Health Law Update

Health Law Update

Business Associates in the Crosshairs: Catholic Health Care Services Settles for $650,000 for Failure to Safeguard PHI

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS provides management and information technology services as a business associate to six nursing homes. The OCR settlement follows a finding that CHCS violated the HIPAA Security Rule, which requires business associates to conduct enterprise-wide security risk analyses and to prepare corresponding risk management plans.



Nationwide Preliminary Injunction Bars Implementation of Department of Labor’s “Persuader Rule”

On June 27, a federal court in Texas enjoined the United States Department of Labor (“DOL”) from implementing its new interpretation of the “Persuader Rule.” In a sweeping 86-page rebuff to the DOL, the court opined that the DOL’s new interpretation of the “Advice Exemption in Section 203(c) of the Labor-Management Reporting and Disclosure Act” (“New Rule”) is “defective to its core” and thus preliminarily enjoined implementation of the New Rule nationwide. This decision is critically important to employers because it preserves their right to confidential legal representation, without government interference. Prior to this decision, the DOL’s New Rule and its significant reporting obligations were set to take effect on July 1, 2016.


Practice Fusion Settles With FTC for Deceptive Practices in Posting Consumer-Generated PHI

I would like to make an appointment for my back pain and possible shingles. Can you please call me @ [phone number]. Thank you! [patient name]” – Patient Review, December 31, 2012

The Federal Trade Commission (FTC) and cloud-based electronic health record company Practice Fusion, Inc. (Practice Fusion), recently agreed to a proposed settlement to resolve allegations that the company engaged in deceptive practices in soliciting and handling consumer-generated health information over a 12-month period. According to the FTC complaint, Practice Fusion operated a service for healthcare providers that allowed patients to make and track appointments, access their electronic health records, and directly communicate with providers via a secure web portal. As part of a plan to offer a public directory of physicians, accompanied by patient reviews, Practice Fusion e-mailed patients post-visit satisfaction surveys that appeared to have come directly from the provider. Believing that the surveys were a private communication with the provider, patients submitted hundreds of responses with their names, phone numbers and personal health information. Continue Reading

OCR Clarifies “Reasonable, Cost-Based” Fee Calculations for Access to Medical Records

The HHS Office for Civil Rights (OCR) recently issued guidance that clarifies open questions for covered entities on how to charge for copies of personal health information requested by patients and members, regardless of state laws.


No Longer Implied: Supreme Court Expressly Recognizes Implied Certification as a Theory of Liability Under the False Claims Act

supreme court iStock_000000865139_LargeCourt Rejects the First Circuit’s “Expansive View” of the Theory by Articulating “Rigorous” Standards of Materiality

Yesterday, the U.S. Supreme Court issued a long-anticipated decision on the viability of the “implied certification” theory of liability under the False Claims Act (FCA). In Universal Health Services, Inc. v. United States ex rel. Escobar, a unanimous Court affirmed the viability of the implied certification theory, which had been split among the circuit courts. Implied certification is a judicially created theory under the FCA that establishes liability for a contractor or provider, who although delivered or performed the materials or services claimed, violated a contract, statute or regulation as a condition of payment even though the provider or contractor did not expressly certify compliance with the contract, statute or regulation as a condition of payment. In a move certain to spur further litigation, however, the Court may have softened that blow by restricting the theory’s reach in establishing a more “rigorous” and “demanding” materiality standard. Read more >>

Vermont to Require Drug Transparency

Vermont recently became the first state to require drug manufacturers to provide justification for price increases. Under the new law, data on the cost of the drug will come from the state Medicaid program. The Department of Vermont Health Access (DVHA) and the Green Mountain Care Board (GMCB) will work together to create a yearly list of 15 drugs whose prices have increased by 50 percent or more over the past five years or by 15 percent or more over the past 12 months for the state’s Medicaid program. The DVHA is responsible for the management of Vermont’s publicly-funded health insurance programs, while the GMCB is an independent group created by the Vermont Legislature tasked with ensuring that changes in the health system improve quality while stabilizing costs. Continue Reading

The Future of Provider-Based Status Post-BBA 2015

Examining Possible Congressional Relief and CMS Guidance

This month, hospitals impacted by Section 603 of the Bipartisan Budget Act of 2015 (BBA) may finally get a glimpse of what the future holds for the off-campus departments they operated or were developing when the BBA was enacted on November 2, 2015. Section 603 introduced site neutrality for new off-campus outpatient departments, eliminating the payment differential between provider-based and freestanding locations. The BBA left open many important questions that hospitals need answered to make financial and operational decisions.

On June 7, the U.S. House of Representatives passed H.R. 5273, the Helping Hospitals Improve Patient Care Act, which, among its many provisions, included potential relief for cancer hospitals and hospitals that can certify a new off-campus outpatient department was in “mid-build” when the BBA was enacted. Guidance addressing implementation of the site-neutral reimbursement policy is promised by the Centers for Medicare & Medicaid Services (CMS) in the annual Outpatient Prospective Payment System (OPPS) rulemaking, expected later this month. Continue Reading

Deeper Dive: Integrating Physician Practices into a Health System’s HIPAA Privacy and Security Program

BH16067_DataSecurity_DataRisk_800-300x208The health system needs to understand its IT capabilities and operating competencies and develop the required infrastructure to support clinical integration of the physician practices

The healthcare industry shift to a value-based business model is resulting in greater alignment between hospitals and physicians to provide quality, outcomes driven care in order to receive payment for health care services. Prior to implementation of the Affordable Care Act, physicians more often were independent practitioners who held medical staff privileges to care for patients at the hospital.  The pressure for health systems to develop clinically integrated networks and accountable care organizations, and the financial constraints placed on physician practices, necessitate alignment with physician practices and integrating them into the health system.

Improving alignment between hospitals and physicians is essential to change the way care is delivered. Properly structured, these alignments seek to reduce costs and duplication of services, improve the quality of patient care delivered, and improve patient satisfaction.  The health system’s IT infrastructure, data sharing, and data analytics are key to a successful integration. Continue Reading

Does the Medical-School-to-Prison Pipeline Widen in Middle Age?

Doctor with stethoscope in handcuffs isolated on whiteThe trend of holding physicians personally responsible for healthcare crimes has continued unabated over the past year. As noted in a previous article, physicians are particularly attractive targets for federal prosecutors due to the “special skill” and “abuse of trust” sentencing enhancements found in the U.S. Sentencing Commission Guidelines. While measuring physician participation in illegal activity is difficult, a review of U.S. Department of Justice (DOJ) press releases and select state prosecutions over a 12-month period shows that healthcare fraud appears to be the most popular charge. Common healthcare fraud violations committed by physicians involved lab schemes, medically-unnecessary services, false statements, fraudulent billing, patient-related offenses, kickbacks and bribes, and prescription drug schemes.

The following summarizes common violations of the law by physicians charged or convicted during the past year. Continue Reading