Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

September 24, 2012
Healthcare providers, Medicare, Medicaid, Children’s Health Insurance Program (CHIP) intermediaries, State Medicaid and CHIP fund recipients, Medicare and Medicaid Advantage Plan and others wanting to get a leg up on potential audit targets likely to draw the attention of the Department of Health & Human Services (HHS) Office of Inspector General (OIG) and their health care fraud auditors and investigators may get valuable insights by monitoring OIG audit reports of Medicare Intermediaries and others.  Reports of deficiencies uncovered in these audits and recommendations to tighten procedures and seek repayments often prompt demands for repayment and tighter payment and audit guidelines and procedures.
The following are some of the most recently-issued OIG audit reports:
  • New York Claimed Some Unallowable Costs for Services by New York City Providers under the State’s Developmental Disabilities Waiver Program (A-02-10-01027)

OIG says the New York State Department of Health (DOH) claimed Federal Medicaid reimbursement for some Office for People With Developmental Disabilities (OPWDD) waiver program services provided by New York City providers that did not comply with certain Federal and State requirements. http://go.usa.gov/rk8V.

Based on sample results, OIG estimates that DOH improperly claimed $7.8 million in Federal Medicaid reimbursement for OPWDD waiver program services during calendar years 2006 through 2008. Federal law authorizes Medicaid home and community-based services (HCBS) waiver programs. A State’s HCBS waiver program must be approved by CMS and allows a State to claim Federal reimbursement for services not usually covered by Medicaid.

Of the 100 beneficiary-months in the random sample, DOH properly claimed Medicaid reimbursement for OPWDD waiver program services during 86 beneficiary-months. However, DOH claimed Medicaid reimbursement for services that did not comply with certain Federal and State requirements for the remaining 14 beneficiary-months. OIG reported the claims for unallowable services were made because DOH and OPWDD’s policies and procedures for overseeing and administering the waiver program were not adequate to ensure that (1) providers claimed reimbursement only for services actually provided and maintained all the required documentation to support services billed and (2) OPWDD waiver program services were provided only to beneficiaries pursuant to written plans of care.

OIG recommended that DOH:

  • Refund $7.8 million to the Federal Government and
  • Work with OPWDD to strengthen policies and procedures to ensure that (a) providers claim reimbursement only for OPWDD waiver program services actually provided and maintain the required documentation to support services billed and (b) OPWDD waiver program services are provided pursuant to written plans of care.

DOH and OPWDD concurred with the recommendations.

  • Medicare Contractors’ Payments to Providers in Jurisdiction 11 for Full Vials of Herceptin Were Often Incorrect (A-03-11-00013)

OIG reported that most payments for one or more full vials of Herceptin that the Medicare contractors made to providers in Jurisdiction 11 (North Carolina, South Carolina, Virginia, and West Virginia) from January 2008 through December 2010 were incorrect. Herceptin (trastuzumab) is a Medicare-covered biological drug used to treat breast cancer that has spread to other parts of the body.  http://go.usa.gov/rk9P.

Of the 2,507 selected line items, OIG says 2,029 were incorrect and included overpayments totaling $2.4 million that the providers had not identified or refunded by the beginning of our audit. Providers refunded overpayments on 138 line items totaling $131,000 before our fieldwork. The remaining 340 line items were correct.

The 2,029 incorrect line items included incorrect units of service and a lack of supporting documentation. The providers attributed the incorrect payments to chargemaster errors, clerical errors, and billing systems that could not prevent or detect the incorrect billing of units of service. In some cases, providers could not store unused doses for later use because their pharmacies incorrectly reconstituted the Herceptin. When this occurred, the providers billed Medicare for the entire vial, including waste. The Medicare contractors made these incorrect payments because neither the Fiscal Intermediary Standard System nor the Common Working File had sufficient edits in place during our audit period to prevent or detect the overpayments.

OIG recommended that Palmetto GBA, LLC (Palmetto), the Medicare Administrative Contractor for Jurisdiction 11:

  • (1) Recover the $2.4 million in identified overpayments,
  • Implement a system edit that identifies for review line items for multiuse-vial drugs with units of service equivalent to one or more entire vials, and
  • Use the results of this audit in its provider education activities.

Palmetto concurred with the OIG findings and recommendations and described corrective actions that it had taken or planned to take.

  • Texas Did Not Report Excess Contractor Profits in Accordance With Federal Regulations (A-06-10-00062) 

A Medicaid Management Information System (MMIS) is a system of software and hardware used to process Medicaid claims and manage information about Medicaid beneficiaries, services, and providers. The Texas Health and Human Services Commission (State agency) contracts with a fiscal agent, Affiliated Computer Services/Texas Medicaid Health Partnership (ACS/TMHP), to process claims through the MMIS. The contract between the State agency and ACS/TMHP requires a prospective price redetermination (PPR) audit to establish whether ACS/TMHP earned profit in excess of the 11 percent allowed by the contract.

OIG reports it found that the State agency did not refund $2.6 million (Federal share) of the $26.7 million in excess profits identified through the PPR audit in accordance with Federal requirements. During fiscal year 2009, the State agency claimed expenditures for 20 MMIS projects with total costs of $71.3 million. All of these expenditures were allowable and claimed at the appropriate reimbursement rate; however, the State agency did not obtain prior approval for 2 of the 20 projects. Also, the State agency did not obtain prior approval for 16 additional projects. The total budgets for the 18 projects for which the State agency did not obtain prior approval totaled $59 million ($32.9 million Federal share).  http://go.usa.gov/rkXW.

OIG recommended that the State agency:

  • (1) Refund to the Federal Government $2.6 million for excess profits related to the PPR audit,
  • Ensure that prior approval is obtained on future projects as required by Federal regulations, and
  • Obtain retroactive approval for the 18 projects that did not have the required prior approval from the Centers for Medicare & Medicaid Services (CMS).

The State agency agreed with OIG’s first and third recommendations and described corrective actions it had taken or planned to take. Regarding the second recommendation, the State agency described the process by which it seeks CMS approval for certain projects.

  • Review of Medicare Outpatient Billing for Selected Drugs at Self Regional Healthcare (A-09-12-02032)

For the 61 line items reviewed, OIG reported that Self Regional Healthcare did not bill Medicare for injections of selected drugs in accordance with Federal requirements, resulting in overpayments totaling $130,000.  http://go.usa.gov/rkX.d.

  • Review of Medicare Outpatient Billing for Selected Drugs at Methodist Healthcare – Memphis Hospitals (A-09-12-02022)   

For 60 of the 82 line items reviewed, OIG reported it found that Methodist Healthcare – Memphis Hospitals did not bill Medicare for injections of selected drugs in accordance with Federal requirements, resulting in overpayments totaling $178,000.  http://go.usa.gov/rkNY.

  • Medicare Part D Made Some Incorrect Payments to Community Insurance Inc. for Institutional Beneficiaries in 2008 (A-05-11-00042)

OIG reports that the Medicare Part D program incurred drug costs for Medicare Advantage beneficiaries during Skilled Nursing stays that should have been covered under Part C in 2008. Community Insurance Inc’s incurrence of the $23,000 in gross drug costs as Part D costs had an overpayment effect of $13,000 as well as a $9,000 reconciliation effect at year end.  http://go.usa.gov/rkNB

  • North Shore Community Health, Inc., Claimed Unallowable Costs Against Recovery Act Grants (A-01-11-01502)

OIG reported it could not determine whether $2 million in American Recovery and Reinvestment Act of 2009 (Recovery Act) grant costs claimed by North Shore Community Health, Inc. (North Shore), was allowable under the terms of the grants and applicable Federal regulations. North Shore did not track and account for Recovery Act expenditures separately from other (Federal and non-Federal) operating expenses; therefore, it could not demonstrate that it spent Recovery Act grant funds for allowable costs.  http://go.usa.gov/rk85.

OIG says this deficiency occurred because North Shore did not:

  • (1) Maintain a financial management system that provided for accurate, current, and complete disclosure of the financial results of its Recovery Act grants and
  • Separately track and account for Recovery Act funds.  

OIG recommended that the Health Resources and Services Administration (HRSA) require North Shore to refund $2 million to the Federal Government, or work with North Shore to determine whether any of the costs that it claimed against Recovery Act grants were allowable, and ensure North Shore:

  • (1) Develops a financial system that provides for the accurate, current, and complete disclosure of the financial results of each HHS-sponsored project or program and
  • Tracks and accounts for each grant’s expenditures separately from other operating expenditures.

North Shore stated that it adjusted its internal financial reporting process to be in compliance with Federal requirements.

Under the Recovery Act, P.L. No. 111-5, enacted February 17, 2009, HRSA received $2.5 billion, including $2 billion to expand the Health Center Program to serve more patients, stimulate new jobs, and meet the expected increase in demand for primary health care services among the Nation’s uninsured and underserved populations.

  • OIG Says Lawndale Christian Health Center Claimed Unallowable Costs Under Recovery Act Grants (A-05-11-00057)

Lawndale Christian Health Center claimed $535,000 that was allowable under the terms of the grant and applicable Federal regulations.  However, Lawndale claimed Federal grant expenditures totaling $174,000 that were unallowable.  We could not determine the allowability of costs totaling $637,000 according to the OIG. See http://go.usa.gov/rFQP.

  • Alabama Improperly Claimed Federal Funds for Children’s Health Insurance Program Enrollees Who Had Medicaid or Other Health Insurance Coverage (A-04-11-08008)

OIG reports that Alabama improperly claimed Children’s Health Insurance Program (CHIP) Federal financial participation (FFP) for some individuals who were concurrently enrolled in CHIP and Medicaid.   The Federal and State Governments jointly fund and administer both Medicaid and CHIP.  States may not claim CHIP FFP for individuals who are concurrently enrolled in CHIP and Medicaid or who have other health insurance coverage.  See http://go.usa.gov/rFQG.

Based on OIG sample results, OIG estimated that Alabama improperly claimed $1.5 million in CHIP FFP for enrollees who were concurrently enrolled in CHIP and Medicaid from October 1, 2009, through September 30, 2010.  Alabama also improperly claimed $153,000 in CHIP FFP for individuals who had other health insurance coverage from October 1, 2009, through September 30, 2010.

OIG says the concurrent enrollment in CHIP and Medicaid occurred because:

  • Medicaid enrollment could be retroactive for up to 3 months, during which the individual could also have been enrolled in CHIP and
  • Supplemental Security Income eligibility, and consequent Medicaid enrollment, could be retroactive to the original application date, a period during which the individual could also have been enrolled in CHIP. 

Moreover, the State agency did not have adequate internal controls to prevent or promptly correct concurrent enrollments.  The CHIP payments that Alabama claimed on behalf of individuals who had other health insurance coverage occurred because State policy allowed for a coordination of benefits between CHIP and other health insurance coverage.

OIG recommended that Alabama:

  • Refund $1.5 million (Federal share) for FFP claimed on behalf of individuals who were concurrently enrolled in CHIP and Medicaid,
  • Refund $153,000 (Federal share) for FFP claimed on behalf of individuals enrolled in CHIP who had other health insurance coverage,
  • Develop additional policies and procedures to prevent or promptly recoup CHIP payments made on behalf of individuals who are identified as enrolled concurrently in Medicaid, and
  • Revise the current policy that allows for a coordination of benefits between CHIP and other health insurance coverage. 

The OIG notes Alabama disagreed with all of its recommendations. 

  • South Carolina Claimed Some Unallowable Room-and-Board Costs under the Intellectual and Related Disabilities Waiver (A-04-11-04012)

OIG reports that the South Carolina Department of Health & Human Services (State agency) operates a waiver program that provides long-term care and support for individuals with intellectual or related disabilities.  The State agency contracts with the South Carolina Department of Disabilities and Special Needs (the Department) to provide waiver services.  The Department provides these services through contractual arrangements with a network of 39 local Disabilities and Special Needs (DSN) Boards.

OIG reported it found that the State agency claimed Medicaid reimbursement of $6.7 million ($4.8 million Federal share) for unallowable room-and-board costs under the waiver program that the Department operated.  The State agency claimed unallowable room-and-board costs because neither the State agency nor the Department had adequate controls to:

  • Ensure that the Department followed applicable Federal law and guidance or its own guidance or
  • Detect errors or misstatements on the local DSN boards’ cost reports. See http://go.usa.gov/rFQz.

Additionally, OIG says the Department did not prescribe a uniform format for the local DSN boards to follow when preparing the cost reports.  Rather, each local board prepared its cost reports in its own format, making it difficult to identify when unallowable costs were claimed.

OIG recommended that the State agency:

  • Refund to the Federal Government $4.8 million, representing the Federal share of the room-and-board costs that the Department improperly claimed on its waiver cost reports;
  • Instruct the Department to follow Federal law and its own guidance and remove room-and-board related administrative and general costs from future waiver program cost reports;
  • Instruct the Department to develop a uniform cost reporting process and require each local board to follow this process;
  • Instruct the Department to strengthen its cost report review procedures to ensure that it will detect errors or misstatements on the local DSN boards’ cost reports; and
  • Strengthen its own procedures for reviewing the waiver cost reports submitted by the Department. 

The State agency concurred with all of our recommendations and said that it would work with CMS to negotiate repayment of the improperly claimed room-and-board costs.

  • Review of New Mexico Medicaid Personal Care Services Provided by Coordinated Home Health (A-06-09-00064)

The OIG reported that its audit found that the State did not always ensure that Coordinated Home Health’s (Coordinated) claims for Medicaid personal care services complied with certain Federal and State requirements.  Based on sample results, OIG estimated that Coordinated improperly claimed at least $11 million (Federal share) for personal care services during the period October 1, 2006, through September 30, 2008.  http://go.usa.gov/rFUW.

According to OIG, personal care services may be provided to individuals who are not inpatients at a hospital or residents of a nursing facility, an intermediate care facility for individuals with intellectual disabilities, or an institution for mental disease.  Examples of personal care services include, but are not limited to, cleaning, shopping, grooming, and bathing.

Of the 100 claims in the OIG sample, OIG reported that 54 complied with requirements, but 46 did not.  Three of the forty-six claims were partially allowable.   The 46 claims contained a total of 60 deficiencies:  49 deficiencies on insufficient attendant qualifications and 11 deficiencies on other  concluded that Coordinated improperly claimed $8,000 for the 46 claims.

  • Based on these findings, OIG recommended that the State:
  • Refund to the Federal Government the $11 million paid to Coordinated for unallowable personal care services and
  • Ensure that personal care services providers maintain evidence that they comply with Federal and State requirements. 

OIG reported that Coordinated disagreed with almost all of OIG’sfindings, and the State disagreed with OIG’s recommended refund amount.  The State also said that some of the documentation requirements are not Federal requirements; they are State requirements, which do not require recovery of payments.

For Help With Compliance, Investigations Or Other Needs

If you need help providing compliance or other training, reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns/ She also regularly designs and presents risk management, compliance and other training for health care providers, professional associations and others.   Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. Contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication see here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved


Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

September 23, 2012
HCA Inc., one of the nation’s largest for-profit hospital chains, has agreed to pay the United States and the state of Tennessee $16.5 million to settle claims that it violated the False Claims Act and the Stark Statute, the Department of Justice announced September 19, 2012.   The settlement agreement and the litigation it resolves are a reminder to hospitals, physicians and other health care providers of the growing readiness of the Justice Department and other federal and state regulators and enforcement agencies to prosecute health care providers for STARK, anti-kickback back or other violations of federal or state health health care fraud laws.

HCA Settlement & Underlying Charges

As alleged in the settlement agreement, during 2007, HCA, through its subsidiaries Parkridge Medical Center, located in Chattanooga, Tenn., and HCA Physician Services (HCAPS), headquartered in Nashville, Tenn., entered into a series of financial transactions with a physician group, Diagnostic Associates of Chattanooga, through which it provided financial benefits intended to induce the physician members of Diagnostic to refer patients to HCA facilities.   These financial transactions included rental payments for office space leased from Diagnostic at a rate well in excess of fair market value in order to assist Diagnostic members to meet their mortgage obligations and a release of Diagnostic members from a separate lease obligation.  

The Stark Statute restricts financial relationships that hospitals may enter into with physicians who potentially may refer patients to them.   Federal law prohibits the payment of medical claims that result from such prohibited relationships.

The civil settlement resolves a lawsuit, United States ex rel. Bingham v. HCA, No. 1:08-CV-71 (E.D. Tenn.), pending in federal court in the Eastern District of Tennessee under the qui tam, or whistleblower, provisions of the False Claims Act, which allow private citizens to bring civil actions on behalf of the United States and share in any recovery.   As part of the civil settlement, HCA has agreed to pay $16.5 million to the United States and the state of Tennessee, with the federal portion representing $15,693,000 of the settlement amount.   The whistleblower will receive an 18.5 percent share.  

Also as part of the settlement, Parkridge Medical Center has entered into a comprehensive five-year Corporate Integrity Agreement with the Office of Inspector General of the U.S. Department of Health and Human Services to ensure its continued compliance with federal health care benefit program requirements.

Settlement Part of Expanding Health Care Fraud Prosecution Efforts

This resolution is part of the government’s emphasis on combating health care fraud and another step for the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative, which was announced by Attorney General Eric Holder and Kathleen Sebelius, Secretary of the Department of Health and Human Services in May 2009. The partnership between the two departments has focused efforts to reduce and prevent Medicare and Medicaid financial fraud through enhanced cooperation. One of the most powerful tools in that effort is the False Claims Act, which the Justice Department has used to recover more than $9.4 billion since January 2009 in cases involving fraud against federal health care programs. The Justice Department’s total recoveries in False Claims Act cases since January 2009 are over $13.1 billion.

In announcing the resolution agreement, federal officials emphasized their readiness to prosecute STARK, anti-kickback and other health care fraud statutes. 

“The Department of Justice continues to pursue cases involving improper financial relationships between health care providers and their referral sources, because such relationships can corrupt a physician’s judgment about the patient’s true healthcare needs,” said Stuart F. Delery, the Acting Assistant Attorney General for the Department of Justice’s Civil Division.   

 “Physicians should make decisions regarding referrals to health care facilities based on what is in the best interest of patients without being induced by payments from hospitals competing for their business,” said Bill Killian, U.S. Attorney for the Eastern District of Tennessee.  

“ Improper business deals between hospitals and physicians jeopardize both patient care and federal program dollars,” said Daniel R. Levinson, Inspector General of the Department of Health and Human Services.   “Our investigators continue to work shoulder to shoulder with other law enforcement authorities to stop schemes that imperil scarce health care resources.”

Coupled with the ever-lengthening list of civil settlements like the HCA settlement, and civil monetary penalties, program disqualifications, and criminal prosecutions, these announcements send a strong message to health care providers to review their transactions, referral and other relationships, and billing practices and address potential exposures.

For Help With Compliance, Investigations Or Other Needs

If you need help providing compliance or other training, reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns/ She also regularly designs and presents risk management, compliance and other training for health care providers, professional associations and others.   Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. Contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication see here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved


Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

September 23, 2012
A Detroit-area doctor was charged and arrested on September 20, 2012 in the Eastern District of Michigan for his alleged leading role in a $40 million Medicare fraud scheme involving physician home visits and home health services.  The Department of Justice (DOJ), the Department of Health and Human Services (HHS), the Federal Bureau of Investigations (FBI) and the HHS-Office of Inspector General (OIG) jointly announced the charges.  In addition to the arrest, law enforcement agents executed search warrants at three locations and seizure warrants for three bank accounts related to the scheme.

According to a criminal complaint unsealed today in U.S. District Court in Detroit, Dr. Hicham Elhorr, 45, masterminded a $40 million scheme involving the submission of fraudulent claims submitted to Medicare for services that were medically unnecessary and/or never provided through House Calls Physicians (HCP), a physician home visiting service he owned and operated.  Elhorr allegedly submitted claims through HCP for physician home visits for patients who were never seen and for visits conducted by doctors who were not licensed.  The complaint alleges Elhorr submitted claims to Medicare for physician home visits purportedly rendered when he was out of the country, when beneficiaries were hospitalized or when the beneficiary was dead.

Elhorr is also alleged to have referred Medicare beneficiaries for medically unnecessary home health services, as well as accepted kickbacks from home health agencies in exchange for writing these referrals.  According to court documents, since January 2008, HCP has billed Medicare for approximately $9.2 million.  In the same time period, HCP has allegedly referred Medicare beneficiaries for home health services that have resulted in approximately $30.8 million of reimbursements from Medicare.

The case is being prosecuted by Trial Attorney Catherine K. Dick of the Criminal Division’s Fraud Section.  The investigations were conducted jointly by the FBI and HHS-OIG, as part of the Medicare Fraud Strike Force, supervised by the U.S. Attorney’s Office for the Eastern District of Michigan and the Criminal Division’s Fraud Section.

Act To Manage Health Care Fraud Exposures

High profile criminal charges like this one tell only part of the story.  While important and growing, the OIG and other civil audit and enforcement are targeting both health care providers that engage in overly aggressive billing and treatment practices while scaring legitimate providers into avoiding legitimate care and its billing in treatment areas subject to high audit and underbilling for fear of the costs and risks associated with drawing government scruitiny.  Amid this quagmire, legitimate health care providers must carefully document their care and the underlying justification and manage their billing practices to mitigate fraud exposures while also ensuring that their care meets the requisite standards of care to meet professional standards of care.  It’s a tough but critical task for which reimbursement is declining.

As health care fraud enforcement remains a lead Federal priority, health care providers face ever-heightening exposures to HEAT task force scrutiny and prosecution. 

Since its inception in March 2007, the Medicare Fraud Strike Force, now operating in nine cities across the country, has charged more than 1,330 defendants who have collectively billed the Medicare program for more than $4 billion.

Along with these criminal investigation and enforcement activities, health care providers also face civil monetary penalty, federal program disqualification and other civil and administrative remedies from billing, reimbursement and other health care fraud, billing audits and other enforcement and audit activities. 

HHS’s Centers for Medicare and Medicaid Services, working in conjunction with HHS-OIG, is stepping up audits, tightening pre-payment review, stepping up program disqualifications, and taking other steps to increase accountability and decrease the presence of fraudulent providers.

In response to these and other investigation and oversight activities, health care providers should strengthen their compliance practices and oversight and take other special care to position themselves and their billings to defend against possible challenge.

For Help With Compliance, Investigations Or Other Needs

If you need help providing compliance or other training, reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns/ She also regularly designs and presents risk management, compliance and other training for health care providers, professional associations and others.   Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. Contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication see here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved


Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

September 23, 2012

New Charges Bring To A Total of 9 Charged for Their Roles in the Scheme 

Charges against five more individuals for their alleged participation in a $24.7 million Medicare fraud scheme involving purported home health and psychotherapy services were unsealed and made public in the Eastern District of Michigan on September 20, 2012 bring to a total of nine individuals now charged in the scheme. 

The Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) jointly announced the charges. 

DOJ charges in court documents that the scheme allegedly involved a total of more than $24.7 million in fraudulent claims submitted to Medicare for purported home health care and psychotherapy services that were medically unnecessary and/or never provided.  Court documents allege that the defendants are operators, employees and marketers associated with home health care and psychotherapy clinics operating in and around Detroit.  Defendants charged in the unsealed court documents unsealed today include: Mohammed Sadiq; Jamella Al-Jumail; Firas Alky; Clarence Cooper and Beverly Cooper. 

Four defendants charged in the superseding indictment were previously charged and arrested in May 2012 for their roles in the scheme.  Defendants previously charged include: Sachin Sharma, Dana Sharma, Abdul Malik Al-Jumail, and Felicar Williams. 

The superseding indictment charges all defendants with one count of conspiracy to commit health care fraud; Sachin Sharma with five counts of health care fraud; Sachin Sharma, Abdul Malik Al-Jumail, Williams, Sadiq, Alky and Clarence Cooper with one count of conspiracy to pay and receive health care kickbacks; and Jamella Al-Jumail with one count of destruction of records in a federal investigation.  The superseding indictment also seeks forfeiture from all defendants. 

According to the superseding indictment, from January 2007 through April 2012, the defendants operated a large network of purported home health care and psychotherapy companies in the Detroit area through which they conspired to defraud Medicare. 

According to court documents, Sachin Sharma, Dana Sharma, Abdul Malik Al-Jumail, Williams, Jamella Al-Jumail, Sadiq, Alky and other alleged co-conspirators incorporated home health care, psychotherapy and other medical service companies to carry out the scheme, including Reliance Home Care, LLC; First Choice Home Health Care Services Inc.; Associates in Home Care Inc.; Haven Adult Day Care Center LLC; Swift Home Care LLC; ABC Home Care Inc.; Accessible Home Care Inc.; and Be Well Home Care LLC.  The defendants, along with co-conspirators, allegedly submitted Medicare enrollment applications to let these companies to bill Medicare. Sachin Sharma, Abdul Malik-Al-Jumail, Sadiq, Alky and others allegedly paid kickbacks and bribes to recruiters, including Williams and Clarence Cooper, to get Medicare beneficiaries’ information, which could be used to fraudulently bill Medicare for purported services provided by the companies they operated and controlled.  The defendants then allegedly caused these companies to bill Medicare for home health and psychotherapy services, even though these services were not medically necessary and were often not provided. 

According to the superseding indictment, the defendants caused Reliance, First Choice, Associates, Haven, Swift, ABC, Accessible and other home health, psychotherapy and medical services companies to bill approximately $24.7 million in claims to Medicare for services that were medically unnecessary and/or not provided.  In addition, Jamella Al-Jumail is charged with destroying records relating to Accessible’s Medicare billings upon learning of the May 2012 arrest of Abdul Malik Al-Jumail, her co-conspirator and father. 

Clarence and Beverly Cooper, Sadiq and Jamella Al-Jumail were arrested on September 21. 

The case is being prosecuted by Fraud Section Assistant Chief Gejaa T. Gobena and Trial Attorney William G. Kanellis.  The investigations were conducted jointly by the FBI and HHS-OIG, as part of the Medicare Fraud Strike Force, supervised by the U.S. Attorney’s Office for the Eastern District of Michigan and the Criminal Division’s Fraud Section. 

Act To Manage Health Care Fraud Exposures

As health care fraud enforcement remains a lead Federal priority, health care providers face ever-heightening exposures to HEAT task force scrutiny and prosecution. Along with these criminal investigation and enforcement activities, health care providers also face civil monetary penalty, federal program disqualification and other civil and administrative remedies from billing, reimbursement and other health care fraud, billing audits and other enforcement and audit activities.

 In response to these and other investigation and oversight activities, health care providers should strengthen their compliance practices and oversight and take other special care to position themselves and their billings to defend against possible challenge.

For Help With Compliance, Investigations Or Other Needs

If you need help providing compliance or other training, reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns/ She also regularly designs and presents risk management, compliance and other training for health care providers, professional associations and others.   Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. Contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication see here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


With Risks Rising, Listen To 9/19 OCR Webinar On Civil Rights Enforcement In Health Care

September 18, 2012

 With the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) and other federal agencies stepping up their civil rights and discrimination compliance audits and enforcement activities and private plaintiff discrimination suits against health care providers and other health industry organizations rising, health care, housing, health insurance and other organizations subject to these requirements are encouraged to learn more about HHS’ view and enforcement of these civil rights rules by participating in the webcast on “Addressing Health Disparities through Civil Rights Compliance and Enforcement” on Wednesday, September 19 from 3:00 p.m. to 4:30 p.m. eastern daylight savings time (EST).

September 19 Webinar

According to HHS, the September 19, 2012 webinar will be jointly hosted by the Health Resources and Services Administration Office of Equal Opportunity, Civil Rights & Diversity Management (OEOCRDM) Office of Federal Assistance Management (OFAM) and the HHS Office for Civil Rights (OCR) Office of the Assistant Secretary for Financial Resources (ASFR).

Topics of discussion will include:

  • How non-compliance can contribute to health disparities and disparities in quality care;
  • Opportunities to ensure HHS-funded programs are in compliance with civil rights laws;
  • How HHS OCR enforces compliance in your neighborhood.
  • A panel of OCR and ASFR experts answering questions

To join the webcast click here

Rising Civil Rights Law Exposures Require Management 

Public and private health care and housing providers may face discrimination exposures under various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws. Section 504 requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance. The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities.  In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities.  Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds.  These federal rules impact virtually all public and private health care providers as well as a broad range housing and related service providers.

As part of a broader emphasis on the enforcement of disability and other federal discrimination laws by the Obama Administration, OCR is making investigation and prosecution of suspected disability discrimination by health industry organizations a priority.  OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with Section 504 of the Rehabilitation Act of 1973 (Section 504) and the Americans with Disabilities Act of 1990 (ADA) as well as various other federal nondiscrimination and civil rights laws.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider.  In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively maintain processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

As a result of its stepped up enforcement of the ADA, Section 504 and other civil rights and nondiscrimination rules, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR.  While OCR continues to wage this enforcement battle in the programs it administers, the Departments of Justice, Housing & Urban Development (HUD), Education, Labor and other federal agencies also are waging war against what the Obama Administration perceives as illegal discrimination in other areas.  Along side their own enforcement activities, OCR and other federal agencies are maintaining a vigorous public outreach to disabled and other individuals protected by federal disabilities and other civil rights laws intended to make them aware of and to encourage them to act to enforce these rights. To be prepared to defend against the resulting risk of claims and other enforcement actions created by these activities, health care, housing and other U.S. providers and businesses need to tighten compliance and risk management procedures and take other steps to prepare themselves to respond to potential charges and investigations.

Recent Settlements Highlight Risk

Within recent settlement agreements, entities agreed to take steps to come into compliance with Section 504 and ADA, including: review and revision of policies and procedures; training staff on their non-discrimination obligations; providing a grievance procedure for patients; and other corrective actions specific to each entity’s violations.  To learn more details about these actions and settlements, see here

These and other enforcement actions by OCR and other agencies demonstrate the significant increased federal emphasis on the enforcement of federal discrimination laws against private and public health care and housing providers, state and local governments and other businesses under the Obama Administration. In keeping with this renewed emphasis, the DCF settlement is the latest in a series of federal disability, national origin and other discrimination charges and settlements OCR, has brought over the past year against physicians, public and private hospitals, insurers, federally financed housing providers and other parties providing services financed under programs administered by OCR. As HUD, the Equal Employment Opportunity Commission (EEOC) and other federal agencies also similarly have increased emphasis in federal discrimination law enforcement during this period, health care providers and other federal program service providers need to be prepared to defend their programs and practices to withstand federal discrimination charges or other investigations by federal agencies, private plaintiffs or both. 

As for employment discrimination, violators of these and other federal discrimination prohibitions applicable to the offering and delivery of services and products also face exposure to large civil damage awards to private plaintiffs as well as federal program disqualification, penalties and other federal agency enforcement. Unfortunately, while most businesses and governmental leaders generally are sensitive to the need to maintain effective compliance programs to prevent and redress employment discrimination, the awareness of the applicability and non-employment related disability and other discrimination risk management and compliance lags far behind.

Many private health care organizations assume that OCR’s enforcement actions are mostly a problem for state and local government agencies because state and local agencies and service providers frequently have been the target of OCR discrimination charges.  However the record shows OCR enforcement risks are high for both public and private providers. 

OCR can and does investigate and brings actions against a wide variety of public and private physicians, hospitals, insurers and other private health care and other federal program participants. In October, 2009,  for instance, OCR announced that an Austin, Texas orthopedic surgeon whose practice group sees an average of 200 patients per week, had entered into a settlement agreement to resolve OCR charges that he violated Section 504 of the Rehabilitation Act by denying medically appropriate treatment from patients solely because they are HIV-positive.

Invest in Prevention To Minimize Liability Risks

In light of the expanding readiness of OCR to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements.  Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions.  Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. 

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

September 17, 2012

Physician practices and other health care providers, health plans, health care clearinghouses and their business associates have yet another $1 million plus reminder of the importance of taking proper steps to secure electronic protected health information and take other steps required to comply with the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively referred to as “MEEI”) will pay the U.S. Department of Health and Human Services’ (HHS) $1.5 million and take a series of corrective actions to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule under the resolution agreement available here (“Resolution Agreement”) announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) on September 17, 2012. 

MEEI Resolution Agreement

The Resolution Agreement settles charges that resulted from an OCR investigation commenced in response to a HIPAA breach report submitted by MEEI reporting the theft of an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects.  The laptop information included patient prescriptions and clinical information. 

OCR’s investigation indicated that MEEI failed to take necessary steps to comply with certain requirements of the HIPAA Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices , and adopting and implementing policies and procedures to address security incident identification, reporting, and response.  OCR’s investigation indicated that these failures continued over an extended period of time, demonstrating a long-term organizational disregard for the requirements of the Security Rule.

To settle the charges, MEEI will pay a $1.5 million settlement to OCR.  In addition, the Resolution Agreement also requires MEEI to adhere to a corrective action plan which includes reviewing, revising and maintaining policies and procedures to ensure compliance with the Security Rule, and retaining an independent monitor who will conduct assessments of MEEI’s compliance with the corrective action plan and render semi-annual reports to HHS for a 3-year period.

High Dollar Resolution Agreements Increasingly Common

The MEEI Resolution Agreement follows on the resolution agreement previously announced this year with Arizona-based Phoenix Cardiac Surgery, P.C. (PCS). That resolution agreement required PCS to pay $100,000  and take corrective action to implement policies and procedures to safeguard the protected health information of its patients to settle OCR charges PCS violated HIPAA.

Health care providers and other HIPAA-covered entities should heed the MEEI, PSC and other recent settlements as the latest signal of the risks that health care providers and other covered entities run by failing to adequately implement and administer appropriate HIPAA compliance practices.

Following the announcement by OCR last month that Blue Cross Blue Shield of Tennessee (BCBST) would pay $1,500,000 to resolve HIPAA violations charges, and the latest in a series of Resolution Agreements announced by OCR in recent years, the PCS highlights the willingness to sanction health care providers and other covered entities of all sizes.  “The case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, director of OCR. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

Like the PCS, BCBST and other announced resolution agreements, the MEEI Resolution Agreement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On WebsiteCovered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.  For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here or contact Ms Stamer here or at (469) 767-8872.


[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.


Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

September 17, 2012

Stamer Speaks on “PCI In the Hospital/Healthcare Setting” on 11/1 in LA

Cynthia Marcotte Stamer will speak on “PCI In The Hospital/Healthcare Setting” at the Privacy and Security Forum in Los Angeles, CA on Thursday, November 1.

About The Program

The Forum co-sponsored by the HIMSS SoCal Chapter, along with the ISSA-LA, ISACA-LA, ISC2-LA, & OWASP will be held at the to be held at the Center For Healthy Community in Los Angeles, CA on November 1, 2012 from 7:30AM – 1:30PM.

Ms. Stamer’s and her co-panelist, John B. Sapp Jr., CISSP, CRISC, HISP, CGEIT, Senior Director, Information Security Product Management & Innovation at McKesson Corporation, will discuss the diverse risks, responsibilities and challenges that health care providers, retailers and vendors and consumers face in handling, using and protecting payment card data and information (PCI) used or disclosed in hospital and other health care settings. This includes both personal consumer information that qualifies as protected health information or personal financial information obtained in connection with reimbursement or other core health care operations, as well as PCI from retail, hospitality, parking or other related operations.

About Ms. Stamer

Ms. Stamer has more than 25 years experience advising and assisting health care providers, health plans, health care technology, their business associates and other health industry clients about privacy and data security, investigations and enforcement, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Recognized in the International Who’s Who of Professionals for her work as an attorney, consultant and author to a wide range of health care, technology, financial services, insurance and other business and governmental organizations, Ms. Stamer helps health industry and other clients to develop and use legal and other strategies to manage legal, operational and other risks, to enhance business and operational effectiveness, to reengineer people, processes and culture, and meet other goals.   As a key component of this involvement, Ms. Stamer has worked extensively on the design, development, operation and defense health, financial services and other information systems, technology and other systems and processes.  She regularly advises businesses and their leaders about the risks and responsibilities under federal and state civil and criminal laws affecting their operations and the development and administration of technology and other strategies for managing these risks and mitigation of data and privacy breaches.  She advises health care organizations, technology companies, outsourcers and others to design processes and technology to manage compliance and risks or promote other operational objectives. 

Vice President of the North Texas Health Care Compliance Professionals Association, founder and Executive Director of the Coalition for Responsible Health Policy and Project COPE; The Coalition on Patient Empowerment, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, as a continuous part of this work, she helps clients design, administer and defend HIPAA, FACTA, data breach, identity theft and other risk management, compliance and other privacy, data security, confidential information and other data security and technology policies and practices affecting their operations. She has assisted a multitude of health industry, health and other employee benefits, insurance and financial services, technology and other businesses to design and administer privacy, data security and other policies, processes and technology.  She workers with these and other clients to investigate and redress legal and business liabilities and other concerns resulting from HIPAA PHI and other personal information breaches and use, hacking, identity theft, data breach, theft of trade secrets, spoofing, industrial espionage, insider and other parties misuse of data or technology and other cybercrime and technology use concerns under HIPAA, FACTA and other FTC, and other federal and state data breach, privacy, cybercrime, tort, trade secret and other intellectual property, contract and other laws.  She assists these and other clients to design and administer compliance and risk management programs to protect and defend their use and collection of sensitive data. She drafts and advises clients about privacy, security, confidentiality and data security, credit and other background checks, workplace and other investigations and surveillance, and other tools and practices to assist businesses to mitigate risks arising out of technology and data use and monitoring.  Ms. Stamer regularly works with health care, health and other insurance and financial services, and other businesses, the Office of Civil Rights (OCR), Federal Trade Commission, Department of Justice, US Secret Service, Federal Bureau of Investigations, state attorneys general and other agencies on HIPAA, FACTA and other privacy, data security, cybercrime, trade secret and related concerns.

Ms. Stamer also is widely recognized for her regulatory and public policy advocacy, publications, and public speaking on privacy and other compliance, risk management concerns.  For the past two years, Ms. Stamer has serve as the appointed scribe for the ABA Joint Committee on Employee Benefits annual agency meeting with OCR and has lead numerous programs for the ABA and others on this topic.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

A highly popular lecturer and widely published author on privacy, data security, and other matters, Ms. Stamer’s insights have been quoted in The Wall Street Journal, Business Insurance, the Dallas Morning News, Spencer Publications, and a host of other publications.  Her “Personal Identity Theft Training Online Training Program For CIOs” has been included as part of the curriculum of the University of Dallas Information Management Graduate Program.  Cindy also regularly publishes and speaks for a wide range of organizations including the American Bar Association, the Bureau of National Affairs (BNA), Aspen Publishers, Spencer Publications, ISSA, HIMSS, the American Electronics Association (AEA), the Institute of Internal Auditors, Business Institutes and a multitude of others.  She is the author of hundreds of other publications and workshops including “Privacy & Securities Standards-A Brief Nutshell,” “Privacy Invasions of Medical Care-An Emerging Perspective,” the E-Health Business and Transactional Law Chapter on Other Liability-Tort and Regulatory;” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA;” “Personal Identity Management Legal Demands and Technology Solutions;” “Tailoring A Records Management Plan And Process To Meet Your Legal And Operational Needs;” “Brokers & Insurers Identity Theft and Privacy Perils;” “HR’s Role In Personal Identity Theft & Cyber Crime Prevention;” “Protecting & Using Patient Data In Disease Management Opportunities, Liabilities And Prescriptions;” “Why Your Business Needs A Cybercrime Prevention and Compliance Program;” “Leveraging Your Enterprise Digital Identity Management Investments and Breaking though the Identity Management Buzz;” “When Your Employee’s Private Life Becomes Your Business;” “and hundreds of other works.

Cindy also applies her experience as a leader in numerous professional and civic organizations. She currently and previously has served as an advisory board member to a wide range of health information technology and data security incubators, and in a host of other leadership roles in various other professional, charitable and civil organizations.  Cindy also has served as an Adjunct Faculty Member of the University of Dallas Graduate School of Management, on the editorial advisory boards of The Bureau of National Affairs, Inc. (BNA), and a host of other editorial advisory boards and seminar faculties.

For more information about Cindy as your Solutions Lawyer, to conduct training for your organization, or for other information, you may call her at 469.767.8872 or see http://www.Cynthiastamer.com.

 


Follow

Get every new post delivered to your Inbox.

Join 659 other followers

%d bloggers like this: