Baton Rouge Area Women Heading To Prison For DME Health Care Fraud Participation

June 30, 2012

A Baton Rouge, Louisiana judge is sending two area women to jail for their participation in a durable medical equipment (DME) health care fraud scheme.

 Chief U.S. District Court Judge Brian A. Jackson sentenced Eunice Sparrow on June 20th to 14 months and Uniecesco Smith on June 25th to 12 months and 1 day in prison for their roles in a two-year DME health care fraud scheme. Each was ordered to serve a term of supervised release following her release from imprisonment, and to make restitution to the United States Department of Health & Human Services. Smith was also ordered to pay a $7,500 fine.

The sentences were imposed based on the guilty pleas that Smith and Sparrow previously entered on February 22, 2012, to several counts of health care fraud. In their plea agreements, the defendants admitted that they knowingly aided and abetted a health care fraud scheme perpetrated by their co-defendant, Linda M. Jackson.

From April of 2007 through April of 2009, Jackson used Plaquemine, Louisiana DME company, A&A Durable Medical Supply, to defraud Medicare by submitting false reimbursement claims to Medicare for items that the company had never provided. In their plea agreements, Sparrow and Smith admitted that they helped Jackson by completing and signing false delivery tickets and other fraudulent documents at Jackson’s direction. A&A kept the fraudulent documents in its patient files in an attempt to substantiate the fraudulent claims Jackson submitted to Medicare.  Jackson later provided the false documents to an auditor who requested the patient files in the course of an investigation into A&A’s claims. Jackson is awaiting sentencing.   

Health Care Providers Must Act To Manage Risks

The Smith and Sparrow convictions and sentencing reflect the tightening enforcement federal health care fraud laws.  In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other proper steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.  In light of the growing qui tam risks, health care providers also should tighten internal investigation, exit interview and other human resources and business partner oversight, reporting and investigation policies and practices to help identify and redress potential fraud or other qui tam, retaliation and similar  exposures early and more effectively.  

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Houston Man Gets 24 Month Prison Sentence For Anti-Kickback & Other Health Care Fraud Convictions

June 30, 2012

A Federal judge in Houston on June 25, 2012 gave Kelvin Washington a 24-month federal prison sentence for each of his six convictions of health care fraud, conspiracy conviction and three counts of violating the anti-kickback statute, all to be served concurrently. The court additionally ordered three years supervised release, of which the first 12 months of to be served as home confinement. The Court also ordered Washington to pay approximately $480,000 in restitution to Medicare and Medicaid.

During the December, 2011 trial, Washington was convicted Washington of his six convictions of health care fraud, conspiracy conviction and three counts of violating the anti-kickback statute.  The Department of Justice charged that from 2003 to 2007, Washington received illegal payments for the referral of dialysis patients to a Houston ambulance transport service and conspired with others to have unsuspecting doctors sign transport prescriptions for dialysis patients never admitted to a Sugar Land nursing home where he worked.   During the trial, witnesses testified Washington was paid for the referral of dialysis patients to an ambulance service that was under contract with the nursing home where he worked. Trial evidence also showed he would present prescriptions to doctors who worked at the nursing home. The doctors testified at trial that they would not have signed the prescriptions if they had known the various patients were never admitted to the nursing home.

The jury also heard evidence that the ambulance service paid the Washington in checks totaling $22,200 with many tied to specific patients. Washington did not report all the income he made to the Internal Revenue Service (IRS) from the ambulance service. At trial, an undercover video and audio tape showed one of the managers of the ambulance company bribing a patient to ride with the ambulance company. The ambulance company would later bill Medicare for this patient, a paid informant whose own doctors would not sign a prescription for him. The bill to Medicare was based upon a false script from Washington. In a search warrant executed on a co-conspirator’s home, “The List” was discovered which detailed payments made not only to Washington but also to patients who rode with the ambulance service. A computer file from that home also showed detailed records tracking payments for patients, the check numbers for those payments and the fact that payments were made to the defendant.

According to the Justice Department, the false scripts alone resulted in $1.2 million billed to Medicare and Medicaid and approximately $480,000 paid.  For more details, see here.

Health Care Providers Must Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to position their organization to respond and defend against potential investigations or charges.  In light of the growing qui tam risks, health care providers also should tighten internal investigation, exit interview and other human resources and business partner oversight, reporting and investigation policies and practices to help identify and redress potential fraud or other qui tam, retaliation and similar  exposures early and more effectively.  

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Oklahoma’s Harmon Memorial Hospital, Physician Pay $1.5M Qui Tam Health Care Fraud Settlement

June 27, 2012

Harmon County Healthcare Authority (Harmon Memorial Hospital) and Dr. Akram R. Abraham, of Hollis, Oklahoma have agreed to pay $1,550,000 to settle claims of health care fraud of the Medicare and Medicaid programs.  Like a $5 million settlement announced with Christus Spohn Health System Corporation earlier in June, the settlement highlights the growing exposures that hospitals and other health care providers face to qui tam actions initiated in response to reports of misconduct made by employers or other business partners.  These and a slew of other prosecutions and settlements send a clear signal that health care providers face significant exposure from current or past aggressive practices raising risks of prosecution under Federal or state health care fraud and false claims laws.

Harmon Memorial Hospital Settlement

The settlement jointly announced June 20, 2012 by Sanford C. Coats, United States Attorney for the Western District of Oklahoma, and Scott E. Pruitt, Oklahoma Attorney General, resolves a lawsuit styled United States of America and State of Oklahoma ex rel. Randy L. Curry v. Harmon County Healthcare Authority, Akram R. Abraham, M.D., P.C., and Akram R. Abraham, M.D., Case No CIV-09-1321-D, filed in Oklahoma City federal court under the qui tam or whistleblower provisions of the federal False Claims Act (FCA) and the Oklahoma Medicaid False Claims Act (OMFCA).

Randy L. Curry is from Harmon County and served as the hospital Administrator of Harmon County Healthcare Authority (HCHA) from 2008 to 2009. HCHA operates the Harmon Memorial Hospital in Hollis, Oklahoma. Dr. Akram R. Abraham, M.D., is a medical doctor licensed to practice in the Oklahoma who has a medical practice and resides in Hollis, Oklahoma.

The United States and State of Oklahoma alleged that from July 1, 2001, through May 30, 2008, both HCHA and Dr. Abraham violated the FCA and the OMFCA by submitting claims, or causing claims to be submitted, to the Medicare and Medicaid programs that violated the federal “Stark” regulations and Anti-Kickback Statute.

Specifically, the government alleged that there was a prohibited contractual relationship between HCHA and Dr. Abraham resulting in excessive remuneration which was not commercially reasonable in the absence of health care referrals and that HCHA and Dr. Abraham made false certifications that the Medicare and Medicaid claims they submitted were in compliance with federal and state regulations.

The alleged improper remuneration included, but was not limited to, free rent of office space, free billing and staff personnel, reimbursement of uncollected accounts receivable, duplicative per encounter payments for emergency room services, and improper payment of locum tenens physician services. HCHA and Dr. Abraham have each denied liability.

In the settlement, HCHA agreed to pay $550,000 and Dr. Abraham agreed to pay $1,000,000 to resolve the claims. In addition, both HCHA and Dr. Abraham have entered into five year corporate integrity agreements with the United States Department of Health and Human Services Office of the Inspector General which requires additional regulatory compliance reporting and monitoring. Under the qui tam provisions of the FCA and OMFCA, Randy Curry will receive a share of the settlement proceeds.

Christus & Other Qui Tam Settlements Rising Risk

The HCHA settlement follows the announcement earlier this month that Christus Spohn Health System Corporation has paid the United States more than $5 million to settle Justice Department and a former executive’s qui tam claims that it profited from violations of the False Claims Act by inappropriately admitted patients to inpatient status for outpatient procedures.   HCHA and Christus are just two of a lengthy and growing list of qui tam cases and settlements that reflect the tide of liability arising from qui tam and other whistleblower activities.

Since January 2009, the Department of Justice has recovered over $11.1 billion under the False Claims Act. Of this amount, more than $7.4 billion was recovered in health care fraud matters. Last year, more than 630 qui tam matters were filed with the Department of Justice – more than in any other year in the history of the FCA and an increase of more than 47% since 2009. More than two-thirds of these qui tam cases alleged false claims to government health care programs.

Meanwhile, the OMFCA went into effect on November 1, 2007, and its focus is solely on fraud perpetrated against the Oklahoma Medicaid Program. Since its passage, over 351 qui tam cases have been filed on behalf of the State of Oklahoma. The State has received over $63.8 million in civil recoveries resulting from cases alleging fraud on the Oklahoma Medicaid system. The Oklahoma Attorney General’s MFCU is the only Oklahoma law enforcement agency dedicated to the investigation and prosecution of Medicaid fraud.

 These and other statistics document the HCHA and Christus settlements and their underlying actions are reflective of a concerning rise in qui tam related exposures by health care providers.  These and other qui tam actions as well as non-qui tam prosecutions of health care fraud and other compliance related cases, make clear that disgruntled current or former employees, contractors and business partners frequently are key players in qui tam or other prosecutions against health care providers.  These “insiders” often know about the skeletons are in health care and other organization’s compliance closets.    With many whistleblowers concerned about their own potential liability or axes to grind, the tight economy and job markets and reforms making it easier and more attractive for whistleblowers to bring and recover, qui tam and whistleblower claims are on the rise.  Health care providers need to recognize and take steps to respond to these trends and incentives as part of their risk management and compliance efforts.

Health Care Providers Must Act To Manage Risks

In response to the growing emphasis and effectiveness of Federal officials in investigating and taking action against health care providers and organizations, health care providers covered by federal false claims, referral, kickback and other health care fraud laws should consider auditing the adequacy of existing practices, tightening training, oversight and controls on billing and other regulated conduct, reaffirming their commitment to compliance to workforce members and constituents and taking other appropriate steps to help prevent, detect and timely redress health care fraud exposures within their organization and to better place their organization in a position successfully to respond and defend against potential investigations or charges.  In light of the growing qui tam risks, health care providers also should tighten internal investigation, exit interview and other human resources and business partner oversight, reporting and investigation policies and practices to help identify and redress potential fraud or other qui tam, retaliation and similar  exposures early and more effectively.  

For More Information Or Assistance

If you need help reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to set up and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need help responding to concerns about the matters discussed in this publication or other health care concerns, wish to get information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


OCR’s Shares HIPAA Audit Program Protocols As Announces $1.7M Resolution Agreement Against Alaska Medicaid

June 27, 2012

Health care providers, health plans, health care clearinghouses and their business associates should review the Department of Heath & Human Services (HHS) Office of Civil Rights (OCR) HIPAA audit protocol used by OCR to conduct the audits required by the HITECH Act to identify potential areas where they may need to tighten existing practices to withstand a possible audit and reduce exposures under the Privacy, Security and Breach Notification rules of the Health Insurance Portability & Accountability Act.  OCR posted the audit protocols on its on its website on June 26, 2012, the same day it announced that the Alaska Medicaid program would pay more than $1.7 million to settle potential HIPAA liabilities arising from OCR’s investigation of circumstances resulting a large data breach reported under the HITECH Act breach notification rules. Covered entities should use these resources both to prepare for potential audits and to review and adjust their practices to help prevent violations and defend against potential HIPAA enforcement actionsl.

HIPAA Audit Protoco

The OCR HIPAA Audit program analyzes key processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit requirement.  OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification.  The combination of these multiple requirements may vary based on the type of covered entity selected for review. These include:

  • Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures
  •  Security Rule requirements for administrative, physical, and technical safeguards;
  • Requirements for the Breach Notification Rule.

Presently OCR says that HIPAA audits primarily seek to tighten compliance and aid OCR to identify areas where guidance should be revised or supplemented to enhance compliance.  Where an audit identifies a significant compliance concern, however, OCR officials say OCR officials may open an enforcement investigation in response to evidence uncovered in connection with an audit.  Beyond this risk, however, the audit protocols also provide additional guidance for covered entities about expected practices and procedures that could help mitigate risks to enforcement under the OCR’s ongoing investigation and enforcement activities of HIPAA.  As reflected by a growing series of resolution agreements, these enforcement risks and their associated liability exposures are significant and growing.  OCR’s announcement of its latest Resolution Agreement with Alaska Medicaid concurrent the posting of the audit protocol.

Alaska 1.7 Million Resolution Agreement

OCR also announced June 26 that the Alaska State Medicaid Agency, the Alaska Department of Health and Social Services (DHSS) will pay the  $1,700,000 to settle possible violations of the HIPAA  Security Rule.  Alaska DHSS also has agreed to take corrective action to properly safeguard the electronic protected health information (ePHI) of their Medicaid beneficiaries. 

The first HIPAA Resolution Agreement that the HHS Office for Civil Rights (OCR) has reached a state agency, the Alaska Medicaid Resolution Agreement  second announced Resolution Agreement stemming from a unsecured protected health information breach report filed in response to the breach notification rules of the Health Information Technology for Economic and Clinical Health (HITECH) Act.  Earlier this year, OCR announced its first Resolution Agreement involving a health plan resulted from a breach notification report it had filed under the HITECH Act.  See $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report.

OCR opened the investigation leading to the Resolution Agreement after Alaska DHSS filed a breach report that indicated that a portable electronic storage device (USB hard drive) possibly containing ePHI was stolen from the vehicle of a DHSS employee.  Over the course of the investigation, OCR found evidence that DHSS did not have adequate policies and procedures in place to safeguard ePHI.  Further, the evidence indicated that DHSS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.  Inadequacies by covered entities in safeguarding protected health information and laptops and other devices containing ePHI is a common compliance concern according to OCR statistics.

In addition to the $1,700,000 settlement, the agreement includes a corrective action plan that requires Alaska DHSS to review, revise, and maintain policies and procedures to ensure compliance with the HIPAA Security Rule.  A monitor will report back to OCR regularly on the state’s ongoing compliance efforts. 

OCR’s announcement highlights the need for covered entities not only to take proper steps to establish and administer appropriate policies and safeguards to protect protected health information and EHI, but also to prepare, update as needed and be prepared to produce documentation showing their oganizations actions to evaluate, monitor and maintain appropriate safeguards of ePHI and the operating systems and devices that contain this information. 

“Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” said OCR Director Leon Rodriguez.  “This is OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”

The HHS Resolution Agreement can be viewed here.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The Alaska Medicaid Resolution Agreement is the latest in a growing list of Resolutions Agreements highlighting the mounting exposures that health care providers, health plans, health care clearinghousesand their business associates face if required to file a large breach notification or otherwise charged with failing to appropriately manage their HIPAA responsibilities. See Arizona Physician Group Pays $100K To Settle HIPAA Charges; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.   As OCR leaders have indicated that OCR investigates all large breach notification filings made under the HITECH Act Breach Notification Rules and with more than 450 large breach notifications reported on its website, additional Resolution Agreements are expected in coming months even as covered entities and their business associates are awaiting the impending  issuance of updated HIPAA regulations.

In light of these and other developments and risks, covered entities and their business associates should move to audit and strengthen their HIPAA compliance and documentaiton and adopt  other suitable safeguards to minimize HIPAA exposures. 

In the face of rising enforcement and fines, OCR’s initiation of HIPAA audits and other recent developments, covered entities and their business associates should tighten privacy policies, breach and other monitoring, training and other practices to reduce potential HIPAA exposures in light of recently tightened requirements and new enforcement risks. 

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable. 

For more information about the PCS Resolution Agreement and HIPAA compliance and risk management tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer hereExamples of some recent publications that may be of interest include:

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.    If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. All rights reserved.


OCR Nails Alaska Medicaid For $1,700,000 To Settle HIPAA Security Charges

June 26, 2012

The Alaska State Medicaid Agency, the Alaska Department of Health and Social Services (DHSS) will pay the U.S. Department of Health and Human Services’ (HHS) $1,700,000 to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  Alaska DHSS also has agreed to take corrective action to properly safeguard the electronic protected health information (ePHI) of their Medicaid beneficiaries. 

The first HIPAA Resolution Agreement that the HHS Office for Civil Rights (OCR) has reached a state agency, the Resolution Agreement  second announced Resolution Agreement stemming from a unsecured protected health information breach report filed in response to the breach notification rules of the Health Information Technology for Economic and Clinical Health (HITECH) Act.  Earlier this year, OCR announced its first Resolution Agreement involving a health plan resulted from a breach notification report it had filed under the HITECH Act.  See $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report.

OCR opened the investigation leading to the Resolution Agreement after Alaska DHSS filed a breach report that indicated that a portable electronic storage device (USB hard drive) possibly containing ePHI was stolen from the vehicle of a DHSS employee.  Over the course of the investigation, OCR found evidence that DHSS did not have adequate policies and procedures in place to safeguard ePHI.  Further, the evidence indicated that DHSS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.  Inadequacies by covered entities in safeguarding protected health information and laptops and other devices containing ePHI is a common compliance concern according to OCR statistics.

In addition to the $1,700,000 settlement, the agreement includes a corrective action plan that requires Alaska DHSS to review, revise, and maintain policies and procedures to ensure compliance with the HIPAA Security Rule.  A monitor will report back to OCR regularly on the state’s ongoing compliance efforts. 

OCR’s announcement highlights the need for covered entities not only to take proper steps to establish and administer appropriate policies and safeguards to protect protected health information and EHI, but also to prepare, update as needed and be prepared to produce documentation showing their oganizations actions to evaluate, monitor and maintain appropriate safeguards of ePHI and the operating systems and devices that contain this information. 

“Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” said OCR Director Leon Rodriguez.  “This is OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”

The HHS Resolution Agreement can be viewed here.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The Alaska Medicaid Resolution Agreement is the latest in a growing list of Resolutions Agreements highlighting the mounting exposures that health care providers, health plans, health care clearinghousesand their business associates face if required to file a large breach notification or otherwise charged with failing to appropriately manage their HIPAA responsibilities. See Arizona Physician Group Pays $100K To Settle HIPAA Charges; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.   As OCR leaders have indicated that OCR investigates all large breach notification filings made under the HITECH Act Breach Notification Rules and with more than 450 large breach notifications reported on its website, additional Resolution Agreements are expected in coming months even as covered entities and their business associates are awaiting the impending  issuance of updated HIPAA regulations.

In light of these and other developments and risks, covered entities and their business associates should move to audit and strengthen their HIPAA compliance and documentaiton and adopt  other suitable safeguards to minimize HIPAA exposures. 

In the face of rising enforcement and fines, OCR’s initiation of HIPAA audits and other recent developments, covered entities and their business associates should tighten privacy policies, breach and other monitoring, training and other practices to reduce potential HIPAA exposures in light of recently tightened requirements and new enforcement risks. 

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable. 

For more information about the PCS Resolution Agreement and HIPAA compliance and risk management tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer hereExamples of some recent publications that may be of interest include:

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.    If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. All rights reserved.


Supreme Court Now Expected To Release Ruling On Health Care Reform Law Thursday

June 25, 2012

The Supreme Court did not release its ruling on challenges to the constitutionality to the Patient Protection And Affordable Care Act (“ACA”) health care reform today.   The Supreme Court now is expected to release its much-anticipated decision on a series of consolidated challenges to the ACA on Thursday.  Thursday is the last day that the Court can issue rulings before the Justices end their term.  They are not scheduled to return until the new 2012 Session begins in October.

Regardless of how the Supreme Court rules, it is clear that health care reform will remain a key point of debate for the upcoming election and in Congress.  With opinions sharply divided about health care reform among members of the public and budget challenges looming, members of Congress from both parties have made clear that they expect to continue to wrangle over the reforms.  Whether or not the Supreme Court rules any part of the law unconstitutional, Republicans and Democrats in Congress largely share support of the mandates and other reforms scheduled for implementation before 2014.  To the extent that ACA survives its pending constitutional challenges, implementation of the law will progress.   To the extent that the Supreme Court ruling would adversely impact these provisions, Republican and Democrat leaders alike have indicated an intention to act quickly to reenact many of these provisions.  In the meanwhile, regardless of the status of the law, market and state law reforms implemented in anticipation of the law inevitably will prevent a reversion to pre-ACA status regardless of the Supreme Court’s rulings.

Project COPE: Coalition On Patient Empowerment & Coalition For Responsible Health Care Quality

Amid the continuing debate and uncertainty, Americans more then ever need to stay involved in the discussion.  Project COPE: Coalition on Patient Empowerment & the Coalition for Responsible Health Care Quality  are coalitions of individuals and organizations that share the belief that every American and American organization has a stake, and something to contribute to our ability to find and implement the best options for ensuring that the U.S. health care system provides quality, affordable health care.

Health care impacts every individual and every organization in America.  Consequently, every American citizen and organization including but not limited to health care providers, employers, insurer, and community organizations should take part.    The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch.  Americans can best improve health care by not waiting for someone else to step up or speak up. 

Project COPE urges and invites each individual and organization speak up to help communicate and act to make health care work for themselves, their families and others when you can and share your input to help preserve and continue to develop real meaningful improvements to our health care system by joining Project COPE: Coalition for Patient Empowerment here by sharing ideas, tools and other solutions and other resources. 

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Health Care Reform Ruling Release Put Off Until Thursday

June 25, 2012

The Supreme Court did not release its ruling on challenges to the constitutionality to the Patient Protection And Affordable Care Act (“ACA”) health care reform today.   The Supreme Court now is expected to release its much anticipated decision on a series of consolidated challenges to the ACA on Thursday.  Thursday is the last day that the Court can issue rulings before the Justices end their term.  They are not scheduled to return until the new 2012 Session begins in October.


Follow

Get every new post delivered to your Inbox.

Join 684 other followers

%d bloggers like this: