Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Physician Group Practice Pays $750,000 for Breach of Unsecured Electronic Protected Health Information on Electronic Device

Posted in Covered Entities, HIPAA, Privacy, Security

Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a corrective action plan.

The breach occurred in 2012 when a CCG employee’s unattended laptop bag was stolen from a car. The laptop bag contained computer server backup media with the ePHI of approximately 55,000 individuals. The computer server backup media was unencrypted, and the ePHI included names, addresses, dates of birth, Social Security numbers, insurance information, and clinical information. The employee’s computer was also in the stolen laptop bag, but it did not contain ePHI. Continue Reading

OIG Issues Advisory Opinion No. 15-12: Free Home Health Provider Visits Do Not Violate Anti-Kickback Statute

Posted in Anti-Kickback Statute, OIG Advisory Opinion

The Department of Health and Human Services Office of Inspector General (“OIG”) recently issued a new advisory opinion finding that free introductory visits (the “Introductory Visits”) for patients offered by a home health care provider (the “Requestor”) would not violate the Anti-Kickback Statute (“AKS”) or the Civil Monetary Penalties Law (“CMP”). The main issue addressed by the OIG is whether the free Introductory Visits offered by the Requestor constitute prohibited remuneration (broadly defined as anything of value) to patients under the AKS and/or the CMP. Continue Reading

Mental Health Reform Act of 2015 Proposes Overhaul to America’s Mental Health System

Posted in Guest Contributor, Legislation, Medicaid, Medicare
Emily Hart

Emily Hart

On Tuesday, August 4, Senators Chris Murphy (D-Conn) and Bill Cassidy (R-La) introduced The Mental Health Reform Act of 2015. The bill proposes reforms to Medicare and Medicaid, introduces new grant programs, and enhances the federal government’s commitments to integrating physical and mental health and improving mental health services.

According to Murphy, the bill will “overhaul and strengthen America’s mental healthcare system.”

Key provisions of the bill include:

  • Reforms to Medicare/Medicaid. The bill removes rules prohibiting patients from using mental health services and primary care services at the same location, on the same day. It also repeals the current Medicaid exclusion on inpatient care for individuals between the ages of 22 and 64.
  • Grant Programs. Grants of up to $2 million for five years will be allocated to states demonstrating a commitment to integrating physical and mental health services. Other grant programs focus on early intervention for children at risk for developing mental illness and on collaboration between pediatricians and mental health teams.
  • New Roles, Committees, Entities. The bill establishes an Assistant Secretary for Mental Health and Substance Use Disorder within the U.S. Department of Health and Human Services. The Assistant Secretary will oversee a new committee, the Serious Mental Illness Coordinating Committee. The bill creates the National Mental Health Policy Laboratory, which will oversee and fund the implementation and scaling of models of care for adults and children.
  • Mental Health Parity Enforcement. The bill requires the federal government to audit compliance with the Affordable Care Act’s insurance benefit parity requirement for physical health and mental health services.

Continue Reading

Hospital Pays $218,400 to OCR for HIPAA Violations

Posted in Compliance Issues, Covered Entities, HIPAA, Privacy, Security

St. Elizabeth’s Medical Center (“SEMC”), a tertiary care hospital in Brighton, Massachusetts, has agreed to pay $218,400 to the Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). SEMC will also implement a corrective action plan.

The settlement stems from a 2012 complaint to OCR when SEMC workforce members reported that they used an internet-based document sharing application to store documents containing protected health information (“PHI”). Then in 2014, SEMC reported a separate incident to OCR regarding a breach of unsecured electronic PHI (“ePHI”) stored on a former SEMC workforce member’s personal laptop and USB flash drive. Continue Reading

21st Century Cures Act Passes House: Could Usher In Broad Reforms to Drug Approval Process

Posted in FDA, Guest Contributor, Legislation, Prescription Drugs and Medical Devices
Brandon Danz, M.P.A.

Brandon Danz, M.P.A.

On Friday, July 10th the U.S. House voted overwhelmingly to streamline the approval process of prescription drugs and medical devices by the FDA. If passed in the Senate and signed by President Obama, the “21st Century Cures Act” (the “Act”) would foster significant regulatory changes in the introduction of new drugs to the market. The legislation passed 344-77 with strong, bipartisan support, though opponents raise concerns about the Act’s lack of assurances of patient safety.

The main focus of the 352-page Act is a reduction of bottlenecks in the regulatory process that, supporters claim, slow the development of new drugs. The Act would trim regulations by allowing for shorter clinical studies involving fewer individuals for certain kinds of drugs. It would also allow for expanded use of surrogate endpoints as evidence of the efficacy of drugs. Surrogate endpoints are biomarkers (such as blood pressure for hypertension), which are thought to predict clinical benefit, but are not outright measures of such benefit. Use of surrogate endpoints can significantly decrease the time of clinical trials. For example, instead of having to wait to learn if a drug actually extends survival for diabetic patients, the FDA could approve a drug based on evidence that it reduces hemoglobin A1C levels. The onus remains on drug makers to then prove that reductions in A1C levels lead to a longer lifespan. Continue Reading

CMS Issues Final Rule for Medicare Shared Savings Program

Posted in Accountable Care Organizations, Guest Contributor, Medicare
Anthony Knapp

Anthony Knapp

This month, the Centers for Medicare and Medicaid Services (“CMS”) issued a final rule (the “Final Rule”) regarding an update to the Medicare Shared Savings Program (the “Program”). The Final Rule will seek to enhance primary care services, reduce administrative burdens, and provide flexibility in the Program in order to maintain and enhance participation in the Program.

The Program was created in part to encourage the formation of Accountable Care Organizations (“ACOs”), where health care providers and suppliers would work collectively to reduce costs while maintaining high quality care. Any savings accrued as a result of the increased efficiency would be shared by the participants of the ACO.

Early results show an increased quality of care for the 7 million beneficiaries collectively served by the ACOs, with more than 400 ACOs participating in the Program.  CMS Acting Administrator, Andy Slavitt, stated in a press release: “Accountable Care Organizations have shown early but exciting progress in improving quality of care, while providing more patient-centered care at a lower cost. The ACO rules today strengthen our ability to reward better care and lay the groundwork for more providers to become successful ACOs.” Continue Reading

OIG Issues New Fraud Alert: Physician Compensation Arrangements May Result in Significant Liability Under the Anti-Kickback Statute

Posted in Anti-Kickback Statute, OIG Fraud Alert

Medical directors, beware. The Office of Inspector General (“OIG”) warns in its recently released fraud alert (“Fraud Alert”) that physician compensation arrangements, such as medical directorships, run the risk of violating the anti-kickback statute (“AKS”). The release of this Fraud Alert follows a series of recent settlements between the OIG and twelve individual physicians regarding medical directorships, office staff arrangements, and violations of the AKS (the “Settlements”). Continue Reading

CMS Issues New Proposed Rule to Modernize Managed Care for Medicaid

Posted in Affordable Care Act (ACA), Guest Contributor, Legislation, Medicaid, Regulations
Anthony Knapp

Anthony Knapp

The Centers for Medicare and Medicaid Services (“CMS”) has issued a new proposed rule (the “Proposed Rule”) intended to “modernize Medicaid and the Children’s Health Insurance Program (CHIP) managed care regulations to update the programs’ rules and strengthen the delivery of quality care for beneficiaries.” As CMS continues it mission toward creating better care, smarter spending, and healthier people, the Proposed Rule will provide the first major update to Medicaid and CHIP managed care regulations in more than a decade.

CMS has utilized managed care as a cost-efficient health care delivery system while maintaining quality and access to care. Medicaid utilizes managed care through contractual agreements between state Medicaid agencies and plans that accept a pre-defined payment for the required services. Managed care has become the dominant delivery system for Medicaid, due mostly to its impact on the delivery of important health care services. As of 2011, more than half of all Medicaid beneficiaries in almost every state access at least some of their Medicaid benefits though managed care plans. In addition, the Affordable Care Act has further increased the number of individuals who are newly eligible for Medicaid. Continue Reading

Pennsylvania Physicians Now Required to Wear Photo Identification Badges

Posted in Legislation, Pennsylvania, Regulations

As of June 1, 2015, a new Pennsylvania law went into effect, requiring the following individuals to wear photo identification badges:

  • All employees and physicians working at health care facilities licensed by the Department [of Health] who provide direct care to patients or consumers;
  • All employees and physicians working at the private practice of physicians who provide direct care to patients or consumers; and
  • All employees and physicians working at an employment agency who provide direct care to patients and consumers.

The law requires photo identification badges to include the employee’s name, title, name of the health care facility or employment agency, and a recent photograph of the employee.

An employee is not required to wear an identification badge while delivering direct patient care to a consumer if it is not clinically feasible. In addition, the last name of an employee may be omitted or concealed when delivering direct care to a consumer who exhibits symptoms of irrationality or violence.

These provisions can be found at 35 P.S. § 448.809(b) and a description of the change in the law can be found in Pennsylvania Bulletin 15-918.

Revised Guidance for Privacy and Security of Electronic Health Information Released by Government

Posted in Business Associates, Covered Entities, EHR, HIPAA, Privacy, Security

The Office of the National Coordinator for Health Information Technology (“ONC”) has released a revised Guide to Privacy and Security of Electronic Health Information (the “Guide”), which is intended to be a resource for small and medium-sized health care providers, health IT and other information technology professionals, and business associates regarding federal health information privacy and security requirements. The Guide, first published in 2011, is organized by chapters that address some of the most important privacy and security issues today, including electronic health records, cybersecurity, Meaningful Use, the security management process, and breach notification requirements. Continue Reading