Georgia's Trusted Healthcare
& Medical Provider Attorneys

Are You Compliant? HHS Issues Guidance & Likely To Continue HIPAA Compliance Scrutiny

HIPAA AuditThe Department of Health and Human Services (HHS) started the year by publishing new HIPAA guidance with respect to patient access to medical records.

While the recent HHS guidance does not add anything new to the regulations, it serves as a reminder to providers of certain provisions in the law. The guidance is intended as a tool to aid individuals in exercising their rights to access their medical records and to help providers ensure HIPAA compliance.

HHS highlighted certain provisions in the HIPAA regulations including provider obligations to respond to a request from a patient within 30 days and provide PHI in an electronic format if requested (assuming the electronic format requested can be readily produced by the provider).

The guidance also reminds providers that covered entities are not required to provide every single record about an individual even if the individual asks. Certain exceptions to a patient’s right to access include:

  • Patients do not have the right to access to information that is not used to make decisions about that individual. For example, certain quality assessment or improvement records, patient safety activity records, or business planning, development and management records that are used for business decisions do not have to be provided to an individual.
  • Individuals do not have a right to access psychotherapy notes that a mental health professional maintains separately from the individual’s medical record and that document or analyze the contents of a counseling session with the individual.
  • Providers can deny access to certain records if a licensed health care professional determines in the exercise of professional judgment that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person.
  • Patients do not have a right to access certain records compiled in reasonable anticipation of, or for use in, a legal proceeding.

Additionally, providers do not have to create new information, such as explanatory materials or analyses, that does not already exist in the record.

The government’s emphasis on HIPAA is expected to continue with pending audits of covered entities and business associates likely to take place this quarter. Now is the time for healthcare providers to review their policies to ensure that they are complying with the HIPAA regulations.

If you would like to review the HHS guidance it is available at http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.

If you need help ensuring HIPAA compliance, please contact Danielle Hildebrand at dhildebrand@jeylaw.com or 678.325.3872.

 

 

Jonathan Anderson Joins Jeyaram & Associates

Jonathan AndersonPlease help us welcome Jonathan Anderson to our legal team!

Mr. Anderson is an associate attorney specializing in healthcare law. Prior to joining Jeyaram & Associates, Mr. Anderson worked as a legal intern on the Disability Integration Project for the Atlanta Legal Aid Society.

Mr. Anderson provided legal support to individuals with disabilities to help them remain in or move back the community rather than live in institutions. He also worked extensively with state Medicaid waivers including appealing the State’s decisions to terminate benefits of disabled individuals.

Mr. Anderson also served as an intern for the Health Law Partnership (HeLP) which serves clients whom meet certain income requirements and have a treatment relationship with Children’s Healthcare of Atlanta (CHOA). He conducted interviews, drafted briefs for Supplemental Security Insurance, and researched how changes in Supplemental Security Insurance regulations affected HeLP clients.

Legal Expertise

  • Medicaid Waivers
  • Medicare
  • Mediation

Jonathan can be reached at janderson@jeylaw.com.

CMS Considers ICD-10 Test Run A Success

ICD 10 Success

With less than a month to go until the October 1 deadline for implementation of ICD-10 codes, many providers are nervous and wary of the readiness of the Centers for Medicare and Medicaid Services (CMS) systems.

According to CMS, there is little to worry about. CMS recently released the results of its July ICD-10 end-to-end testing and announced a success rate of 87%.

Approximately 1,200 voluntarily providers participated in the test.  

  • Of the 29,286 test claims received, 25,646 were accepted. (This is an 87% success rate.)
  • 1.8% of the test claims were rejected due to invalid submission of ICD-10 diagnoses or procedure codes.
  • 2.6 % of test claims were rejected due to invalid submission of ICD-9 diagnosis procedure code.  
  • Zero rejects due to front-end CMS issues.

If you are a provider, these statistics should be comforting. However, the 13% error rate is still a cause for concern. Add that number to that fact that the ICD-10 codes will have 68,000 diagnosis and procedure codes FIVE times the number of ICD-9 codes, and it can be a bit overwhelming.

Remember that that upon implementation, ICD-10 codes will be required for all HIPAA covered entities.  

Please contact Kimberly Sheridan at ksheridan@jeylaw.com or 678-708-4702 if you have questions about ICD-10 implementation.

Congratulations To Jeyaram & Associates For Being Featured In The Business News Daily

Reprinted with permission from the Business News Daily
Special Needs Trusts

 

Owner DJ Jeyaram Esq. shared the story behind Jeyaram & Associates, a family-focused law firm that specializes in special needs trusts, wills, estate planning and healthcare legal services.

My son Kai, pictured in this photo, was born with a rare genetic condition called Williams Syndrome. He brings us an amazing amount of joy despite all of his challenges.

Soon after my son was born, we realized that we needed a plan to protect him in case anything happened to me or my wife, so we began offering special needs trusts, which help protect children’s current and future government benefits.

I started my business in 2007 after working at a large law firm. I realized that most special needs families could not afford my big firm rates and I was forced to refer these families to small firm attorneys that did not necessarily have the proper training to set up a special needs estate plan. Three months later, I hung out my shingle and have successfully been in business for more than 8 years. It’s been one of the best decisions I ever made.

One of the biggest challenges we face is limiting the number of pro bono cases we take every year. Because we have a special needs child and are ingrained in the special needs community, we meet a lot of families that need legal help but don’t have the necessary resources. We want to help everyone because we always think ‘That could be us.’

Medicare & Medicaid Deadline For Overpayment Clarified

60 Days Medicaid and Medicare RuleFederal Court Finds Sixty Day Rule Deadline Begins to Run When Put on Notice of Potential Overpayments

When the Affordable Care Act (ACA) was passed, a new requirement for reporting overpayments was created. This new obligation, often referred to as the ‘Sixty Day Rule’ requires providers who receive an overpayment of Medicare or Medicaid funds to “report and return” the overpayment to the government.

According to the statute, an overpayment must be reported and returned within sixty days of the “date on which the overpayment was identified.” Failing to do so is a violation of the False Claims Act.

Although Centers for Medicare and Medicaid Services (CMS) has provided some guidance on when an overpayment is “identified” within the context of Medicare, now a New York Federal Court has weighed in on the meaning and application of the ACA sixty-day rule as it applies to Medicaid.

In a case before a New York Federal Court, the U.S. Department of Justice asserted that a hospital improperly billed Medicaid in 2009 and 2010 and violated the FCA by delaying the return of overpayments. Such overpayments were the result of a billing system software glitch. The case was brought with the assistance of a former employee who had investigated the issue. Such employee had provided to hospital administrators a list of around 900 claims that were likely affected by the glitch which was subsequently ignored by the hospital.

The Court had to decide how to define the key term in the statute – “identified.” In the case, the former employee had not conclusively proven the identity of any overpayments. As it turned out, hundreds of the claims he listed had not actually been overpaid. However, he did recognize nearly five hundred claims that did in fact turn out to be overpaid as worthy of attention.

After looking at the legislative history and purpose, the Court concluded that the 60-day clock begins ticking when a provider is put on notice of a potential overpayment, rather than when the overpayment is conclusively ascertained. This holding is in line with CMS’s patchwork of guidance for Medicare overpayments.

As a result, providers facing a potential overpayment must take action immediately to meet the 60 day deadline and avoid False Claims liability. Every health care practice should have a protocol in place to ensure that possible overpayments are investigated in a timely manner and such investigation is documented appropriately. Failure to report overpayments within that time frame could subject providers to huge penalties.  

If you have any questions about the 60-day rule or need assistance with investigating and reporting a potential overpayment contact Danielle Hildebrand at dhildebrand@jeylaw.com.

Avoid Being A Target Of HIPAA Audits | Here’s How

HIPAA AuditPhase 2 OCR HIPAA Audits Are Here – What Providers Should Do to Prepare

The Office of Civil Rights (OCR) has taken the first step in the next round of HIPAA audits.

OCR has begun to send out surveys in order to collect information from providers, health plans, and clearinghouses in preparation for phase 2 of their HIPAA audits. From the hundreds of entities receiving surveys, OCR will select over 200 providers and over 100 health plans to be audited.

It is more important than ever to make sure that you have complied with the HIPAA Rules. Here are the top 3 areas every provider should address:

1. When was the last time you conducted a Risk Assessment? If it has been more than a year or two, you should conduct a comprehensive Risk Assessment now.

If you are a small to medium sized office you can take advantage of HHS’s security risk assessment tool available on their website: HHS.gov SRA Tool

2. Have you recently reviewed your HIPAA policies and procedures to ensure that they are up to date and are being followed? There are three main areas that need to be addressed in your policies: Security Standards, Privacy Standards and Breach Notification Standards.

    • Security Standards – focus on how you keep Protected Health Information (PHI) secure, whether it is stored and/transmitted electronically or in some other form. Your practice must have appropriate safeguards in place (for example, requiring the use of secure passwords to access electronic health records and encrypting all devices that might contain e-PHI).
    • Privacy Standards – do you conduct periodic trainings for personnel regarding privacy practices? Do you have records that such trainings have been completed by all personnel? Is your Notice of Privacy Practices current and made available to your patients?
    • Breach Notification Standards – do you have a policy in place that outlines the steps for identifying and reporting a breach? Such a policy should address steps to take to investigate and contain the problem, as well as a means for identifying how many people were affected, who those individuals are, and how to send out breach notices. Keep in mind that under the Breach Notification Rule, providers must provide notice of a breach within a certain time frame. Your procedures for responding to a breach should allow for adequate time to meet this deadline.

3. Keeping track of your Business Associates and Business Associate Agreements – During the audit process OCR might ask for a list of business associates and their contact information. All providers should have this readily available. It is also important to have written Business Associate Agreements that are up to date and can be made available to OCR upon request.

If you have any questions about any HIPAA requirements or the approaching OCR audits our attorneys can help. Please contact Danielle Hildebrand at dhildebrand@jeylaw.com.

________________

The information on this site should not be construed as formal legal advice and is not intended to create or constitute a lawyer-client relationship.

 

CMS Proposes Changes In Rules For CMOs

For the first time in more than a decade, the Centers CMOfor Medicare and Medicaid Services issued proposed changes in rules affecting Care Management Organizations

On June 1, 2015, the Centers for Medicare and Medicaid Services (“CMS”) published a proposed rule affecting Care Management Organizations (CMOs) that administer Medicaid benefits.  This is the first major overhaul of the managed care system since 2002.  Most believe these changes are long overdue as CMOs now cover approximately 74 percent of all Medicaid enrollees making managed care the dominant delivery system for Medicaid.

According to CMS, the Proposed Rule will “improve beneficiary communications and access, provide new program integrity tools, support state efforts to deliver higher quality care in a cost-effective way, and better align Medicaid and CHIP managed care rules and practices with other sources of health insurance coverage.”

The Rule targets seven main areas:

  • Improvement of the beneficiary’s experience
  • State delivery system reform
  • Quality improvement
  • Program and fiscal integrity
  • Managed long-term services and supports (MLTSS) programs
  • Children’s Health Insurance Program (CHIP)
  • Alignment with Medicare Advantage and Private Coverage Plans

Public comments are due July 27, 2015. CMS has published a Fact Sheet outlining the Proposed Rule that can be found here.

We urge CMOs to familiarize themselves with the Proposed Rule and take advantage of the time period for public comment. If you have any questions involving the Proposed Rule, please contact Kimberly Sheridan at 678.325.3872.

 

Physicians’ Medicare Payments No Longer Tied To Economy

SRGAfter almost 20 years, Congress finally passed a law repealing the Sustainable Growth Rate (SGR ). Under SRG, Medicare payments to physicians were tied to the growth rate in the economy. Because of the sluggish economy during and after the Great Recession, the growth rate formula has resulted in either a reduction or inadequate increase in Medicare reimbursement rates. As a result, Congress recently passed last minute, short-term fixes to ensure that physicians receive the appropriate fees.

With the passage of the new law, physicians will finally see stabilization in Medicare payments. The statute provides for a 0.5% increase for the next five years. Then the government will transition to a new system in which payments will be based on quality, value and accountability – the Merit-based Incentive Payment System.

The repeal of SGR is good news for physicians treating Medicare patients. Because Medicare reimbursement rates have been so unpredictable for the last decade, physician practices  have had little opportunity to arrange for innovative care models. With the new law, physicians have the chance to come up with groundbreaking care delivery models while developing patient care protocols focused on quality and gearing up for the next phase in Medicare reimbursement.

If you are a physician with questions about Medicare reimbursement or enrollment, or need healthcare regulatory advice, please contact DJ Jeyaram at DJ@jeylaw.com or Danielle Hildebrand at Dhildebrand@jeylaw.com.

Healthcare Providers Need To Examine Billing Practices To Ensure Compliance

healthcare fraudLast month, the Department of Health and Human Services released its annual report for the Health Care Fraud and Abuse Control Program. According to the report, in 2014 more than 900 new criminal health care fraud investigations were opened by the Department of Justice. There was a slight increase in the number of criminal cases and convictions from last year, with 496 cases and 735 defendants convicted of criminal health care fraud. Civil cases alone resulted in $2.3 Billion in settlements and judgments.

The government’s press release reiterated that detecting and eliminating fraud and abuse continues to be a top priority. The government attributes its high recoveries to a change in strategy which uses real-time data analysis to detect fraud more quickly. The Centers for Medicare and Medicaid currently uses advanced analytics on Medicare fee-for-service claims. The goal of this is to detect aberrant and suspicious billing patterns which would then trigger an investigation or enforcement action by the government.

Now is the time to for Medicare and Medicaid providers to review their billing practices and financial relationships to ensure that they are compliant with federal laws. Charges against providers were made under the False Claims Act, as well as Anti-Kickback Statute, the Stark Law (Physician Self-Referral Law), and other federal laws.

The full annual report is available at www.oig.hhs.gov/publications/hcfac.asp.

If you have any questions about the legality of your billing practices or financial relationships, please contact DJ Jeyaram at DJ@jeylaw.com or Danielle Hildebrand at dhildebrand@jeylaw.com.

 

Jeyaram & Associates Celebrates 8 Years Offering Healthcare, Administrative, Corporate and Estate Planning Law

Congratulations DJ Jeyaram!Congrats

This week marks the eighth year Jeyaram & Associates has offered Healthcare, Administrative, Corporate and Estate Planning law.

www.jeylaw.com