Health Care Compliance Letter

Volume 11-16, August 5, 2008

Health Information Technology

Senate pursues IT use to improve health care quality, reduce costs. Panelists at a recent Senate Finance Committee hearing agreed that health information technology can not only help reduce health care costs and improve quality, but also can improve the way the government pays for Medicare services. “Many observers believe that widespread use of [information technology (IT)] would improve health care quality and efficiency,” Senate Finance Committee Chairman Max Baucus (D-Mont.) said at the July 17, 2008, hearing to explore health care reform options. Ranking member Charles Grassley (R-Iowa) noted the systems are expensive to install. “While it's clear that electronic patient records will improve efficient health care, the economics have not proven attractive to doctors.” Grassley added. Project Hope Senior Fellow Gail Wilensky suggested that a federally-funded clinical research center could produce information on comparative clinical effectiveness based on data gleaned from electronic health records. CCH Washington Bureau, July 17, 2008.

HIPAA

Lost or stolen tapes, laptops lead to HHS' first HIPAA Resolution Agreement. HHS has entered into a Resolution Agreement with Seattle-based Providence Health & Services (Providence) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. This is the first time HHS has required a Resolution Agreement from a covered entity. Under the agreement, Providence will pay $100,000 and implement a detailed Corrective Action Plan to ensure that it will appropriately safeguard identifiable electronic patient information against theft or loss. Providence's cooperation with the Office of Civil Rights and CMS allowed HHS to resolve this case without the imposition of civil money penalties. Read the story. HHS Press Release, July 17, 2008.

OCR announces Privacy Rule enforcement results. Since the compliance date of April 14, 2003, HHS' Office of Civil Rights (OCR) has received over 37,223 complaints under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, resolving over eighty percent of these complaints. HHS has investigated and resolved over 6,648 cases by requiring changes in privacy practices and other corrective actions by the covered entities. In another 3,290 cases, HHS investigations found no violation. In the balance of resolved cases, HHS found that the complaint was ineligible for enforcement under the Privacy Rule because: (1) OCR lacked jurisdiction under HIPAA; (2) the complaint was untimely, withdrawn, or not pursued by the filer; or (3) the activity described did not violate the Rule. As of June 30, 2008, OCR has made over 436 referrals to the Department of Justice for criminal investigation involving knowing disclosure or obtaining of protected health information in violation of the HIPAA Privacy Rule and over 250 referrals have been made to CMS for investigation of potential violation of the HIPAA Security Rule. Read the story. HHS Press Release, June 30, 2008.

Experts identify issues encountered when disclosing PHI. The HIPAA Privacy Rule permits the use and disclosure of protected health information (PHI) to treat patients; identify, locate, and notify family members and certain other individuals of a patient's location, general condition or death; obtain the services of disaster relief agencies such as the American Red Cross; carry out public health activities and prevent or lessen serious and imminent threats to health or safety, Chana Feinberg, Health Information Management director at Unity Health System in Rochester, New York explained during a teleconference sponsored by the American Health Information Management Association. Questions regarding the use and disclosure of PHI arise in situations involving adoptions, minor children, psychiatric patients, and cultural issues, according to Aviva Halpert, chief HIPAA officer at Mt. Sinai Medical Center in New York City. CCH Washington Bureau, July 9, 2008.

Privacy Rule has negative impact on biomedical research. The HIPAA Privacy Rule is causing a negative impact on the advance of biomedical research and the search for treatments, according to a report by the Association of Academic Health Centers (AAHC) entitled “HIPAA Creating Barriers to Research and Discovery.” The AAHC report describes the unintended, disruptive consequences of the privacy rule, including confusion for patients, misinterpretation by research participants, barriers to patient recruitment, and burdensome administrative procedures that increase research costs. Read the story. AAHC Press Release, June 16, 2008.

Employment

House amendment expands ADA reach. By a 402-17 vote on June 25, 2008, the House of Representatives overwhelmingly passed the “ADA Amendment Act” (H.R. 3195), which clarifies the definition of disability and could potentially grant millions of workers protections under the Americans with Disabilities Act (ADA). Lawmakers say the bill, supported by a broad coalition of employer groups and disability rights advocates, is necessary to reverse a series of Supreme Court decisions that have narrowed the definition of who is covered under the Act. The legislation clarifies the definition of “disability,” containing a nonexhaustive list of examples of what it means to be substantially limited in a major life activity. The bill defines “substantially limits” as “materially restricts,” rather than the Supreme Court’s more restrictive interpretation. CCH Washington Bureau, June 25, 2008.

Ethics

PhRMA code on interactions with health professionals revised. Reflecting the continuing commitment of America’s pharmaceutical research and biotechnology companies to pursue policies and practices that best serve the needs of patients and the healthcare community, the Pharmaceutical Research and Manufacturers of America (PhRMA) Board of Directors has adopted measures to enhance the PhRMA Code on Interactions with Healthcare Professionals. The newly revised PhRMA Code, which builds on improvements made in the previous 2002 version, is part of an ongoing effort to ensure that pharmaceutical marketing practices comply with the highest ethical standards. Read the story. PhRMA press release, July 10, 2008.

On the Front Lines

An Analysis of the New Schedule H (IRS Form 990) and Proposed Instructions--Are Hospitals Ready for Increased Disclosures? Part II by Albert Y. Lin, LLM, CPA, Health Care Compliance Advisory Board Member

To prepare the compliance officer for increased disclosure requirements in the revised Form 990 (U.S. Return of Exempt Organizations) Part I of this Article introduced the new Schedule H (Hospitals) that tax-exempt hospitals and hospital systems will need to file beginning with the 2008 tax year (with only a part required for 2008 and the full Schedule H to be completed for the 2009 tax year). It focused on the detailed charity care and community "cost" reporting requirements, and guides the compliance officer through a discussion of the Schedule H itself and the accompanying Draft Instructions and Worksheets. Part II of this article covers the remainder of Schedule H, which includes reporting of bad debt, Medicare information, and collection practices, as well as management company, joint venture, and facility disclosures.

Health care compliance: Volume 11- 17, August 19, 2008

Anti-kickback/Physician Self-referral

CMS finalizes several changes in Stark regulations. CMS has finalized several Stark regulation revisions that have been proposed in different rules over the last year, as part of the fiscal year (FY) 2009 inpatient hospital prospective payment system (IPPS) update. The final rule is scheduled to publish in the Federal Register on August 19, 2008. CMS is expanding the definition of "physician-owned" hospital to include hospitals in which an immediate family member of a physician has an ownership or investment interest. Physician-owned hospitals that currently have no referring physicians on staff, however, will be exempt from the requirement to disclose to patients that it is physician-owned. CCH Chicago Bureau, Aug. 8, 2008.

Fraud and Abuse

Six state false claims acts fall short of DRA requirements. The Office of Inspector General (OIG) issued letters to state officials in Florida, Louisiana, Michigan, New Hampshire, New Mexico and Oklahoma notifying them that their false claims statutes failed to satisfy the requirements of the federal Deficit Reduction Act of 2005 (DRA). Statutes submitted for review by California, Georgia, Indiana and Rhode Island, however, did satisfy the DRA’s requirements, making those states eligible for a 10-percent increase in their share of Medicaid false claim recoveries. OIG Review Letters, July 24, 2008. Read the story.

DOJ announces settlement with Cox Medical Centers. The U.S. Attorney for the Western District of Missouri has entered into a $60 million settlement with the Lester E. Cox Medical Centers to resolve allegations of violations of the physician self-referral prohibition, the anti-kickback statute, and the False Claims Act (FCA). The allegations include: (1) Cox entered into prohibited financial arrangements with a physician group to induce physicians to refer patients to Cox, in violation of the Stark law and the anti-kickback statute; (2) Cox submitted Medicare cost reports that employed an improper method of reporting its medical clinics' overhead that resulted in fraudulent claims for nonreimbursable clinic costs; and (3) through entities controlled by Cox, Cox improperly billed for end stage renal disease treatments provided to patients in violation of the FCA. The settlement amount, which is considerably less than the alleged improper Medicare payments, took into account Cox's ability to pay and to continue providing medical care to the community. DOJ News Release, July 22, 2008.

Tax-Exempt Organizations

IRS releases updated Form 990 instructions. Updated draft instructions for new Form 990, Return of Organization Exempt from Income Tax, are expected to be posted on the IRS website August 15, 2008.The 2008 Form 990 consists of an 11-page core form and 16 schedules. Many of the schedules are new, including: activities outside the U.S., hospitals, tax-exempt bonds, and noncash contributions. Others contain revisions and expansions of existing reporting concerning public charity status and public support, lobbying and political activities, fund-raising and gaming, compensation, transactions with insiders, and related organizations. The 2008 Form 990 was released without instructions. When the IRS issued draft instructions in April 2008, it identified some common problems with the old instructions. These included no glossary of key terms, unclear definitions, and insufficient guidance in key areas, such as the reporting of activities of disregarded entities and joint ventures owned by the filing organization. The IRS also reported that filers requested more examples in the instructions. The comment period for the draft instructions ended on June 1, 2008. CCH Washington Bureau, Aug. 6, 2008.

HIPAA

Information security breaches growing in health care. Security breaches in the health care industry have become more widespread and are affecting all segments of the industry, including health insurers, hospitals, pharmacies, physicians and vendors. During an American Bar Association teleconference, attorney Melissa Markey, of Hall, Render, Killian, Heath and Lyman, noted that according to the Identity Theft Resource Center, in the first half of 2008, there were 56 reported breaches of health care information that exposed almost three million records, amounting to nearly 15 percent of all reported data breaches. Read the story. CCH Washington Bureau, July 31, 2008.

On the Front Lines

Understanding compliance legal standards in the HIPAA Security Rule, Part I by John E. Steiner Jr., Esq., Health Care Compliance Advisory Board Member and Brittany Eberle

Effective compliance programs should include a Health Insurance Portability and Accountability Act compliance component that encompasses the Privacy Rule as well as the Security Rule. The Privacy Rule addresses what information is protected and how protected health information (PHI) may be used or disclosed. The Security Rule, which went into effect for most covered entities in April 2005, focuses on what a "covered entity" should implement to protect electronic-PHI (ePHI) that is "created, received, maintained or transmitted" by a covered entity. Given current capabilities to electronically store and transmit massive amounts of ePHI and the federal government's desire to move toward a national system of digital medical recordkeeping, there is a high priority for the protection of ePHI. Read Part 1 of this article.

Journal of Health Care Compliance

The September/October 2008 issue of the Journal of Health Care Compliance will mail to subscribers on September 15, 2008, and will become available electronically on September 15, 2008. This issue of the Journal included the following articles:

Columns

From the Editor—Roy Snell

New Opportunities for Social Networking Are on the Horizon for Compliance Professionals

Compliance Officer—Deann M. Baker

Designing and Implementing Ethics into the Fabric of Your Compliance Program

Electronic Resources—Catherine M. Boerner

Aging Population Means More Focus on Nursing Home Compliance Programs

HIPAA—Bob Brown

Research and the Privacy Rule: The Chill Is On

Best Practice—Julene Brown

Establishing a Contract Upfront Can Help Further a New Initiative

QIO—Harry M. Feder and Linda Sion

Medicare Beneficiaries Respond to Quality of Care Complaint Outreach

Health Information Management—Beth Hjort

Quality Health Care: Can Health Information Be Both Available and Private?

Compliance and Quality—D. Scott Jones and Lt. Col. Paul N. Bird, Jr.

Are Compliance Officers Leading the Way When It Comes to Quality?

Risk Management—Reba L. Kieke

Overcoming Global Compliance Management Challenges

Anti-Kickback Statute—Richard Kusserow

Understanding the Complexities of Subsidy Payments for Hospitals

Corporate Culture—Frank Sheeder

Compliance and Country Music Help Organizations Dance the Compliance Two Step

Coding and Billing—Melinda S. Stegman

Source of Admission: An Often Overlooked but Important Billing Field

Settlements—Gadi Weinreich and Ramy Fayed

The Memorial Health Settlement: Good Law or Bad Lore?

Lab—Christopher Young

Retired LCDs: A New Problem for Clinical Laboratories

Features

Jennifer M. O’Brien, Andrew B. Wachler, and Jessica L. Gustafson

Recovery Audit Contractors and Medicare Audits: Successful Strategies for Preparing for and Defending Audits

Sara Kay Wheeler and Tizgel High

Understanding the Golden Carrot: Voluntary Disclosure Strategies after the April 15, 2008, OIG Open Letter

Paul R. DeMuro and Andrea Jaeger-Lenz

How to Conduct Clinical Trials in the EU and Eastern Europe: Overview and Comparison with the U.S. System

For the Record

Roy Snell

A Nurse’s Perspective on Long-Term Care Compliance

Health Care Compliance Professional’s Manual

 

The Health Care Compliance Professional’s Manual is updated quarterly. The September quarterly update of the Manual mailed to subscribers on September 9, 2008, and will become available electronically September 12, 2008. Report 17 included the following updates:

 

Revised Chapter on Compliance and Governance for Health Care Organizations written by Gabe L. Imerato, Esq.

Updated Chapter on Health Care Fraud and Abuse Laws edited by Patricia Meador, Esq.

Revisions to various chapters to reflect the provisions of the Office of Inspector General April 2008 Letter to Providers on self-disclosure by Gabe L. Imperato, Esq.

L>

¶10,170 Self Disclosure Protocol in the Chapter on Government Enforcement Trends,

¶30,130 Responding to Self-Discovered Instances of Noncompliance in the Chapter on Overview of the Office of Inspector General, and

¶51,362 and ¶51,363 in the Chapter on Voluntary Disclosure: The Benefits, Procedures, and Cautions to Consider.

HIPAA Compliance PortfolioHIPAA Privacy Guide

The next quarterly update of the HIPAA Privacy Guide will mail to subscribers on September 17, 2008, and will become available electronically September 22, 2008.

HIPAA Security Guide

The quarterly update of the CCH HIPAA Security Guide mailed to subscribers October 20, 2008, and will be available electronically October 15, 2008.

 

Average: Select ratingCancel ratingPoorOkayGoodGreatAwesome

Your rating: None Average: 3 (3 votes)