BEFORE THE BREACH

HHS recently announced the release of “tools” to assist you in risk assessments as required under HIPAA and HITECH.  The first “tool” is a security risk assessment for administrative safeguards.  Printed out, the assessment is 185 pages.  The other “tools” are not particularly compact either.  I recommend, however, that you review these ‘tools’ to get a clear understanding of the depth and breadth of the risk assessments that HIPAA expects you to have already undertaken prior to audit.

Note also, that if your first opportunity to complete one of these tools is after a breach, the assessment and its review by HHS will probably be even less enjoyable.

No it’s not fun, but I recommend that you and whoever you choose to work with on compliance, whether your attorney or a third-party compliance “specialist” (it may merely be a title as opposed to a description of knowledge or skill), the sooner you begin, the sooner you can get this task behind you.  You can also use this task to truly improve your HIPAA compliance, and reduce the risk of breach or reduce the risk of penalties following an audit or breach.

OIG DIDN’T MEAN IT

OIG has revoked a previously favorable opinion allowing an online service to facilitate the exchange of information between practitioners, providers and suppliers.  Advisory Opinion No. 11-18 (11/30/2011).  A web-based provider of business services to physicians sold access to an electronic data base to identify other health professionals for referrals.  The arrangement was generally structured as providing a discount on EHR subscription fees.  Referrals to persons who weren’t participating in the arrangement lost all or a portion of their discount.  Apparently, after further review of the online trading partner arrangement, OIG decided that the Anti-Kickback statute applies because referring physicians are relieved of a financial obligation when they refer laboratory test orders to the company requesting the opinion.  It appears that OIG became concerned when it noticed the high volume of tests and referrals, and the significant disincentive caused by extra charges for out of referral network costs.

FALSE CLAIMS ACT NUMBERS

Our Department of Justice released its 2013 report on filings and dollar recoveries under the FCA.  The numbers, in both numbers of cases, dollar amounts of settlements and judgments, continues to increase steadily, year after year.  The numbers and the rate of growth in numbers indicates that FCA filings will continue to be strong into the near future.

The FCA, a Civil War era statute, now used often on healthcare cases, states that violators are subject to treble actual damages and liable for a civil penalties, the minimum being $5,500 per claim.

In some cases, the amount of actual damage to the government is slight in dollar terms, but the $5,500 per claim amount has generated numbers of $50 Million Dollars or more even where the government couldn’t prove more than minimal actual damages.  Several courts have suggested that the amounts generated by FCA cases may offend the excessive fines clause of the Eighth Amendment of our Federal Constitution.  Rather than simply declare FCA’s penalty and fine clauses unconstitutional, the courts have been seeking to find some middle ground.  Courts have recently suggested that while the statutory minimum of $5,500 per claim must stand, the government is free to decide how many “claims” it wants to charge, and thus can keep the dollar amount appropriate in that fashion when compared to the excessive fines clause, or that the government can simply agree on a “settlement” amount that would be less than the statutorily determined amount and presumably an amount small enough to avoid the Eighth Amendment problems.  I believe that this tension cannot continue without some specific legislative attention which would provide more flexibility for the courts to craft an appropriate remedy and penalty.  If no solution is found, then it is likely that courts will simply start striking down verdicts and amounts based upon excessive fine concerns.

Recently, two senators proposed amendments to the FCA.  On the one hand they would require that all FCA settlements be made public, and that the net after tax result of settlements be revealed.  The senators are concerned that since settlement payments are deductible, but that deduction for payments is a fine or penalty are not deductible, that settlements are structured in a way that a significant portion of the settlements are recovered by tax deductions.  Another legislative proposal would restrict deductibility of these matters even if they were remedial or compensatory.  The attempts to bring transparency are commendable, but they do not solve the underlying problem of low dollar, high volume transactions that are common in healthcare matters.  Because of the low dollar amount and the high frequency, a $5,500 per “claim” statutory basis often generates huge dollar amounts that do not accurately affect the harm or the damage involved.  These are precisely the cases that the courts find troubling.  Hopefully, an intelligent legislative solution will be crafted, and soon.

This newsletter is edited by Paul Wallace of Jones • Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years.  Mr. Wallace assists physicians in health practices in contract items, federal legal compliance, creation of practice entities, estate and wealth planning and similar issues.  Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or pwallace@joneswallace.com.