAA, or other health or other employee benefit, labor and employment, compensation, privacy and data security, or other internal controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer at cstamer@solutionslawyer.net or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters.  She also is recognized for her publications, industry leadership, workshops and presentations on privacy and data security and other human resources, employee benefits and health care concerns.  Her many highly regarded publications on privacy and data security concerns include “Privacy Invasions of Medical Care-An Emerging Perspective.” ERISA Litigation Manual. BNA, 2003-2009; “Privacy & Securities Standards-A Brief Nutshell.” BNA Tax Management and Compliance Journal. February 4, 2005; “Cybercrime and Identity Theft: Health Information Security beyond HIPAA.” ABA Health eSource. May, 2005 and many others.  She also regularly conducts training on HIPAA and other privacy and data security compliance and other risk management matters for a broad range of organizations including the Association of State and Territorial Healthcare Organizations (ASTHO), the Los Angeles County Health Department, a multitude of health plans and their sponsors, health care providers, the American Bar Association, SHRM, the Society for Professional Benefits Administrators and many others.  Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see www.CynthiaStamer.com or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at www.SolutionsLawPress.com.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press.  All other rights reserved.


Whistleblower To Get $17M+ of Omnicare $124M False Claims Settlement

June 26, 2014

Former employee turned whistleblower Donald Gale will receive $17.24 million of the $124.24 million that the U.S.’ largest provider of pharmaceuticals and pharmacy services to nursing homes, Omnicare, Inc. has agreed to pay to settle charges that Omnicare violated the Anti-Kickback Statute by offering improper financial incentives to skilled nursing facilities in return for their continued selection of Omnicare to provide pharmaceuticals and pharmacy services to their residents. The settlement announced June 25, 2014 by the Department of Justice (DOJ) highlights the growing risks that health care organizations using aggressive marketing incentive programs face to whistleblower, Department of Justice and other investigations.

According to DOJ, the Omnicare settlement resolves allegations that “Omnicare provided improper discounts in return for the opportunity to provide medication to Medicare and Medicaid beneficiaries” in violation of the Anti-Kickback Statute.  The settlement resolves allegations initially brought by two whistleblowers that Omnicare submitted false claims by entering into below-cost contracts to supply prescription medication and other pharmaceutical drugs to skilled nursing facilities and their resident patients to induce the facilities to select Omnicare as their pharmacy provider.  The facilities were participating providers under agreements with Medicare and Medicaid.   In addition to the facilities’ own claims for reimbursement from Medicare for short-term rehabilitation treatment rendered to patients, Omnicare submitted additional claims for reimbursement to Medicare and Medicaid for drugs Omnicare supplied.

The Anti-Kickback Statute prohibits offering, paying, soliciting or receiving remuneration to induce referrals of items or services covered by Medicare, Medicaid and other federally funded programs as a means of helping to ensure that the selection of health care providers and suppliers is not compromised by improper financial incentives and is instead based on the best interests of the patient. This settlement illustrates both the government’s emphasis on combating health care fraud and marks another achievement for the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative and the critical role that current or former employees or other whistleblowers often play in the successful investigation and prosecution of these cases.

The HEAT initiative announced in May 2009 by Attorney General Eric Holder and Secretary of Health and Human Services Kathleen Sebelius makes heavy use of whistleblowers to uncover potential violations and then uses the False Claims Act and other expanded investigatory and enforcement tools granted by Congress to nail providers.

In conducting its war against health care fraud, Federal officials credited new tools created under the Patient Protection & Affordable Care Act (Affordable Care Act) with aiding their health care fraud investigation and enforcement efforts.   Legal reforms and new resources granted under the Affordable Care Act and various other legal changes have beefed up the fraud detection and fighting powers of Federal health care fraud investigators and prosecutors.  Examples of these new tools include:

  • Tough new rules and sentences for criminals
  • Enhanced screening and other enrollment requirements
  • Increased coordination of fraud prevention efforts
  • Health Care Fraud Prevention and Enforcement Action Team (HEAT)
  • New focus on compliance and prevention
  • Expanded overpayment recovery efforts
  • New durable medical equipment (DME) requirements
  • An additional $350 million over 10 years to ramp up anti-fraud efforts
  • Greater oversight of private insurance abuses
  • Senior Medicare Patrols

The continuing success of these and other federal health care fraud investigation and enforcement efforts continue to prove the need for health care providers and payers to strengthen their compliance practices and documentation to avoid getting caught in the ever tightening health care fraud dragnet.  Since January 2009, the Justice Department has recovered a total of more than $19.5 billion through False Claims Act cases, with more than $13.9 billion of that amount recovered in cases involving fraud against federal health care programs. In announcing the settlement, Justice Department officials sent strong warnings to other health care providers and suppliers about the dangers of providing or accepting improper discounts or other improper incentives as part of their business marketing strategies. “Health care providers who seek to profit from providing illegal financial benefits will be held accountable,” said Assistant Attorney General for the Justice Department’s Civil Division Stuart F. Delery.  “Schemes such as this one undermine the health care system and take advantage of elderly nursing home residents.”  Meanwhile, Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, said “Nursing homes should select their pharmacy provider based on the best quality, service and cost to the residents, not based on improper discounts to the nursing facility.”

Any quick look at the DOJ’s enforcement record shows its acting on these promises.  For instance, in addition to the Omnicare settlement, DOJ also announced on June 25 the guilty plea of a physician and the sentencing on an ambulance company owner on health care fraud charges.  See Huntersville Physician Pleads Guilty To Health Care Fraud and Tax Fraud and Agrees To Pay $6.2 Million to Settle Civil Fraud Claims;  Ambulance Company Co-Owner Sentenced To 13 1/2 Years for Health Care Fraud Scheme.

 Health Care Providers Must Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts

June 11, 2014

Health care providers, health plans and insurers, health care clearinghouses (collectively “Covered Entities”), their business associates, and others concerned about medical privacy regulations or protections should check out two new reports to Congress about breach notifications reported and other compliance data under the Health Insurance Portability & Accountability Act (HIPAA) by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).   Reviewing this data can help Covered Entities and their business associates identify potential areas of exposures and enforcement that can be helpful to minimize their HIPAA liability as well as to expect OCR enforcement and audit inquiries.

Required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the two new reports discuss various details about HIPAA compliance for calendar years 2011 and 2012.  They include the following:

  • Report to Congress on Breach Notifications, discussing the breach notification requirements and reports OCR received as a result of these breach notification requirements; and
  • Report to Congress on Compliance with the HIPAA Privacy and Security Rules, summarizing complaints received by OCR of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164 .
  • Covered entities and their business associates should review the finding reported as part of their compliance practices. Others concerned about medical or other privacy or data security regulations or events also may find the information in the reports of interest.

Under HIPAA, covered entities generally are prohibited from using, accessing or disclosing protected health information about individuals except as specifically allowed by HIPAA,  In addition, HIPAA also requires Covered Entities to establish safeguards to protect protected health information against improper access, use or destruction, to afford certain rights to individuals who are the subjects of protected information, to obtain certain written assurances from service providers who are business associates before allowing those service providers to use, access or disclose protected health information when carrying out covered functions for the Covered Entity, and meet other requirements.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates.  In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.

Enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the HITECH Act since March 26, 2013 and to have updated business associate agreements in place since September 23, 2013.  Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in  the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need assistance in auditing or assessing, updating or defending your HIPAA, or other health or other employee benefit, labor and employment, compensation, privacy and data security, or other internal controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer at cstamer@solutionslawyer.net or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters.  She also is recognized for her publications, industry leadership, workshops and presentations on privacy and data security and other human resources, employee benefits and health care concerns.  Her many highly regarded publications on privacy and data security concerns include “Privacy Invasions of Medical Care-An Emerging Perspective.” ERISA Litigation Manual. BNA, 2003-2009; “Privacy & Securities Standards-A Brief Nutshell.” BNA Tax Management and Compliance Journal. February 4, 2005; “Cybercrime and Identity Theft: Health Information Security beyond HIPAA.” ABA Health eSource. May, 2005 and many others.  She also regularly conducts training on HIPAA and other privacy and data security compliance and other risk management matters for a broad range of organizations including the Association of State and Territorial Healthcare Organizations (ASTHO), the Los Angeles County Health Department, a multitude of health plans and their sponsors, health care providers, the American Bar Association, SHRM, the Society for Professional Benefits Administrators and many others.  Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see www.CynthiaStamer.com or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at www.SolutionsLawPress.com.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press.  All other rights reserved.


CMS Proposes Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Pre-Authorization Rule

May 28, 2014

July 28, 2014 is the deadline for concerned persons to comment on the Centers for Medicare & Medicaid Services (CMS) proposed rule requiring prior authorization for certain durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS).  The proposed rule available for review at http://www.gpo.gov/fdsys/pkg/FR-2014-05-28/pdf/2014-12245.pdf would establish a prior authorization process for certain durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) items that are frequently subject to unnecessary utilization and would add a contractor’s decision regarding prior authorization of coverage of DMEPOS items to the list of actions that are not initial determinations and therefore not appealable.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Medicare Fraud Strike Force Nails 90 Individuals For Almost $260 Million In False Billing Including 16 Doctors

May 13, 2014

27 Medical Professionals Charged with Health Care Fraud

A nationwide takedown by Medicare Fraud Strike Force operations in six cities today (May 13, 2014) resulted in charges against 90 individuals, including 27 doctors, nurses and other medical professionals, for alleged participation in Medicare fraud schemes involving approximately $260 million in false billings, according to U.S. Attorney General Eric Holder and Department of Health and Human Services (HHS) Secretary Kathleen Sebelius.  The announcement reminds U.S. health care providers that the Obama Administration continues to target health care providers in its campaign against health care fraud.

The seventh coordinated national Medicare fraud takedown by the Medicare Fraud Strike Force operations team of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), Federal officials filed charges that accuse the defendants of various health care fraud-related crimes, including conspiracy to commit health care fraud, violations of the anti-kickback statutes and money laundering.  The charges are based on a variety of alleged fraud schemes involving various medical treatments and services, including home health care, mental health services, psychotherapy, physical and occupational therapy, durable medical equipment and pharmacy fraud.

Among the defendants charged were 27 medical professionals, including 16 doctors, who Federal officials charge included doctors billing for services that were never rendered, supply companies providing motorized wheelchairs that were never needed, and recruiters paying kickbacks to get Medicare billing numbers of patients.  According to court documents, the defendants allegedly participated in schemes to submit claims to Medicare for treatments that were medically unnecessary and often never provided.  In many cases, court documents allege that patient recruiters, Medicare beneficiaries and other co-conspirators were paid cash kickbacks in return for supplying beneficiary information to providers, so that the providers could then submit fraudulent bills to Medicare for services that were medically unnecessary or never performed.  Collectively, the doctors, nurses, licensed medical professionals, health care company owners and others charged are accused of conspiring to submit approximately $260 million in fraudulent billings.

In Miami, a total of 50 defendants were charged today and yesterday for their alleged participation in various fraud schemes involving approximately $65.5 million in false billings for home health care and mental health services, and pharmacy fraud.  In one case, two defendants were charged in connection with a $23 million pharmacy kickback and laundering scheme.  Court documents allege that the defendants solicited kickbacks from a pharmacy owner for Medicare beneficiary information, which was used to bill for drugs that were never dispensed.  The kickbacks were concealed as bi-weekly payments under a sham services contract and were laundered through shell entities owned by the defendants.

Eleven individuals were charged by the Houston Medicare Strike Force.  Five Houston-area physicians were charged with conspiring to bill Medicare for medically unnecessary home health services.  According to court documents, the defendant doctors were paid by two co-conspirators to sign off on home health care services that were not necessary and often never provided.

Eight defendants were charged in Los Angeles for their roles in schemes to defraud Medicare of approximately $32 million.  In one case, a doctor was charged for causing almost $24 million in losses to Medicare through his own fraudulent billing and referrals for durable medical equipment, including over 1,000 expensive power wheelchairs, and home health services that were not medically necessary and often not provided.

In Detroit, seven defendants were charged for their roles in fraud schemes involving approximately $30 million in false claims for medically unnecessary services, including home health services, psychotherapy and infusion therapy.  In one case, four individuals, including a doctor, were charged in a sophisticated $28 million fraud scheme, where the physician billed for expensive tests, physical therapy and injections that were not necessary and not provided.  Court documents allege that when the physician’s billings raised red flags, he was put on payment review by Medicare.  He was allegedly able to continue his scheme and evade detection by continuing to bill using the billing information of other Medicare providers, sometimes without their knowledge.

In Tampa, Florida, seven individuals were charged in a variety of schemes, ranging from fraudulent physical therapy billings to a scheme involving millions of dollars in physician services and tests that never occurred.  In one case, five individuals were charged for their alleged roles in a $12 million health care fraud and money laundering scheme that involved billing Medicare using names of beneficiaries from Miami-Dade County for services purportedly provided in Tampa area clinics, 280 miles away.  The defendants then allegedly laundered the proceeds through a number of transactions involving several shell entities.

In Brooklyn, New York, the Strike Force announced an indictment against Syed Imran Ahmed, M.D., in connection with his alleged $85 million scheme involving billings for surgeries that never occurred; Dr. Ahmed had been arrested last month and charged by complaint.  Dr. Ahmed has charged with health care fraud and making false statements.  In addition, the Brooklyn Strike Force charged six other individuals, including a physician and two billers who allegedly concocted a $14.4 million scheme in which they recruited elderly Medicare beneficiaries and billed Medicare for medically unnecessary vitamin infusions, diagnostic tests and physical and occupational therapy supposedly provided to these patients.

The cases announced today are being prosecuted and investigated by Medicare Fraud Strike Force teams comprised of attorneys from the Fraud Section of the Justice Department’s Criminal Division and from the U.S. Attorney’s Offices for the Southern District of Florida, the Eastern District of Michigan, the Eastern District of New York, the Southern District of Texas, the Central District of California, the Middle District of Louisiana, the Northern District of Illinois and the Middle District of Florida; and agents from the FBI, HHS-OIG and state Medicaid Fraud Control Units.

The HEAT Strike Force is a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. The joint Department of Justice and HHS Medicare Fraud Strike Force is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing.  Almost 400 law enforcement agents from the FBI, HHS-OIG, multiple Medicaid Fraud Control Units and other federal, state and local law enforcement agencies participated in today’s takedown.

Since their inception in March 2007, Strike Force operations in nine locations have charged almost 1,900 defendants who collectively have falsely billed the Medicare program for almost $6 billion.  Overall, since its inception, the Department of Justice’s Medicare Fraud Strike Force has charged nearly 1,900 individuals involved in approximately $6 billion of fraud.  We are committed to using every tool at our disposal to prevent, deter, and prosecute health care fraud.  In addition, CMS, working in conjunction with HHS-OIG, has suspended enrollments of high-risk providers in five Strike force locations and has removed over 17,000 providers from the Medicare program since 2011.

“Medicare is a sacred compact with our nation’s seniors, and to protect it, we must remain aggressive in combating fraud,” said Attorney General Holder.  “This nationwide Medicare Strike Force takedown represents another important step forward in our ongoing fight to safeguard taxpayer resources and to ensure the integrity of essential health care programs.  Department of Justice will not tolerate these activities.  And we will continue working alongside the Department of Health and Human Services – as well as federal, state, and local partners – to use every appropriate tool and available resource to find, stop, and punish those who seek to take advantage of their fellow citizens.”

In conducting its war against health care fraud, Federal officials credited new tools created under the Patient Protection & Affordable Care Act (Affordable Care Act) with aiding their health care fraud investigation and enforcement efforts.   Legal reforms and new resources granted under the Affordable Care Act and various other legal changes have beefed up the fraud detection and fighting powers of Federal health care fraud investigators and prosecutors.  Examples of these new tools include:

  • Tough new rules and sentences for criminals
  • Enhanced screening and other enrollment requirements
  • Increased coordination of fraud prevention efforts
  • Health Care Fraud Prevention and Enforcement Action Team (HEAT)
  • New focus on compliance and prevention
  • Expanded overpayment recovery efforts
  • New durable medical equipment (DME) requirements
  • An additional $350 million over 10 years to ramp up anti-fraud efforts
  • Greater oversight of private insurance abuses
  • Senior Medicare Patrols

“The Affordable Care Act has given us additional tools to preserve Medicare and protect the tens of millions of Americans who rely on it each day,” said Secretary Sebelius.  “By expanding our authority to suspend Medicare payments and reimbursements when fraud is suspected, the law allows us to better preserve the system and save taxpayer dollars.  Today we’re sending a strong, clear message to anyone seeking to defraud Medicare: You will get caught and you will pay the price.  We will protect a sacred trust and an earned guarantee.”

The continuing success of these and other federal health care fraud investigation and enforcement efforts continue to demonstrate the need for health care providers and payers to strengthen their compliance practices and documentation to avoid getting caught in the ever tightening health care fraud dragnet.

Health Care Providers Must Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


6/30 Comment Deadline For Proposed Inpatient Rehab Payment and Quality Reporting Rules

May 6, 2014

On May 1, 2014, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule outlining proposed fiscal year (FY) 2015 Medicare payment policies and rates for inpatient rehabilitation facilities (IRFs) and the IRF Quality Reporting Program (IRF QRP). The FY 2015 proposals are summarized below. 

  • Changes to the payment rates under the IRF Prospective Payment System (PPS). We are proposing to update the IRF PPS payments for FY 2015 to reflect an estimated 2.1 percent increase factor (reflecting a 2.7 percent market basket, reduced by a 0.4 percent multi-factor productivity adjustment and a 0.2 percentage point reduction mandated by the Affordable Care Act). An additional 0.1 percent increase to aggregate payments due to updating the outlier threshold results in an overall update of 2.2 percent (or $160 million), relative to payments in FY 2014.
  •  Facility-level adjustment updates. CMS is proposing to freeze the facility-level adjustment factors for FY 2015 and all subsequent years at the FY 2014 levels, while we continue to monitor the most current IRF data available and evaluate the effects of the FY 2014 changes. Additionally, we want to allow providers time to acclimate to the FY 2014 changes.
  • ICD-10-CM Conversion. The FY 2015 IRF PPS proposed rule discusses the transition from ICD-9-CM to ICD-10-CM for all diagnosis codes used in the IRF PPS Grouper software and the software for evaluating IRFs’ compliance with the 60 percent rule. Using the General Equivalence Mappings (GEMs) tool, we have transitioned the following lists of diagnosis codes used in the IRF PPS: the List of Comorbidities, Codes That Meet Presumptive Compliance Criteria, and Impairment Group Codes That Meet Presumptive Compliance Criteria. Our intent was to keep the same meaning of the codes in transitioning from ICD-9-CM to ICD-10-CM. We did not intend to add or delete conditions, or otherwise change the meaning of the code lists. We are addressing the conversion of ICD-9-CM to ICD-10-CM codes for the IRF PPS in this proposed rule, but in light of the Protecting Access to Medicare Act of 2014 (PAMA) (Pub. L. No. 113-93), the effective date of those changes would be the date when ICD-10-CM becomes the required medical data code set for use on Medicare claims and IRF-PAI submissions. Until that time, we will continue to require use of the ICD-9-CM codes for the IRF PPS.
  • Further Refinements to the Presumptive Methodology. In the FY 2014 IRF PPS final rule (78 FR 47860), we revised the list of ICD-9-CM diagnosis codes that are compared with a patient’s comorbidities in determining an IRF’s presumptive compliance with the 60 percent rule. However, a patient’s comorbidities are not the only aspect of a patient’s record that is evaluated in determining whether that patient should be counted towards an IRF’s presumptive compliance. In the FY 2014 IRF PPS final rule, we addressed only the comorbidity portion of the presumptive compliance determination, and did not address the IGC or Etiologic Diagnosis portions. In this proposed rule, CMS is proposing some additional revisions to the comorbidity, IGC, and Etiologic Diagnosis portions of the presumptive compliance determination to be consistent with the changes we implemented in the FY 2014 final rule.
  • Therapy Data Collection. CMS is proposing to add a new item to the inpatient rehabilitation facility-patient assessment instrument (IRF-PAI) that would require IRFs to record how much and what type of therapy (i.e., individual, group, co-treatment) patients receive in each therapy discipline (i.e., physical therapy, occupational therapy, and speech-language pathology), similar to what is currently reported on the minimum data set in the skilled nursing facility setting.
  • New IRF-PAI Item for Arthritis Diagnosis Codes. CMS is proposing to add an item to the IRF-PAI form in which providers could indicate that the prior treatment and severity requirements had been met for patients with arthritis conditions. The addition of this item would mitigate a potential increase in burden due to the changes in the presumptive compliance methodology finalized in the FY 2014 IRF PPS final rule (78 FR 47860 at 47887 through 47890) and the changes proposed in this year’s NPRM. For providers that fail the presumptive compliance test, the new IRF-PAI item would first be used to determine whether or not the inclusion of all of the arthritis cases indicated as meeting the severity and prior treatment requirements would be enough for the facility to comply with the 60 percent rule requirement. If so, instead of the Medicare Administrative Contractor (MAC) doing a medical review on all cases, the MAC could take a random sample of the arthritis cases to determine if the requirements were met by including these cases. Only in those instances where the facility did not meet the compliance requirements including the arthritis cases, would the MAC need to complete a medical review on all cases.
  • New Measure Proposals.  CMS also is proposing to adopt two additional quality measures to the IRF QRP: NHSN Facility-Wide Inpatient Hospital-Onset Methicillin-Resistant Staphylococcus aureus (MRSA) Bacteremia Outcome Measure (NQF #1716), and NHSN Facility-Wide Inpatient Hospital-Onset Clostridium difficile Infection (CDI) Outcome Measure (NQF #1717).

CMS also is proposing various new policies including the following: 

  • Reconsideration Process. CMS is proposing a formal reconsideration policy for the IRF QRP, which proposes to require that IRF providers follow specific procedures when submitting a request for CMS’ reconsideration of an initial IRF QRP provider compliance determination. 
  • Extraordinary Circumstances Waiver Process.  CMS is proposing to change the name of the previously finalized “Disaster Waiver” process to “Extraordinary Circumstances Exception/Extension.” We are also proposing to expand the process, previously finalized in the FY 2014 IRF PPS Final Rule, to allow IRF providers to request exceptions or extensions for other circumstances beyond their control, including those that are not classified as natural disasters.
  • CMS IRF QRP Thresholds and Data Validation. CMS is proposing a new Data Accuracy Validation policy, which will require randomly selected IRF providers to meet a proposed 90% data reliability threshold for required IRF-PAI quality indicator data items.

The proposed rule will be published in the Federal Register on May 7, 2014. CMS will accept comments on the proposed rule until June 30, 2014.

 

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of other workshops, programs and publications on fraud and other compliance, operational and risk management, and other health industry matters.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements

April 29, 2014

Originally posted on :

Encrypt your laptops and other mobile devices” is only one of the key lessons leaders of health plans, health care providers, health care clearinghouses (“Covered Entities”) and their business associates should take away from  the Department of Health and Human Services Office for Civil Rights (OCR)’s April 22 announcement that Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas (QCA) collectively are paying $1,975,220 under separate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule resolution agreements resulting from thefts of unencrypted laptops. Along with the importance of encryption, however, these Resolution Agreements also contain equally significant, more broadly applicable lessons to Covered Entities, business associates and their leaders about some of the specific processes, actions and documentation that OCR them to implement and be prepared to defend the adequacy of their HIPAA “culture of compliance” if they file a breach report or otherwise face a HIPAA audit or investigation from OCR.

Consequently, while confirming the adequacy of their organization’s existing encryption of laptops and mobile…

View original 2,838 more words


Follow

Get every new post delivered to your Inbox.

Join 570 other followers

%d bloggers like this: