CMS To Host Provider Webinar To Celebrate National Health IT Week

September 13, 2013

In celebration of the third annual National Health IT Week is September 16-20, the Centers for Medicare & Medicaid Services (CMS) will host several webinars and launching new eHealth tools and resources that it intends to help providers participate in eHealth programs.  These programs may be of interest to providers as well as payers who are interested in what providers are doing to use eHealth tools.

Details of Webinar

The eHealth Provider Webinar will be held on Thursday, September 19th from 12:00 p.m. to 1:30 p.m. ET.  CMS plans to present an overview of the eHealth programs and its eHealth initiative—an initiative that aligns health IT and electronic standards programs on:

  • Administrative Simplification
  • eRx Incentive Program
  • ICD-10
  • Quality Measurement

A portion of the webinar will also be dedicated to Q&A.

Registration Information

Space is limited.  Register now to secure your spot for the eHealth Provider WebinarOnce registration is complete, you will receive a follow-up email with step-by-step instructions on how to log-in to the webinar.  Listserv messages are sent prior to each webinar session with registration information.

If you’d like to view past webinars, the PowerPoint presentations and recordings can now be accessed on the Resources page of the eHealth website.  For more information about CMS’ eHealth Initiatives, visit the CMS eHealth website for the latest news and updates on CMS’ eHealth initiatives.

For More Information Or Assistance

If you need assistance responding to this invitation or with other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters.  She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.  THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.  

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Tell HHS What You Think-Comment On HHS Strategic Plan Now!

September 9, 2013

Health care providers, health plans, employers and others concerned about the regulatory and enforcement activities of the Department of Health & Human Services (HHS) can make their concerns known by speaking up now.  Share your input on the draft HHS strategic plan that will guide HHS’ regulatory and enforcement agenda for the next 4 years.

Every 4 years, HHS updates its strategic plan, which describes its work to address complex, multifaceted, and ever-evolving health and human service issues, including:

  • Health Care
  • Research and Innovation
  • Prevention and Wellness

HHS is inviting public input on the draft HHS Strategic Plan for FY 2014-2018. The comment period is open until October 15, 2013.  Individuals or organizations wishing to respond to this invitation can read the HHS Strategic Plan FY 2014-2018 (Draft) and submit your comments several ways including:

For More Information Or Assistance

If you need assistance responding to this invitation for comment or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters.  She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.  THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.  

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Medical Device Excise Tax Rules Supplemented

December 9, 2012

Medical device manufacturers heads up!  The Internal Revenue Service (IRS) has adopted interim rules for relating to the excise tax on medical devices imposed by § 4191 (the “medical device excise tax”) of the Internal Revenue Code (the “Code”).

Section 4191, enacted by section 1405 of the Health Care and Education Reconciliation Act of 2010  in conjunction with the Patient Protection and Affordable Care Act (the Affordable Care Act) enacted a new excise tax on the sale of certain medical devices. The excise tax imposed by Code section 4191 is 2.3% of the price for which the taxable medical device is sold. The medical device excise tax is codified in chapter 32, subtitle D of the Code (“chapter 32”), which pertains to excise taxes imposed on the sale or use of taxable articles by manufacturers, producers, and importers (commonly referred to as “manufacturers excise taxes”). See § 48.0-2(a)(4)(i) of the Manufacturers and Retailers Excise Tax Regulations (Regulations). The Code defines the term “manufacturer” to include a “producer” and an “importer”.  

On December 7, 2012, the Internal Revenue Service (IRS) and the Treasury Department issued TD 9604, containing final regulations under § 4191. The final regulations did not address certain issues that the IRS and the Treasury Department continue to study. These issues included the determination of price under § 4216(b); the tax treatment of medical software licenses; the taxability of donated medical devices; and the taxability of medical convenience kits. 

The IRS recently followed up by issuing Notice 2012-77.  Notice 2012-77 available here contains the IRS’ rules about:

  • How to determine price for purposes of the medical device excised tax under Code section 4216(b);
  • Donated taxable medical devices;
  • Licensing of taxable medical devices;
  • The tax treatment of medical convenience kits;
  • Transition relief to medical device manufacturers from the failure to deposit penalties imposed by § 6656; and
  • Invites comments from taxpayers about its rules.

As these rules take effect January 1, 2013, device manufacturers should review the new guidance and update their procedures to provide for timely determination and payment of any required device taxes.  In addition, device manufacturers also will need to kep an eye out for potential changes in the rules.  The IRS and the Treasury Department have said they may issue additional published guidance on these issues in the future.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Updated 2013 ACA Prescription Drug Fee Calculation & Payment Rules Released; 12/18 Deadline To File Form 8947

December 4, 2012

December 17, 2012 is the deadline for covered entities to file a Form 8947 as part if its reporting and payment of the Form 8947The Internal Revenue Service (IRS) Notice 2012-74 sets forth the instructions for calculation and reporting branded prescription drug fee for the 2013 fee year under Section 9008 of the Patient Protection and Affordable Care Act, as amended by section 1404 of the Health Care and Education Reconciliation Act of 2010 (Affordable Care Act).

The Act imposes an annual fee on covered entities engaged in the business of manufacturing or importing branded prescription drugs.  The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51 published on August 18, 2011 provide the method for calculating each covered entity’s annual fee and the fee year for purposes of these rules and how the fee must be reported and paid.  See  76 Fed. Reg. 51245.  These regulations also define terms for the administration of the fee.

Notice 2012-74/s instructions on the 2013 prescription drug fee discusses:

  • The submission of Form 8947, “Report of Branded Prescription Drug Information,”
  • The time and manner for notifying covered entities of their preliminary fee calculation;
  • the time and manner for covered entities to submit error reports for the dispute resolution; process; and
  • The time for the IRS to notify covered entities of their final fee calculation.

12/18/12 Deadline to File Form 8947

One of the deadlines for this process is rapidly approaching.  Section 51.3T provides that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.

Notice 2012-74 sets the deadline for a covered entity that chooses to submit Form 8947 for 2013 at December 17, 2012.

Preliminary Fee Calculation

For the 2013 fee year, the IRS will mail each covered entity a paper notice of its preliminary fee calculation by April 1, 2013. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to § 51.4T.

A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by March 15, 2013. This request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by April 1, 2013.

Submitting Error Reports For The Dispute Resolution Process

For the 2013 fee year, a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 16, 2013.   When the IRS mails each covered entity a notice of its preliminary fee calculation by April 1, 2013, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM to the IRS in a timely fashion.

Final Fee Calculation & Payment

The IRS will notify each covered entity of its final fee calculation for 2013 by August 31, 2013. In accordance with § 51.8T(c), each covered entity must pay this fee by September 30, 2013.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy and other technology, risk management and compliance-related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Hospitals Urged To Tighten Inpatient & Outpatient Admission Records As OIG Audits Hospitals for New vs. Established Patients,

November 29, 2012

Hospitals should act quickly to adopt appropriate compliance policies and tighten outpatient and inpatient admissions recordkeeping and associated billing activities to minimize exposures signaled by audits announced by the Department of Health & Human Services (HHS) Office of Inspector General (OIG).

OIG reportedly is auditing inpatient and outpatient hospital claims for new and established patients to identify potential overcharges by some hospital-based outpatient clinics that may have resulted from treating established patients as if they were new patients. OIG’s Office of Audit Services reportedly sent letters to some hospitals in October, asking about a handful of claims for new patient visits that OIG suspects the hospital should have billed as established patient visits. In addition to requesting specific information about line items on the claims and their internal controls for billing new versus established patients and provide descriptions of written policies and procedures governing the facilities classification of new versus established patients and internal controls for detecting errors.

Medicare typically pays more for new versus established patients since CMS  implemented the outpatient prospective payment system in 2000. Since 2008, CMS rules have specified that patients who visit the hospital outpatient clinic within three years are established patients, and after that they are new, with Medicare paying more for the latter. See(73 Fed. Reg. 68502, 68679 (November 18, 2009).  Data mining technology increasingly used by CMS and other federal fraud investigators facilities the ability of Medicare and others to identify errors in coding and billing resulting from misclassication of existing patients as new.  

Many hospitals may be exposed under this requirement for a variety of reasons including failure to appropriately track and coordinate inpatient and outpatient admission data, defaults built into recordkeeping systems and omissions to timely update practices or training.  In contrast to the risk of overbilling from incorrectly treating patients as new, hospitals that bill all patients as established to overcome inadequacies in their ability to track new versus established patients often leave money on the table unnecessarily by foregoing added reimbursement that the facility otherwise would qualify for it could reliably identify new patients.

While strengthening coding and billing to ward of risks, may debate the appropriateness of CMS’ new versus existing patient distinction outside the physician office context.  Critics contend that unlike in the physician office context, the level of care or resources delivered for a new patient compared to a patient who previously visited the hospital doesn’t generally differ. Parties with these concerns should continue to ensure appropriate compliance with existing rules while providing input and feedback to CMS and other regulators about their concerns with the policy’s suitability.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy and other technology, risk management and compliance-related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

November 29, 2012

The Department of Health & Human Services Office of Inspector General is recommending the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) act to improve the effectiveness of its oversight and management of the Medicare electronic health record (EHR) incentive program.  The recommendations are likely to impact on the requirements that hospitals and other professionals will be required to meet to get and keep EHR program incentive payments.  Consequently, hospitals, physicians and other providers and their technology and other systems advisors and vendors should carefully watch and respond to changes that these two agencies implement in response to the OIG feedback.

According to an OIG study reported here, the CMS estimates that it will pay $6.6 billion in EHR incentive payments to providers under the program between 2011 and 2016.  Many hospitals, physician organizations and other providers are making substantial investments in EHR and related technologies in reliance of expectation of receiving program incentive payments.  Accordingly, parties hoping to qualify for incentive programs need to watch closely the actions that the agencies take in response to this OIG input or otherwise that impacts on qualification and audits.

OIG Study & Findings

OIG’s early assessment of CMS’s oversight of the Program found that because professionals and hospitals self-report data to prove fulfillment of program requirements, CMS’s efforts to verify these data will help make sure the integrity of Medicare EHR incentive payments.

The recommendation comes from an OIG study reviewing CMS’s oversight of professionals’ and hospitals’ self-reported meaningful use of certified EHR technology in 2011, the first year of the program.  OIG evaluated self-reported information against program requirements.  It also looked at CMS’s audit planning documents, regulations and guidance for the program and conducted structured interviews with CMS staff on CMS’s oversight.

Based on this evaluation, OIG foundCMS faces obstacles to overseeing the Medicare EHR incentive program that leave the program vulnerable to paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements.  OIG says CMS has not yet implemented strong prepayment safeguards, and has limited ability to safeguard incentive payments postpayment. OIG also reports that the ONC requirements for EHR reports may contribute to CMS’s oversight obstacles.

OIG Recommended Corrective Action

Based on its study, OIG is recommending that CMS take the following actions.

  • Obtain and review supporting documentation from selected professionals and hospitals prior to payment to verify the accuracy of their self‑reported information and
  • Issue guidance with specific examples of documentation that professionals and hospitals should maintain to support their compliance. 

CMS did not agree with our first recommendation, stating that prepayment reviews would increase the burden on practitioners and hospitals and could delay incentive payments.  Despite this CMS feedback, OIG nevertheless is continuing to recommend that CMS conduct prepayment reviews to improve program oversight. CMS concurred with our second recommendation.

OIG also recommended that ONC take the following actions: 

  • Require that certified EHR technology be capable of producing reports for yes/no meaningful use measures where possible and
  • Improve the certification process for EHR technology to make sure applicants provide accurate EHR reports. 

ONC concurred with both recommendations.

Recommended Provider Action

Hospitals and providers looking to take advantage of the HER incentive payments should carefully monitor the developments resulting from these recommendations and take proper actions to stay compliant with evolving requirements as they move forward.

Along with monitoring these responses, providers participating in the incentive program also need to stay abreast of other developments.  For instance, last month, ONC announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files).  See 2014 Edition Draft Test Procedures webpage. Additional waves of test methods are impending.  ONC says it expects the final set of Test Methods to be available for use in early 2013. 

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Changes Start Time, Releases Agenda For 11/13 Virtual Workshop On Health IT Test Standards

November 9, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 9, 2012) announced a preliminary agenda of topics and  the procedures that health care providers and other interested parties wishing to participate in  a public virtual workshop on the ONC Health Information Technology (IT) Certification Program and 2014 Edition Test Methods that ONC plans to host on Tuesday, November 13, 2012 from 8:15 AM-4:30PM EST.   

The announced commencement time is 45 minutes earlier than the originally announced 9:00 AM start time that ONC had announced as the start time for the workshop in November 8 announcements.

To review the preliminary agenda for the workshop, see http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-methods.

According to today’s  ONC announcement, parties wishing to participate in the virtual workshop should  register for ONC Certification Technical Workshop on Nov 13, 2012 8:15 AM EST at https://attendee.gotowebinar.com/register/2114316126469925632 .  ONC says that successful registrants will receive a confirmation email containing information about joining the webinar. 

The planned workshop follows ONC’s anno0uncement of the release for review of the latest in a series of electronic medical records Test Standards that ONC has issued recently in its march to implement its mandate.    ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification.   ONC  typically allows  a two week period of public review and comment from the date posted for public review and comment on each Wave.  

In keeping with this process, ONC is inviting interested persons to  submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013. 

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

November 8, 2012

The Office of the National Coordinator for Health IT (ONC) today (November 8, 2012) announced the release of the Wave 7 2014 Edition Draft Test Methods (test procedures, tools, and applicable test data and files). To review the 2014 Edition draft Test Methods, visit the 2014 Edition Draft Test Procedures webpage.   As a follow up to this announcement, ONC is inviting interested parties to participate in a public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13th, 9AM-4:30PM EST.

The Test Procedures announced today are the latest in a series ONC has issued recently.    ONC says all Test Methods will undergo public review and comment before being finalized and approved by ONC for use in testing and certification.   ONC  typically allows  a two week period of public review and comment from the date posted for public review and comment on each Wave.  

In keeping with this process, ONC is inviting interested persons to  submit comments and suggestions to ONC.Certification@hhs.gov. All submissions should include “2014 Test Methods” in the subject line. ONC asks that parties submitting input to be as specific as possible in their comment submissions.

ONC says it expects the final set of Test Methods to be available for use in early 2013. 

To help interested parties stay informed about the Test Messages, ONC also announced today it will host a virtual public workshop on the ONC HIT Certification Program and 2014 Edition Test Methods on Tuesday, November 13th, 9AM-4:30PM EST.  According to ONC, the topics to be covered include 2014 Test Procedures, Test Tools, Test Data, ONC Timeline, and the Certified Health IT Product List (CHPL).   ONC says additional details regarding access and agenda will be forthcoming.  Watch the ONC website.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

September 17, 2012

Physician practices and other health care providers, health plans, health care clearinghouses and their business associates have yet another $1 million plus reminder of the importance of taking proper steps to secure electronic protected health information and take other steps required to comply with the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively referred to as “MEEI”) will pay the U.S. Department of Health and Human Services’ (HHS) $1.5 million and take a series of corrective actions to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule under the resolution agreement available here (“Resolution Agreement”) announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) on September 17, 2012. 

MEEI Resolution Agreement

The Resolution Agreement settles charges that resulted from an OCR investigation commenced in response to a HIPAA breach report submitted by MEEI reporting the theft of an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects.  The laptop information included patient prescriptions and clinical information. 

OCR’s investigation indicated that MEEI failed to take necessary steps to comply with certain requirements of the HIPAA Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices , and adopting and implementing policies and procedures to address security incident identification, reporting, and response.  OCR’s investigation indicated that these failures continued over an extended period of time, demonstrating a long-term organizational disregard for the requirements of the Security Rule.

To settle the charges, MEEI will pay a $1.5 million settlement to OCR.  In addition, the Resolution Agreement also requires MEEI to adhere to a corrective action plan which includes reviewing, revising and maintaining policies and procedures to ensure compliance with the Security Rule, and retaining an independent monitor who will conduct assessments of MEEI’s compliance with the corrective action plan and render semi-annual reports to HHS for a 3-year period.

High Dollar Resolution Agreements Increasingly Common

The MEEI Resolution Agreement follows on the resolution agreement previously announced this year with Arizona-based Phoenix Cardiac Surgery, P.C. (PCS). That resolution agreement required PCS to pay $100,000  and take corrective action to implement policies and procedures to safeguard the protected health information of its patients to settle OCR charges PCS violated HIPAA.

Health care providers and other HIPAA-covered entities should heed the MEEI, PSC and other recent settlements as the latest signal of the risks that health care providers and other covered entities run by failing to adequately implement and administer appropriate HIPAA compliance practices.

Following the announcement by OCR last month that Blue Cross Blue Shield of Tennessee (BCBST) would pay $1,500,000 to resolve HIPAA violations charges, and the latest in a series of Resolution Agreements announced by OCR in recent years, the PCS highlights the willingness to sanction health care providers and other covered entities of all sizes.  “The case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, director of OCR. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

Like the PCS, BCBST and other announced resolution agreements, the MEEI Resolution Agreement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On WebsiteCovered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.  For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here or contact Ms Stamer here or at (469) 767-8872.


[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.


ONC Releases First Wave of EHR Test Procedures; More To Come

September 14, 2012

On September 7th the ONC published the first wave of draft Test Procedures and applicable test data files for the 2014 Edition Elelctronic Health Record (EHR) certification criteria for public review and comment. ONC will release additional Test Procedures in waves on a weekly or bi-weekly basis. Each set of draft test procedures will undergo a two week period of public review and comment from the date posted. You can now provide input on Wave One 2014 draft Test Procedures. Visit the site for detailed information on the 2014 Test Procedure development process at http://www.healthit.gov/policy-researchers-implementers/2014-edition-draft-test-procedures.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

September 14, 2012

Along with its stepped up enforcement and new audit programs, the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) is working to promote and encourage better voluntary compliance by physician and other health care providers by releasing a new interactive security and privacy training game to help educate healthcare providers and their staffs to make more informed decisions regarding privacy and security of health information. Using a game format, the game asks users to respond to privacy and security challenges often faced in a typical medical practice. 

With the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) stepping up enforcement and sanctions  for health care providers, health plans, health care providers and their businesses associates (covered entities) that violate the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules and OCR now auditing HIPAA compliance, covered entities should self-audit within the scope of attorney-client privilege and tighten as necessary existing policies, practices and documentation to comply with evolving requirements of HIPAA and other laws requiring the protection of protected health information (PHI), personal financial information and sensitive data. 

As the HIPAA Privacy, Security and Breach Rules include mandates that covered entities train members of their workforce, the new game could be a helpful component for health care providers as part of their organization’s training efforts.

The mounting list of settlement agreements – most of which have required settlement payments of more than $1 million – that OCR has announced show the  growing exposures that covered entities face when violating HIPAA. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On WebsiteThese settlements and sanctions prove the importance of covered entities strengthening their HIPAA compliance and adopting other suitable safeguards to keep up HIPAA compliance and minimize HIPAA and other exposures that can arise if PHI, personal financial information and other sensitive data.  For tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Director of Texas Office of e-Health Coodination To Discuss Texas HIE Strategy in 3/14 HHS Sponsored Teleconference

March 14, 2012

On Wednesday, March 14, 2012 at 1 p.m. EDT, National eHealth Collaborative’s http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTIwMzEzLjYxMzk0MTEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTIwMzEzLjYxMzk0MTEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjkxMDkxOSZlbWFpbGlkPWNzdGFtZXJAc29sdXRpb25zbGF3eWVyLm5ldCZ1c2VyaWQ9Y3N0YW1lckBzb2x1dGlvbnNsYXd5ZXIubmV0JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&102&&&http://www.nationalehealth.org/program/nehc-university<br />
NeHC University” href=”http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTIwMzEzLjYxMzk0MTEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTIwMzEzLjYxMzk0MTEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjkxMDkxOSZlbWFpbGlkPWNzdGFtZXJAc29sdXRpb25zbGF3eWVyLm5ldCZ1c2VyaWQ9Y3N0YW1lckBzb2x1dGlvbnNsYXd5ZXIubmV0JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&102&&&http://www.nationalehealth.org/program/nehc-university&#8221;>NeHC University will host Stephen Palmer, Director of the Office of e-Health Coordination at the Texas Health and Human Services Commission, to describe the HIE strategy being pursued by the state of Texas. Palmer will be joined by Kem McClelland of the Integrated Care Collaboration, Tony Gilman of the Texas Health Services Authority, and Bryan White of the North Texas Accountable Healthcare Partnership to showcase the Texas strategy in action and detail the progress that has been made on the ground. 

To participate http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTIwMzEzLjYxMzk0MTEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTIwMzEzLjYxMzk0MTEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjkxMDkxOSZlbWFpbGlkPWNzdGFtZXJAc29sdXRpb25zbGF3eWVyLm5ldCZ1c2VyaWQ9Y3N0YW1lckBzb2x1dGlvbnNsYXd5ZXIubmV0JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&103&&&https://nationalehealthevents.webex.com/mw0306l/mywebex/default.do?nomenu=true&siteurl=nationalehealthevents&service=6&main_url=https://nationalehealthevents.webex.com/ec0605l/eventcenter/event/eventAction.do?theAction=detail&confViewID=280361112&siteurl=nationalehealthevents&&&<br />
Register for NeHC University program” href=”http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTIwMzEzLjYxMzk0MTEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTIwMzEzLjYxMzk0MTEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjkxMDkxOSZlbWFpbGlkPWNzdGFtZXJAc29sdXRpb25zbGF3eWVyLm5ldCZ1c2VyaWQ9Y3N0YW1lckBzb2x1dGlvbnNsYXd5ZXIubmV0JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&103&&&https://nationalehealthevents.webex.com/mw0306l/mywebex/default.do?nomenu=true&siteurl=nationalehealthevents&service=6&main_url=https%3A%2F%2Fnationalehealthevents.webex.com%2Fec0605l%2Feventcenter%2Fevent%2FeventAction.do%3FtheAction%3Ddetail%26confViewID%3D280361112%26siteurl%3Dnationalehealthevents%26%26%26&#8243;>register and join NeHC University’s http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTIwMzEzLjYxMzk0MTEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTIwMzEzLjYxMzk0MTEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjkxMDkxOSZlbWFpbGlkPWNzdGFtZXJAc29sdXRpb25zbGF3eWVyLm5ldCZ1c2VyaWQ9Y3N0YW1lckBzb2x1dGlvbnNsYXd5ZXIubmV0JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&104&&&http://www.nationalehealth.org/Texas<br />
Spotlight on the Texas Statewide HIE Strategy” href=”http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTIwMzEzLjYxMzk0MTEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTIwMzEzLjYxMzk0MTEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xNjkxMDkxOSZlbWFpbGlkPWNzdGFtZXJAc29sdXRpb25zbGF3eWVyLm5ldCZ1c2VyaWQ9Y3N0YW1lckBzb2x1dGlvbnNsYXd5ZXIubmV0JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&104&&&http://www.nationalehealth.org/Texas&#8221;>Spotlight on the Texas Statewide HIE Strategy.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.


[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.


$1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report

March 13, 2012

Resolution Agreement Also 1st Announced With Health Plan

Health care providers, health plans and other covered entities beware and prepare! Reporting a large breach under the HITECH Act breach notification rules will trigger a Department of Health & Human Services (HHS) Office of Civil Rights (OCR) investigation into whether OCR should impose civil monetary penalties against the reporting covered entity under the Privacy and Security Rules of the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Blue Cross Blue Shield of Tennessee (BCBST) has agreed to pay OCR $1,500,000 and to take certain other actions specified in a corrective action plan to avoid civil monetary penalties for charges of HIPAA violations.  The BCBST Resolution Agreement is particularly significant, both as:

  • The first reported enforcement action directly resulting from the filing by a covered entity of a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule; and
  • The first reported resolution agreement reached with a covered entity that is a health plan.

These notable enforcement firsts show the HITECH Breach Notification Rule’s significance as an OCR HIPAA enforcement tool, the heightened exposure to an OCR opening a HIPAA civil monetary penalty (CMP) investigation following a report, as well as the willingness of OCR to sanction health plans as well as other covered entities that breach HIPAA’s Privacy or Security Rules.

BCBST Investigation Began In Response to HITECH Act Breach Notification Rule Report

The OCR investigation that lead to the BCBST settlement began in response to BCBST making a report required under the Breach Notification Rule of the theft of 57 unencrypted computer hard drives from a leased facility in Tennessee, which contained the protected health information (PHI) of over 1 million individuals.  Read more details here.

The Breach Notification Rule enacted as part of amendments to HIPAA under the HITECH Act requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more to HHS and the media as well as an annual consolidated report of smaller breaches to HHS.[1]  Along with the Breach Notification Rules, the HITECH Act also increased the civil monetary penalties (CMPs) that covered entities like BCBST can incur for HIPAA violations. When it imposed its first ever CMP last year, OCR imposed a $4.3 million CMP against Cignet Health of Prince George’s County, Md. (Cignet).

In an apparent effort to impose a potentially larger CMP assessment arising from the investigation of its breach report, BCBST greed to pay $1,500,000 and adopt other corrective actions detailed in a corrective action plan.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The BCBST Resolution Agreements, like the Cignet CMP and other high dollar Resolution Agreements OCR has announced against various health care providers highlight the significance of the HITECH Act amendments to HIPAA’s enforcement and CMP rules, as well as the significance of its Breach Notification Rule as a tool in OCR’s investigation and enforcement efforts.

“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ right to private and secure health information.” 

The BCBST Resolution Agreement provides yet another reminder to covered entities and their business associates of the need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On WebsiteCovered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.  Fortips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.


[1] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.

For more tips, see here.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need assistance monitoring federal health reform, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

For additional resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


[*] The Breach Notification Rule also requires that covered entities report smaller breaches annually to OCR as part of a consolidated disclosure.


Agencies Seek Public Input On New Insurer Premium Revenue Reporting Obligations Added By Patient Protection and Affordable Care Act

April 15, 2010

By Cynthia Marcotte Stamer

The Departments of Treasury (IRS), Labor (DOL) and Health & Human Services (HHS) are inviting public comments on impending new federal requirements that will compel health insurance issuers offering individual or group medical coverage to send annual reports to HHS on the percentages of premiums that the coverage spends on  reimbursement for clinical services and activities that improve health  care quality, and to provide rebates to enrollees if this spending does  not meet minimum standards for a given plan year added as Section 2718  of the Public Health Service Act (PHS Act), by the Patient Protection and Affordable Care Act  (PPACA), Public Law 111-148, enacted on March 23, 2010.

Among other things, Section 2718 of  the PHS Act, Section 715 of the Employee Retirement Income Security Act  of 1974 (ERISA) and Section 9815 of the Internal Revenue Code of 1986  (the Code) will require  health  insurance issuers offering group or individual  coverage to report to HHS annually:

  • The ratio of the incurred loss (or incurred claims) plus the  loss adjustment expense (or change in contract reserves) to earned  premiums (also known as the medical loss ratio (MLR)); and
  • The percentage of total premium revenue–after accounting for collections or receipts for risk  adjustment and risk corridors and payments of reinsurance–that the  coverage spends: (1) on reimbursement for clinical services provided to enrollees; (2) for activities that improve health care quality;  and (3) on all other non-claims costs, including an explanation of the  nature of these costs, and excluding Federal and State taxes and  licensing or regulatory fees.

PPACA also requires that HHS make these reports available to the public on the Internet Web site of HHS.  To review the request for comments and its instructions for commenting on the new requirements, see here.

For Assistance With This Opportunity Or Other Health Industry Concerns

If your organization needs advice or help with commenting on the request for comments or to evaluate or respond to other health care reform regulations or other health care matters, contact Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here

Vice President of the North Texas Health Care Compliance Professionals Association, Exempt Organization Vice-Coordinator of the Southern States IRS TEGE Council, Chair of the American Bar Association (ABA) Real Property, Probate & Trust Section Employee Benefits & Other Compensation Arrangements Group, a Council Member of the ABA Joint Committee On Employee Benefits Council, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 22 years experience advising health industry clients about these and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact Cynthia Marcotte Stamer, at (469) 767-8872 or to cstamer@solutionslawyer.net.. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


House Could Vote On Health Care Reform As Early As Sunday

March 19, 2010

By Cynthia Marcotte Stamer

The stage now appears to be set for the House of Representatives to vote as early as Sunday on the latest version of health care reform backed by President Obama, Speaker Nancy Pelosi and other key Congressional Democrats, the Reconciliation Act of 2010 (H.R. 4872).  The impending deadline means that health industry providers and other Americans concerned about the potential outcome of the impending vote need to act quickly if they wish to attempt to influence the decision. For tips about sharing your input with Congress effectively, see Getting Your Health Care Reform Message Heard By Key Congressional Leaders.

Developments Today Start Clock Running For Vote

On Thursday, March 18, 2010, two key developments set the stage for a vote on H.R. 4871 as early as Sunday:

  • The House Rules Committee posted the text of H.R. 4872 on its website; and
  • The Congressional Budget Office (CBO) delivered its scoring of H.R 4872 to House Speaker Nancy Pelosi.

The delivery of CBO scoring started the clock running on the 72 hour mandatory period between the release of the CBO scoring and any final vote on the bill. This means the House could vote on H.R. 4872 as early as Sunday, March 21. 

If passed by the House, H.R. 4872 would make sweeping changes to the U.S. health care system impacting virtually every American patient, health care provider, employer and taxpayer.  To learn the facts about these proposed changes, read the full text of H.R. 4872 here.  

According to the CBO, H.R. 4872 will cost $940 billion over 10 years to extend coverage to 32 million uninsured people.  To learn more specifics about these cost and other determinations, review the CBO scoring here.

This Is Only The Beginning: Stay Involved

The outcome of this latest health care reform push is only a small part of a continuing process.  Whether or not the President’s proposal or some other version of health care reform passes this week, Congress already has and will continue to consider other legislation impacting health care reform.  This reality is demonstrated by Congressional actions recently taken on the COBRA premium subsidy extension, Medical reimbursement for physicians, continuing federal efforts to develop and implement federal health care quality and technology standards, and other legislative, regulatory and enforcement actions taken while public attention has been focused largely only on the broader health care reform debate.

Upcoming mid-term elections will significantly impact the nature and scope of these upcoming efforts.  Perhaps even more significantly, the enactment of legislation is only a beginning point.  The real meaning of these or other health care reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye.  Monitoring and staying active in these ongoing processes provides a critical opportunity to continue to monitor your issues and provide input to shape how they are addressed.

Individuals concerned about these and other health care reform proposals and concerns are invited to stay involved in the discussion by sharing their input with Congress, regulators.  Concerned individuals also are invited to stay involved in the discussion by joining the Coalition for Responsible Health Care Reform Group on Linkedin and registering to receive these updates here. The author of this article, Curran Tomko and Tarski LLP Health Care Practice Chair Cynthia Marcotte Stamer has extensive experience advising and assisting health industry clients and others about a diverse range of health care policy, regulatory, compliance, risk management and operational concerns.  You can get more information about her health industry experience here.  

Help Monitoring & Responding To Developments

If you need assistance evaluating or formulating comments on the proposed reforms contained in the House Bill or on other health industry matters please contact Cynthia Marcotte Stamer, CTT Health Care Practice Group Chair, at cstamer@cttlegal.com or 214.270.2402. 

From her extensive involvement with federal and state legislative and regulatory licensing, telemedicine, managed care, privacy and other health, pension and other reforms in the U.S. to her involvement as a lead advisor to the Government of Bolivia on its pension privatization legislation, Ms. Stamer’s experience includes significant experience working with clients domestically on key health care and other public policy matters.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Chairman of the Board of Richardson Development Center for Children and past Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer couples her policy experience with her extensive experience working with health industry clients on regulatory, staffing, reimbursement, risk management and compliance and other operational matters.  She has more than 22 years experience advising health industry clients about these and other matters.    A popular lecturer and widely published author on health industry matters, Ms. Stamer advises hospitals and other health industry clients about responding to and using these and other quality measures and other related concerns.  Ms. Stamer also publishes and speaks extensively on health and managed care industry quality, regulatory, reimbursement, and other operations, risk management and public policy concerns.  Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments & Resources

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

For More Information

We hope that this information is useful to you.  If you need assistance with auditing or defending these or other health care compliance, risk management, transaction or operation concerns, please contact the author of this update, Curran Tomko Tarski LLP Health Practice Group Chair, Cynthia Marcotte Stamer, at (214) 270‑2402, cstamer@cttlegal.com, Edwin J. Tomko at (214) 270-1405 or another Curran Tomko Tarski LLP Partner of your choice. Ms. Stamer has extensive experience advising clients and writes and speaks extensively on these and other health industry and other internal controls and risk management matters. 

You can review other recent health care and internal controls resources and additional information about the health industry and other experience of Ms. Stamer here.  If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information to cstamer@cttlegal.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.  To unsubscribe, e-mail here.

©2010 Cynthia Marcotte Stamer.  All rights reserved.


Follow

Get every new post delivered to your Inbox.

Join 571 other followers

%d bloggers like this: