DOCTOR ENTERS GUILTY PLEA
North Carolina Dr. Imran Pasha Haque has agreed to a sentence of three years of probation and a fine of $125,000 in a plea agreement in federal court. He pled guilty of one count of the misuse of a social security number. He had been charged with four counts of obtaining property by false pretenses, two counts of financial identity fraud and four counts of forgery and uttering a forged document.
Apparently, Dr. Haque used another physician’s social security number for the purpose of obtaining financing for medical equipment. The physician whose SSN was used practiced in the same building as Dr. Haque, and alerted authorities after receiving demands for payment for overdue bills exceeding $100,000. The doctor’s office manager was also charged with several counts of aiding and abiding financial identity fraud, and obtaining property by false pretenses.
This case is a reminder to safeguard not only PHI, but personal information at all times. It also is a reminder of the need for periodic security reviews.
HIPAA BREACH BY VIRUS
An Alaskan mental health services group has agreed to pay $150,000 to HHS, and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program. Apparently, a computer malware virus compromised the security of its electronic PHI. The key finding here was that the practice had adopted security rule policies and procedures as early as 2005, but like many practices, had not followed those policies and procedures, and had failed to regularly update their IT resources. The practice’s basic software was outdated and unsupported software.
We have advised in the past of the need to not only adopt security practices and procedures, but to review them, implement them and revise them as needed. It is likely that in this case the $150,000 agreed fine exceeded the cost to the practice of having actually implemented and followed their “adopted” security rule policies and procedures, and the updating of their IT software.
LIMITED WRAPAROUND COVERAGE
A few days before Christmas, DOL and HHS released proposed rules that would amend the definition of expected benefits under ACA to allow wraparound coverage. Wraparound coverage is used to bridge the gap between the purchase plans on the public exchange and an employer’s plan. There were five requirements for eligible wraparound plans. The most important required that the wraparound coverage not be used as a method of merely of cost sharing, but must cover additional benefits over those provided under the public exchange enrolled plan. The coverage cannot exceed the maximum annual contribution for flexible spending accounts ($2,500 for 2014). The plan must also be a multistate plan approved under ACA. Public comments are welcome until January 22, 2015 for the proposed rule.
REDUCE READMISSIONS AND RECEIVE PENALTIES
Some hospitals, including ten in the San Diego area, cut readmissions by more than 15% from 2010 compared to 2013. Yet they were penalized along with 8 out of 10 San Francisco hospitals penalized.
The problem appears to be in the CMS formula for determining how hospitals fare under the readmission reduction program. CMS divides the number of readmissions by the number of overall discharges for each hospital. The problem is where a well run hospital reduces readmissions at a rate equal to reducing the rate of initial admissions, it is difficult to show any significant progress. This may result in a high quality hospital program being penalized even where it reduces readmissions.
NONPROFITS AND PATIENT DEBT COLLECTION
The IRS recently released new regulations targeting nonprofit hospitals and their collection of sums owed by patients. A number of features will be discussed below, but probably the central and key provision is prohibiting hospitals from billing patients without insurance (who are eligible for financial assistance) more than what they charge insured patients. This probably begins the end of the line for charge master rates for hospitals.
In Indiana, a court of appeals had held the charge master rates were unenforceable in Indiana. While the supreme court rescued hospitals temporarily, the use of arbitrary charge master rates against uninsured patients is likely to come to an end soon.
In general, the rules are far reaching. Nonprofit hospitals cannot seek front end payments for care, must make a “reasonable effort” to counsel patients and provide them with financial assistance, and must widely disseminate their financial assistance policies, and communicate them to patients at the appropriate times. Now we await the enforcement phase. Will these rules be enforced? What impact will this have upon the debt collection attorneys and agencies for hospitals? Will hospitals take a lead rule in working with their patients or will the choices still be the collection court room or the bankruptcy court room?
BYOD AND HIPAA
Reports from the Office for Civil Rights (OCR) of HHS hint that HIPAA enforcement activity will, if anything, accelerate in the year 2015 over a record breaking 2014. One new area that appears to be likely to be covered in audits either pre or post enforcement action, are procedures and policies relating to mobile devices, particularly in the BYOD environment.
My personal observations while meeting with executives at healthcare facilities and physicians at their practices and at hospitals are that the days, if they ever existed, of corporate issued mobile devices, and central control of these devices, is over. In a recent meeting, I noticed that the hospitals executives and the employed physicians used a number of different devices all communicating on calendars, emails, contacts, scheduling and EHR. Allowing physicians or executives to use their own devices implies a healthy and elaborate IT control system, and also an appropriate and effective HIPAA policy. Does this describe your practice or hospital?
This newsletter is edited by Paul Wallace of Jones ∙ Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years. Mr. Wallace assists physicians in health practices in contract items, federal legal compliance, creation of practice entities, estate and wealth planning and similar issues. Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or firstname.lastname@example.org.