Latest OCR Resolution Agreement Hits Public Health Department, Shows Needs To Stay Up-To-Date

March 16, 2014

Health Department HIPAA Violations Cost County $250,000, Requires Sweeping HIPAA Reforms

Hear Update On Resolution Agreement & Other New HIPAA Developments At 3/18 North Texas Healthcare Professionals Association Meeting – 

RSVP here by Noon on March 17, 2014

Skagit County, Washington will pay a $215,000 monetary settlement and work closely with the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) to correct deficiencies in its HIPAA compliance program to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules by the Skagit County Public Health Department (Health Department) under a Resolution Agreement announced by OCR on March 7, 2014.  The Resolution Agreement makes clear the need for health care providers, health plans, health care clearinghouses and their business associates to update and maintain their policies and practices in compliance with the constantly evolving OCR guidance and resolution agreements, as well as to timely investigate and report breaches.   Interested persons are invited to hear a briefing on a series of new developments including this latest Resolution Agreement at the March 18, 2014 North Texas Healthcare Professionals Association Meeting.

OCR investigated the Health Department after receiving a breach report that unknown parties accessed money receipts with electronic protected health information (ePHI) of seven individuals after the ePHI had been inadvertently moved to a publicly accessible server maintained by the County.

OCR reports its investigation revealed a broader exposure of protected health information involved in the incident, which included the ePHI of 1,581 individuals. Many of the accessible files involved sensitive information, including protected health information about the testing and treatment of infectious diseases.

OCR’s investigation further uncovered general and widespread non-compliance by Skagit County with the HIPAA Privacy, Security, and Breach Notification Rules.

Specifically, the Resolution Agreement between OCR and the Health Department states that OCR found the following conduct occurred (“Covered Conduct”).

  • From approximately September 14, 2011 until September 28, 2011, Skagit County disclosed the ePHI of 1,581 individuals in violation of the Privacy Rule by providing access to ePHI on its public web server;
  • From      November 28, 2011 until present, Skagit County failed to provide notification as required by the Breach Notification Rule to all of the individuals for whom it knew or should have known that the privacy or security of the individual’s ePHI had been compromised as a result of the breach incident;
  • From April 20, 2005 until present, Skagit County failed to implement sufficient policies and procedures to prevent, detect, contain, and correct security violations;
  • From April 20, 2005 until June 1, 2012, Skagit County failed to implement and  maintain in written or electronic form policies and procedures reasonably designed to ensure compliance with the Security Rule; and
  • From April 20, 2005 until present, Skagit County failed to provide security awareness  and training to all workforce members, including its Information Security staff members, as necessary and appropriate for the workforce members to carry out their functions within Skagit County.

To resolve OCR’s allegations of these breaches, Skagit County agrees under the Resolution Agreement to pay HHS $215,000.00 and to ensure that the Health Department implements a series of corrective actions.  Among other things, the Resolution Agreement requires that the Health Department:

  • Provide substitute Breach Notification to individuals not previously notified of the breach of their ePHI in accordance with the Resolution Agreement
  • Revise to the satisfaction of OCR and adopt revised accounting for disclosure, hybrid entity designations, policies on safeguarding PHI, including its sample business associate agreements;
  • Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered health care components of Skagit County as identified in its hybrid entity documentation approved by HHS and implement security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level.
  • Create and revise, as necessary, written policies and procedures for its covered health care components to comply with the Federal standards that govern the privacy, security, and breach notification of individually identifiable health information;
  • Comply with strict workforce training requirements;
  • Notify and OCR of the occurrence of some reported breaches, its investigation and corrective actions;
  • Provide a summary of the reported events and the status of any corrective and preventative action relating to all such Reportable Events; and
  • Provide OCR with an attestation signed by an officer of Skagit County attesting that he or she has reviewed the Annual Report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful.

In addition to bringing its policies and practices up to date with OCR regulations in effect at the time of the breach that resulted in the Resolution Agreement, the Health Department also will have to update its polic9ies and practices to meet changes to OCR’s HIPAA rules that have taken effect since the breach under the revised rules published by OCR in its Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013 as well as a series of recently issued OCR rules such as the following:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

Covered Entities & Business Associates Should Review & Tighten Practices in Response To Resolution Agreement & Other New Guidance

Other covered entities and their business associates should carefully evaluate and tighten their existing practices in response to the Resolution Agreement and other recent guidance.  In the past, OCR officials have stated it expects that other health care providers, health plans, health care clearinghouses and their business associates will review resolution agreements like this one along with other emerging OCR guidance and update their practices as necessary to address concerns within their own organization that might be similar to those reflected in the applicable resolution agreement.  The Resolution Agreement documents this expectation by specifically incorporating this requirement as part of its terms.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

Hear Stamer’s Update On Resolution Agreement & Other New HIPAA Developments At 3/18 North Texas Healthcare Professionals Association Meeting

Scribe for the American Bar Association Annual Agency Meeting with OCR for the fourth year, attorney Cynthia Marcotte Stamer will overview these and other HIPAA developments when she presents “Tutoring On OCR’s Latest HIPAA Homework” at the North Texas Healthcare Professionals Association Study Group Luncheon on Tuesday,  March 18, 2014 from 11:30 p.m. to 1:00 p.m. at the offices of the Dallas Ft Worth Hospital Council, 250 Decker Drive, Irving, TX 75062-2706.  A complimentary luncheon will be served to guests to who register in advance.  There is no charge to particulate but space is limited.  RSVP here by Noon on March 17, 2014.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of other workshops, programs and publications on fraud and other compliance, operational and risk management, and other health industry matters.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Hospital Will Pay $75K For Refusing To Hire Disabled Worker

March 10, 2014

Osceola Community Hospital Refused To Hire Child Care Worker With Cerebral Palsy Who Had Worked As Volunteer

Osceola Community Hospital in Sibley, Iowa will pay $75,000 and furnish other relief to settle an Americans With Disabilities Act (ADA) disability discrimination lawsuit filed by the U.S. Equal Employment Opportunity Commission (EEOC) for its refusal to hire a child care worker with cerebral palsy.  The case shows both the need for health care and other employers to have sufficient evidence to support decisions not to hire disabled workers for safety reasons as well as the potential risks that hospitals or other face when refusing to hire disabled individuals who have been allowed to work as volunteers in their organizations.

The EEOC charged a day care center operated by the hospital, Bright Beginnings of Osceola County, unlawfully failed to hire a volunteer employee into a paid position for which she was qualified because of her cerebral palsy.  Although the woman who brought the charge of discrimination against the hospital already volunteered in the day care center and held a job driving a school bus, the EEOC’s investigation revealed the county refused to hire her into a paying job in the center out of an unfounded fear that her disability meant that she could not safely care for the children.

Judge Mark Bennett entered a consent decree on February, 28, 2014, resolving the brought by the EEOC in EEOC v. Osceola Community Hospital d/b/a Bright Beginnings of Osceola County, Civil Action No. 5:12-cv-4087 (N.D. Iowa, Sept. 26, 2012 that orders Osceola Community Hospital to pay $75,000 to the discrimination victim.  The decree also requires the hospital to institute a policy prohibiting discrimination on the basis of disability and to distribute the policy to all of its employees.  The hospital also must train its employees and report regularly to the EEOC on its compliance with the ADA.

The lawsuit provides another example to health care and other employers of their growing exposure to disability discrimination claims under the ADA.  The EEOC action and lawsuit highlights the importance of employers ensuring that decisions to refuse to hire disabled workers for safety reasons are based upon appropriate evidence of actual safety concerns that prevent the worker from safely performing the assigned duties with or without reasonable accommodation.

The fact that the worker in this case had in fact worked as a volunteer likely created additional challenges in defending the decision.  The use of volunteer workers in health industry businesses is a common practice that may justify special care before those organizations deny employment to a former volunteer on the basis of safety concerns associated with the disabilities of the applicant or worker both to document the reasonable basis of the safety concern and that the concern could not be adequately resolved through reasonable accommodation.

Health Care Providers Must Strengthen Disability Compliance & Risk Management

Employment discrimination isn’t the only disability discrimination risk that hospitals and other health industry organizations need to worry about in today’s liability charged environment.  Enforcing federal discrimination laws is a high priority of the Obama Administration. The Departments of Labor, Health & Human Services, Education, Justice, Housing & Urban Development, and others all have both increased enforcement, audits and public outreach, as well as have sought or are proposing tighter regulations.

The expanding applicability of nondiscrimination rules coupled with the wave of new policies and regulatory and enforcement actions should alert private businesses and state and local government agencies of the need to exercise special care to prepare to defend their actions against potential disability or other Civil Rights discrimination challenges under employment, Medicare, housing and a broad range of other laws.

The Obama Administration is targeting disability discrimination by health care organizations in a broad range of areas as part of its Barrier Free Health Care Initiative (Initiative).  Launched on the 22nd anniversary of the ADA in July 2012, the Initiative is a partnership of the Civil Rights Division and 40 U.S. Attorney’s offices across the nation, that targets ADA and other disability discrimination law enforcement efforts on a critical area for individuals with disabilities.

Part of a broader enforcement initiative of the Obama Administration to enforce and expand federal protections for individuals with disabilities, the Initiative seeks to protect patients with disabilities against illegal disability discrimination by prosecuting health care providers under the ADA and the Rehab Act.

Section 504 of the Rehab Act requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities.

In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities.  The public accommodation provisions of the ADA, for instance, generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities.  The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds.  These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

 The  Justice Departments campaign against disability discrimination by health care providers is supported and enhanced by the concurrent efforts of OCR.   Along side the Justice Department’s efforts, OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with the Rehab Act and the ADA well as various other federal nondiscrimination and civil rights laws. Through its own antidiscrimination campaign, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR.   See, e.g. Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled.   Meanwhile, both the Justice Department and OCR also are encouraging victims of discrimination to enforce their rights through private action through educational outreach to disabled and other individuals protected by federal disabilities and other civil rights laws to make them aware of and to encourage them to act to enforce these rights.

Health Care Organizations & Providers Should Act To Manage Patient-Related Disability Discrimination Risks

Prosecutions and settlements by these and other federal agencies show the need for health care providers and other public and private organizations to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the Justice Department, OCR,  the EEOC and other agencies as well as private law suits.  Hospitals, health care clinics, physicians and other health care providers should take steps to guard against joining the growing list of health care providers caught in the enforcement sights of the Initiative by reviewing and updating practices, policies, training and oversight to ensure that their organizations can prevent and defend against charges of disability discrimination.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider.  In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

In light of the expanding readiness of the Justice Department, OCR, HUD, EEOC and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements.  Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions.  Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives.  Solutions Law Press, Inc.™ also conducts and help businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs.  For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com   These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com.  CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C. All rights reserved.


OCR Assigns More HIPAA Compliance Work To Health Care Providers

March 5, 2014

Think your health care organization or health plan has health care privacy covered?  Think again.

A series of supplemental guidance issued by the Department of Health & Human Services Office of Civil Rights (OCR) in recent weeks is giving health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates even more to do in reviewing and updating their policies, practices and training for handing protected health information (PHI) beyond bringing their policies and practices into line with OCR’s restatement and update to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act since the Omnibus Final Rule took effect on March 26, 2013 and to have updated business associate agreements in place since September 23, 2013.  Meanwhile, the Omnibus Final Rule generally has required business associates have updated business associate agreements in place and otherwise to have come into compliance with all of the applicable requirements of the Omnibus Final Rule since September 23, 2013.  Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the modifications implemented in    the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance concerning its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to demonstrate their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include a wide range of other workshops, programs and publications on fraud and other compliance, operational and risk management, and other health industry matters.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2014 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


55 Hospitals To Pay $35M+ To Settle FCA Claims Charges On Kyphoplasty Procedures

July 6, 2013

Whistleblowers Played A Big Role, Collectively Will Receive $5.5 Million From Settlement Proceeds

Fifty-five hospitals in 21 states will pay a total of more than $34 million to settle Justice Department allegations that the health care facilities submitted false claims to Medicare for a minimally-invasive procedure used to treat certain spinal fractures that often are due to osteoporosis known as “kyphoplasty.”

The settlement stems from charges by the Justice Department and Department of Health & Human Services (HHS) Office of Inspector General (OIG) that the settling hospitals frequently billed Medicare for performing kyphoplasty procedures on the more costly inpatient basis, rather than an outpatient basis, in order to increase their Medicare billings  when the kyphoplasty could have been performed safely and effectively as an outpatient procedure without any need for a more costly hospital admission.

With the settlements announced July 1,  the Justice Department says it has now reached settlements with more than 100 hospitals totaling approximately $75 million to resolve allegations that they mischarged Medicare for kyphoplasty procedures.   Justice Department officials credited whistleblowers with helping it to identify the charged misconduct in virtually all of the cases.  They collectively will receive an estimated $5.5 million of the total of $34 million to be paid under the settlements.

 55 Settlements Impact Systems & Providers Across The Nation

According to the Justice Department’s July 1 announcement of the settlements, the settling facilities, and the amounts they have agreed to pay, include 23 hospitals affiliated with HCA Inc., Nashville, TN, who have agreed to pay a total of $7,145,842.72.  These include:

  •  Aventura Hospital & Medical Center, Aventura, FL
  • Capital Regional Medical Center, Tallahassee, FL
  • Coliseum Medical Center,  Macon, GA
  • Coliseum Northside Hospital, Macon, GA
  • Conroe Regional Medical Center, Conroe, TX
  • Denton Regional Medical Center, Denton, TX
  • Doctors Hospital of Sarasota,  Sarasota, FL
  • Edmond Regional Medical Center, Edmond, OK
  • Fawcett Memorial Hospital, Port Charlotte, FL
  • Fort Walton Beach Medical Center, Fort Walton Beach, FL
  • Garden Park Medical Center, Gulf Port, MS
  • JFK Medical Center, Atlantis, FL
  • Los Robles Regional Medical Center, Thousand Oaks, CA
  • North Florida Regional Medical Center,  Gainesville, FL
  • Northlake Medical Center,  Tucker, GA
  • Oklahoma University Medical Center,  Oklahoma City, OK
  • Palmyra Medical Center,  Albany, GA
  • Redmond Regional Medical Center,  Rome, GA
  • Southwest Florida Regional Medical Center,  Fort Myers, FL
  • St. Lucie Medical Center,  Port Saint Lucie, FL
  • Summit Medical Center,  Hermitage, TN
  • Sunrise Hospital & Medical Center,  Las Vegas, NV
  • Wesley Medical Center, Wichita, KS

Also 6 hospitals affiliated with Lifepoint Hospitals, Inc., Brentwood, TN, have agreed to pay a total of $2,522,502.69.  These include:

  • Andalusia Regional Hospital, Andalusia, AL
  • Jackson Purchase Medical Center, Mayfield, KY
  • Lake Cumberland Regional Hospital,  Somerset, KY
  • Minden Medical Center,  Minden, LA
  • Russellville Hospital, Russellville, AL
  • Western Plains Medical Complex,  Dodge City, KS

Also, 5  hospitals affiliated with Trinity Health, Livonia, MI, have agreed to pay a total of $3,910,017.53.  These include:

  • Mercy Medical Center, – Dubuque,  Dubuque, IA
  • Mercy Medical Center – Sioux City,  Sioux City, IA
  • St. Joseph Mercy Hospital,  Pontiac, MI
  • Mercy Health Partners,  Muskegon, MI
  • Mount Carmel New Albany Surgical Hospital,  New Albany, OH

Justice Department officials also report that 4hospitals affiliated with Morton Plant Mease BayCare Health System, Clearwater, FL, have agreed to pay a total of $2,378,325.45.  These include:

  • Morton Plant Hospital,  Clearwater, FL
  • Morton Plant North Bay Hospital,  New Port Richey, FL
  • Mease Dunedin Hospital, Dunedin, FL
  • Mease Countryside Hospital, Safety Harbor, FL

Justice Department officials also say 3  hospitals affiliated with Baptist Memorial Health Care Corporation, Memphis, TN, have agreed to pay a total of $691,168.  These are:

  • Baptist Memorial Hospital-Golden Triangle, North Columbus, MS
  • Baptist Memorial Hospital-Collierville,  Collierville, TN
  • Baptist Memorial Hospital-Memphis,  Memphis, TN

In addition, Justice Department officials say 2 hospitals affiliated with Covenant Health, Knoxville, TN, have agreed to pay a total of $1,845,641.74.  These are  Parkwest Medical Center in  Knoxville, TN  and Methodist Medical Center of Oak Ridge in Oak Ridge, TN.

Meanwhile, 2 hospitals affiliated with Bayhealth Medical Center, Newark, DE, also reportedly have agreed to pay a total of $1,115,306.37.  These are Bayhealth Kent General Hospital,  Dover, DE  and Bayhealth Milford Memorial Hospital,  Milford, DE.

In addition to these hospitals, the following facilities have agreed to pay the following settlements:

  • Atrium Medical Center, Middletown, OH, has agreed to pay $4,232,992.50
  • Altru Health System, Grand Forks, ND, has agreed to pay $1,492,690
  • Cedars Sinai Medical Center, Los Angeles, CA, has agreed to pay $1,485,846
  • Des Peres Hospital, St. Louis, MO, has agreed to pay $900,000
  • Mount Sinai Medical Center, Miami, FL, has agreed to pay $1,846,194.00
  • New England Baptist Hospital, Boston, MA, has agreed to pay $374,814.48
  • St. Anne’s Hospital, Fall River, MA, has agreed to pay $552,745
  • The Queen’s Medical Center, Honolulu, HI, has agreed to pay $1,055,249.57
  • Trover Health System, Madisonville, KY, has agreed to pay $1,162,837
  • Wayne Memorial Hospital, Goldsboro, NC, has agreed to pay $1,250,000.

In addition to today’s settlement, the government previously settled with Medtronic Spine LLC, the corporate successor to Kyphon Inc., for $75 million to settle allegations that the company defrauded Medicare by counseling hospital providers to perform kyphoplasty procedures as inpatient rather than outpatient procedures.

According to Tom O’Donnell, Special Agent in Charge of the Office of Investigations of the HHS-OIG New York Regional Office,  “The settlements related to kyphoplasty billing that have been reached with over 100 hospitals represent one of the largest and most successful multi-party health care investigations in the nation.”

While these settlements relate specifically to kyphoplasty procedures, they send a message impacting all procedures and practice areas that they risk OIG and/or Justice Department prosecution if procedures are performed in a most costly manner to increase reimbursement which is not medically necessary.  Justice Department officials warned health care providers  that Justice and OIG will act “Whenever hospitals knowingly overcharge Medicare, critically needed resources are wasted and health costs are driven up.”

Whistleblower Involvement Played Big Role

As in other recently announced settlement agreements, see e.g., Whistleblower Collects $2.7 M of $14.5M Sound Inpatient Physicians Overbilling Settlement, whistleblower involvement played a key role in helping OIG and Justice to identify and prosecute the alleged misconduct.

According to the Justice Department, all but four of the settling facilities announced today were named as defendants in a qui tam, or whistleblower, lawsuit brought under the False Claims Act, which permits private citizens to bring lawsuits on behalf of the United States and receive a portion of the proceeds of any settlement or judgment awarded against a defendant.  The lawsuit was filed in federal district court in Buffalo, N.Y., by Craig Patrick and Charles Bates.  Mr. Patrick is a former reimbursement manager for Kyphon, and Mr. Bates was formerly a regional sales manager for Kyphon in Birmingham, Ala.  The whistleblowers will receive a total of approximately $5.5 million from the settlements.

 Mitigate Risks With Effective Oversight of Both Documentation & Operations

As Acting Assistant Attorney General for the Civil Division Stuart F. Delery noted in the settlement announcement. “Physicians who participate in Medicare and other federal health care programs must document and bill for their services accurately and honestly.” With qui tam and other whistleblower participation, the Justice Department, HHS and other federal and state fraud investigators go beyond merely challenging whether the medical record documentation supports the charges billed to question whether the medical record itself accurately reflects the care in fact delivered by relying upon testimony of employees or other “insiders” often with an axe to grind against the provider.

To mitigate these exposures, health care providers clearly should work diligently both to ensure that their billing and other compliance programs accurately, honestly and completely document the care provided and code and bill for those services in accordance with the currently applicable federal program rules.  While these compliance and risk management programs are indispensable components of any effective health care fraud compliance program, health care providers also should recognize that the effectiveness of their health care fraud and other compliance program also may depend on the effectiveness of their operational and workforce oversight and management.  Along with effective billing and other fraud detection and compliance programs, providers also need effective medical quality and records documentation, provider and workforce performance and management, investigations and other management programs.

As a key element of these activities, providers should constantly be on watch for evidence of gaps between the medical and billing documentation and the factual realities looking at broad range of sources. Providers should target these activities to cover both specific medical documentation, coding and care, and other operational indicators that could show a problem.  With qui tam and other whistleblower claims rising, however, providers should keep in mind that mere auditing of records and billing patterns alone often fails to uncover key evidence of potential concerns.

To help identify potential areas of scrutiny, providers should carefully monitor and examine the adequacy of their compliance and risk management agreements against corporate integrity agreements with other providers who have reached settlements with the Department of Justice, HHS Office of Inspector General or other agencies like the TranS1 Inc. Corporate Integrity Agreement .

Health care providers also should take into account a plethora of other potential indicators including but not limited to peer review and quality assurance data, deficient as well as inexplicably exceptional medical record or other record keeping documentation, hotline, exist interview and other workforce feedback, disagreements among providers in patterns of care, political and interpersonal differences, and a host of other indicators that could show a valid compliance concern or a developing hostility that could become the incentive for a whistleblower or other complaint. Providers should document these and other efforts to investigate, monitor and redress potential concerns  In addition, providers also should guard against qui tam, retaliation and other claims by ensuring that their human resources, peer review, credentialing, background and other investigations, privacy and other operational activities are designed, documented to be both legally compliant and defensible.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc..  All other rights reserved.


Whistleblower Collects $2.7 M of $14.5M Sound Inpatient Physicians Overbilling Settlement

July 6, 2013

Former employee-turned Whistleblower Craig Thomas will collect $2.7 million out of the $14.5 million settlement that Sound Inpatient Physicians Inc. (SIP) will pay $14.5 million to settle allegations that it overbilled Medicare and other federal health care programs under a settlement announced by the Justice Department on July 3, 2013.  The SIP announcement comes the same day the Justice Department announced medical device manufacturer TranS1 Inc., now known as Baxano Surgical Inc., will pay $6 million to resolve whistleblower-prompted FCA allegations that TranS1 Inc. caused health care providers to submit false claims to Medicare and other federal health care programs for minimally-invasive spine surgeries.

Both the SIP and TranS1 Inc. charges and settlement clearly show the ever-growing risk of Justice Department prosecution that providers face when billing Medicare or other government programs for care beyond the level delivered and documented in the medical record. The litigation and resulting settlement also show the too-often underappreciated rule that employees, vendors and other whistleblowing insiders increasingly play in the initiation and success of these prosecutions and how they impact the ability of providers charged with fraud to prove they have billed Medicare or other federal health plans accurately and honestly for services actually delivered in the manner documented in the record and in accordance with applicable Federal program rules.

To mitigate these exposures, health care providers both should strengthen their health care medical record documentation, billing and other fraud and compliance programs and their employee, vendor and other workforce relations and management processes.

Former SIP Employee’s Qui Tam Claim Prompted Suit

The settlement resolves charges that SIP fraudulently inflated billings to government programs brought in U.S. ex rel. Craig Thomas v. Sound Inpatient Physicians, Inc. and Robert A. Bessler, Civil Action No. C09-5301RBL (W.D. Wash.) that initially came to the government’s attention through a lawsuit filed by former SIP employee, Craig Thomas, under the qui tam, or whistleblower, provisions of the False Claims Act  (FCA).  The FCA allows private citizens to bring civil actions on behalf of the government and share in any recovery.  Thomas will receive $2.7 million of the $14.5 million settlement for exposing Sound Physicians’ inflated claims.

In the lawsuit, the Justice Department alleged that SIP, a Tacoma, Washington-based employer of more than 700 hospitalists and post-acute physicians at 70 hospitals and a growing network of post-acute facilities in 22 states, between 2004 and 2012, knowingly submitted inflated claims to federal health benefits programs for its hospitalist employees for higher and more expensive levels of service than documented by hospitalists in patient medical records.

The SIP civil settlement illustrates the growing reliance on whistleblowers and other FCA tools by the Federal government in its rising campaign against false claims and other health care fraud by physicians, hospitals and other health care providers under the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative announced in May 2009 by Attorney General Eric Holder and Health and Human Services (HHS) Secretary Kathleen Sebelius.   Since January 2009, the Justice Department claims to have recovered a total of more than $14.7 billion through FCA cases, with more than $10.7 billion of that amount recovered in cases involving fraud against federal health care programs.

TranS1 Inc.  Whistleblower Gets $1M+ Out of $6M Settlement

Whistleblower claims also prompted the charges and settlement announced against medical device manufacturer TranS1 Inc. The Justice Department announced July 3 that TranS1 Inc. has agreed to pay the United States $6 million to resolve allegations under the FCA.  Whistleblower Kevin Ryan, whose qui tam claim prompted the investigation that lead to the settlement will collect $1,020,000 from the settlement.

The settlement resolves Justice Department charges developed out of the qui tam action of a former employee that TranS1 knowingly caused health care providers to submit claims with incorrect diagnosis or procedure codes for minimally-invasive spine fusion surgeries using Trans1’s AxiaLIF System.  That device was developed as alternative to invasive spine fusion surgeries.  The United States alleges that TranS1 improperly counseled physicians and hospitals to bill for the AxiaLIF System by using incorrect and inaccurate codes intended for more invasive spine fusion surgeries.  The Justice Department alleged that, as a result, health care providers received greater reimbursement than they were entitled to for performing the minimally-invasive AxiaLIF procedures.

The Justice Department also claimed TranS1 knowingly paid illegal remuneration to certain physicians for participating in speaker programs and consultant meetings intended to induce them to use TranS1 products, in violation of the Federal Anti-Kickback Statute, 42 U.S.C.  § 1320a-7b(b), and thereby caused false claims to be submitted to federal health care programs.  The Anti-Kickback Statute prohibits offering or paying remuneration to induce referrals of items or services covered by federally-funded programs and is intended to ensure that a physician’s medical judgments are not compromised by improper financial incentives and are based solely on the best interests of the patient.

In addition, the Justice Department alleged that TranS1 promoted the sale and use of its AxiaLIF System for uses that were not approved or cleared by the U.S. Food and Drug Administration, including use in certain procedures to treat complex spine deformity, and which were thus not covered by federal health care programs.

“A medical device manufacturer violates the law when it advises physicians and hospitals to report the wrong codes to federal health insurance programs in order to increase reimbursement rates,” said Rod J. Rosenstein, U.S. Attorney for the District of Maryland.  “Health care providers are required to bill federal health care programs truthfully for the work they perform.”

As part of the settlement, TranS1 has agreed to enter into a corporate integrity agreement with the Office of Inspector General of the Department of Health and Human Services.  That agreement provides for procedures and reviews to be put in place to avoid and promptly detect conduct similar to that which gave rise to this matter.

Mitigate Risks With Effective Oversight of Both Documentation & Operations

As Acting Assistant Attorney General for the Civil Division Stuart F. Delery noted in the settlement announcement. “Physicians who participate in Medicare and other federal health care programs must document and bill for their services accurately and honestly.” With qui tam and other whistleblower participation, the Justice Department, HHS and other federal and state fraud investigators go beyond merely challenging whether the medical record documentation supports the charges billed to question whether the medical record itself accurately reflects the care in fact delivered by relying upon testimony of employees or other “insiders” often with an axe to grind against the provider.

To mitigate these exposures, health care providers clearly should work diligently both to ensure that their billing and other compliance programs accurately, honestly and completely document the care provided and code and bill for those services in accordance with the currently applicable federal program rules.  While these compliance and risk management programs are indispensable components of any effective health care fraud compliance program, health care providers also should recognize that the effectiveness of their health care fraud and other compliance program also may depend on the effectiveness of their operational and workforce oversight and management.  Along with effective billing and other fraud detection and compliance programs, providers also need effective medical quality and records documentation, provider and workforce performance and management, investigations and other management programs.

As a key element of these activities, providers should constantly be on watch for evidence of gaps between the medical and billing documentation and the factual realities looking at broad range of sources. Providers should target these activities to cover both specific medical documentation, coding and care, and other operational indicators that could show a problem.  With qui tam and other whistleblower claims rising, however, providers should keep in mind that mere auditing of records and billing patterns alone often fails to uncover key evidence of potential concerns.

To help identify potential areas of scrutiny, providers should carefully monitor and examine the adequacy of their compliance and risk management agreements against corporate integrity agreements with other providers who have reached settlements with the Department of Justice, HHS Office of Inspector General or other agencies like the TranS1 Inc. Corporate Integrity Agreement .

Health care providers also should take into account a plethora of other potential indicators including but not limited to peer review and quality assurance data, deficient as well as inexplicably exceptional medical record or other record keeping documentation, hotline, exist interview and other workforce feedback, disagreements among providers in patterns of care, political and interpersonal differences, and a host of other indicators that could show a valid compliance concern or a developing hostility that could become the incentive for a whistleblower or other complaint. Providers should document these and other efforts to investigate, monitor and redress potential concerns  In addition, providers also should guard against qui tam, retaliation and other claims by ensuring that their human resources, peer review, credentialing, background and other investigations, privacy and other operational activities are designed, documented to be both legally compliant and defensible.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc..  All other rights reserved.


OIG Urges CMS To Step Up Efforts To Recover “Overpayments”

July 2, 2013

The Department of Health & Human Services (HHS) Office of Inspector General (OIG) is recommending that the Centers for Medicare & Medicaid Services (CMS) step-up efforts to collect Medicare overpayments to providers currently considered uncollectable because the provider has failed to repay overpayments identified and demanded by CMS six or more months after CMS demands repayment.  The recommendations made in OIG’s Medicare’s Currently Not Collectible Overpayments Report (Report) reflect the ever-growing emphasis of HHS on reducing Medicare and other federal program costs by aggressive enforcement of Medicare and other federal regulations against providers.  While CMS has not concurred with all of OIG’s recommendations in the Report, providers can expect CMS to further tighten its overpayment processes in response to these and other OIG recommendations.

According to the Report, CMS identifies billions of dollars in alleged Medicare overpayments to health care providers each year. In fiscal year (FY) 2010, overpayments totaled $9.6 billion. While CMS identifies these amounts, the Report notes that CMS does not recover all overpayments. Under CMS current accounting policies, CMS classifies overpayments for which the provider has not repaid at least 6 months after the due date on the Medicare demand letter as “currently not collectible” (CNC).  CMS does not report these CNC amounts in CMS’s annual financial statements because it considers these amounts unlikely to be recovered.

The Report summaries the results of an OIG study of these CNC amounts.   In the study, OIG requested details from CMS about CNC overpayments in FY 2010 and summary financial data for FYs 2007 to 2010. CMS provided most of the data from its Healthcare Integrated General Ledger Accounting System (HIGLAS). OIG also surveyed CMS and all its claims processing contractors to identify (1) hindrances to debt collection and (2) strategies to reduce the number and dollar amount of overpayments that become CNC.

According to the Report, CMS reported $543 million in new CNC overpayments across all contractors in FY 2010. However, CMS provided detailed information on $69 million in CNC overpayments for only seven contractors. Citing contractor transitions, CMS did not provide detailed data for the remaining 32 contractors. For 54 percent of CNC overpayments associated with the seven contractors, the provider type was missing in HIGLAS. For the seven contractors, 97 percent of FY 2010 CNC overpayments were not recovered. According to contractors, inaccurate provider contact information delays or prevents some overpayment demand letters from reaching providers. In addition, CMS and contractors reported that expanding the types of provider identifiers used to recover payments could improve debt collection efforts.

Based on these findings, OIG recommended that CMS should:

  • Ensure the HIGLAS variable for provider type is populated for all overpayments,
  • Ensure that demand letters are mailed to the contacts and addresses identified by the provider, and
  • Use tax identification numbers and provider transaction access numbers in addition to national provider numbers for the collection of overpayments.

According to OIG, CMS partially concurred with the first recommendation, did not agree with our second recommendation, and concurred with our third recommendation.  Accordingly, at minimum, providers should expect that CMS will step up use of tax identification and provider transaction access numbers in tracking down and collecting overpayments demanded by OIG.

The Report is just one of a plethora of activities that OIG, CMS and other HHS agencies, alone or in conjunction with the Department of Justice and other federal and state agencies are conducting in their campaign to control Medicare and other federal program costs by targeting provider reimbursements.With health care fraud and other billing audits and enforcement rising, hospitals and other health care providers should heed these reports as continuing reminders to tighten their billing practices to ensure defensibility in the event of an audit or other enforcement action.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


HHS Continues Preparations For Health Care Marketplace By Awarding $32M Of Grants To Up CHIP & Medicaid Enrollment

July 2, 2013

As part of its continuing efforts to promote enrollment in the Health Insurance Marketplace slated to take effect January 1, 2014, the Department of Health and Human Services (HHS) today (July 2, 2013) announced the award of nearly $32 million in grants for efforts to identify and enroll children eligible for Medicaid and the Children’s Health Insurance Program (CHIP). The Connecting Kids to Coverage Outreach and Enrollment Grants were awarded to 41 state agencies, community health centers, school-based organizations and non-profit groups in 22 states; two grantees are multistate organizations.  The announcement follows the recent rollout of online tools to aid consumers enroll in the new Health Care Marketplace scheduled to launch January 1, 2014 as part of the continuing implementation of reforms enacted as part of the Patient Protection & Affordable Care Act (Affordable Care Act).

Announced Grants Target Increased CHIP & Medicaid Enrollment

In amounts ranging from $190,000 to $1 million out of the $140 million included in the Affordable Care Act and the Children’s Health Insurance Program Reauthorization Act (CHIPRA) of 2009 for enrollment and renewal outreach,  HHS Reports the grants awarded to the grantees listed here focus on 5 areas:

  • Engaging schools in outreach, enrollment and retention activities (9 awards);
  • Reducing health coverage disparities by reaching out to subgroups of children that are less likely to have health coverage (8 awards);
  • Streamlining enrollment for individuals participating in other public benefit programs such as nutritional or other assistance programs (3 awards);
  • Improving application assistance resources to provide high quality, reliable Medicaid and CHIP enrollment and renewal services in local communities (13 awards); and
  • Training communities to help families understand the new application and enrollment system and to deliver effective assistance to families with children eligible for Medicaid or CHIP (8 awards).

According to HHS, the grants will build on the Secretary’s Connecting Kids to Coverage Challenge to find and enroll all eligible children and support outreach strategies that have been shown to be successful.

According to HHS, Connecting Kids to Coverage Outreach and Enrollment Grant Awards (Cycle III) Efforts to streamline Medicaid and CHIP enrollment and renewal practices, combined with robust outreach activities, have helped reduce the number of uninsured children.  Since 2008,  HHS claims 1.7 million children have gained coverage and the rate of uninsured children has dropped to 6.6 percent in 2012

“Today’s grants will ensure that more children across the nation have access to the quality health care they need,” said Secretary Sebelius. “We are drawing from successful children’s health coverage outreach and enrollment efforts to help promote enrollment this fall in Medicaid and the new Health Insurance Marketplace.”

Continuing Preparations For New Health Care Marketplace

 The grant awards are part of a much broader effort by HHS to prepare Americans to enroll in the newly reformed Health Insurance Marketplace that the Obama Administration is working to implement as part of the sweeping reforms enacted by the Affordable Care Act.

Enrollment is the Health Insurance Exchanges also to be included in the new federal health care marketplace is scheduled to begin October 1, 2013.  In anticipation of this deadline, HHS recently also announced its rollout of new consumer health care education and decision-making tools on its newly designed www.healthcare.gov  website.

In announcing its launch of its Health Insurance Marketplace educational tools here on June 24, 2013, the Department of Health & Human Services (HHS) repeated recent claims that HHS and the states are on target to begin enrollment on October 1, 2013 in the federal and state health care exchanges now retitled “Health Insurance Marketplace” by the Administration, to meet other key milestones and to the beginning coverage under the newly created Health Insurance Marketplaces beginning January 1, 2014.

As part of these preparations, HHS kicked off an aggressive Health Insurance Marketplace education effort by announcing the deploying of with newly designed “consumer-focused” HealthCare.gov website and the 24-hours-a-day consumer call center that HHS claims provide all the necessary tools to prepare Americans for open enrollment and ultimately sign up for private health insurance.

While HHS says its tools and other preparations will get the Health Care Marketplaces and Americans ready for the conversion of the U.S. health care system slated to begin January 1, 2014, others are less confident.  For instance, GAO officials recently found that major work that federal and state officials  must complete to timely begin enrollment by October 1 remains unfinished, making it unclear if they will meet the impending October 1, 2013 enrollment kickoff deadline.  See GAO Report and  GAO Report.

Businesses concerned about impending “pay-or-play” and other mandates that require many employers that fail to provide minimum essential coverage also have been critical about delayed guidance on these and other Affordable Care Act mandates, which employers claim have left them confused and with inadequate time and guidance to prepare.

Despite these concerns, HHS is marching ahead on its efforts to implement the law by launching these and other enrollment and educational outreach.

For Representation, Training & Other Resources

If you need assistance understanding and responding to health care reforms, monitoring health and health plan related risk management and compliance, operations, regulatory, policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

The scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly advises and represents clients in dealings with, and monitoring and responding to developments of HHS, IRS, DOL, Departments of Health & Insurance and other agencies, Congress and other legislators, and advises clients, publishes and speaks extensively on health care reform, medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  Her insights on health care reform and a broad range of other health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer hereExamples of some recent publications that may be of interest include:

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to ask about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information on this communication click here.    If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


Follow

Get every new post delivered to your Inbox.

Join 659 other followers

%d bloggers like this: