As reported by ProPublica and followed up on by Extra Crunch and other news sources, millions of patient exam images are freely accessible on hundreds of computer servers worldwide that store patient x-trays and MRIs. The sources include small practices, large hospitals and group practices. It would appear every unsecured server image that is easily available online would be a HIPAA violation. There is no indication yet of OIC taking any action although the problem is publicized and well known.
Many of these practices have been notified by ProPublica or others of these unsecured and available images and have taken no action, some have. However, the fact this problem has been going on since its first initial report in September 2019 and the lack of action by many of the practices, hospitals and providers indicates it may well take drastic enforcement action by CMS to not only deal with the current exposed images, but to change the industry practices so that patient data is not easily accessible to anyone who cares to spend even a modest amount of effort in locating and reviewing such data.
Free At Last!
House Bill 1004 just signed by Indiana’s Governor addresses non-compete issues between hospitals and physicians. It has long been the position of the American Medical Association that no healthcare provider should be required to sign any agreement that limits a physician’s ability to practice medicine. Notwithstanding the AMA rule, hospitals and other corporate medical entities have continued to pursue non-compete agreements with physicians.
Indiana joins other states that have begun to end this practice and allow physicians the opportunity to seek work and employment at other healthcare facilities when their contract expires. This is an important development and will change healthcare contracting in Indiana.
Good Faith Estimates
House Bill 1004 also contains additional changes to the medical landscape in Indiana. These include:
- Patients may request a good faith estimate from a healthcare provider for the total price for non-emergency services that have been ordered, scheduled or referred and requires healthcare providers to provide a good faith estimate.
- FSSA and managed care organizations may not prohibit a healthcare provider from participating in another insurance network.
House Bill 1004 also contains a new provision that requires medical providers to get consent from patients five days before a procedure if the charges are to be wholly or partly “out-of-network rate.” While rules to implement this have not yet been promulgated, I believe it is likely this will need to be a separate consent form the patient and could not be buried in a long form consent form. The practical effect of this remains to be seen but it appears likely that at least patients will have the opportunity to discuss with medical providers the actual cost of the procedure net of insurance for any out-of-network charge. You will need to consider whether your forms and consents have the necessary language and how to implement this requirement.
We Are Open For Service
We want everyone to stay safe as we face the COVID-19 situation. We remain open and available for telephone calls regarding all of your legal needs and questions, including issues relating to your business operations during this difficult time.
This newsletter is edited by Paul Wallace of Jones • Wallace, LLC, a member of the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years. Mr. Wallace assists physicians, practices and hospitals in contract items, federal legal compliance, practice entity creation, estate and wealth planning and similar issues. Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or email@example.com.