ANYBODY SEEN MY LAPTOP?
A Massachusetts hospital agreed to pay $850,000 for losing a radiology laptop containing PHI of 599 persons. The laptop was apparently stolen from an unlocked treatment room in 2011 and was associated with a portable CT scanner. The laptop operated the scanner and then sent the images to the hospitals Radiology Information System and Archiving System.
As is often the case, the post breach investigation indicated that the hospital was noncompliant with HIPAA in a number of ways, including failing to have performed necessary risk analyses, failing to implement and maintain adequate policies and procedures for safe guarding PHI, lack of a unique user name for identifying and tracking the persons using the laptop with PHI, etc.
In addition to the $850,000 settlement amount, the hospital agreed to substantially upgrade its training and implementation of policies and procedures with regard to HIPAA. Noting the rather large settlement amount in comparison to the relatively small number of persons affected, one should take away from this report that breach fines will be substantially increased where post breach investigations show a lack of policy, procedures and implementations, and indicate a lack of effort on privacy protection.
RAC RECOVERIES DOWN
The year 2014 data for RAC recoveries has become available and reports indicate that it is down approximately one-third from 2013. RAC audits have been a contentious issue for the last few years as the number of such audits grew and the responsible government units simply ignored federal law requiring appeals of RAC determinations to be heard within ninety days of filing. Audit wait periods began to approach or exceed two years. This is a problem since CMS can simply withhold paying other funds to providers during the appeal period.
As we reported earlier, complaints by physicians and other providers have led to changes in the program including limiting time periods that RAC audits can cover, and reducing the percentage of claims that can be reviewed. It will be interesting to compare 2015 numbers to 2014 numbers a year from now, and determine whether the efforts to rein in RAC Contract auditors has worked and whether a healthy balance between review and payment has been achieved.
CMS 2016 PAY PLAN
CMS has issued Final Medicare Payment Rules for the federal fiscal year 2016. These rules affect payments for hospitals, hospices, psychiatric facilities, and rehab facilities. For the hospital Inpatient Prospective Pay System, a .9% increase is provided, subject to successful participation in the Hospital Inpatient Quality Reporting Program and meaningful use of EHR. The hospice rules will increase payment by 1.1% but include a new two tiered system intended to discourage long and inappropriate hospice stays.
Inpatient rehab compensation should increase 1.8% and inpatient psychiatric facilities can expect a 1.5% increase. CMS continues to add quality reporting measures as requirements to receive the full increases described.
LEGAL FALSITY UNDER THE FCA
Those bringing qui tam/False Claim Act law suits continue to try to find new legal theories to lower their proof burden. One of the more recent theories has been the “Implied Certification” theory, which attempts to create an FCA claim under a construct, that if a provider failed to comply with a statute, regulation or contractual provision, then that is a False Claim Act violation, even if compliance with those statutes, regulations or contractual provisions are not a condition of payment. The Seventh Circuit (including Indiana) Federal Court of Appeals has rejected this “theory”, while other federal appeals courts have expressly or impliedly approved this “theory.”
The Supreme Court has agreed to resolve this conflict among the Federal Circuit Courts, and decide whether the “Implied Certification” theory is viable. This will be an extremely important case to hospitals and providers. If the Supreme Court agrees with our Seventh Circuit Court of Appeals, we will begin to bring some common sense back to false claim litigation.
YELLOWBOOK/PAGES – BE VERY, VERY CAREFUL
The Indiana Court of Appeals recently found the owner of a small business personally liable for a Yellowbook/Page Contract with Yellowbook Sales and Distribution Company, Inc. The “contract” was a one page fill in the blank form agreement. However, the form contained references and language that attempted to make whoever signs the contract, whether for a corporation, medical practice, or a hospital, personally liable.
Unless you intend to be personally and individually liable for your practice, hospital, or businesses Yellow Page obligations, you should not sign such contracts, whether with this company, or any other company.
This is a great reminder that even simple agreements can confuse and involve substantial liability. Ask your attorney to review any such contracts. In this case, the Yellowbook Company requested over $28,000 for the ad, $30,000 in interest, and tens of thousands of dollars in attorneys fees.
Please be careful.
This newsletter is edited by Paul Wallace of Jones ∙ Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years. Mr. Wallace assists physicians, practices and hospitals in contract items, federal legal compliance, practice entity creation, estate and wealth planning and similar issues. Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or firstname.lastname@example.org.