Published on:

The Office for Civil Rights (“OCR”), a division of the Department of Health and Human Services (“HHS”), is responsible for investigating complaints and reports that covered entities (i.e., health plans, health care clearinghouses, or health care providers that conduct certain electronic transactions) or business associates have violated either the HIPAA Privacy or Security Rule. The HIPAA Privacy and Security Rules exist to safeguard Protected Health Information (“PHI”) that is held, used, or disclosed by covered entities and their business associates. Generally, any individually identifiable health information held by or that is within a covered entity’s or its business associates’ control is considered PHI, and any non-permitted release of PHI is considered a HIPAA violation.

Historically, the OCR has investigated and sanctioned larger covered entities and business associates in connection with HIPAA violations that affect the PHI of 500 or more individuals. OCR’s recent settlement agreement with Anthem, which corresponded to the much-publicized 2015 cyber-attack on Anthem’s information systems compromising the PHI of over 79 million individuals, is a good example of OCR’s normal enforcement activity (with the exception of the $16 million fine, the largest to date for a HIPAA violation). However, since 2015, the OCR has placed emphasis on investigating and at times fining smaller covered entities for breaches affecting less than 500 individuals (after a report issued by the HHS Office of Inspector General found that the OCR had typically not investigated the same). Two recent fines issued by the OCR illustrate this emphasis.

The first was issued against Allergy Associates of Hartford, P.C. (“Allergy Associates”), which is comprised of four physicians and two mid-level providers. The settlement agreement, announced on November 26, 2018, requires Allergy Associates to pay a $125,000 fine and enter into a two-year corrective action plan (“CAP”) with the OCR. The incident leading to the alleged violation involved a patient who tried to enter Allergy Associates for treatment while accompanied by her service dog. Upon seeing the dog, an Allergy Associate’s physician turned the patient away, advising the patient that he and many of his patients were allergic to dogs. The patient thereafter contacted a local media outlet about what happened, and also filed a complaint to the Department of Justice alleging that Allergy Associates violated her civil rights under the Americans with Disabilities Act. A physician from Allergy Associates later spoke with a reporter from the media outlet (off-the-record) regarding the incident and disclosed the patient’s PHI. Despite the fact that the reporter was already familiar with the incident, the physician’s statements to the reporter concerning the patient violated HIPAA, as he did not have her prior written authorization to disclose the information. Moreover, and despite an obligation under HIPAA to do so, Allergy Associates made no attempt to sanction the doctor internally.

Published on:

The Office of Medicare Hearings and Appeals (“OMHA”) has been updating the OMHA Case Processing Manual (“OCPM”) since the Medicare appeals final rule became effective on March 20, 2017. As an effort to regulate and codify procedures for adjudicative functions through statutes, regulations, and OMHA directives, the OCPM is regularly revised to stay up-to-date with the Medicare appeals process.

The first major recent revision to the OCPM was eliminating the four divisions: Part A/B Claim Determinations, Part C Organization Determinations, Part D Organization Determinations, and SSA Determinations. The revised OCPM is no longer divided and consists of twenty consecutive chapters. In May 2018, the OCPM added new chapters 1 and 20, and revised chapter 19. In July 2018, the OCPM revised chapters 5, 6, and 7.  Most recently, on November 30, 2018, OMHA published new chapters 17 and 18.

Chapter 17 is entitled “Dismissals.” It addresses reasons why an ALJ or attorney adjudicator may dismiss requests for hearings or a review of reconsideration dismissal. For example, the reasons an ALJ may dismiss a case include, without limitation, an untimely filing, failure to cure a defect in the request for hearing, or failure to appeal.  On the other hand, an attorney adjudicator may dismiss a request for hearing only when the appellant withdraws the request for hearing.  The chapter also outlines the information that must be contained within a dismissal order, the impact of a dismissal on a case, and the circumstances in which an adjudicator may vacate his or her dismissal. Lastly, the chapter addresses the right to appeal an ALJ’s or attorney adjudicator’s dismissal order.

Published on:

On September 26, 2018, the Centers for Medicare & Medicaid Services (“CMS”) announced plans to commence a review demonstration of Home Health Agencies (“HHAs”) in Illinois, Ohio, North Carolina, Florida, and Texas, with the option to expand to other states in the JM jurisdiction. CMS invited public comment on CMS’ new proposal in the Federal Register by October 29, 2018. The Pre-Claim Review Demonstration (“PCRD”) was re-named the Review Choice Demonstration (“RCD”) and began in Illinois on December 10, 2018.

The RCD is a revised version of the PCRD. The PCRD went into effect in August 2016 but was short-lived, as it was halted in April 2017 due to wide backlash among Home Health Industry providers. Thus, the new RCD should be more welcomed HHAs, as it is much more flexible than the previously rigid PCRD.

The Secretary is authorized to “develop or demonstrate improved methods for the investigation and prosecution of fraud in the provision of care or services under the health programs established under [the Act].” Based on this authority, CMS implemented the RCD to help identify, investigate, and prosecute potential fraud occurring within HHAs who are providing services to Medicare beneficiaries. The RCD is intended to ease the burden on CMS by reducing the number of audits while protecting the Medicare Trust Fund by ensuring that payments for home health services are appropriate.

Published on:

On November 1, 2018, a U.S. District Court ordered the United States Department of Health and Human Services (“HHS”) to eliminate the Medicare appeals backlog by the end of fiscal year 2022.  There are currently 426,594 backlogged appeals. The recent ruling imposes a timetable for reducing the backlog of appeals. Specifically, 19% of the appeals must be cleared by the end of fiscal year 2019; 49% of the appeals must be cleared by the end of fiscal year 2020; 75% by the end of fiscal year 2021; and the backlog must be eliminated entirely by 2022. To demonstrate its progress, HHS must file quarterly status reports beginning on December 31, 2018.

The Court’s order arises from a lawsuit that was filed by the AHA in 2014. AHA alleged that HHS was violating federal law by failing to process appeals within 90 days from the date of the Office of Medicare Hearings and Appeals’ receipt of the request for hearing.  In 2016, the District Court entered summary judgment in favor of the AHA and ordered HHS to comply with a timetable to eliminate the backlog of appeals by 2020.  In 2017, the D.C. Circuit reversed the District Court and ordered the District Court to evaluate HHS’ claim that compliance with the timetable would be impossible.

HHS has implemented some backlog-reduction efforts to try complying with the previous ruling to eliminate the backlog by fiscal year 2020. Settlement Conference Facilitations (“SCF”) are an example of one of these initiatives. Medicare Part A and Part B providers and suppliers who have appeals pending before an ALJ are encouraged to participate in SCF. SCF uses a facilitator to help the appellant and CMS find a mutually agreeable resolution. Initiatives like SCF are a step forward in reducing the backlog, as it takes people out of the long waiting period and resolves cases in a simpler matter.

Published on:

In 2015, Anthem, Inc. (“Anthem”) discovered that criminal hackers had breached its electronic database and gained access to over 79 million records, including the records of at least 12 million minors.  The protected health information obtained by the hackers included, among other information, names, addresses, dates of birth, medical IDs, and Social Security numbers. The hackers were able to gain access to the information by using a “spear phishing” email technique. At least one employee received a phishing email and responded to it, allowing the hackers to gain remote access to the employee’s computer and at least 90 other systems, including Anthem’s data warehouse.

Although the massive data breach was first discovered in January 2015, the breach actually began on February 18, 2014 – meaning the breach went undetected for almost a whole year.   “Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who gained access to their system to harvest passwords and steal people’s private information,” said Office of Civil Rights (“OCR”) Director Roger Severino.

Anthem has agreed to pay $16 million to the Department of Health and Human Services’ (“HHS”) OCR and take corrective action to prevent potential violations of HIPAA rules in the future.  While other breaches like this have occurred in the past, this was the largest health data breach in U.S. history, and the $16 million settlement is now the largest HIPAA settlement in history.

Published on:

The Centers for Medicare & Medicaid Services (“CMS”) recently announced a review of Inpatient Rehabilitation Facilities (“IRFs”) that will focus on the “reasonable and necessary” requirement that IRFs are required to meet. An IRF provides rehabilitation services to patients who have suffered an injury, illness, or surgery that has left them in need of intensive rehabilitation.  Services provided by IRFs include physical therapy, occupational therapy, rehabilitative nursing, speech-language pathology, and the procurement of prosthetic and orthotic devices.

IRF services are considered “reasonable and necessary” if: (1) the patient requires therapeutic intervention in multiple therapy disciplines, (2) the patient actively participates in and benefits from the therapy program, (3) the patient is sufficiently stable at the onset of the program, (4) the patient is supervised by a physician, (5) the patient’s chart has the correct documentation within it, and (6) the patient requires an interdisciplinary team approach to care and the team has weekly meetings.

IRFs are not meant to be used as an alternative to a full course of treatment.  Patients who are still completing their treatment in the hospital and cannot fully participate in intensive rehabilitation therapy will not have their IRF service determined to be reasonable or necessary. Furthermore, IRF is not appropriate for patients who have finished their hospital treatment and no longer need intensive rehabilitation.

Published on:

The Provider Reimbursement Review Board (“PRRB”) is an independent panel that a Part A provider can appeal to if it is not satisfied with any final determination. In order to appeal, the amount in controversy for a single hospital must be at least $10,000, and at least $50,000 for a group of hospitals.  The PRRB’s decision is considered the final administrative remedy for providers.  If a provider is dissatisfied with the PRRB decision, it can seek judicial review before a federal district court.  Last month, the PRRB released 90 pages of updated rules without advanced notice, which providers and attorneys are expected to comply with in their appeals.  These significant changes to the PRRB rules could be catastrophic for providers because they may waive their entire appeal if they fail to follow a new rule.

Hospitals tend to utilize the PRRB appeals process by challenging disproportionate-share hospital payment calculation, or by challenging the amount of Medicare bad-debt payment they receive. These are generally complex issues that require a significant amount of time to investigate and fully develop.  Unfortunately, the parties will no longer be afforded the ability to develop their case as it proceeds through the appeals process. The new rules require a preliminary position paper (and the corresponding exhibits) to be filed with the PRRB at the beginning of the appeal process. This new requirement forces providers to have their argument in its most complete form at the beginning of the process because additional arguments and evidence cannot be added later, except for good cause. Additionally, if anything is missing in the initial submission of materials, the entire appeal will be dismissed.

Another extremely important change is that providers may now simultaneously file appeals with the PRRB and then withdraw them if they believe their claims can be resolved with the Medicare Administrative Contractor (“MAC”).  If a resolution is not reached, providers can reinstate their appeals with the PRRB. Furthermore, if a provider appeals the same issue arising from different Notice of Program Reimbursements (“NPRs”) in the same year, it must be brought in the same appeal.

Published on:

In order to deliver telemedicine services, providers must have a license issued to them by the state in which the patient receiving the telemedicine resides. Thus, providers offering telemedicine may have to get licensed in multiple states depending on where their patients live. Obtaining multiple licenses to practice interstate telemedicine is timely and costly, which may deter providers from using telemedicine; this is an issue for rural and underserved areas who rely on telemedicine for access to healthcare.

The TELE-MED Act of 2015 was intended to reduce licensing barriers for interstate telemedicine by making Medicare coverage and reimbursement available for interstate telemedicine services. However, the Act failed to get congressional approval when it was introduced three years ago. Its purpose was to amend title XVIII of the Social Security Act so that Medicare participating providers could provide interstate telemedicine services to Medicare beneficiaries without having to get licensed in multiple states. This would have significantly aided Medicare beneficiaries who need telemedicine from providers out of state.

Though the TELE-MED Act did not pass, the Interstate Medical Licensure Compact (IMLC) may still reduce the burden for providers wanting to use interstate telemedicine. Acknowledging the burden of applying to for a license in other states, especially when providers have patients across multiple states, the IMLC has created an expedited pathway for interstate licensure. The IMLC formed a Commission made up of two representatives from each adopting state, and the Commission reviews the applicants and determines whether they should be issued a license or not. The IMLC is an agreement with 24 states, 1 territory, and the 31 Medical and Osteopathic Boards in those states and territory. IMLC is streamlining the licensing process, but it is still expensive and does not solve the problem that physicians using telemedicine must be licensed wherever their patients are located.

Published on:

The Centers for Medicare and Medicaid Services (“CMS”) recently announced that, starting next year, Medicare Advantage (“MA”) plans will be allowed to require step therapy on Part B drugs and other physician-administered drugs. Step therapy requires patients to take generic medication as their initial treatment, and only when that treatment is proven to be ineffective, they may step up to more expensive drugs. The point of step therapy is to incentivize drug makers to have the cheapest generic drugs, which will save Medicare money. Step therapy has already been implemented with Medicare Part D drugs, which are drugs from pharmacies, and has proven to be relatively effective in getting drug manufacturers to lower drug prices.

Previously, MA plans were not allowed to implement step therapy for Part B drugs because the Obama administration interpreted federal regulations such that MA plans could not be more restrictive than Medicare, and MA plans could not impose barriers to Part B services that were not in place for Medicare. Although the step therapy policy may pose significant benefits for MA plans, there are concerns about how it will impact patient care.

Requiring healthcare providers to prescribe generic medication to their patients first takes away the providers’ medical decision-making abilities and can slow down the healing process for the patients taking the drugs. The majority of individuals taking Part B drugs are those with chronic or serious ailments. Common Part B drugs include: chemotherapy, autoimmune drugs, oral drugs for kidney disease, and vaccines. Providers are concerned that some patients may have to undergo treatment with less effective generic drugs before being able to be treated with effective non-generic drugs. However, some individuals believe that the FDA would not approve a generic if it were less effective than the non-generic. Regardless, this is where trouble could arise – some patients do not have enough time to wait out multiple therapies and must have the most effective therapies first, such as patients with cancer or rheumatoid arthritis. There will likely be more medical emergencies if patients are administered non-effective generic drug and their condition needs immediate improvement from the medication to avoid harm.

Published on:

The Centers for Medicare & Medicaid Services (“CMS”) recently released a proposal that would alter the Medicare Physician Fee Schedule (“MPFS”) and significantly change evaluation and management (“E/M”) code payment rates. Payment rates for services furnished by physicians and other non-physicians are published in the MPFS, and E/M visits account for about 40% of allowed MPFS charges. CMS’ goal with this new proposal is to make documentation less time-consuming and allow providers to spend more time with their patients.  However, the proposal, which would lower reimbursement rates, has not been well-received by all providers.

Currently, E/M codes range from levels 1-5; 1 being a relatively simple service performed by a non-physician, and 5 being the most complex service performed by a physician. CMS is proposing to collapse levels 2-5 for new and established patients, creating one flat rate for levels 2-5. By having a single payment rate, CMS is expecting patient care to improve.

Normally, when documenting for the higher-level codes, physicians use boilerplate language in order to meet billing requirements. There have been concerns that this boilerplate language can be harmful to patients because the clinically important information gets lost within it. Thus, by eliminating the need for nuanced language to distinguish each level, CMS hopes that patients will have more face time with their provider. Furthermore, when patients access their charts, they will be able to clearly understand what the issue is.