Archive
Healthcare and Cybersecurity
The Doctors Company just came out with an article entitled, “Cybersecurity Must Be Part of Every Healthcare Professional’s Job.” The article warns that we will see more cyberattacks in the future.
[Cyberattacks] are increasing in frequency and sophistication. But they are also preventable.
Becker’s Health IT and CIO Review published an article last week, entitled “43% of C-suite execs name cybersecurity as No. 1 operational challenge.”
The bottom line is that cybersecurity must become “a fundamental part of [healthcare organizations’] business.” This includes the solo physician practice as much as any major health system.
Reminder: Compliance with HIPAA Is Important (and Mistakes are Costly)
Compliance with HIPAA is critically important to covered entities and their business associates. This is not new, but it is good to remember that noncompliance with HIPAA Privacy and Security rules can lead to enforcement action and the imposition of civil monetary penalties.
The HHS Office of Civil Rights investigates violations of health information privacy rights. The HIPAA enforcement rule, which can be found at 45 CFR Part 160, Subparts C, D, and E, contains provisions for investigations and procedures for hearings.
The HHS OCR has been active in 2017. After 6 months, there have been a number of investigations of violations of HIPAA’s privacy rule. Covered entities should review here the types of violations that have arisen and their resolution.
Here is a reminder of the types of things that covered entities and business associates should be doing:
- Maintain up to date copies of HIPAA laws and regulations
- Make sure Notice of Information Practices and Consent forms are and comply with laws and regulations (multiple languages?)
- Designate an information privacy and security Officer
- Make sure there are Business Associate Agreements in place (and signed)
- Implement procedures for receiving, documenting, and investigating complaints
- Maintain IT security software, backup system, and disaster recovery plan
- Conduct risk assessments regularly
- Document all operational processes and procedures
- Implement procedures for breach notification
- Update training of employees
HHS OCR has been conducting audits of covered entities and their business associates to assess compliance with HIPAA Privacy and Security Rules. Audits of whom? According to HHS OCR —
Who Will Be Audited?
Every covered entity and business associate is eligible for an audit. These include covered individual and organizational providers of health services; health plans of all sizes and functions; health care clearinghouses; and a range of business associates of these entities. We expect covered entities and business associates to provide the auditors their full cooperation and support.
It’s important to remember to be careful and thorough in all dealings that implicate HIPAA. Data breaches and fines are embarrassing and expensive.
The Continued Scamming of Healthcare
Here are just a few healthcare fraud cases of note during July 2016:
Three Miami men — $40 million in fines and restitution and 188 months of prison for billing for phantom home healthcare, money laundering, and kickback schemes.
New York surgeon — $25 million in false claims for billing for services not performed.
Maryland X-Ray company owner — 10 years prison for fraudulently billing bogus medical interpretations for diagnostic tests that resulted in two patients’ deaths.
New York physician — jail time for kickback with hospitals in exchange for referring patients to nursing homes.
South Carolina hospital — $17 million in fines for improper financial arrangements with referring physicians.
Illinois woman — $15.6 million and six years prison for fraudulent billing in home health services.
Texas physician — 63 months prison and $1 million in fines and restitution for falsely certifying patients for home health services.
Florida physician — 46 months prison and $2.1 million in fines and restitution for intentionally falsifying diagnoses to get higher Medicare advantage plan capitation payments.
FSA Qui Tam Suit Against “Company Model” Providers
In October 2013, the Florida Society of Anesthesiologists filed a qui tam action under seal as required, which named as defendants a large number of Florida GI physicians, surgery centers, and “company model” anesthesia providers. The action was unsealed and made public during the last week of March.
Chief among the FSA’s allegations is that the defendants violated the federal False Claims Act by billing and collecting for anesthesia services performed by captive “company model” anesthesia providers.
At its simplest, the term “company model” refers to an anesthesia company jointly owned by referring physicians and anesthesiologists that is formed to provide anesthesia services at the ambulatory surgery center that the referring physicians own. The jointly owned anesthesia company takes the place of anesthesiologists (or an entity owned 100% by them) which previously performed the anesthesia services for the ASC. By using the company model arrangement, the referring physicians are then able to share in the revenues generated by the anesthesia services that previously would go solely to the anesthesiologists who performed the services.
The OIG made it clear in its Advisory Opinion 12-06 posted on June 1, 2012 that the company model and similar arrangements “could potentially generate prohibited remuneration under the anti-kickback statute and that the OIG could potentially impose administrative sanctions.” The American and Florida Societies of Anesthesiologists had been urging the OIG to take action like this for a long time, and it is not surprising that the FSA would take the lead in filing a qui tam action on company model arrangements that continued after the OIG posted its opinion.
This is a very significant case. The U.S. Attorney’s Office has presently declined to intervene, but its investigation is ongoing.
Health Rankings — Pinellas County and Hillsborough County
The following infographic from the Suncoast Health Council compares various health factors between Pinellas and Hillsborough Counties, Florida:
Saving the Medical Profession
The following email string from earlier today from physician leaders is very telling and tragic. The email discussion starts with this:
Many of you will recognize some of the themes in this piece written by a frustrated young physician who has made the tough decision to leave her practice. Some of you might have struggled with the same issues discussed in this essay.
Here are two quotes from her thoughtful essay:
“The phenomenon of patients as customers, the cultural rise of entitled incivility, and trusting Dr. Google more than their doctor has eroded some of the pleasure of patient care.”
“In the past decade, physician groups have been purchased by hospitals and conglomerations. Rather than being recognized for individual excellence by patients voting with their feet, this has resulted in doctors being interchangeable cogs in a system where patients/hour and shifts/month dictate value.”
Two physicians responded with the following:
As physicians, WE make the wheel go around. Yet we have allowed our knowledge, our expertise, and our unmatched dedication to be devalued by hospitals, insurance companies, politicians, etc.
I think that the more we are called providers and we do not educate the public about the time commitment and education that physicians put in to become the master of the profession then we lose. … medical students are very talented. We need to make this news because we are the only ones who can provide quality care and provide the impetus to decrease costs We are the only ones equipped to do so. The MD degree has tons of value and it is not an interchangeable cog in the wheel.
I responded:
So true. My law practice focuses on representing physicians, which includes helping them evaluate and participate in opportunities as they deal with the onslaught of onerous laws, rules, and regulations. I constantly must remind my clients that physicians are and remain the sole source of value in healthcare. Notwithstanding that, many physicians, young and old, constantly ignore good opportunities for their practices because they are intimidated into choosing the wrong ones.
As the public member on the Board of Governors of the Florida Medical Association, I am pleased at the FMA’s focus (1) on lobbying legislators who are notoriously ignorant about physicians and the practice of medicine, and (2) on educating its members so that they can better understand and evaluate what is going on in the business of medicine.
I worry whether we can make a big enough impact quickly enough.
No other profession is faced with less respect or more demands or higher expectations than allopathic and osteopathic physicians.
This is not about “socialized” medicine, Obamacare, or anything other than economics. It has always been about the money. We are happy to make physicians work harder for less, and that has been happening for years. People don’t care because they have drunk the Kool-Aid from the insurance companies and the government that the medical profession is the problem with healthcare, and a misinformed public accepts the view that somehow physicians are the enemy.
There’s an App for That: Benefits and Risks of Using Mobile Apps for Healthcare | The Doctors Company
[The Doctors Company is a physician-owned professional liability insurer that, in my experience with my clients, does a very good job.]
With over 100,000 mobile health apps now available, physicians now have to handle an increasing amount of constant data and patient information that they did not have in the past. Mobile apps offer many benefits, but the use of these apps does not come without liability risks for doctors.
Interpreting Fiorina’s Comments on Vaccination Law
CMS Proposes Significant Changes to the 2016 Medicare Physician Fee Schedule, including to Stark
“On July 08, 2015, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule that updates payment policies, payment rates, and quality provisions for services furnished under the Medicare Physician Fee Schedule (PFS) on or after January 1, 2016. This year, CMS is proposing a number of new policies, including several that are a result of recently enacted legislation. The rule also finalizes changes to several of the quality reporting initiatives that are associated with PFS payments, including the Physician Quality Reporting System (PQRS), the Physician Value-Based Payment Modifier (Value Modifier), and the Medicare Electronic Health Record (EHR) Incentive Program, as well as changes to the Physician Compare website on Medicare.gov.”
The proposed rule includes provisions relating to the following;
- physician quality reporting system
- “Physician Compare”
- EHR incentive program
- Medicare shared savings
- advance care planning
- payment provisions on Part B drugs, misvalued codes, RVU reductions, “incident to” services, physician value-based payment modifier, etc.
Perhaps most significant in the area of healthcare business transactions are the physician self-referral (Stark law) updates:
- expansion of recruitment and retention provisions to NPPs
- updating physician-owned hospital requirements
- reducing burdens of technical noncompliance through more reasonable regulations in a number of areas (based on information learned from self-dsiclosures and the rersults of recent cases)
The complete proposed rule as published in the Federal Register on July 15 can be found here.
Comments will be accepted by CMS on the proposed rule until September 8, 2015.
Do we need the Stark and Anti-Kickback Laws? Yes, unfortunately. Here’s another reason why.
Thank goodness that most of us do not have to scrutinize every business deal we do to make sure that it is fully compliant with self-referral and kickback prohibitions. In the healthcare arena, compliance with these counter-intuitive and overly punitive restrictions adds much unreimbursable administrative costs to the delivery of healthcare. Hopefully, shifting payment from procedures to quality of care will reduce the artificial inducements to violate these restrictions.
And while I advocate the repeal of these outdated self-referral and kickback laws which have unfairly burdened physicians in this country for decades, there is always another example of why the laws are still needed.
Benchmark Reporter has this story today:
2 U.S. organizations have been fined with a whopping $48.5 million in charges of conducting unnecessary medical tests linked with doctors who are responsible for referring patients to them for commission. These scamming corporations are Health Diagnostics Laboratory (HDL) and Singulex, both are well-known cardiovascular disease screening labs.
The Benchmark story is based on the Thursday announcement from the Department of Justice. According to the DOJ announcement, this is what the Labs did:
As alleged in the lawsuits, HDL, Singulex and Berkeley induced physicians to refer patients to them for blood tests by paying them processing and handling fees of between $10 and $17 per referral and by routinely waiving patient co-pays and deductibles. In addition, HDL and Singulex allegedly conspired with BlueWave to offer these inducements on behalf of HDL and Singulex. As a result, physicians allegedly referred patients to HDL, Singulex and Berkeley for medically unnecessary tests, which were then billed to federal health care programs, including Medicare.
And a reminder of why kickbacks are bad (some people apparently need to be reminded):
“When health care companies pursue profits by paying kickbacks to doctors, they undermine a patient’s ability to trust that medical decisions are being made for scientific reasons, not financial ones,” said Acting U.S. Attorney Vincent H. Cohen Jr. of the District of Columbia. “Those kickbacks also harm the taxpayer because they drive up the cost of federal health care programs with medically unnecessary tests. This significant settlement shows our determination to work with whistleblowers and our federal partners to defend the integrity of the health care system from illegal agreements that hurt patients and taxpayers.”
If this were a blog about the Seven Deadly Sins, the key words might be Greed, Pride, Envy, and Sloth.
There is no easy way for physicians to make more money. Working hard is not enough. And the current state of financial health of physicians in this country is appalling.
Nevertheless, there are physicians who are good providers, who are devoted to their patients, and who follow the law. I know this because I represent many of them. They resist the temptation from these Labs and others like them. They spend a lot of money on attorneys and consultants to do things the right way. When they see their colleagues benefit through illegal behavior, it is good that they also see them caught and punished.
Health News Florida
- An error has occurred; the feed is probably down. Try again later.
Physicians Practice
- An error has occurred; the feed is probably down. Try again later.
Joseph Rugg's Health Law Blog 