Georgia's Trusted Healthcare
& Medical Provider Attorneys

Healthcare Providers: Your Business Associates Could Cost You Millions

HIPAAHealthcare providers must ensure business associates adequately safeguard private health information

The Department of Health and Human Services (HHS) recently entered into a HIPAA settlement with a Minnesota hospital for $1.5 million because the hospital failed to have a written business associate agreement with one of its contractors.

Business associates are non-covered-HIPAA entities that require access to protected health information (PHI) to perform services for covered entities, often a contractor or subcontractor. The hospital’s policies failed to ensure the business associate adequately protected consumer’s PHI.

While HIPAA applies to certain covered entities, those entities must also ensure that any business associates also adequately secure PHI. HHS found that the Minnesota hospital overlooked two important aspects of the HIPAA rules.

  1. The hospital did not have a written, compliant business associate agreement with one of its IT contractors, and
  2. The hospital failed to have an accurate and thorough risk analysis of its entire IT infrastructure.

HHS investigated after the hospital reported that a laptop was stolen from an employee of the business associate. The laptop contained password protected but unencrypted PHI for almost 10,000 individuals.

The $1.5 million settlement underscores the importance of HIPAA compliance. Healthcare providers must ensure they have compliance agreements with anyone who has access to protected health information. One example of this is when a healthcare provider contracts IT services. Without compliance agreements, companies can be responsible for hefty fines even if a business associate actually causes the PHI security breach.

If you need help creating policies or contracts to protect safeguard private healthcare information, we can help. Please contact Jonathan Anderson at Janderson@JeyLaw.com or 678.325.3872.

Work In Healthcare? You Could Face Steep Fines Or Jail Time For Healthcare Fraud

Healthcare FraudNewly Released Health Care Fraud Report shows that HHS/DOJ Enforcement Efforts Remain Strong

The Department of Health and Human Services (HHS) and the Department of Justice (DOJ) recently released their annual joint report outlining the results of their healthcare fraud enforcement efforts throughout FY 2015.

The Report shows that during that period the DOJ opened 983 new criminal health care fraud investigations and over 800 new civil health care fraud investigations. Additionally, HHS investigations resulted in 800 criminal actions against individuals or entities that engaged in crimes related to Medicare and Medicaid, and 667 civil actions, CMP settlements, and administrative recoveries related to provider self-disclosure matters.

Over the course of the year, the government won or negotiated over $1.9 billion in health care fraud judgment and settlements.

High Number Of Fraud Convictions

The Report also highlights the activity of the Medicare Fraud Strike Force whose efforts resulted in over 300 guilty pleas and 48 defendant convictions throughout the year, and over 260 defendants going to jail. The Report summarizes several successful enforcement actions by the Strike Force including:

  • 2 physicians owners of a mental health clinic were each sentenced to 10+ years in prison for certifying that certain Medicare patients qualified for partial hospitalization services when they did not and paying kickbacks to group home operators and patient recruiters in exchange for referring Medicare patients;
  • An owner of a DME company was sentenced to 84 months in prison for paying kickbacks to medical clinics for fraudulent prescriptions for DME which the patients did not need; and
  • 2 home health directors were sentenced to over 10 years in prison and ordered to pay $18.6 million in restitution after pleading guilty to conspiracy to commit fraud and payment of kickbacks in exchange for Medicare referrals and home health service prescriptions.

You Could Personally Be Fined Or Go To Jail

The government is clearly cracking down and the healthcare industry should heed the warning. The Report indicates that any individual in the healthcare realm, whether physician or hospital CFO, could incur steep fines, penalties and even serve jail time for violating the Federal Anti-Kickback Statute, Stark Law and False Claims Act.

Jeyaram & Associates can help you assess and minimize your risk under these healthcare fraud and abuse laws. If you have any questions please contact Danielle Hildebrand at Dhildebrand@jeylaw.com or 678.325.3872.

To review the Report it is available here.

Are You Compliant? HHS Issues Guidance & Likely To Continue HIPAA Compliance Scrutiny

HIPAA AuditThe Department of Health and Human Services (HHS) started the year by publishing new HIPAA guidance with respect to patient access to medical records.

While the recent HHS guidance does not add anything new to the regulations, it serves as a reminder to providers of certain provisions in the law. The guidance is intended as a tool to aid individuals in exercising their rights to access their medical records and to help providers ensure HIPAA compliance.

HHS highlighted certain provisions in the HIPAA regulations including provider obligations to respond to a request from a patient within 30 days and provide PHI in an electronic format if requested (assuming the electronic format requested can be readily produced by the provider).

The guidance also reminds providers that covered entities are not required to provide every single record about an individual even if the individual asks. Certain exceptions to a patient’s right to access include:

  • Patients do not have the right to access to information that is not used to make decisions about that individual. For example, certain quality assessment or improvement records, patient safety activity records, or business planning, development and management records that are used for business decisions do not have to be provided to an individual.
  • Individuals do not have a right to access psychotherapy notes that a mental health professional maintains separately from the individual’s medical record and that document or analyze the contents of a counseling session with the individual.
  • Providers can deny access to certain records if a licensed health care professional determines in the exercise of professional judgment that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person.
  • Patients do not have a right to access certain records compiled in reasonable anticipation of, or for use in, a legal proceeding.

Additionally, providers do not have to create new information, such as explanatory materials or analyses, that does not already exist in the record.

The government’s emphasis on HIPAA is expected to continue with pending audits of covered entities and business associates likely to take place this quarter. Now is the time for healthcare providers to review their policies to ensure that they are complying with the HIPAA regulations.

If you would like to review the HHS guidance it is available at http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.

If you need help ensuring HIPAA compliance, please contact Danielle Hildebrand at dhildebrand@jeylaw.com or 678.325.3872.

 

 

Physicians Need To Be Prepared For Increased Medicare & Medicaid Fraud Scrutiny

doctor-in-handcuffs-caption-1HHS increases resources to root out and penalize fraud:  Review existing financial arrangements NOW

On June 30th the federal Department of Health and Human Services Office of the Inspector General announced that it has created a specialized unit comprised of attorneys focused on Medicare and Medicaid fraud. This announcement comes on the heels of the OIG Special Fraud Alert reminding physicians of anti-kickback liability for illegal compensation related to arrangements with healthcare institutions.

Physicians should be prepared for increased scrutiny and an uptick in enforcement actions for kickback violations. According to OIG official Lisa Re, the new unit will be targeting kickback cases and will be going after not only the individual or organization paying the kickbacks but also the recipient of the kickbacks, e.g., the physicians.

Physicians who have financial arrangements that violate the Federal Anti-Kickback Statute would not only be subject to fines in the form of Civil Money Penalties, but could also be excluded from the Medicare and Medicaid programs.

Now is the time for physicians to review existing or proposed financial arrangements to ensure that they do not pose any risk of violating the Anti-Kickback Statute.

If you have any questions about a particular arrangement our attorneys can help. Please call Danielle Hildebrand or DJ Jeyaram at 678-325-3872 for legal counsel.

Increase In Medicare Part D Fraud Investigations

medicare-fraud1On June 18th, the U.S. Department of Health and Human Services announced a nationwide sweep by the Medicare Fraud Strike Force in 17 districts. This sweep represents the largest criminal healthcare fraud takedown in the history of the Department of Justice.

The investigations led to charges against 243 individuals, including 46 doctors and 197 other medical personnel. These individual are charged with participating in Medicare fraud schemes, including prescription drug fraud, totaling approximately $712 million in false billings.

On the heels of this announcement, the Office of Inspector General issued two new reports citing its findings of numerous nationwide violations of Medicare part D, Medicare’s drug benefit program. The reports show that more than 1,400 pharmacies submitted questionable billings for opioid drugs and also point to questionable billing practices in 1,432 retail pharmacies. The OIG is calling for more action from the Centers for Medicare and Medicaid Services to implement a greater number of its recommendations for fighting fraud and abuse in Part D.

The timing of these reports signals that the prescription drug benefit in Medicare part D will continue to be on the radar for investigation and enforcement actions.

To best protect against facing investigation for violations of federal and state healthcare regulations, providers must create, consistently practice and enforce strong internal compliance programs. If you need assistance with developing a compliance program or have any questions about healthcare fraud, please call or email Kimberly Sheridan at 678-708-4702.

 

OIG Reports

https://oig.hhs.gov/oei/reports/oei-02-15-00190.pdf

https://oig.hhs.gov/oei/reports/oei-03-15-00180.pdf

 

Physicians’ Compensation For Certain Referrals Could Violate Anti-Kickback Statue

Anti-KickbackOIG Reminds Physicians That They Will Be Held Liable For Illegal Payments Under The Anti-kickback Statute

On June 9, the Department of Health and Human Services Office of Inspector General (OIG) issued a Special Fraud Alert warning against potential liability for physicians who enter into certain financial arrangements with healthcare institutions.

The Fraud Alert states that “if even one purpose of the arrangement is to compensate a physician for his or her past or future referrals” the compensation arrangement would violate the federal Anti-kickback statute.

The Fraud Alert discussed a recent settlement regarding an arrangement between several physicians and a healthcare institution. It emphasized that the following factors resulted in an OIG determination that there was improper remuneration:

  • Payments to physicians took into account the physician’s volume or value of referrals and did not reflect fair market value for the services performed
  • Physicians did not actually provide the services called for under the arrangement
  • The arrangement relieved the physician of a financial burden that such physician would have otherwise incurred, e.g., a healthcare institution paid for the physician’s office staff at his or her practice

Although the Fraud Alert does not change any existing laws, it is a reminder that physicians (not just the hospitals) will be held liable for illegal payments. Physicians should heed OIG’s warning and ensure that arrangements with healthcare institutions do not violate any laws. All arrangements must not only comply with the federal Anti-kickback statute, but also other fraud and abuse laws such as the Stark Law, the Civil Money Penalties Law (CMP Law), and the state law Stark and Anti-kickback counterparts.

The Special Fraud Alert can be found here.

If you are a physician with questions about a current or proposed arrangement with a healthcare institution, please call Danielle Hildebrand or DJ Jeyaram at 678-325-3872 for legal counsel.

Healthcare Providers Need To Examine Billing Practices To Ensure Compliance

healthcare fraudLast month, the Department of Health and Human Services released its annual report for the Health Care Fraud and Abuse Control Program. According to the report, in 2014 more than 900 new criminal health care fraud investigations were opened by the Department of Justice. There was a slight increase in the number of criminal cases and convictions from last year, with 496 cases and 735 defendants convicted of criminal health care fraud. Civil cases alone resulted in $2.3 Billion in settlements and judgments.

The government’s press release reiterated that detecting and eliminating fraud and abuse continues to be a top priority. The government attributes its high recoveries to a change in strategy which uses real-time data analysis to detect fraud more quickly. The Centers for Medicare and Medicaid currently uses advanced analytics on Medicare fee-for-service claims. The goal of this is to detect aberrant and suspicious billing patterns which would then trigger an investigation or enforcement action by the government.

Now is the time to for Medicare and Medicaid providers to review their billing practices and financial relationships to ensure that they are compliant with federal laws. Charges against providers were made under the False Claims Act, as well as Anti-Kickback Statute, the Stark Law (Physician Self-Referral Law), and other federal laws.

The full annual report is available at www.oig.hhs.gov/publications/hcfac.asp.

If you have any questions about the legality of your billing practices or financial relationships, please contact DJ Jeyaram at DJ@jeylaw.com or Danielle Hildebrand at dhildebrand@jeylaw.com.

 

More Providers Audited for HIPAA Compliance – Are You Ready?

The number of entities audited for HIPAA compliance has increased. Are you prepared if OCR comes knocking on your door?

Under the HITECH Act, the Department of Health and Human Services is required to conduct periodic audits to ensure that entities are complying with HIPAA. Phase 1 audits concluded in 2012. Now OCR has released information on Phase 2 and more audits are set to begin around October of this year.

HIPAA Covered Entities and Business Associates selected for audits will be asked to quickly produce policies and procedures, executed business associate agreements and other HIPAA-related documentation so that it can be reviewed by OCR to determine if any deficiencies exist. OCR has noted that it intends to focus on the deficiencies identified through Phase 1 audits. These include lack of proper policies and procedures, presence of security risks, failing to conduct a security risk assessment, and failing to have business associate agreements on file.

Small providers should also take note—according to OCR, small providers tended to have more deficiencies than larger providers. OCR has also revealed other details regarding the 2nd audits, OCR will be conducting the audits internally. They have also increased the number of entities to be audited to 400 entities, 350 of which will be Covered Entities and the remaining 50 will be Business Associates. Some of the audits will focus on the Privacy Rule, others on the Breach Notification Rule, and the remainder will focus on compliance with the Security Rule.

If your organization is a covered entity or business associate under HIPAA you want to make sure that you are prepared in case you are one of the entities subject to an audit this Fall. Steps you will want to take include:

  • Have all your HIPAA policies and procedure updated and on file
  • Make sure all your Business Associate Agreements reflect the 2013 changes to the HIPAA Rules and have those agreements properly executed and on file
  • Conduct a security risk assessment if you have not already and ensure that security risks are addressed
  • Engage an experienced healthcare law firm to proactively help you review the aforementioned items to help you identify any potential deficiencies

To view OCR’s Presentation on Phase 2 Audits, click here: OCR Audits Phase 2 by Linda Sanches, Senior Advisor for Health Information 

For more information contact DJ Jeyaram at dj@jeylaw.com or Danielle Hildebrand at dhildebrand@jeylaw.com