Parkview Hospital To Pay $800K To Settle HIPAA Charges After Retiring Physician Blows The Whistle

July 6, 2014

Health care providers, health plans, heath care clearinghouses and their business associates heed both the lesson about properly protecting protected health information and the more subtle lesson about the role of employees and other whistleblowers in bringing these violations to the attention of regulators contained in the latest Health Insurance Portability & Accountability Act (HIPAA) resolution agreement.

Late last month, the Department of Health & Human Services Office of Civil Rights (HHS) announced that complaints of a retiring physician over the mishandling of her patient records by Parkview Health System, Inc. (Parkview) prompted the investigation that lead Parkview to agree to pay $800,000 to settle charges that it violated HIPAA’s Privacy Rule.

The resolution agreement settles charges lodged by HHS based on an OCR investigation into the retiring physician’s allegations that Parkview violated the HIPAA Privacy Rule by failing to properly safeguard the records when it returned them to the physician following her retirement.

As a covered entity under the HIPAA Privacy Rule, HIPAA requires that Parkview appropriately and reasonably safeguard all protected health information in its possession, from the time it is acquired through its disposition.

In an investigation prompted by the physician’s complaint, OCR found that Parkview breached this responsibility in its handling of certain physician patient records in helping the physician to transition to retirement.

According to OCR, in September 2008, Parkview took custody of medical records pertaining to approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice.

Subsequently on June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue. OCR concluded this conduct violated the Privacy Rule.

To settle OCR’s charges that these actions violated HIPAA, OCR has agreed to pay the $800,000 resolution amount and to adopt and implement a corrective action plan requiring Parkview to revise their policies and procedures, train staff, and provide an implementation report to OCR.

The resolution agreement highlights the role that current or former physicians, employees or others can play in helping OCR to identify HIPAA violations.  Health care providers and other covered entities and their business associates should take into account the likelihood that physicians on their own or other facility medical staffs, their employees and other participants in the care delivery system often may have and be motivated to report to government sensitive information about violations of HIPAA or other laws.  Since HIPAA and most other laws prohibited covered entities from forbidding or retaliating against a person for objectiving to or reporting the concern and offer whistleblowers potential participation in the reporting and prosecution of violations, employees or other workforce members increasingly make the complaints bring violations to OCR and other regulators.

Whether from an internal employee complaint, a  patient or competitor complaint or other source, HIPAA violations carry significant liability risks.  The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates.  In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.  Furthermore, enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need assistance in auditing or assessing, updating or defending your HIPAA, or other health or other employee benefit, labor and employment, compensation, privacy and data security, or other internal controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer at cstamer@solutionslawyer.net or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters.  She also is recognized for her publications, industry leadership, workshops and presentations on privacy and data security and other human resources, employee benefits and health care concerns.  Her many highly regarded publications on privacy and data security concerns include “Privacy Invasions of Medical Care-An Emerging Perspective.” ERISA Litigation Manual. BNA, 2003-2009; “Privacy & Securities Standards-A Brief Nutshell.” BNA Tax Management and Compliance Journal. February 4, 2005; “Cybercrime and Identity Theft: Health Information Security beyond HIPAA.” ABA Health eSource. May, 2005 and many others.  She also regularly conducts training on HIPAA and other privacy and data security compliance and other risk management matters for a broad range of organizations including the Association of State and Territorial Healthcare Organizations (ASTHO), the Los Angeles County Health Department, a multitude of health plans and their sponsors, health care providers, the American Bar Association, SHRM, the Society for Professional Benefits Administrators and many others.  Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see www.CynthiaStamer.com or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at www.SolutionsLawPress.com.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press.  All other rights reserved.


Health Care & Other HIPAA Covered Entities Should Review New Reports As Part of HIPAA Risk Management Efforts

June 11, 2014

Health care providers, health plans and insurers, health care clearinghouses (collectively “Covered Entities”), their business associates, and others concerned about medical privacy regulations or protections should check out two new reports to Congress about breach notifications reported and other compliance data under the Health Insurance Portability & Accountability Act (HIPAA) by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).   Reviewing this data can help Covered Entities and their business associates identify potential areas of exposures and enforcement that can be helpful to minimize their HIPAA liability as well as to expect OCR enforcement and audit inquiries.

Required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the two new reports discuss various details about HIPAA compliance for calendar years 2011 and 2012.  They include the following:

  • Report to Congress on Breach Notifications, discussing the breach notification requirements and reports OCR received as a result of these breach notification requirements; and
  • Report to Congress on Compliance with the HIPAA Privacy and Security Rules, summarizing complaints received by OCR of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164 .
  • Covered entities and their business associates should review the finding reported as part of their compliance practices. Others concerned about medical or other privacy or data security regulations or events also may find the information in the reports of interest.

Under HIPAA, covered entities generally are prohibited from using, accessing or disclosing protected health information about individuals except as specifically allowed by HIPAA,  In addition, HIPAA also requires Covered Entities to establish safeguards to protect protected health information against improper access, use or destruction, to afford certain rights to individuals who are the subjects of protected information, to obtain certain written assurances from service providers who are business associates before allowing those service providers to use, access or disclose protected health information when carrying out covered functions for the Covered Entity, and meet other requirements.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates.  In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.

Enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the HITECH Act since March 26, 2013 and to have updated business associate agreements in place since September 23, 2013.  Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in  the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need assistance in auditing or assessing, updating or defending your HIPAA, or other health or other employee benefit, labor and employment, compensation, privacy and data security, or other internal controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer at cstamer@solutionslawyer.net or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters.  She also is recognized for her publications, industry leadership, workshops and presentations on privacy and data security and other human resources, employee benefits and health care concerns.  Her many highly regarded publications on privacy and data security concerns include “Privacy Invasions of Medical Care-An Emerging Perspective.” ERISA Litigation Manual. BNA, 2003-2009; “Privacy & Securities Standards-A Brief Nutshell.” BNA Tax Management and Compliance Journal. February 4, 2005; “Cybercrime and Identity Theft: Health Information Security beyond HIPAA.” ABA Health eSource. May, 2005 and many others.  She also regularly conducts training on HIPAA and other privacy and data security compliance and other risk management matters for a broad range of organizations including the Association of State and Territorial Healthcare Organizations (ASTHO), the Los Angeles County Health Department, a multitude of health plans and their sponsors, health care providers, the American Bar Association, SHRM, the Society for Professional Benefits Administrators and many others.  Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see www.CynthiaStamer.com or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing some of our other Solutions Law Press resources available at http://www.solutionslawpress.com including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at www.SolutionsLawPress.com.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press.  All other rights reserved.


CMS To Host Provider Webinar To Celebrate National Health IT Week

September 13, 2013

In celebration of the third annual National Health IT Week is September 16-20, the Centers for Medicare & Medicaid Services (CMS) will host several webinars and launching new eHealth tools and resources that it intends to help providers participate in eHealth programs.  These programs may be of interest to providers as well as payers who are interested in what providers are doing to use eHealth tools.

Details of Webinar

The eHealth Provider Webinar will be held on Thursday, September 19th from 12:00 p.m. to 1:30 p.m. ET.  CMS plans to present an overview of the eHealth programs and its eHealth initiative—an initiative that aligns health IT and electronic standards programs on:

  • Administrative Simplification
  • eRx Incentive Program
  • ICD-10
  • Quality Measurement

A portion of the webinar will also be dedicated to Q&A.

Registration Information

Space is limited.  Register now to secure your spot for the eHealth Provider WebinarOnce registration is complete, you will receive a follow-up email with step-by-step instructions on how to log-in to the webinar.  Listserv messages are sent prior to each webinar session with registration information.

If you’d like to view past webinars, the PowerPoint presentations and recordings can now be accessed on the Resources page of the eHealth website.  For more information about CMS’ eHealth Initiatives, visit the CMS eHealth website for the latest news and updates on CMS’ eHealth initiatives.

For More Information Or Assistance

If you need assistance responding to this invitation or with other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters.  She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.  THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.  

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Tell HHS What You Think-Comment On HHS Strategic Plan Now!

September 9, 2013

Health care providers, health plans, employers and others concerned about the regulatory and enforcement activities of the Department of Health & Human Services (HHS) can make their concerns known by speaking up now.  Share your input on the draft HHS strategic plan that will guide HHS’ regulatory and enforcement agenda for the next 4 years.

Every 4 years, HHS updates its strategic plan, which describes its work to address complex, multifaceted, and ever-evolving health and human service issues, including:

  • Health Care
  • Research and Innovation
  • Prevention and Wellness

HHS is inviting public input on the draft HHS Strategic Plan for FY 2014-2018. The comment period is open until October 15, 2013.  Individuals or organizations wishing to respond to this invitation can read the HHS Strategic Plan FY 2014-2018 (Draft) and submit your comments several ways including:

For More Information Or Assistance

If you need assistance responding to this invitation for comment or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes extensive work advising, representing and training health industry and other clients on HIPAA and other privacy, data protection and breach and other related matters.  She also advises hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications on other compliance, operational and risk management, and other health industry matters. Ms. Stamer also has extensive other public policy and regulatory experience with HHS and other U.S. federal and state agencies as well as internationally. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here. If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see  here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.  THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.  

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Medical Device Excise Tax Rules Supplemented

December 9, 2012

Medical device manufacturers heads up!  The Internal Revenue Service (IRS) has adopted interim rules for relating to the excise tax on medical devices imposed by § 4191 (the “medical device excise tax”) of the Internal Revenue Code (the “Code”).

Section 4191, enacted by section 1405 of the Health Care and Education Reconciliation Act of 2010  in conjunction with the Patient Protection and Affordable Care Act (the Affordable Care Act) enacted a new excise tax on the sale of certain medical devices. The excise tax imposed by Code section 4191 is 2.3% of the price for which the taxable medical device is sold. The medical device excise tax is codified in chapter 32, subtitle D of the Code (“chapter 32”), which pertains to excise taxes imposed on the sale or use of taxable articles by manufacturers, producers, and importers (commonly referred to as “manufacturers excise taxes”). See § 48.0-2(a)(4)(i) of the Manufacturers and Retailers Excise Tax Regulations (Regulations). The Code defines the term “manufacturer” to include a “producer” and an “importer”.  

On December 7, 2012, the Internal Revenue Service (IRS) and the Treasury Department issued TD 9604, containing final regulations under § 4191. The final regulations did not address certain issues that the IRS and the Treasury Department continue to study. These issues included the determination of price under § 4216(b); the tax treatment of medical software licenses; the taxability of donated medical devices; and the taxability of medical convenience kits. 

The IRS recently followed up by issuing Notice 2012-77.  Notice 2012-77 available here contains the IRS’ rules about:

  • How to determine price for purposes of the medical device excised tax under Code section 4216(b);
  • Donated taxable medical devices;
  • Licensing of taxable medical devices;
  • The tax treatment of medical convenience kits;
  • Transition relief to medical device manufacturers from the failure to deposit penalties imposed by § 6656; and
  • Invites comments from taxpayers about its rules.

As these rules take effect January 1, 2013, device manufacturers should review the new guidance and update their procedures to provide for timely determination and payment of any required device taxes.  In addition, device manufacturers also will need to kep an eye out for potential changes in the rules.  The IRS and the Treasury Department have said they may issue additional published guidance on these issues in the future.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Updated 2013 ACA Prescription Drug Fee Calculation & Payment Rules Released; 12/18 Deadline To File Form 8947

December 4, 2012

December 17, 2012 is the deadline for covered entities to file a Form 8947 as part if its reporting and payment of the Form 8947The Internal Revenue Service (IRS) Notice 2012-74 sets forth the instructions for calculation and reporting branded prescription drug fee for the 2013 fee year under Section 9008 of the Patient Protection and Affordable Care Act, as amended by section 1404 of the Health Care and Education Reconciliation Act of 2010 (Affordable Care Act).

The Act imposes an annual fee on covered entities engaged in the business of manufacturing or importing branded prescription drugs.  The Branded Prescription Drug Fee Regulations in 26 C.F.R. Part 51 published on August 18, 2011 provide the method for calculating each covered entity’s annual fee and the fee year for purposes of these rules and how the fee must be reported and paid.  See  76 Fed. Reg. 51245.  These regulations also define terms for the administration of the fee.

Notice 2012-74/s instructions on the 2013 prescription drug fee discusses:

  • The submission of Form 8947, “Report of Branded Prescription Drug Information,”
  • The time and manner for notifying covered entities of their preliminary fee calculation;
  • the time and manner for covered entities to submit error reports for the dispute resolution; process; and
  • The time for the IRS to notify covered entities of their final fee calculation.

12/18/12 Deadline to File Form 8947

One of the deadlines for this process is rapidly approaching.  Section 51.3T provides that annually, each covered entity may submit a completed Form 8947, “Report of Branded Prescription Drug Information,” in accordance with the instructions for the form. Generally, the form solicits information from covered entities on National Drug Codes, orphan drugs, designated entities, rebates, and other information specified by the form or its instructions. The form is to be filed by the date prescribed in guidance published in the Internal Revenue Bulletin.

Notice 2012-74 sets the deadline for a covered entity that chooses to submit Form 8947 for 2013 at December 17, 2012.

Preliminary Fee Calculation

For the 2013 fee year, the IRS will mail each covered entity a paper notice of its preliminary fee calculation by April 1, 2013. This mailing will include a National Drug Code (NDC) attachment (NDC attachment) that lists the covered entity’s NDCs and the sales data reported to the IRS by each government program pursuant to § 51.4T.

A covered entity may request that the IRS send a CD-ROM with the NDC attachment in Microsoft Excel format. The covered entity must make this request by March 15, 2013. This request must be made either by telephone to Ingrid Taylor at (908) 301-2118 or Mi Lim at (312) 292-3775 (not toll-free calls) or by email to it.bpd.fee@irs.gov. If a covered entity makes this request timely, the IRS will mail the covered entity its notice of preliminary fee calculation on paper and the NDC attachment on paper and CD-ROM by April 1, 2013.

Submitting Error Reports For The Dispute Resolution Process

For the 2013 fee year, a covered entity that chooses to submit an error report regarding its preliminary fee calculation must mail the error report by May 16, 2013.   When the IRS mails each covered entity a notice of its preliminary fee calculation by April 1, 2013, the IRS will also send each covered entity a template on a CD-ROM that the covered entity must use to prepare its error report. All completed templates and the supporting documentation must be submitted on a CD-ROM to the IRS in a timely fashion.

Final Fee Calculation & Payment

The IRS will notify each covered entity of its final fee calculation for 2013 by August 31, 2013. In accordance with § 51.8T(c), each covered entity must pay this fee by September 30, 2013.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy and other technology, risk management and compliance-related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Hospitals Urged To Tighten Inpatient & Outpatient Admission Records As OIG Audits Hospitals for New vs. Established Patients,

November 29, 2012

Hospitals should act quickly to adopt appropriate compliance policies and tighten outpatient and inpatient admissions recordkeeping and associated billing activities to minimize exposures signaled by audits announced by the Department of Health & Human Services (HHS) Office of Inspector General (OIG).

OIG reportedly is auditing inpatient and outpatient hospital claims for new and established patients to identify potential overcharges by some hospital-based outpatient clinics that may have resulted from treating established patients as if they were new patients. OIG’s Office of Audit Services reportedly sent letters to some hospitals in October, asking about a handful of claims for new patient visits that OIG suspects the hospital should have billed as established patient visits. In addition to requesting specific information about line items on the claims and their internal controls for billing new versus established patients and provide descriptions of written policies and procedures governing the facilities classification of new versus established patients and internal controls for detecting errors.

Medicare typically pays more for new versus established patients since CMS  implemented the outpatient prospective payment system in 2000. Since 2008, CMS rules have specified that patients who visit the hospital outpatient clinic within three years are established patients, and after that they are new, with Medicare paying more for the latter. See(73 Fed. Reg. 68502, 68679 (November 18, 2009).  Data mining technology increasingly used by CMS and other federal fraud investigators facilities the ability of Medicare and others to identify errors in coding and billing resulting from misclassication of existing patients as new.  

Many hospitals may be exposed under this requirement for a variety of reasons including failure to appropriately track and coordinate inpatient and outpatient admission data, defaults built into recordkeeping systems and omissions to timely update practices or training.  In contrast to the risk of overbilling from incorrectly treating patients as new, hospitals that bill all patients as established to overcome inadequacies in their ability to track new versus established patients often leave money on the table unnecessarily by foregoing added reimbursement that the facility otherwise would qualify for it could reliably identify new patients.

While strengthening coding and billing to ward of risks, may debate the appropriateness of CMS’ new versus existing patient distinction outside the physician office context.  Critics contend that unlike in the physician office context, the level of care or resources delivered for a new patient compared to a patient who previously visited the hospital doesn’t generally differ. Parties with these concerns should continue to ensure appropriate compliance with existing rules while providing input and feedback to CMS and other regulators about their concerns with the policy’s suitability.

For Help With Monitoring Developments, Compliance, Investigations Or Other Needs

If you need help reviewing or commenting on the Tests Procedures or monitoring or responding to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, can help.  Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, and A Fellow in the American Bar Association, State Bar of Texas and other prominent organizations, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to set up and administer medical privacy, EHR and other technology and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.   

Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy and other technology, risk management and compliance-related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her experience here.

Other Recent Updates & Resources

If you found this information of interest, you also may be interested in the following recent updates on health care, health plan and employee benefits, human resources and other risk management and compliance matters.  Recent examples on health care compliance and risk management matters include:

OIG Recommends CMS, ONC Tighten EMR Incentive Program Rules To Improve Oversight

Congress Sends Bill Amending Lab Testing Rule Violation Sanctions

Learn Latest On OCR New HIPAA De-Identification Guidance & Other HIPAA Developments In 12/12 HIPAA Update Workshop!

$12M+ Settlement Recoveries In 2 Health Care Fraud Whistleblower Claims Shows Providers, Owners, Management & Staff Must Manage Compliance & Risks

Feds Health Fraud Suit Against Psychiatrists Shows Risks Providers Run From Aggressive Referral or Billing Activities

ONC Releases Next Wave of 2014 Draft Test Methods For Public Review and Comment; Plans 11/13 Virtual Workshop

Recent OIG Audit Reports Provide Insights Where Fraud Audits Likely To Look Next

Hospital Chain HCA Inc. Pays $16.5 Million to Settle False Claims Act Allegations That Hospital

Detroit-Area Doctor Charged for Role in Alleged $40 Million Medicare Fraud Scheme

Five More Individuals Charged in Detroit for Alleged Roles in $24.7 Million Medicare Fraud Scheme

Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges

Personal Consumer Information Protection In Health Care Operations Topic of Stamer’s 11/1 Speech

ONC Releases First Wave of EHR Test Procedures; More To Come

OCR Releases HIPAA Compliance Training Tool As Enforcement Risks Rise

Health Care Orgs Disability Exposure High As $475K Paid To Settle Justice Department Charges Medical Fitness Screenings of EMTs, Others Violated ADA

HHS/DOJ Partner With Private Health Plans To Further Ramp Up Health Care Fraud Heat!

AHRQ Issues New Guide for Use of Interactive Preventive Care Record

Nextcare Inc. $10 Million False Claims Act Settlement Shows Qui Tam Role In False Claims Act Prosecutions

For more resources and publications training materials by Ms. Stamer, see here.  

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C. nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.

 

Follow

Get every new post delivered to your Inbox.

Join 659 other followers

%d bloggers like this: