Georgia's Trusted Healthcare
& Medical Provider Attorneys

Doctors & Medical Professionals: Here’s How To Respond To Search Warrants

Search Warrants Can Be Scary – Here’s How To Respond

Search Warrant Audit Physician Doctor Attorney Lawyer Jeyaram & Associates“Knock. Knock.”

“Who’s there?”

“The Government. And here is a search warrant.”

Sadly, this is no joke and many doctors and healthcare providers will be served with warrants this year.

Warrants can mean anything from audits to criminal activity and have serious consequences including putting your practice out of business.

Step-By-Step Response To Search Warrants

If the government shows up at your door with a search warrant, the following are some important steps to follow:

  • Immediately call your attorney. It is crucial to call an attorney who has experience in both healthcare law and defense.
  • Ask for identification of the people at your door. Review the credentials or business card. Write down the name and contact information.
  • Do NOT destroy, alter or remove any documents.
  • Be polite. Remain calm. Be cooperative. Say please and thank you.
  • Ask for a copy of the search warrant and any affidavits filed in support of the warrant.
  • Ask what crime and conduct is under investigation.
  • Request that no interviews be conducted until your attorney arrives.
  • Immediately advise all supervisory personnel of the search and that they are to wait for the attorney to arrive before answering any questions.
  • Compile an inventory of all the documents being removed and ask if you can copy all the documents being seized – this includes making a back up disk for all computer files.
  • Make a record of everything said by an investigating officer. If you cannot do this during the search, write up your recollection after the search.
  • If possible, videotape or photograph the search.
  • DO NOT speak with the press.

Contact Experienced Legal Help Immediately

It’s imperative to follow these steps. But if nothing else, immediately contact an attorney and he/she will help guide you through the process.

Jeyaram & Associates has helped hundreds of providers successfully handle government investigations. Contact DJ Jeyaram at DJ@JeyLaw.com or 678.325.3872.

Are You Compliant? HHS Issues Guidance & Likely To Continue HIPAA Compliance Scrutiny

HIPAA AuditThe Department of Health and Human Services (HHS) started the year by publishing new HIPAA guidance with respect to patient access to medical records.

While the recent HHS guidance does not add anything new to the regulations, it serves as a reminder to providers of certain provisions in the law. The guidance is intended as a tool to aid individuals in exercising their rights to access their medical records and to help providers ensure HIPAA compliance.

HHS highlighted certain provisions in the HIPAA regulations including provider obligations to respond to a request from a patient within 30 days and provide PHI in an electronic format if requested (assuming the electronic format requested can be readily produced by the provider).

The guidance also reminds providers that covered entities are not required to provide every single record about an individual even if the individual asks. Certain exceptions to a patient’s right to access include:

  • Patients do not have the right to access to information that is not used to make decisions about that individual. For example, certain quality assessment or improvement records, patient safety activity records, or business planning, development and management records that are used for business decisions do not have to be provided to an individual.
  • Individuals do not have a right to access psychotherapy notes that a mental health professional maintains separately from the individual’s medical record and that document or analyze the contents of a counseling session with the individual.
  • Providers can deny access to certain records if a licensed health care professional determines in the exercise of professional judgment that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person.
  • Patients do not have a right to access certain records compiled in reasonable anticipation of, or for use in, a legal proceeding.

Additionally, providers do not have to create new information, such as explanatory materials or analyses, that does not already exist in the record.

The government’s emphasis on HIPAA is expected to continue with pending audits of covered entities and business associates likely to take place this quarter. Now is the time for healthcare providers to review their policies to ensure that they are complying with the HIPAA regulations.

If you would like to review the HHS guidance it is available at http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.

If you need help ensuring HIPAA compliance, please contact Danielle Hildebrand at dhildebrand@jeylaw.com or 678.325.3872.

 

 

Avoid Being A Target Of HIPAA Audits | Here’s How

HIPAA AuditPhase 2 OCR HIPAA Audits Are Here – What Providers Should Do to Prepare

The Office of Civil Rights (OCR) has taken the first step in the next round of HIPAA audits.

OCR has begun to send out surveys in order to collect information from providers, health plans, and clearinghouses in preparation for phase 2 of their HIPAA audits. From the hundreds of entities receiving surveys, OCR will select over 200 providers and over 100 health plans to be audited.

It is more important than ever to make sure that you have complied with the HIPAA Rules. Here are the top 3 areas every provider should address:

1. When was the last time you conducted a Risk Assessment? If it has been more than a year or two, you should conduct a comprehensive Risk Assessment now.

If you are a small to medium sized office you can take advantage of HHS’s security risk assessment tool available on their website: HHS.gov SRA Tool

2. Have you recently reviewed your HIPAA policies and procedures to ensure that they are up to date and are being followed? There are three main areas that need to be addressed in your policies: Security Standards, Privacy Standards and Breach Notification Standards.

    • Security Standards – focus on how you keep Protected Health Information (PHI) secure, whether it is stored and/transmitted electronically or in some other form. Your practice must have appropriate safeguards in place (for example, requiring the use of secure passwords to access electronic health records and encrypting all devices that might contain e-PHI).
    • Privacy Standards – do you conduct periodic trainings for personnel regarding privacy practices? Do you have records that such trainings have been completed by all personnel? Is your Notice of Privacy Practices current and made available to your patients?
    • Breach Notification Standards – do you have a policy in place that outlines the steps for identifying and reporting a breach? Such a policy should address steps to take to investigate and contain the problem, as well as a means for identifying how many people were affected, who those individuals are, and how to send out breach notices. Keep in mind that under the Breach Notification Rule, providers must provide notice of a breach within a certain time frame. Your procedures for responding to a breach should allow for adequate time to meet this deadline.

3. Keeping track of your Business Associates and Business Associate Agreements – During the audit process OCR might ask for a list of business associates and their contact information. All providers should have this readily available. It is also important to have written Business Associate Agreements that are up to date and can be made available to OCR upon request.

If you have any questions about any HIPAA requirements or the approaching OCR audits our attorneys can help. Please contact Danielle Hildebrand at dhildebrand@jeylaw.com.

________________

The information on this site should not be construed as formal legal advice and is not intended to create or constitute a lawyer-client relationship.

 

DCH’s “Engagement Process” Now Official

DCH Policy As of July 2015, the Department of Community’s Health’s “Engagement Process” became an official part of its Policy and Manual, section 402.5(b).

The “Engagement Process” offers providers an opportunity to discuss findings of an audit or other proposed adverse action and to possibly resolve the matter prior to any request for an Administrative Review during an Engagement Conference.

However, we strongly advise you to contact an attorney prior to requesting an Engagement Conference to help ensure the best possible outcome. 

Here is what you need to know:

  • PURPOSE: The purpose of the Engagement Conference is to discuss a proposed adverse action “with the goal of informally resolving the matter.”
  • WHO INITIATES: You. A provider may request an Engagement Conference following receipt of Initial Findings of Notice of Proposed Adverse Action letter
  • PROVIDER TIME DEADLINE: This request must be in writing within seven (7) calendar days of receipt; and submitted to Engagement@dch.ga.gov.
  • DCH TIME DEADLINE: The Engagement Conference must be held with twenty-one (21) calendar days of the receipt of the Request.
  • WAIVER: If you do not participate in the Engagement Conference and fail to provide the Department prior written notice of your absence, you waive your right to an Engagement Conference. Notice should be submitted to Engagement@dch.ga.gov. This waiver does not preclude you from requesting an Administrative Review.
  • SETTLEMENT:“The Engagement Conference is considered settlement talks, and therefore, is not admissible in any pending or future proceeding, including Administrative Review or Administrative Hearing.” This includes conduct during conferences, notes, and correspondence.
  • ACCEPTANCE/REJECTION: You have seven (7) calendar days from the date of the Conference to accept or reject the offer in writing.
    • Acceptance must be in writing and waives your right to an administrative review.
    • If you reject the offer, you have the Right to Request an Administrative Review pursuant to Policy and Procedures Manual Sections 402.6 and 505.

Remember to print a copy of any communication you have with DCH and always ask for a “read receipt” when you send an email to DCH.

If you have received a Proposed Adverse Action from the Department, please contact Kimberly Sheridan at ksheridan@jeylaw.com or 678-708-4703 for assistance.

Physicians Need To Be Prepared For Increased Medicare & Medicaid Fraud Scrutiny

doctor-in-handcuffs-caption-1HHS increases resources to root out and penalize fraud:  Review existing financial arrangements NOW

On June 30th the federal Department of Health and Human Services Office of the Inspector General announced that it has created a specialized unit comprised of attorneys focused on Medicare and Medicaid fraud. This announcement comes on the heels of the OIG Special Fraud Alert reminding physicians of anti-kickback liability for illegal compensation related to arrangements with healthcare institutions.

Physicians should be prepared for increased scrutiny and an uptick in enforcement actions for kickback violations. According to OIG official Lisa Re, the new unit will be targeting kickback cases and will be going after not only the individual or organization paying the kickbacks but also the recipient of the kickbacks, e.g., the physicians.

Physicians who have financial arrangements that violate the Federal Anti-Kickback Statute would not only be subject to fines in the form of Civil Money Penalties, but could also be excluded from the Medicare and Medicaid programs.

Now is the time for physicians to review existing or proposed financial arrangements to ensure that they do not pose any risk of violating the Anti-Kickback Statute.

If you have any questions about a particular arrangement our attorneys can help. Please call Danielle Hildebrand or DJ Jeyaram at 678-325-3872 for legal counsel.

More Providers Audited for HIPAA Compliance – Are You Ready?

The number of entities audited for HIPAA compliance has increased. Are you prepared if OCR comes knocking on your door?

Under the HITECH Act, the Department of Health and Human Services is required to conduct periodic audits to ensure that entities are complying with HIPAA. Phase 1 audits concluded in 2012. Now OCR has released information on Phase 2 and more audits are set to begin around October of this year.

HIPAA Covered Entities and Business Associates selected for audits will be asked to quickly produce policies and procedures, executed business associate agreements and other HIPAA-related documentation so that it can be reviewed by OCR to determine if any deficiencies exist. OCR has noted that it intends to focus on the deficiencies identified through Phase 1 audits. These include lack of proper policies and procedures, presence of security risks, failing to conduct a security risk assessment, and failing to have business associate agreements on file.

Small providers should also take note—according to OCR, small providers tended to have more deficiencies than larger providers. OCR has also revealed other details regarding the 2nd audits, OCR will be conducting the audits internally. They have also increased the number of entities to be audited to 400 entities, 350 of which will be Covered Entities and the remaining 50 will be Business Associates. Some of the audits will focus on the Privacy Rule, others on the Breach Notification Rule, and the remainder will focus on compliance with the Security Rule.

If your organization is a covered entity or business associate under HIPAA you want to make sure that you are prepared in case you are one of the entities subject to an audit this Fall. Steps you will want to take include:

  • Have all your HIPAA policies and procedure updated and on file
  • Make sure all your Business Associate Agreements reflect the 2013 changes to the HIPAA Rules and have those agreements properly executed and on file
  • Conduct a security risk assessment if you have not already and ensure that security risks are addressed
  • Engage an experienced healthcare law firm to proactively help you review the aforementioned items to help you identify any potential deficiencies

To view OCR’s Presentation on Phase 2 Audits, click here: OCR Audits Phase 2 by Linda Sanches, Senior Advisor for Health Information 

For more information contact DJ Jeyaram at dj@jeylaw.com or Danielle Hildebrand at dhildebrand@jeylaw.com 

Healthcare Providers Could See an Increase in Centers for Medicare and Medicaid Services Audits

On June 2012, the Department of Justice (DOJ) issued a report from its study of Home and Community Based Services (HCBS) waiver programs.  Seven of 25 states reviewed were found to have systems that were lacking in their ability to provide quality care to waiver program recipients.  In addition, the study found that the Centers for Medicare and Medicaid Services (CMS) did not use all means available to monitor the states’ programs.  As a result, the DOJ recommended that CMS implement additional requirements to ensure quality care.

Going forward, states may see more involvement and oversight on the part of CMS in enforcing compliance with the requirements of the HCBS waiver programs.  The increased attention paid by CMS could mean more site visits, audits, and compliance initiatives aimed at providers.  As with any audit or proposed adverse action, it is always to the provider’s benefit to consult with an experienced healthcare attorney immediately upon receipt of notice of an upcoming audit, audit results or overpayment demand letters.  The attorneys at Jeyaram & Associates have in-depth audit experience and are available for consultation.