Georgia's Trusted Healthcare
& Medical Provider Attorneys

Healthcare Providers: Your Business Associates Could Cost You Millions

HIPAAHealthcare providers must ensure business associates adequately safeguard private health information

The Department of Health and Human Services (HHS) recently entered into a HIPAA settlement with a Minnesota hospital for $1.5 million because the hospital failed to have a written business associate agreement with one of its contractors.

Business associates are non-covered-HIPAA entities that require access to protected health information (PHI) to perform services for covered entities, often a contractor or subcontractor. The hospital’s policies failed to ensure the business associate adequately protected consumer’s PHI.

While HIPAA applies to certain covered entities, those entities must also ensure that any business associates also adequately secure PHI. HHS found that the Minnesota hospital overlooked two important aspects of the HIPAA rules.

  1. The hospital did not have a written, compliant business associate agreement with one of its IT contractors, and
  2. The hospital failed to have an accurate and thorough risk analysis of its entire IT infrastructure.

HHS investigated after the hospital reported that a laptop was stolen from an employee of the business associate. The laptop contained password protected but unencrypted PHI for almost 10,000 individuals.

The $1.5 million settlement underscores the importance of HIPAA compliance. Healthcare providers must ensure they have compliance agreements with anyone who has access to protected health information. One example of this is when a healthcare provider contracts IT services. Without compliance agreements, companies can be responsible for hefty fines even if a business associate actually causes the PHI security breach.

If you need help creating policies or contracts to protect safeguard private healthcare information, we can help. Please contact Jonathan Anderson at Janderson@JeyLaw.com or 678.325.3872.

“Two Midnight Rule” Clarifies Reimbursements For Hospitals

Hospital ReimbursementIn 2013, the Centers for Medicare and Medicaid Services (CMS) announced the so-called two-midnight rule in an attempt to clarify when a patient should be designated to inpatient status versus outpatient status.

Hospitals are paid differently for treating inpatients versus outpatients. The rule addressed when surgical procedures, diagnostic tests and other treatments are generally considered appropriate for inpatient hospital admission under Medicare Part A.

The two-midnight rule attempts to set a bright line test: only patients that doctors expect to spend two nights in the hospital are considered inpatient.

Although the rule was set to take effect on October 1, 2015, CMS recently announced that it would postpone the enforcement on inpatient status reviews. The rule will now go into effect December 31, 2015.

Additionally, CMS proposed that it will consider stays a physician expects to last less than two midnights to be an inpatient admission relying on the judgment of the physician and the documentation justifying the stay on a case-by-case basis. For many in the healthcare industry, this appears to be a small step in the right direction.

Lastly, CMS announced that it will shift the responsibility of educating physicians and enforcement of the two-midnight rule to quality improvement organizations (QIO) from recovery auditors.

If you have questions about the Two Midnight Rule, please contact Kimberly Sheridan at ksheridan@jeylaw.com or 678-708-4702

Healthcare Fraud: What To Do If You’re Audited

healthcare fraudOver the past several years, we’ve seen a trend in increased investigations and enforcement of healthcare fraud. This trend continued in 2013 and is continuing in 2014. Nationally, in 2013, the United States Attorney’s Office investigated 1,013 new criminal matters involving healthcare fraud and filed charges in 480 of these cases. In Georgia, in 2013, there were 336 Medicaid Fraud Investigations.  Of those investigations, only 13 led to indictment; but of those 13 indicted, 10 resulted in convictions. Given this trend, if you are a healthcare provider, it is vital to know what to do if you find yourself being investigated for fraud.   Following are some important  steps to follow if the government shows up at your door with a search warrant: —  Immediately call your attorney. Do not pass go. Call.  It is crucial to call an attorney who has experience in both health care law and in defense. —  Ask for identification of the people at your door. Review the credentials or business card. Write down the name and contact information. —  Do NOT destroy, alter or remove any documents. —  Be polite. Remain calm. Be cooperative. Say please and thank you. —  Ask for a copy of the search warrant and any affidavit filed in support of the warrant. —  Ask what crime and conduct is under investigation. —  Request that no interviews be conducted until your attorney arrives. —  Immediately advise all supervisory personnel of the search and that they are to wait for the attorney to arrive before answering any questions. —  Compile an inventory of all the documents being removed and ask if you can copy all the documents being seized – this includes making a back up disk for all computer files —  Make a record of everything said by an investigating officer. If you cannot do this during the search, write up your recollection after the search —  If possible, videotape or photograph the search —  DO NOT speak with the press Jeyaram & Associates has helped numerous organizations facing charges of healthcare fraud. To learn more or for assistance, contact Kimberly Sheridan at ksheridan@jeylaw.com

Tips on How to Request Medicaid Hearings in Georgia (Part III of III)

In the final part of our “How to Request Medicaid Hearings in Georgia” series, a final tip in this process is to make sure you’re well versed in your policies AND the Department of Community Health’s (DCH’s) policies.  While you may understand and know your own internal policies extremely well, it may be helpful to hire a healthcare attorney that specializes in and has experience with DCH’s policies and administrative appeals to ensure the best possible outcome of your hearing.

Knowledge of the facts and your and DCH’s policies are critical.

For the hearing:

  • Make sure you know the member
  • Determine what the medical records do and do *not* say
  • Identify if information used by DCH was correct
  • Determine if anything has changed

 

Again, here’s where engaging a healthcare attorney with experience in administrative hearings will be helpful.

Finally,  being proactive will help you minimize the amount of money lost to denied claims and increase your effectiveness in challenging denials issued by the Department.

Jeyaram & Associates has successfully handled more than 200 Medicaid hearings before the Georgia Department of Community Health and is well positioned to help with your administrative hearings. Contact DJ@Jeylaw.com