Healthcare and Cybersecurity

July 19, 2017 Leave a comment

The Doctors Company just came out with an article entitled, “Cybersecurity Must Be Part of Every Healthcare Professional’s Job.”  The article warns that we will see more cyberattacks in the future.

[Cyberattacks] are increasing in frequency and sophistication. But they are also preventable.

Becker’s Health IT and CIO Review published an article last week, entitled “43% of C-suite execs name cybersecurity as No. 1 operational challenge.”

The bottom line is that cybersecurity must become “a fundamental part of [healthcare organizations’] business.”  This includes the solo physician practice as much as any major health system.

Reminder: Compliance with HIPAA Is Important (and Mistakes are Costly)

July 14, 2017 Leave a comment

Compliance with HIPAA is critically important to covered entities and their business associates.   This is not new, but it is good to remember that noncompliance with HIPAA Privacy and Security rules can lead to enforcement action and the imposition of civil monetary penalties.

The HHS Office of Civil Rights investigates violations of health information privacy rights.  The HIPAA enforcement rule, which can be found at 45 CFR Part 160, Subparts C, D, and E, contains provisions for investigations and procedures for hearings.

The HHS OCR has been active in 2017.  After 6 months, there have been a number of  investigations of violations of HIPAA’s privacy rule.  Covered entities should review here the types of violations that have arisen and their resolution.

Here is a reminder of the types of things that covered entities and business associates should be doing:

  • Maintain up to date copies of HIPAA laws and regulations
  • Make sure Notice of Information Practices and Consent forms are and comply with laws and regulations (multiple languages?)
  • Designate an information privacy and security Officer
  • Make sure there are Business Associate Agreements in place (and signed)
  • Implement procedures for receiving, documenting, and investigating complaints
  • Maintain IT security software, backup system, and disaster recovery plan
  • Conduct risk assessments regularly
  • Document all operational processes and procedures
  • Implement procedures for breach notification
  • Update training of employees

HHS OCR has been conducting audits of covered entities and their business associates to assess compliance with HIPAA Privacy and Security Rules.  Audits of whom?  According to  HHS OCR —

Who Will Be Audited?

Every covered entity and business associate is eligible for an audit. These include covered individual and organizational providers of health services; health plans of all sizes and functions; health care clearinghouses; and a range of business associates of these entities. We expect covered entities and business associates to provide the auditors their full cooperation and support.

It’s important to remember to be careful and thorough in all dealings that implicate HIPAA.  Data breaches and fines are embarrassing and expensive.

Categories: HIPAA, Physician Practices

Does Lying Make Healthcare Simpler?

July 1, 2017 Leave a comment

Earlier this year, the President admitted that healthcare and healthcare reform are complicated.

The House of Representatives passed the American Health Care Act in May as its repeal and replace Obamacare offering to America. The Congressional print of the Affordable Care Act when finally passed as amended was over 900 pages; the AHCA came in at 130 pages — certainly, an attempt at a simpler healthcare environment.  The President described the AHCA as a “mean” and “cold-hearted” “son of a bitch.”

The Senate GOP leadership then proposed in June its Better Care Reconciliation Act of 2017.  If the number of pages makes a difference, the Senate’s bill, at 145 pages, is a little less simple than the House’s AHCA, but still much simpler than Obamacare.  The additional pages used in the Senate proposal, unfortunately, did not make the Better Care Act less mean — actually, the consensus is that the Better Care Act is “meaner” than the AHCA. The national negative reaction, along with a number of GOP Senators being unable to vote for the bill, resulted in the vote being postponed until later in July.

After the Senate vote was delayed, the President met with the GOP Senators at the White House for a pep talk of sorts, telling them that “This will be great if we get it done and if we don’t get it done it’s going to be something that we’re not going to like and that’s OK and I can understand that.” According to the President, “We have given ourselves a little bit more time to make it perfect.”

Then, in the hours that followed, the President forgot about healthcare’s complexity and focused his efforts on misinformation and misdirection.  When congratulating the Cubs  on their World Series victory, the President told reporters that “We’re going to have a big surprise. … We’re going to have a great, great surprise.”  The next day the President posted the following Tweet at 3:37 a.m., which I suppose was the surprise: “If Republican Senators are unable to pass what they are working on now, they should immediately REPEAL, and then REPLACE at a later date!”

Repealing Obamacare is extraordinarily complicated and would hurt many people — is the Senate, whose GOP members can’t muster 50 votes to pass an arguably harsh repeal and replace bill, able to get enough votes to pass a much harsher repeal bill?  Will Senators agree to repeal all protections for people with pre-existing conditions, and take away the right of adult children to stay on their parents’ insurance until they are 26, and terminate accountable care organizations, and rollback all Medicaid expansion and marketplace health plans, and stop all subsidies to people, and on and on?  Yes, repeal would attract the more conservative Senators, like Paul and Cruz, who want Obamacare and its regulations repealed, but would be opposed by many moderate Senators, like Collins, Capito, and Heller, who remain concerned about the negative impact on their states if Obamacare is drastically changed.

Statements by the President and GOP Senators and House members about the death of Obamacare, its imminent collapse and implosion, are the lies that have fueled the rush to repeal and replace.  These lies have been debunked by the CBO.  The challenges faced by Obamacare are largely because the GOP has refused to help fix the problems because  it and its members’ supporters (i.e., the insurance companies and the pharmaceutical industry) would rather go back to the ways things were by repealing Obamacare.

It is lie is that Obamacare is bad and must be repealed because of the collapsing insurance markets and the increasing premium costs.  Despite its flaws, Obamacare extended coverage, made sure that the sickest segments of our population would still be able to get affordable insurance, forced the insurance companies to actually spend their premium dollars on the health of their insureds, and required that all policies provide certaIn basic benefits so that the insureds actually had coverage after paying premiums.  If Obamacare had been allowed to work the way it was supposed, the individual and employer mandates would have made the pool of insureds bigger and reduced the rate of increase of premium costs.

It is a lie that the insurance markets are collapsing.  Insurers are dropping out of the markets because of their losses (i.e., reduced profits).  For years insurers have enjoyed artificially inflated profits by unilaterally reducing payments to physicians, hospitals, and other healthcare providers, by shifting the risk of insurance to the providers, and by denying benefits to insureds.  Obamacare required these insurers for the first time in a long to actually provide insurance, pay claims, and accept the risk of covering their sick insureds whose money they took for so long.  Insurers should never have been allowed to withdraw from the markets or a public option should have been provided — in any event, the struggle of the markets was orchestrated by insurance companies themselves, aided and abetted by the a GOP who refused to make necessary changes to Obamacare to address these problems.

A related lie is that things will be fine once we allow capitalism and the free market to work.  Who believes this?  Obamacare was the result of an out of control insurance industry abusing its customers in the manner described above.

The Wall Street Journal supports the Senate bill. In an editorial last week, the WSJ said “Repairing the failing individual insurance market, putting Medicaid on budget for the first time in the entitlement’s history, and passing an enormous pro-growth tax cut are historic opportunities.”  Do not ignore the fact that “putting Medicaid on a budget” means less or no care for people getting healthcare now or who will need it in the future.  If rationing healthcare is the goal, then state it plainly and let Americans decide if they ate prepared to have someone decide whose child goes without vaccines, whose grandmother is thrown out of the nursing home, and whose spouse with breast cancer goes untreated.  And this is the underpinning of another lie — the GOP has been telling us that its repeal and replace bills will improve healthcare for Americans.  However, the bills have nothing to do with healthcare other than to reduce its availability and affordability.

The biggest lie of the President and the GOP is that their proposals are what the people want and what they promised when they ran for election.  The great unpopularity of the GOP’s bills demonstrates that those bills are not what people who need health insurance want.  More important, the disconnect between the popular election rhetoric of repeal and replace and the dissatisfaction that voters express when presented with the effects of the GOP’s efforts at repealing and replacing shows that most Americans’ knowledge of Obamacare is still based on the 8 years of lies that the GOP has been telling about it — and continues to tell.

So, even though all of us know that healthcare is complicated, the President appears  convinced that lying will make it simpler and make it easier to tell the Trump core that another promise has been kept.  Making healthcare better should be about more than checking boxes on a list.

 

 

 

The Continued Scamming of Healthcare

July 30, 2016 Leave a comment

Here are just a few healthcare fraud cases of note during July 2016:

Three Miami men — $40 million in fines and restitution and 188 months of prison for billing for phantom home healthcare, money laundering, and kickback schemes.

New York surgeon — $25 million in false claims for billing for services not performed.

Maryland X-Ray company owner — 10 years prison for fraudulently billing bogus medical interpretations for diagnostic tests that resulted in two patients’ deaths.

New York physician — jail time for kickback with hospitals in exchange for referring patients to nursing homes.

South Carolina hospital — $17 million in fines for improper financial arrangements with referring physicians.

Illinois woman — $15.6 million and six years prison for fraudulent billing in home health services.

Texas physician — 63 months prison and $1 million in fines and restitution for falsely certifying patients for home health services.

Florida physician — 46 months prison and $2.1 million in fines and restitution for intentionally falsifying diagnoses to get higher Medicare advantage plan capitation payments.

FSA Qui Tam Suit Against “Company Model” Providers

April 15, 2016 Leave a comment

In October 2013, the Florida Society of Anesthesiologists filed a qui tam action under seal as required, which named as defendants a large number of Florida GI physicians, surgery centers, and “company model” anesthesia providers.  The action was unsealed and made public during the last week of March.

Chief among the FSA’s allegations is that the defendants violated the federal False Claims Act by billing and collecting for anesthesia services performed by captive “company model” anesthesia providers.

At its simplest, the term “company model” refers to an anesthesia company jointly owned by referring physicians and anesthesiologists that is formed to provide anesthesia services at the ambulatory surgery center that the referring physicians own.  The jointly owned anesthesia company takes the place of anesthesiologists (or an entity owned 100% by them) which previously performed the anesthesia services for the ASC. By using the company model arrangement, the referring physicians are then able to share in the revenues generated by the anesthesia services that previously would go solely to the anesthesiologists who performed the services.

The OIG made it clear in its Advisory Opinion 12-06 posted on June 1, 2012 that the company model and similar arrangements “could potentially generate prohibited remuneration under the anti-kickback statute and that the OIG could potentially impose administrative sanctions.”  The American and Florida Societies of Anesthesiologists had been urging the OIG to take action like this for a long time, and it is not surprising that the FSA would take the lead in filing a qui tam action on company model arrangements that continued after the OIG posted its opinion.

This is a very significant case.  The U.S. Attorney’s Office has presently declined to intervene, but its investigation is ongoing.

The Doctors Company – Ransomware Attacks

April 13, 2016 Leave a comment

The Doctors Company, a physician-owned malpractice insurer, recently posted an article on so-called “ransomware” attacks on healthcare providers.  Ransomware is a software virus that infects your computer network by encrypting all of your data so that it cannot be accessed without typing in the encryption key which the ransomware attacker will provide for a price.

I have a lawyer colleague whose law firm was the victim of a ransomware attack. Fortunately, the firm did frequent backups and all the data could be restored without having to pay the ransom. However, there was great disruption to the office, work essentially stopped, and everything has not quite been the same since the data was restored.

The Doctors Company’s article says that ransomware victims only have three options – restore the data (but that requires frequent backups), pay the ransom, or lose the data. For most organizations, especially those in healthcare, choosing to lose the data is not a viable option.

Victims face the loss of business, inconvenience to patients/clients/customers, damage to reputation, and potential liability if needed data is not available and a patient or client or customer is adversely affected.

Prevention, vigilance, and employee education are all critical to responding effectively to a ransomware attack.

Health Rankings — Pinellas County and Hillsborough County

April 6, 2016 Leave a comment

The following infographic from the Suncoast Health Council compares various health factors between Pinellas and Hillsborough Counties, Florida:

 

2016 Pinellas-Hillsborugh Health Rankings

 

%d bloggers like this: