DENTIST DUMPING RECORDS
The Indiana Attorney General, widely known for spending Indiana resources by appearing in appeals cases in other states on abortion, same sex marriage and the Panama Canal, announced the state has reached a settlement with Dr. Joseph Beck of Kokomo, Indiana for failing to protect PHI and improper disposition of records, violating state privacy laws and HIPAA. This is, apparently, the first time the Indiana Attorney General has sued for a violation of HIPAA.
The reported facts indicate 60 boxes of patient records from Dr. Beck’s practice were placed in a dumpster in March of 2013. Apparently, Dr. Beck hired “Just the Connection, Inc.” to dispose of his patient records that were later found in the dumpster with PHI intact.
What is interesting in this matter is the small scale of the penalty imposed, $12,000, compared too much larger fines we have seen in other HIPAA violation cases.
ANOTHER HIPAA DUMPSTER CASE
Earlier this month a local county district attorney’s office indicated that Safeway agreed to pay $9.87M to resolve claims regarding PHI information from records placed in company dumpsters. The total fine is made up of a $6.72M civil penalty, $2M relating to environmental projects (apparently, there was some hazardous medical waste also disposed of in the dumpster) and $1.15M in attorneys’ fees and costs for the district attorney’s office.
Note the difference in penalty amounts between the Indiana Attorney General action, and the action in California by county district attorneys.
GRADS AGAIN EXCEED RESIDENCIES
Recent reports indicate that for a second consecutive year, there are more medical school graduates than residencies. The reports indicate that 26,678 residency positions were available, a number less than the graduates seeking those residency positions.
LOBBYING TO INCREASE GME FUNDING
The American Hospital Association is lobbying our cherished and honored members of Congress to keep and to increase payments for graduate medical education (GME). Federally funded GME is limited to 15,000 residency positions, and as noted above, there are insufficient residency positions for the number of current graduates.
Remember, in most states even the number of current graduates is not keeping pace with retirements of primary care physicians. If we hope to have adequate numbers of physicians, we need to not only support the Indiana University School of Medicine in Evansville project, but also make sure there are residency positions for these Evansville educated physicians.
Consider contacting your state and federal representatives on this important issue
OH NO – RAC IS BACK
2014 ended with CMS awarding a new RAC contract. RAC contracts have generally been in a suspended status while CMS looked at problems relating to its various RAC programs, contracts and appeals. It remains to be seen whether any of these new guidelines/requirements will improve the RAC program for anyone but the RAC contractors. The new requirements include:
- Limiting RAC look back periods to six months, assuming providers submit claims within three months of the date of service.
- RACs must complete complex reviews within 30 days and, oddly enough, notify providers of their findings.
- Require RACs to wait at least 30 days before sending claims to a Medicare administrator contractor for recoupment/adjustments. RACs are only paid contingency fees after a second level appeal is exhausted.
- Requires RACs to have a 10% or less overturn rate at level 1 appeals.
- Requires RACs to maintain an accuracy rate of 95% or more.
ENCRYPTION IS COMING! ENCRYPTION IS COMING!
New Jersey is now the third state to specifically impose security requirements for PHI, and these appear to exceed federal requirements. The new law requires health insurance companies to protect PHI by encryption. The law currently applies just to insurance companies, HMO’s, etc. but we expect that not only will the law likely be extended in the near future to anyone regularly dealing with PHI, but also these laws tend to have dramatic impacts upon the expected standard of care in non-HIPAA security breach litigation.
This newsletter is edited by Paul Wallace of Jones ∙ Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years. Mr. Wallace assists physicians in health practices in contract items, federal legal compliance, creation of practice entities, estate and wealth planning and similar issues. Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or firstname.lastname@example.org.