Data Breach at Colorado Hospital Highlights IT Security Risks

Lance Leider headshotBy Lance O. Leider, J.D., The Health Law Firm

A small rural hospital in Glenwood Springs, Colorado, has identified a virus on its computer network that had captured and stored screen shots of protected health information in a hidden file system. The hidden folder was created on Sept. 23, 2013, but was not discovered until Jan. 23, 2014. The breach identified at least 5,400 individual patients whose information was compromised.

According to Healthcare IT News, among the stolen data was patient names, addresses, dates of birth, telephone numbers, Social Security numbers, credit card information, and admission and discharge dates.

Hospital officials have been unable to determine how the virus was loaded onto the hospital network, according to Healthcare IT News. Consequently, officials believe that there is “very high” probability that the data had been accessed by an outside entity.

To read the entire article from Healthcare IT News, click here.

Take Steps to Secure Your Network.

Breaches of this kind are not solely confined to hospitals and large providers. In fact, it may be that this hospital was targeted because it was a smaller provider in a rural area with easier access to its systems.

Viruses like the one in question could be loaded onto systems as a result of an outside attack (think hackers) or through inside means like a flash drive or deliberately opening an infected e-mail.

It is imperative that a Health Insurance Portability and Accountability Act (HIPAA) covered entity have an effective cyber security plan. Make sure that you have up-to-date anti-virus software and that your computers are secure from access by unauthorized personnel like cleaning crews or patients and their families. Also, meet with your IT professional to discuss security measures you can put in place such as restricting access and accessibility to certain files or the ability to download programs and applications to essential staff only.

Hacked data represents a growing share of HIPAA breaches. It is imperative that covered entities ensure their compliance with HIPAA to avoid any sanctions by the Office for Civil Rights (OCR). To date, the OCR has collected in excess of $18 million in fines and penalties for failures to secure patient information.

Get a Risk Assessment.

A HIPAA Risk Assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws. Federal regulations require that covered entities have this assessment done. When the OCR auditor comes to visit your office to check for HIPAA compliance, they will ask for your Risk Assessment. Do you have one? Does your staff know who your HIPAA compliance officer is? To learn more on HIPAA risk assessments, click here.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs), please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

Do you think it is likely that this hospital was targeted because it was a smaller provider in a rural area? Do you think a HIPAA risk assessment could have helped this practice avoid a breach? Please leave any thoughtful comments below.

Sources:

Harvey, Nelson. “Hospital Database Hacked, Patient Info Vulnerable.” Aspen Daily News. (March 15, 2014). From: http://www.aspendailynews.com/section/home/161578

McCann, Erin. “Small-Town Hospital Gets Hacked.” Healthcare IT News. (March 17, 2014). From: http://www.healthcareitnews.com/news/small-town-hospital-gets-hacked

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Internal Medicine Specialists Should Be Aware of Impending Medicare Audits

6 Indest-2008-3Coming to a medical practice near you. . . It’s scary, it’s horrible, and it could cost you a lot of money!

It’s the dreaded Comprehensive Error Rate Testing (CERT) audit.

The Horror! The Horror!

First Coast Service Options, the Medicare contractor for Florida, announced a new prepayment audit program that will impact Internal Medicine Specialists. The prepayment program is focused on Initial and Subsequent Hospital Evaluation and Management Services, CPT Codes 99223 and 99233. The program is being launched due to the high CERT error rate associated with these codes.

The audits will start on October 21, 2014.

What is the CERT Program?

CMS created the CERT program to measure the paid claims error rate for Medicare claims submitted to Medicare administrative contractors, carriers, durable medical equipment regional carriers, and Medicare Administrative Contractors (MACs). CMS receives more than two billion claims annually. The CERT program randomly selects approximately 120,000 of these claims for review to determine whether the claims were properly paid.

Statistical samples are selected and the CERT documentation contractor (CDC) submits documentation requests to those providers who submitted affected claims. Once the requested documentation has been received, the information is forwarded to the CERT review contractor (CRC) for review. The CRC will review the claims and supporting documentation to measure compliance with Medicare coverage, coding and billing rules. Click here to read my previous blog on the CERT Program.

How Internal Medicine Specialists Can Avoid CERT Audits.

First Coast is only targeting Internal Medicine Specialists as their data analysis suggests the specialty is the primary contributor to an elevated CERT error rate. Errors are normally cause by insufficient documentation to justify the service.

Healthcare providers designated as Internal Medicine with First Coast Service Options need to pay special attention to this audit program and the documentation requirements for billing 99223 and 99233 codes. If you find yourself or your practice the target of a CERT audit, click here for tips on how to respond.

Our Thoughts on the CERT Program.

In working with the CERT Program, we have been pleasantly surprised when our personal phone calls to the CERT auditors have been answered and actual accurate information provided, as well as letters and documents we provided being promptly acknowledged. Like with any other audit, however, we urge those being audited to seek the advice of an experienced health law attorney who may be able to assist in heading off and avoiding a more serious investigation or a large repayment demand.

Comments?

Have you heard of CERT audits? Has your practice encountered a CERT audit? Please leave any thoughtful comments below.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Florida Doctor Faces Administrative Hearing Over Allegations of Torturing Patient

2 Indest-2009-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

A Lake Worth, Florida, doctor accused of “punishment therapy” that included the use of whips, blindfolds, handcuffs and other instruments of torture could have his license revoked by the Florida Board of Osteopathic Medicine. At the meeting on November 15, 2013, the Board rejected a settlement that the Florida Department of Health (DOH) had negotiated with the doctor’s attorney. The settlement option included a $10,000 fine and two (2) years of probation. The doctor was not arrested or charged with a crime, but admitted to having an unusual and sexual relationship with his patient.

By rejecting the proposed settlement, the Board indicated that it was not satisfied with the agreed upon discipline. Instead , the Board stated that it wanted a revocation of the physician’s license.

The Florida DOH filed an administrative complaint against the doctor in July 2013, alleging inappropriate sexual conduct with a patient.

Click here to read the complete administrative complaint made against the physician.

According to the doctor’s attorney, it appears the case will head to an administrative hearing.

Punishment Therapy Allegedly Used to Help Patient’s Depression.

According to the Sun Sentinel, the doctor’s relationship with his patient was first reported in 2011. The patient told investigators that the doctor allegedly used “punishment therapy” on her to help her remedy depression. She reportedly told detectives she did not like the “therapy” which would usually take place in the doctor’s office after normal business hours. The patient claims she was repeatedly choked, whipped and tied up in a closet, according to the Sun Sentinel. The patient also alleges she never paid money for these sessions, but the doctor would give her free samples of medication.

The doctor alleges that he and his patient had a consensual sexual relationship that began after she was no longer a patient. However, according to the Sun Sentinel, investigators found evidence that the doctor prescribed medicine to the patient while they were in engaging in the “torture therapy” sessions.

Click here to read the Sun Sentinel article.

What Florida Law Says About Sexual Relationships Between Health Care Providers and Patients.

Sexual misconduct in the practice of health care is considered to be a violation of the doctor-patient relationship. This violation is grounds for discipline. The Board takes it seriously and can impose discipline up to and including revocation.

Florida law bans doctors and other health care providers from turning their patients into sexual partners because it is considered an abuse of power. Also, patients are presumed to be incapable of giving consent to a relationship with a health care provider.

To watch a short video on why a patient cannot consent to a sexual relationship with a health care provider, click here.

Don’t Wait Too Late; Consult with an Experienced Health Law Attorney.

Do not wait until action has been taken against you to consult with an experienced attorney in these matters. Few cases are won on appeal. It is much easier to win your case when there is proper time to prepare and you have requested a formal hearing so that you may actually dispute the facts being alleged against you.

The lawyers of The Health Law Firm are experienced in both formal and informal administrative hearings and in representing physicians in investigations and at Board of Medicine and Board of Osteopathic Medicine hearings. We represent physicians accused of wrongdoing, in patient complaints and in Department of Health investigations. Call now or visit our website www.TheHealthLawFirm.com.

Comments?

Do you think this physician should have his license revoked? Do you think the settlement agreement would have been a sufficient punishment? Please leave any thoughtful comments below.

Sources:

Gentry, Carol. “Doctor Accused of Torturing Patient.” Health News Florida. (November 15, 2013). From: http://health.wusf.usf.edu/post/doctor-accused-torturing-patient

Department of Health v. David Simon, D.O. Case Number 2012-00680. Administrative Complaint. July 11, 2013. From: http://ww2.doh.state.fl.us/DocServiceMngr/displayDocument.aspx

Clarkson, Brett. “Doctor Used Whips, Choked Female Patient in ‘Punishment Therapy,’ Deputies Say.” Sun Sentinel. (November 20, 2013). From: http://www.sun-sentinel.com/news/palm-beach/fl-lake-worth-kinky-doctor-20131120,0,3297599.story

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Florida Supreme Court Overturns Medical Malpractice Caps

6 Indest-2008-3By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Florida’s Supreme Court ruled 5-to-2 in favor of invalidating medical malpractice caps on non-economic damages. The initial legislation was put into place in 2003 by the Florida Legislature due to an alleged medical malpractice crisis. The caps limited payments to patients for non-economic damages at $500,000 in most malpractice cases and $1 million in cases involving deaths. However, on March 13, 2014, the Supreme Court concluded that the cap on wrongful death non-economic damages violates the state Constitution’s equal protection clause.

This decision by Florida’s highest court makes Florida the seventh state to make such a ruling that such limitations are unconstitutional. There are 35 states that currently have some type of cap on medical malpractice awards.

This decision stirs up harsh criticism from doctors, and praise from trial attorneys.

History of the Caps on Medical Malpractice Lawsuits.

The damages caps were initiated in 2003 by former Governor Jeb Bush, backed by doctors, hospitals and insurance companies. Supporters argued that reforms were needed to curb the outbreak of medical malpractice costs. The caps were also initiated in an effort to lower the cost of malpractice insurance rates and to keep doctors from moving out of the state. According to Health News Florida with the caps, the number of medical malpractice lawsuits fell, which was interpreted as a sign that the caps discouraged trivial lawsuits. To read the entire article from Health News Florida, click here.

Harsh Words from Florida Medical Association.

The Florida Medical Association (FMA) President Alan Harmon, M.D., wasted no time in releasing a statement of discontent. In a press release Dr. Harmon stated, “The FMA is extremely disappointed in the Supreme Court’s decision. This decision imperils our considerable efforts to make Florida the best state in the nation for physicians to practice medicine and for patients to receive care.”

Dr. Harmon mentions that without caps to help regulate out-of-control litigation, many physicians may move out of the state, and few out-of-state physicians will look to locate to Florida.

To read the full press release from Dr. Harmon, click here.

What This Means for Health Care Professionals.

Now that medical malpractice caps are gone, trial lawyers will be refocusing on lawsuits. Health care professionals need to carefully evaluate each patient before treatment begins, even consulting with specialists when necessary. Detailed documentation is also important. Make sure everything is properly charted in the patient’s medical record. As a health care professional, its important to have an open line of communication with your patient, so that he or she knows and understands his or her medical treatment.

Get Professional Liability Insurance Now.

It is now more important than ever to have good professional liability insurance. The truth of the matter is that all health care professionals should protect themselves by obtaining a personal professional liability insurance policy. A good policy will provide medical malpractice and, very importantly, licensure protection coverage. The cost on these policies varies, but it is generally quite affordable, often costing little more that $10 to $15 a month. If you do not already have it, call Healthcare Providers Service Organization (HPSO), Lloyd’s of London, CPH & Associates Insurance, or another insurance company to discuss obtaining professional liability insurance.

Contact Health Law Attorneys Experienced in Representing Health Care Professionals and Providers.

Our firm regularly represents physicians, dentists, nurse practitioners, pharmacists, massage therapists, mental health counselors, registered nurses (RNs), assisted living facilities (ALFs), home health agencies (HHAs), nurse practitioners, lab technicians, occupational therapists, physical therapists (PTs), social workers, physician assistants, psychologists and other health professionals in many different legal matters.
Services we provide include representation before your professional board in Department of Health investigations, in administrative hearings, in civil litigation, in defense of malpractice claims, in professional licensing matters, in defense of allegations concerning HIPAA privacy violations and medical record breaches, in Drug Enforcement Administration (DEA) actions, and in many other matters.

In cases in which the health care professional has professional liability insurance or general liability insurance which provides coverage for such matters, we will seek to obtain coverage by your insurance company and will attempt to have your legal fees and expenses covered by your insurance company. If allowed, we will agree to take an assignment of your insurance policy proceeds in order to be able to submit our bills directly to your insurance company.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

As a health care provider, how do you feel about the malpractice caps being thrown out? Will it make you think twice about taking certain cases or treating certain patients? Please leave any thoughtful comments below.

Sources:

Gentry, Carol. “FL Malpractice Caps Thrown Out.” Health News Florida. (March 14, 2014). From: http://health.wusf.usf.edu/post/fl-malpractice-caps-thrown-out

Klas, Mary Ellen. “Florida Supreme Court Tosses Out Medical Malpractice Cap on Damages.” Tampa Bay Times. (March 13, 2014). From: http://www.tampabay.com/news/politics/florida-supreme-court-tosses-out-medical-malpractice-cap-on-damages/2170030

VanSickle, Erin. “Supreme Court Invalidates Medical Liability Caps.” Florida Medical Association. (March 13, 2014). From: http://www.flmedical.org/Supreme_Court_invalidates_caps.aspx

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

CMS Extends Waivers under the ACO Shared Savings Program

Lance Leider headshotBy Lance O. Leider, J.D., The Health Law Firm

On November 2, 2011, the Centers for Medicare and Medicaid Services (CMS) promulgated the interim final rule on fraud and abuse waivers for Accountable Care Organizations (ACOs) participating in the Medicare Shared Savings Program. The interim rule can be found at 76 Fed. Reg. 67801. The waiver was granted pursuant to the agency’s authority under the Affordable Care Act, specifically, 42 U.S.C. § 1899(f).

You can read our prior blog postings on the ACO waiver programs here.

Normally, interim final rules are only permitted to remain in effect for a maximum of three years (see 69 Fed. Reg. 78422). CMS regulations require the agency to publish a final rule within three years of a proposed or interim final rule. As the interim final rule is set to expire on November 2, 2014, the agency took advantage of the procedure that allows it to extend the life of the rule for an additional year by publishing a notice explaining the reasons why the regular timeline was not met.

Explanation for the Extension.

CMS stated that it is in the process of preparing a final rule, and allowing the interim final rule to expire would create a great deal of legal uncertainty for ACOs currently participating in the Shared Savings Program. According to CMS, this uncertainty has the potential to disrupt ongoing ACO business, plans, and operations.

Ultimately, CMS has learned through the course of its operation of the Shared Savings Program that certain modifications to the program are necessary. Although these modifications are not yet defined completely, CMS nevertheless believed the prudent course of action was to maintain the status quo during the rule making process.

Check back with us for updates on the process and any further information as the final rule is developed.

Comments?

Have you considered joining an ACO? Why or why not? Please leave any thoughtful comments below.

Contact Health Law Attorneys Experienced With Healthcare Business Practices.

The Health Law Firm routinely represents physician groups and practices with issues involving establishing, licensing, selling, merging, and intergroup affiliation. If you are considering establishing an ACO or have been approached to become a participant in one, you can contact The Health Law Firm at (407) 331-6620 or (850) 439-1001 or you can visit our website at www.TheHealthLawFirm.com.

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Copying and Pasting Clinical Notes in Electronic Health Records Could Be Considered Healthcare Fraud

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) is concerned about healthcare providers carelessly copying and pasting clinical notes in electronic health records (EHRs). According to an audit report released on December 10, 2013, copying and pasting in EHRs can lead to fraudulently duplicated clinical notes, which can be considered healthcare fraud. This practice is allegedly widespread across medicine, according to a Modern Healthcare article. Federal officials say there is a need to crackdown on this behavior.

Click here to read the entire audit report from the HHS OIG.

This is the first of two reports on fraud and vulnerabilities in EHR systems. The second report from the OIG will be on weaknesses in how the Centers for Medicare and Medicaid Services’ (CMS) payment contractors monitor for fraud in EHRs. This report is scheduled to be published soon.

Report Looks at Hospital Policies Regarding Copy-and-Paste Features.

The audit report studied 864 hospitals that had received subsidies for EHR systems as of March 2012. Out of those hospitals, only twenty-four percent (24%) had any policy regarding the improper use of copying-and-pasting in EHRs. The report concluded that too few hospitals actually have policies defining the proper use of copy and paste in EHRs.

According to Modern Healthcare, adoption of EHR systems has coincided with a rapid rise in higher-cost Medicare claims. This has led to officials looking into whether EHRs are enabling illegal upcoding. Officials say that EHR features such as copy and paste make it too easy to bill for work that wasn’t actually performed and help increase reimbursements, according to Modern Healthcare. Click here to read the entire article from Modern Healthcare.

In the report the HHS OIG recommends that the CMS strengthen its efforts to develop a comprehensive plan to address fraud vulnerabilities in EHRs. It was also suggested that CMS develop guidance on the use of the copy-paste feature in EHR technology.

Tips to Help Avoid Copy-and-Paste Errors.

Tools commonly available in EHRs that allow physicians to copy and paste patient information should be used with extreme care, according to an article on American Medical News. The article offers health care providers some guidelines to help avoid errors related to copying and pasting.

– Avoid copying and pasting of text from another person’s notes.

– Avoid repetitive copying and pasting of laboratory results and radiology reports.

– Note important results with proper context, and document any resulting actions. Avoid wholesale inclusion of information readily available elsewhere in the EHR because that creates clutter and may adversely affect note readability.

– Review and update as appropriate any shared information found elsewhere in the electronic record (e.g., problems, allergies, medications) that is included in a note.

– Include previous history critical to longitudinal care in the outpatient setting, as long as it is always reviewed and updated. Copying and pasting other elements of the history, physical examination or formulations is risky, as errors in editing may jeopardize the credibility of the entire note.

Click here to read the entire article from American Medical News.

What This Means for Healthcare Providers Using EHRs.

The practice of copying and pasting previous information without checking can be considered careless and potentially dangerous to patients. It can be problematic when there are multiple teams taking care of one patient and using the chart to communicate. The right way is to make sure everything in the note you sign accurately reflects what happened on your shift.

In the report the HHS OIG stated that copy-and-paste features in EHRs will be under additional scrutiny. By knowing where the enforcement focus will be, providers can attempt to avoid copy-and-paste practices that are likely to lead to audits. Additionally, providers can beef up compliance efforts and policies.

Contact Health Law Attorneys Experienced in Handling Medicare and Medicaid Audits, Investigations and other Legal Proceedings.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

Don’t wait until it’s too late. If you are concerned of any possible violations and would like a consultation, contact a qualified health attorney familiar with medical billing and audits today. To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

In your practice do you use an EHR system? Have you had any issues with copying and pasting clinical notes? Does your practice have a copy-and-paste policy? Please leave any thoughtful comments below.|

Sources:

Carlson, Joe. “Fed Eye Crackdown on Cut-and-Paste EHR Fraud.” Modern Healthcare. (December 10, 2013). From: http://www.modernhealthcare.com/article/20131210/NEWS/312109965/cut-and-paste-function-can-invite-ehr-fraud-officials-say

O’Reilly, Kevin. “EHRs: ‘Sloppy and Paste’ Endures Despite Patient Safety Risk.” American Medical News. (February 4, 2013). From: http://www.amednews.com/article/20130204/profession/130209993/2/

Levinson, Daniel R. “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology.” Department of Health and Humans Services Office of Inspector General. (December 2013). From: http://www.modernhealthcare.com/assets/pdf/CH92135129.PDF

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Duke University Health System Pays $1 Million to Settle Allegations of False Claims in Whistleblower Lawsuit

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On March 21, 2014, Duke University Health System in Raleigh, North Carolina, settled a whistleblower/qui tam lawsuit, according to the Department of Justice (DOJ). The lawsuit, filed in 2012, stated that the three-hospital academic medical center is alleged to have fraudulently inflated its Medicare bills by unbundling a number of cardiac services and billing for physician assistants’ (PAs) time illegally. Duke University Health System agreed to pay $1 million to resolve these allegations.

Click here to read the press release from the DOJ.

Duke University Health System Accused of Submitting False Claims to Federal Health Care Programs.

According to the complaint, the lawsuit was originally filed by a former health care bill coder and quality-control auditor for Duke’s revenue-cycle subsidiary, Duke Patient Revenue Management Organization. The former employee accused Duke University Health System of allegedly making false claims to Medicare, Medicaid and TRICARE by billing the government for services provided by PAs during coronary artery bypass surgeries when the PAs were acting as surgical assistants, which is not allowed. The whistleblower also alleged the medical center increased billing by unbundling claims when the unbundling was not appropriate. These unbundled claims were associated with cardiac and anesthesia services, according to the complaint.

To read the whistleblower’s complaint filed in December of 2012, click here.

According to the DOJ, the claims resolved by the settlement are allegations only, and there has been no determination of liability.

Whistleblowers Who Report Fraud and False Claims Against the Government Are Usually Employees.

Doctors, nurses or staff employees working for hospitals, nursing homes, medical groups, home health agencies or others, often become aware of questionable activities. They are sometimes even asked to participate in it. In many cases the activity may amount to health care fraud.

It does not matter who you are. You may even be actively involved in the wrongdoing. This does not disqualify you from reporting the false claims activity or receiving a reward for doing so. In order to encourage employees with knowledge of fraudulent activity to come forward, the government will usually not seek to prosecute or punish that person in any way.

Normally the government will want to see some actual documentation of the claims submitted by the hospital or other institution. Usually physicians, nurses or staff employees have access to such documentation. Whistleblowers are urged to come forward as soon as possible. In many circumstances, documentation that shows the fraud “disappears” or cannot be located once it is known that a company is under investigation.

Of course, the larger the amount of money the government has been defrauded the more likely it will be that the government will be interested in pursuing the case and the larger the reward the whistleblower will receive if there is a recovery.

To read more on whistleblower cases, read my previous blogs. Click here for part one, and click here for part two.

Contact Health Law Attorneys Experienced with Qui Tam or Whistleblower Cases.

Attorneys with The Health Law Firm also represent health care professionals and health facilities in qui tam or whistleblower cases both in defending such claims and in bringing such claims. We have developed relationships with recognized experts in health care accounting, health care financing, utilization review, medical review, filling, coding, and other services that assist us in such matters. We have represented doctors, nurses and others as relators in bringing qui tam or whistleblower cases, as well.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

What do you think of this settlement? Do you think whistleblower lawsuits are becoming more common? Please leave any thoughtful comments below.

Sources:

Carlson, Joe. “Duke Pays $1 Million to Settle Whistle-Blower Case.” Modern Healthcare. (March 25, 2014). From: http://bit.ly/1g3W7yw

Department of Justice. “Duke University Health System, Inc. Agrees to Pay $1 Million For Alleged False Claims Submitted to Federal Health Care Programs.” Department of Justice. (March 21, 2014). From: http://www.justice.gov/usao/nce/press/2014/2014-mar-21.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Don’t Ring in the New Year with a HIPAA Audit – Safeguard Yourself Now

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Here’s a scary reminder: There are people attempting to hack into electronic health systems every second of every day. Thankfully, most of these attempts are unsuccessful due to the preventive technologies in place to safeguard such information. However, electronic data will never be 100 percent secure.

Electronic health records promised was intended to be a tool for doctors to share patient data, reduce prescription drug errors, and allow patients convenient access to their records. However, since the transition to digital medical records, there have been concerns from patients about privacy, security and identity theft.

Recently, the Office for Civil Rights (OCR) announced that the agency will ramp up its Health Insurance Portability and Accountability Act (HIPAA) privacy and security audit program in 2015 for covered entities and business associates. These audits will focus on device encryptions, media controls, data transmission security protocols, and staff training on HIPAA policies and procedures.

Now is the time to ensure compliance.

Real World Privacy Breaches Happen All the Time.

On December 2, 2014, OCR and Anchorage Community Mental Health Services, Inc. (ACMHS), settled alleged violations of the HIPAA Security Rule. OCR started an investigation into ACMHS’s compliance with HIPAA after receiving a notification about a breach of unsecured electronic patient information affecting 2,743 individuals. The breach resulted from malware that compromised ACMHS’s information technology resources. According to the settlement, ACMHS must pay a $150,000 fine and enter into a resolution agreement and corrective action plan (CAP).

In November 2014, Beth Israel Deaconess Medical Center in Massachusetts agreed to a $100,000 settlement after a physician’s laptop was stolen from the hospital. The computer was not issued by the hospital and had not been encrypted in accordance with the hospital’s policies. However, the hospital was aware that the physician used the device. The laptop contained the health information and personal information, including Social Security numbers, of nearly 4,000 individuals. It’s alleged the hospital took three months to notify affected patients about the breach, which is a violation of HIPAA. (HIPAA requires such notifications to take place within 60 days.)

Tips to Protect Yourself and Your Business.

Again, the HIPAA audit program will be resuming after the first of the year. Accordingly, hundreds of covered entities and business associates will be receiving inquiries that could lead to an onsite audit. The audit requirements will be very difficult for organizations that have not planned in advance. Here are three easy-to-implement steps to prepare your practice.

1. Review the latest HIPAA policies and procedures. Make sure your office is meeting the latest privacy and security criteria. Identify gaps, update documents, and retrain staff on HIPAA policies and procedures. Don’t forget to document your educational efforts. Click here for a link to the latest policies and procedures.

2. Contact your business associates. Ask each of them to provide your practice with an updated Business Associate Agreement and list of all subcontractors they use. For business associates, the 2015 HIPAA audits will focus on risk analysis, risk management and updated policies and procedures for breach notification.

3. Have a risk assessment performed on your practice. To learn more about risk assessments, click here for a previous blog.

Also, a violation of the HIPAA privacy and security provisions does carry civil and criminal penalties. Anyone who is a health care professional or facility, should be aware of these legal provisions. Click here to read my previous blog.

HIPAA is Not One Size Fits All.

Protecting patient data is not a one-size-fits-all method, meaning that security measures and access to electronic records should not necessarily be uniform. There needs to be processes and check points in place at practices to ensure that the electronic health record system and its many users consistently meet HIPAA policies and procedures. Health care practices must be vigilant that when they integrate other medical practices and facilities into their organization that they extend these measures to incorporate new employees, new sites and locations, and various technologies.

As demonstrated throughout this blog, the risks of non-compliance simply outweigh the costs of sound preparation. If you’d like more information, contact a health law attorney experienced in these matters.

Comments?

Are you worried about the next round of HIPAA audits? Are you concerned about HIPAA violations? How are you ensuring compliance within your practice? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Van Terheyden, Nick and Faix, Rob. “Digital Health Records: Pain and Gain.” Orlando Sentinel. (December 12, 2014). From: The Orlando Sentinel News Section on page A20.

“Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case.” iHealthBeat. (November 25, 2014). From: http://www.ihealthbeat.org/articles/2014/11/25/beth-israel-agrees-to-pay-100k-to-settle-2012-data-breach-case?view=print

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.


“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

ZPICs Seek “Voluntary” Agreements from Physicians for Auto-Denial Edits for Home Health Services

MLS Blog Label 2By Michael L. Smith, R.R.T., J.D., Board Certified by The Florida Bar in Health Law, and George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

According to the Centers for Medicare and Medicaid Services (CMS), the primary purpose of Zone Program Integrity Contractors (ZPICs) is to investigate instances of suspected fraud, waste, and abuse.  The specific actions employed by ZPICs to fulfil this mission include:

–  Investigating potential fraud and abuse for CMS administrative action or referral to law enforcement;
–  Conducting investigations in accordance with the priorities established by Center for Program Integrity’s (CPI) Fraud Prevention System;
–  Performing medical review, as appropriate;
–  Performing data analysis in coordination with CPI’s Fraud Prevention System;
–  Identifying the need for administrative actions such as payment suspensions and prepayment or auto-denial edits; and,
–  Referring cases to law enforcement for consideration and initiation of civil or criminal prosecution.

However, it appears that some of the ZPICs have been overly proactive in identifying the need for payments suspensions and are asking providers to voluntarily agree to payment suspensions for certain claims.

Click here to read more on ZPICs from CMS.

Physicians Being Targeted by ZPICs for Auto-Denial Edits.

Recently, physicians have been approached by ZPICs and asked to voluntarily agree to a payment edit on their National Provider Identifier (NPI) that would automatically deny any claim for payment for home health services that listed the physician as the ordering, attending, or referring physician.  A ZPIC requesting a specific physician to voluntarily cease ordering any home health services appears to go further than identifying the need for administrative action including a payment suspension.

The activities a ZPIC may use to fulfil its obligations to CMS are:

–  Request medical records and documentation;
–  Conduct interviews;
–  Conduct onsite visits;
–  Identify the need for a prepayment or auto-denial edits and refer these edits to the Medicare Administrative Contractors (MAC) for installation;
–  Withhold payments; and,
–  Refer cases to law enforcement.

The following functions are reserved for the MACs and not functions of the ZPICs.

–  Provider outreach and education;
–  Recouping monies lost to the Trust Fund (the ZPICs identify these         situations and refer them to the MACs for the recoupment);
–  Medical review not
–  Complaint screening; for benefit integrity purposes;
–  Claims appeals of ZPIC decisions;
–  Claim payment determination;
–  Claims pricing; and
–  Auditing provider cost reports.

While a ZPIC may refer a provider to the MAC for the imposition of an auto-denial edit, some ZPICs seem to have taken this process a step further and are attempting to have physicians voluntarily agree to the auto-denial edits.

Issues with Agreeing to an Auto-Denial Edit.

A physician who voluntarily agrees to an auto-denial edit could create significant problems for his or her patients and practice.  A physician agreeing to an auto-denial edit would need to cease ordering home health services and would need to refer the patients that need home health services to another physician.  Any physician that has been approached by a ZPIC seeking a voluntary auto-denial edit should consult competent legal counsel before agreeing to the auto-denial edit.

We have heard if ZPIC representatives allegedly intimidating or attempting to intimidate physicians who routinely order home health services for patients into agreeing to such auto-denial edits.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

Have you heard of these auto-denial edit requests from ZPICs? Please leave any thoughtful comments below.

About the Authors: Michael L. Smith, R.R.T., J.D., is Board Certified by The Florida Bar in Health Law. He is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Governor Requests the Agency for Health Care Administration to Inspect Florida’s VA Hospitals

8 Indest-2008-5By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In response to recent deaths at Veterans Affairs (VA) hospitals throughout Florida and the rest of the nation, on April 1, 2014, Governor Rick Scott wrote a letter to the Florida Agency for Health Care Administration (AHCA) requesting the agency begin inspecting VA hospitals in the Sunshine Health Network. This network under investigation includes Florida, south Georgia, Puerto Rico and the U.S. Virgin Islands. So far the VA has denied AHCA any permission to inspect its hospitals, and it is unclear whether the federal government will allow such inspections moving forward.

To see a copy of the Governor’s letter to the AHCA, click here.

Governor Scott Wants Answers in Patient Death Cases.

According to The Tampa Bay Tribune, Governor Scott wants answers in regard to the deaths of five patients in the VA region serving Florida. It was reported in March 2014, that five cancer patients died and nine others sustained injuries because of delays in diagnosis or treatment. The Tampa Bay Tribune report states that the delays were less than a year but more than 90 days. So far, VA officials have not said at which hospitals the deaths occurred, which concerns Governor Scott. Through AHCA’s investigation he hopes to determine where the deaths took place, how the U.S. Department of Veterans Affairs is going to ensure the quality of care for veterans improves, and how the federal government can increase transparency on the quality of care in VA hospitals.

Click here to read the entire article from The Tampa Bay Tribune.

AHCA Agents Booted from One Florida VA Hospital.

Two days after Governor Scott’s letter was sent to AHCA, two agency inspectors were allegedly denied access to records at the VA Medical Center in Riviera Beach, Florida, according to the Palm Beach Post. The inspectors were told an official response would be provided from the VA’s national office in Washington, D.C. One VA spokeswoman stated that the VA will cooperate with AHCA, but could not do so on the specific day of AHCA’s inspection.

To read the entire article from the Palm Beach Post, click here.

It is not yet known how the VA will work with AHCA in regards to inspections. Check our blog regularly for updates.

Florida’s Lack of Legal Authority and Federal Supremacy.

Governor Scott apparently has forgotten that the state lacks authority over federal facilities and federal agencies. The federal government and its laws and regulations are superior to and take precedence over any state laws, regulations or authorities. This is a key principle of our constitutional government in the United States of America.

I am sensitive to such issues having personally lived through times when state governors “stood up to” the federal government while trying to keep public schools from being desegregated during the Civil Rights Era. The “states rightists” lost that battle like Governor Scott is likely to lose this battle.

As a lawyer friend of mine used to say in reference to similar conflicts between state and federal authorities, “I seem to recall that we fought a war about this issue some time in the past and the South lost.”

I doubt that Governor Scott is ignorant of the law. I also doubt that the VA or any other federal agency is likely to give up its autonomy to kowtow state officials. I believe it is most likely that Governor Scott is merely grand standing to make a show that may appeal to state right advocates and veterans as part of his campaign for reelection. But, of course, this is just my personal opinion.

Contact a Health Law Attorney Experienced in the Representation of Veterans Administration (VA) Physician Representation and Military Physician Representation.

The attorneys of The Health Law Firm have represented physicians, psychologists, nurse practitioners, nurse and other health professionals working in Veterans Administration medical centers and clinics throughout the United States. Representation has included personnel and employment issues, disciplinary action, investigations, peer review investigations, clinical privileges actions, fair hearings, National Practitioner Data Bank (NPDB) actions and appeals.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

What do you think of Governor Scott’s request for answers? Why do you think the AHCA agents were denied access? Please leave any thoughtful comments below.

Sources:

Scott, Rick. Letter from Governor Rick Scott to Ms. Elizabeth Dudek at the Florida Agency for Health Care Administration. (April 1, 2014). From: http://www.flgov.com/wp-content/uploads/2014/04/SKMBT_C35314040107040.pdf

Altman, Howard. “Gov. Scott Asks Answer in VA Hospital Deaths.” The Tampa Bay Tribune. (April 1, 2014). From: http://tbo.com/list/military-news/gov-scott-wants-inspection-of-federal-hospitals-20140401/

Bennett, George. “Turf War Escalates as 2 Florida Health Care Inspectors ‘Escorted Out’ of VA Hospital, Official Says.” Palm Beach Post. (April 3, 2014). From: http://www.postonpolitics.com/2014/04/turf-war-escalates-as-2-florida-health-care-inspectors-escorted-out-of-va-hospital-official-says/

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Go to Top