HEALTHCARE LAW NEWS - VOLUME 50
THREE STRIKE RULE FOR PHI?
Boulder Community Health in Colorado has apparently suffered its third HIPAA breach since 2008. Some Boulder Community Health patients recently received a letter from an anonymous source stating claims and records are constantly being left unlocked and available in trash bins and dumpsters despite a 2010 breach including the same problem. Boulder Community Health had claimed that it had placed automatic locks on recycling bins.
If Boulder Community Health has, in fact, suffered a third PHI breach, and has failed to implement corrective measures from earlier breaches, under plans that submitted to HHS for settlement, you can expect a record breaking fine against Boulder Community Health. (Current known record penalty is $4.8 Million).
YOUR OUT! OIG EXCLUSION POWER
OIG’s exclusion powers are intended to prevent federal healthcare programs from false or fraudulent healthcare providers that create risks to program users or to the programs themselves. This exclusion authority can be under the mandatory exclusion power, or under permissible exclusions. Mandatory exclusions, generally, are those exclusions based on conviction of a program related crime, crimes related to negligent care or patient abuse or certain felonies related to healthcare or controlled substances. These mandatory exclusions are for a period of five years or more.
The permissive exclusion area is intended to deal with the rest of the reasons why an exclusion from participation in federal healthcare programs should occur. These appear, under the new rule, to be intended to address exclusion based upon OIG determined misconduct, poor quality of care, false claim submission, STARK or anti-kickback violations. There also appears to be a general category for permissive exclusions based upon conduct other than those already listed, but based perhaps upon state or local court or government findings regarding crimes, or professional misconduct.
Examples of bases for exclusion also include obstruction of audits and the permissive exclusion rule does not have any time limits on these affirmative exclusions.
Note that OIG appears to have excluded over 3,000 individuals and entities through exclusion rules in fiscal year 2013, a significant increase over prior years. You can expect that HHS and OIG will continue to use the exclusion power, and will use it extensively as a threat in disputes over timely responses to OIG subpoenas, particularly under the new rules.
NO DUMPING
Employers concerned about the costs and complexity of ACA compliance have looked for alternatives for their employees. Some employers and commentators have suggested that giving a cash stipend to their employees and letting the employee obtain insurance through ACA would substantially reduce their ultimate costs for ACA compliance. Although the notion had been gaining supporters, the IRS, in a recent statement, made it clear that the stipend, as tax free payments to employees, would not meet ACA coverage requirements, and that penalties would be imposed upon the employer.
ACA EXCHANGE PRIVACY REGS.
HHS recently released the final rule setting privacy standards for healthcare exchanges under ACA. For those exchanges providing ACA enrollment assistance, and then improperly using or disclosing PHI or submitting false or fraudulent information, will only face civil monetary penalties. The 436 page rule only gives HHS authority to impose civil monetary penalties on navigators, application counselors, etc. There is no indication why criminal penalties are not available for the theft or fraudulent use of PHI or other confidential information. The penalty amounts are not more than $25,000 per use or disclosure.
CMS RELEASES 2012 DATA
CMS, on Monday, released new Medicare cost data for the year 2012. As anecdotal evidence has previously indicated, the data shows that payments for the 100 most common Medicare procedures vary wildly even in the same geographic area. Once example given in the CMS press release showed that for a heart failure treatment in Newark, NJ, the charges ranged from $32,750 to $142,000. Similarly, there are discrepancies from geographic areas. Again, the CMS press release showed a major joint replacement surgery cost of $15,901 in Baltimore and $239,000 in Los Angeles.
Unless the higher price providers can show a demonstrable quality and health benefit from their higher prices, the release of this Medicare data, the increasing use by insurers of arbitrary reference pricing and the resulting price transparency will simply not allow high cost providers to continue to charge the amounts indicated in these reports. You can expect that big data/data analysis firms will soon make this information widely available in a easily usable format. As we have said in the past, it is likely that hospital “list” or “charge master” prices will drop rapidly.
This newsletter is edited by Paul Wallace of Jones • Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years. Mr. Wallace assists physicians in health practices in contract items, federal legal compliance, creation of practice entities, estate and wealth planning and similar issues. Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or pwallace@joneswallace.com.