Tag Archive for: Healthcare

Mary Holloway Richard, participated in a CLE webinar panel for healthcare counsel on Wednesday.

Strafford Publications presented the webinar on protecting patients’ behavioral health information, and disclosure requirements and limitations.

Richard’s presentation defines best practices for healthcare providers in situations where a potential breach in patient privacy may arise.

The panel addressed the distinction between instances when the release of behavioral health information is permissible or required.

A slideshow of the presentation is available to view here, and those interested in viewing the webinar may do so via Strafford’s website here.

In this article, Oklahoma City Healthcare Attorney Mary Holloway Richard discusses the “Anti-Kickback Statute” and potential, federal violations of the statute as it relates to providers in the healthcare industry.

What is the authority for the federal government to oversee providers’ relationships with durable medical equipment (DME) and device suppliers and drug companies, such as educational programs that would seem to benefit the patient? How active is that oversight?

The Anti-Kickback Statute (AKS) prohibits remuneration to induce referrals or use of products reimbursement by Medicare, Medicaid or other federal healthcare programs. The federal government, through its investigators and prosecutors, pursue civil remedies including fines for remuneration considered as kickbacks. Remuneration may be cash of in-kind contributions. Under the AKS both civil and criminal charges may result from an investigation by the federal government. Federal policy is designed to prevent relationships that purportedly “lead to excessive or unnecessary treatment,” drive up health care costs and inhibit free market competition. The kickback prohibition applies to all sources of referrals, even patients. For example, where the Medicare and Medicaid programs require patients to pay copays for services, you generally are required to collect that money from your patients. Routinely waiving these copays could implicate the AKS and you may not advertise that you will forgive copayments. However, providers are free to waive a copayment if the provider makes an individual determination that the patient cannot afford to pay or if reasonable collection efforts fail. In addition, providing free or discounted services to uninsured people is not prohibited. The beneficiary inducement statute (42 U.S.C. § 1320a-7a (a) (5)) also imposes civil monetary penalties on physicians who offer remuneration to Medicare and Medicaid beneficiaries to influence them to use their services.

Is the federal government even active in investigating and prosecuting under the AKS?

Yes. The Office of the Inspector General, counsel for the Department of Health and Human Services (HHS), estimated in 2018 that for every $1 spent on investigating health care fraud, $4 is recouped. The government has investigated, prosecuted and settled claims with many types of providers and continues to do so. The government does not need to prove patient harm or financial loss to the programs to show that a physician violated the Anti-Kickback Statute. A physician can be guilty of violating the AKS even if the physician actually rendered a medically necessary service. Taking money or gifts from drug or device companies or DME suppliers is not justified by arguing that providers would have prescribed that drug or ordered that wheelchair even without a kickback. An example of unlawful activities comes from the Covidien case. A supplier of vein ablation products in California and Florida, Covidien recently settled its claims with the federal government that it offered or provided free to medical practices, or at discounted rates, practice development assistance, lunch-and-learns, dinners with physicians, and market development support, such as vein screening activities designed to recruit new patients to the practices — all provided free of charge or at discounted rates. This virtually uncompensated support, according to the Department of Justice, was designed to induce the use of certain items or services, leading to excessive and unnecessary treatments and driving up health care costs for everyone.

Are there any clear guidelines for physicians and other providers?

HHS has published guidelines for providers, such as “A Roadmap for New Physicians-Avoiding Medicare and Medicaid Fraud and Abuse,” which I routinely provide to new physicians, advanced-practice nurses and other providers. Failure to follow the guidelines can be costly. For example, the outcome of the Covidien investigation was a civil settlement agreement for violation of the AKS in the amount of $17,477,947, with additional payments in excess of $2 million by the company to the states of California and Florida for claims paid by their Medicaid programs.

How are violations of the AKS usually discovered?

Violations of the AKS are often discovered through “qui tam” actions brought by employees of the practice group or those with knowledge of its practices known as “whistleblowers” or “relators.” To avoid vulnerability to qui tam actions providers are advised to adopt and implement robust compliance policies, including training providers and other personnel regarding behavior that may constitute risk under a federal regulatory analysis. It is also advisable to have operating agreements of the practice’s legal entity and written agreements reviewed by counsel in order to shift legal liability where possible.

 

Published: 4/19/19; by Paula Burkes
Original article: https://newsok.com/article/5629122/medical-practice-support-can-be-costly-to-suppliers-others

cyber breach artworkHIPAA concerns, established in 1996 and evolving ever since, continue to be a very real compliance concern for healthcare providers. As an example, last year HHS collected $28.7 million from providers of healthcare services and payers for responses to HIPAA data breaches that HHS considered inadequate.

According to Modern Healthcare, this is $5.2 million over the prior high for settlement and penalties reported in 2016.  The data for 2018 may be skewed by the $16 million settlement by Anthem for a breach involving approximately 79 million people. That breach occurred in 2015, and the settlement was record-setting for the Office of Civil Rights.

Changes being discussed by HHS include the possibility of sharing a percentage of civil monetary penalties or monetary settlements with affected individuals; revisions to HIPAA rules that facilitate the additional information demanded by coordinated care, outcome-focused care and value-based payments; and reconciliation of behavioral health care’s 42 CFR Part 2 rules with HIPAA.

“Forewarned is forearmed.” I adopted that as one of my guides. Nowhere is that more true than in the lawyer mentor selection process within AHLA.

I want to share some thoughts with you to make your selection more likely to lead to a meaningful mentor relationship to help you along your path in this broad, ever-changing field we have chosen.

I am passionate about many things, including mentoring and AHLA. While I mentor within my state and community, the focus there is often on facilitating connections for young lawyers looking for a job or a career change. Within AHLA, mentors additionally provide a safe place to discuss difficult issues – both legal and human relations – as well as inspiration and support to other lawyers. We have the opportunity to help other health lawyers along their career path, and to learn from those mentees.

Yet, while AHLA members may share similar passions and goals, that is not a strong basis for selection. Rather, there is a bit of magic to being selected. Obviously you need to be as transparent as possible about your goals, areas of interest (“Mentoring Topics”), and your member profile. As much information as you can share is important because you never know what it is that will draw a potential mentor to you. For example, in addition to substantive areas of health law of interest to me, I am interested in supporting young women balancing commitments to family, profession, and community. In reviewing recent mentee applications, I found that I connected with those who provided enough information so that I could connect with them., such as the young mother on the partnership track who still worked to contribute to her community and another who had moved from an in-house position to a private practice (as I did). Some of those who did not provide enough information in their profiles left me without a basis for connecting with them. I even suggested to some that they revise their profiles to tell their story and state their objectives more clearly.

In the spirit of wishing you the most satisfying, helpful, and inspiring mentor-mentee relationship, I will distill my thoughts down to the following messages of motivation:

Your story is interesting so tell enough of it – education, family, job path, current position. Let prospective mentors get to know you a bit.

Share your professional dreams, goals, objectives. Readers won’t know if they can be proper lawyer mentors without this information. Allow a prospective mentor to properly select you as his or her mentee based upon your objectives and common or complementary skill sets. You may also create a connection via disparate experiences and different skill sets, so pique the prospective mentor’s curiosity with sufficient information to determine if you two are a match.

If you want someone to provide feedback about a specific area, such as interfacing with the FBI or handling OIG investigations, or if you want your mentor to assist you in connecting within AHLA, be sure to mention those goals.

You must sell yourself truthfully, so don’t despair if it takes some time to connect with just the right mentor.

Finally, once connected to a Mentor, engage with that Mentor. AHLA recommends quarterly contact as a minimum. The responsibilities to create a meaningful relationship belong to both parties, as do the benefits of the relationship. Mentoring is a two-way street, and you will get out of it what you put into it, but it will be much less effective and satisfying – for both the mentor and mentee – if you fail to provide sufficient information upon which to base the relationship.


This Oklahoma healthcare law topic regarding mentoring was featured in the June 2018 issue of Connections, the official publication of the American Health Lawyers Association.

By Mary Holloway Richard

Mary H. Richard heads up the Health Care Practice Group at the law firm of Phillips Murrah, headquartered in Oklahoma City. Mary has a law degree from George Washington University and a master’s degree in public health administration from the Oklahoma Health Sciences Center. She began her career in ambulatory care, health services research, and health management consulting at the Texas Medical Center. She has practiced health law in private practice settings and as in-house counsel for the INTEGRIS Health system. While at INTEGRIS, she provided legal counsel on issues regarding behavioral health services, hospital operations, clinical research activities, and a variety of other topics in a number of facilities throughout the system. She is active in the AHLA and is a part of the AHLA Behavioral Task Force leadership. She served as subcommittee co-chair of the Providers/Clinicians subcommittee, Vice Chair of Publications, Vice Chair of Strategic Planning and Special Projects, and is currently Vice Chair of Membership. She continues to be active in the AHLA mentoring program by mentoring six young professionals and is an active mentor to lawyers in Oklahoma who are interested in health law. Mary is also a proud member if the Choctaw Nation of Oklahoma. Her grandfather was one of the first lawyers in Indian Territory.

In this article, Oklahoma City healthcare attorney Mary Holloway Richard discusses how safeguarding patients’ electronic health information is an employment matter and how companies can enact HIPAA rules with their employees.

Q: In preparation for an employee or other members of a health care company’s workforce quitting, what preventive steps can be taken to ensure that patients’ health information is protected?

A: Two particular measures are critical to health care providers, in their role as employers, to protect the private patient information. Those are preparation and training. First, advance preparation is essential. Administrative, technical and physical safeguards are mandated by HIPAA (the Health Insurance Portability and Accountability Act) and its amendments, and just as we recommend with regard to all types of health care compliance and regulations, a compliance plan should be in place to provide security for protected health information electronically maintained. The person responsible for a health care practice or company’s IT should perform periodic risk assessments, and sufficient access termination procedures should also be in place. Second, an important part of prevention is proper training. Just as we recommend preparation to respond to identity theft, employers must identify the individuals responsible for safeguarding electronically maintained protected health information and responding to a breach, and provide them with appropriate training. Since health care is such a labor-intensive industry, a high rate of personnel turnover requires proportionate re-training and monitoring of employees regarding compliance with privacy and other regulatory requirements.

Q: You mentioned termination procedures — what procedures provide effective deterrents to unauthorized use or access to electronically maintained protected health information in such situations?

A: As a part of an overall separation procedure, there are some critical checkpoints along the way. Health care providers/employers are advised to standardize the process and create a checklist of steps to be taken when an individual leaves. Document that these steps have been taken, including the return of any company equipment. Next, if the company or practice is large enough to have departments, it is important to quickly alert the department or staff members responsible for changing access to electronically maintained protected health information, deactivating or deleting user accounts and monitoring access. Also, after these and other important steps are carried out, I recommend a post-termination audit to verify that all necessary steps to cut off access to electronically maintained protected health information have been taken.

Q: What steps must be taken to terminate access to electronically maintained protected health information?

A: Such steps, in addition to terminating user accounts and reclaiming computers, laptops, iPads and cellphones, should include terminating access to the physical space, which may require changing locks, access codes, and authorized individuals lists. Obviously, keys, fobs, ID badges, card keys and other items by which the former employee gained access to the physician space must be reclaimed or reprogrammed so that access by the former employee or other former member of your company’s workforce to secure areas with electronically maintained protected health information is no longer possible. For all former employees, and particularly for those with remote access, deactivation of any remote accounts and accessibility should reach all levels of access so that portals, web access and email services are no longer accessible.

 

Published: 5/9/18; by Paula Burkes
Original article: http://newsok.com/for-health-care-providers-safeguarding-patients-electronic-health-information-is-also-an-employment-matter/article/5593919