Copying and Pasting Clinical Notes in Electronic Health Records Could Be Considered Healthcare Fraud

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) is concerned about healthcare providers carelessly copying and pasting clinical notes in electronic health records (EHRs). According to an audit report released on December 10, 2013, copying and pasting in EHRs can lead to fraudulently duplicated clinical notes, which can be considered healthcare fraud. This practice is allegedly widespread across medicine, according to a Modern Healthcare article. Federal officials say there is a need to crackdown on this behavior.

Click here to read the entire audit report from the HHS OIG.

This is the first of two reports on fraud and vulnerabilities in EHR systems. The second report from the OIG will be on weaknesses in how the Centers for Medicare and Medicaid Services’ (CMS) payment contractors monitor for fraud in EHRs. This report is scheduled to be published soon.

Report Looks at Hospital Policies Regarding Copy-and-Paste Features.

The audit report studied 864 hospitals that had received subsidies for EHR systems as of March 2012. Out of those hospitals, only twenty-four percent (24%) had any policy regarding the improper use of copying-and-pasting in EHRs. The report concluded that too few hospitals actually have policies defining the proper use of copy and paste in EHRs.

According to Modern Healthcare, adoption of EHR systems has coincided with a rapid rise in higher-cost Medicare claims. This has led to officials looking into whether EHRs are enabling illegal upcoding. Officials say that EHR features such as copy and paste make it too easy to bill for work that wasn’t actually performed and help increase reimbursements, according to Modern Healthcare. Click here to read the entire article from Modern Healthcare.

In the report the HHS OIG recommends that the CMS strengthen its efforts to develop a comprehensive plan to address fraud vulnerabilities in EHRs. It was also suggested that CMS develop guidance on the use of the copy-paste feature in EHR technology.

Tips to Help Avoid Copy-and-Paste Errors.

Tools commonly available in EHRs that allow physicians to copy and paste patient information should be used with extreme care, according to an article on American Medical News. The article offers health care providers some guidelines to help avoid errors related to copying and pasting.

– Avoid copying and pasting of text from another person’s notes.

– Avoid repetitive copying and pasting of laboratory results and radiology reports.

– Note important results with proper context, and document any resulting actions. Avoid wholesale inclusion of information readily available elsewhere in the EHR because that creates clutter and may adversely affect note readability.

– Review and update as appropriate any shared information found elsewhere in the electronic record (e.g., problems, allergies, medications) that is included in a note.

– Include previous history critical to longitudinal care in the outpatient setting, as long as it is always reviewed and updated. Copying and pasting other elements of the history, physical examination or formulations is risky, as errors in editing may jeopardize the credibility of the entire note.

Click here to read the entire article from American Medical News.

What This Means for Healthcare Providers Using EHRs.

The practice of copying and pasting previous information without checking can be considered careless and potentially dangerous to patients. It can be problematic when there are multiple teams taking care of one patient and using the chart to communicate. The right way is to make sure everything in the note you sign accurately reflects what happened on your shift.

In the report the HHS OIG stated that copy-and-paste features in EHRs will be under additional scrutiny. By knowing where the enforcement focus will be, providers can attempt to avoid copy-and-paste practices that are likely to lead to audits. Additionally, providers can beef up compliance efforts and policies.

Contact Health Law Attorneys Experienced in Handling Medicare and Medicaid Audits, Investigations and other Legal Proceedings.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

Don’t wait until it’s too late. If you are concerned of any possible violations and would like a consultation, contact a qualified health attorney familiar with medical billing and audits today. To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

In your practice do you use an EHR system? Have you had any issues with copying and pasting clinical notes? Does your practice have a copy-and-paste policy? Please leave any thoughtful comments below.|

Sources:

Carlson, Joe. “Fed Eye Crackdown on Cut-and-Paste EHR Fraud.” Modern Healthcare. (December 10, 2013). From: http://www.modernhealthcare.com/article/20131210/NEWS/312109965/cut-and-paste-function-can-invite-ehr-fraud-officials-say

O’Reilly, Kevin. “EHRs: ‘Sloppy and Paste’ Endures Despite Patient Safety Risk.” American Medical News. (February 4, 2013). From: http://www.amednews.com/article/20130204/profession/130209993/2/

Levinson, Daniel R. “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology.” Department of Health and Humans Services Office of Inspector General. (December 2013). From: http://www.modernhealthcare.com/assets/pdf/CH92135129.PDF

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Centers for Medicare and Medicaid Services Puts Recovery Audit Contractor Program on Hold

4 Indest-2009-3By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On February 18, 2014, the Centers for Medicare and Medicaid Services (CMS) announced it is in the procurement process for the next round of Recovery Audit Program contracts. This means the program is, for the time being, on hold while CMS awards new contracts. According to CMS, it will select new vendors to continue the Recovery Audit Contractor (RAC) program, which is responsible for detecting improper Medicare payments. It is expected that this pause will also be used to refine and improve the RAC program. In the announcement it was not disclosed how long the program would be on hold.

Click here to read the announcement from CMS.

This news comes months after CMS revealed an enormous backlog of RAC appeals. The backup is so bad, providers are not able to submit new cases until the existing backlog clears, which could take two years or more.

Current Contracts Extended to Conclude Appeals.

According to Modern Healthcare, CMS extended its contracts with the four current vendors until December 31, 2015, for administrative and transition activities. These contracts were to end on February 7, 2014. The purpose of the extension is to allow the RACs to handle and wind down appeals. To read the entire article from Modern Healthcare, click here.

For providers this means a lull in additional documentation requests (ADRs), however it is important to remember RAC audits are not going away.

Dates to Remember.

Providers should note the important dates below:

– February 21, 2014, was the last day a Recovery Auditor could send a postpayment ADR;
– February 28, 2014, is the last day a Medicare Administrative Contractor (MAC) may send prepayment ADRs for the Recovery Auditor Prepayment Review Demonstration; and
– June 1, 2014, is the last day a Recovery Auditor may send improper payment files to the MACs for adjustment.

Backlog of RAC Appeals Worse Than Ever.

The RAC appeals process has become so overloaded that in December 2013, the U.S. Department of Health and Human Services’ (HHS) Office of Medicare Hearings and Appeals (OMHA) notified hospitals, doctors, nursing homes and other health care providers that the agency would be suspending acting on new requests for hearings. Health care providers were told they would not be able to submit any new appeals until the existing backlog clears, which could take two or more years. To read more on the backlog of RAC appeals, click here for my previous blog.

RAC Audits Will Be Back.

In the first three months of the fiscal year 2013, RACs recouped more than $2.2 billion from providers due to what the RACs deemed were overpayments. With money coming in, RAC audits are not going away. It has become common for state and federal regulators to enforce even the smallest violations, resulting in investigations, monetary fines and penalties. If found in violation, you will not only have to pay fines and face disciplinary action, you will also lose revenue because you will have to spend time dealing with the investigation, instead of practicing medicine. Whether you are trying to prevent Medicare and Medicaid audits, Zone Program Integrity Contractor (ZPIC) audits, or any other kind of healthcare audits, there are steps you can implement in your practice today that may save you down the line. Click here to read more on self audits.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

What do you think about the RAC program being put on hold? What do you think CMS should do to improve the program? Please leave any thoughtful comments below.

Sources:

Kutscher, Beth. “CMS Recovery Audits on Hold as Contractors Wrestle Big Backlog.” Modern Healthcare. (February 20, 2014). From: http://www.modernhealthcare.com/article/20140220/NEWS/302209968/cms-recovery-audits-on-hold-as-contractors-deal-with-big-backlog

Centers for Medicare and Medicaid Services. “Recent Updates.” Centers for Medicare and Medicaid Services. (February 18, 2014). From: http://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/Recent_Updates.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

OIG Audit Finds Federal Database of Terminated Medicaid Providers Needs Improvement

LLA Headshot smBy Lenis L. Archer, J.D., M.P.H., The Health Law Firm

The Affordable Care Act (ACA) requires the Centers for Medicare and Medicaid Services (CMS) to establish a process for sharing information about terminated Medicaid providers. The federal database, called Medicaid and Children’s Health Insurance Program State Information Sharing System (MCSIS), is designed to prevent terminated health care providers from billing another state’s program. However, an audit by the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG), released in March 2014, states the MCSIS is not working as intended.

The MCSIS is supposed to collect data from every state Medicaid program on providers that were terminated from Medicaid for cause. However, the report found that the HHS OIG is not receiving data from 17 states or the District of Columbia. It was also found that a majority of the data does not meet the ACA criteria.

To read the entire report from the HHS OIG, click here.

Specific Issues Within Database.

According to the OIG, only 27% of the 6,439 MCSIS records involve terminated Medicaid providers. The database is filled with providers who had not been terminated, but rather had died, retired, left the state or stopped working with Medicaid of their own accord. It is also reported that about one-third of the records are not related to for-cause provider terminations. A majority of the data comes from California, Pennsylvania, Illinois and New York. According to Reuters, more than half of the records submitted did not include a National Provider Identification number, which is critical to any state trying to identify a terminated provider.

Click here to read the entire article from Reuters.

Recommendations to Improve Database.

CMS is now exploring options to implement mandatory state reporting. The agency has begun requiring that states submit termination letters for each provider entered in the MCSIS, and that CMS employees review each letter to ensure the provider belongs in the system.

What This Means for Medicaid Providers.

As CMS works to improve this database, those providers who have fallen through the cracks due to the reporting lag will now face repercussions for exclusion. Exclusion from Medicaid could mean exclusion from Medicare and other federal providers. It is important that health care providers know their status regarding exclusion, and contact an experience attorneys to assist them in having their names removed from exclusion lists.

To read more on the devastating consequences of exclusion, click here for a previous blog.

Contact Attorneys Experienced in Defending Against Action to Exclude an Individual or Business from the Medicare or Medicaid Programs.

The attorneys of The Health Law Firm have experience in dealing with the Office of the Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS), and defending against action to exclude an individual or business entity from the Medicare or Medicaid  Programs, in administrative hearings on this type of action, in submitting applications requesting reinstatement to the Medicare Program after exclusion, and removal from the List of Excluded Individuals and Entities (LEIE).

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

As a health care provider, do you know your status regarding exclusion? Are you aware of the consequences of being excluded? Please leave any thoughtful comments below.

Sources:

Pell, M.B. “U.S Database for Tracking Medicaid Fraud Fall Short, Auditor Says.” Reuters. (March 27, 2014). From: http://www.reuters.com/article/2014/03/27/us-usa-medicaid-database-idUSBREA2Q08D20140327

Levinson, Daniel. “CMS’s Process for Sharing Information About Terminated Providers Needs Improvement.” Department of Health and Human Service Office of Inspector General. (March 2014). From: http://oig.hhs.gov/oei/reports/oei-06-12-00031.pdf

About the Author: Lenis L. Archer is as attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

CMS in the Hot Seat for Lax Oversight of Medicaid Managed Care Organizations

LLA Headshot smBy Lenis L. Archer, J.D., M.P.H., The Health Law Firm

For years, each state has kept an eye on its own Medicaid managed care plans, while the Centers for Medicare and Medicaid Services (CMS) is required to monitor how well each individual state is doing. However, a recent Government Accountability Office (GAO) report claims CMS is sleeping on the job. The report, released on June 20, 2014, stresses the need for more federal oversight of these plans.

With the implementation of the Affordable Care Act (ACA), the Medicaid program is expected to expand significantly. Most of the new beneficiaries enrolled in managed care are covered almost entirely by federal funds. The need for federal oversight in this area is of growing importance to ensure accountability of taxpayers’ dollars.

To read the entire report from the GAO, click here.

Report Findings: MCOs Need to be Watched by the Feds.

The persistent theme of the GAO report is that CMS and the Department of Health and Human Services (HHS) have done little to control the integrity of managed care organizations (MCOs). Federal programs have delegated managed care supervision to each individual state, but fail to provide needed guidelines and resources. CMS has not updated its MCO program guidance since 2000.

The report found neither state nor federal programs are well positioned to identify improper payments made to MCOs. Further, these programs are unable to ensure that MCOs are taking appropriate actions to identify, prevent or discourage improper payments.

For example, the report looked at state program integrity (PI) units and Medicaid Fraud Control Units (MFCU) from seven states. These anti-fraud groups admitted to primarily focusing their efforts on Medicaid fee-for-service claims. Meanwhile, claims made to MCOs have flown under their radar.

GAO Recommendations.

The GAO recommends that CMS:

– Require states to conduct audits of payments to and by MCOs;

– Update its managed care guidance program integrity practices and effective handling of MCO recoveries; and

– Provide states with additional support in overseeing MCO program integrity.

The GAO also suggests that CMS increase its oversight, especially as states expand their Medicaid programs. The GAO report recommends CMS take a bigger role in holding states accountable to ensure adequate program integrity efforts in the Medicaid managed care program. If CMS does not step up to the plate, the report predicts a growing number of federal Medicaid dollars will become vulnerable to improper payments.

The Future of MCOs.

If this report is taken seriously, be assured that audits of MCOs will become more frequent and extensive. If CMS ramps up their efforts, claims could be reviewed in detail by Medicaid integrity contractors. Now is the time to verify you are in compliance and receiving proper payments; before CMS turns the magnifying glass on you or your facility .

Comments?

What do you think of the GAO’s assessment of MCOs? Do you think CMS needs to step up and provide more oversight? Please leave any thoughtful comments below.

Contact Health Law Attorneys Experienced in Handling Medicaid Audits, Investigations and other Legal Proceedings.

Medicaid fraud is a serious crime and is vigorously investigated by the state MFCU, the Agency for Health Care Administration (AHCA), the Zone Program Integrity Contractors (ZPICs), the FBI, and the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS). Other state and federal agencies, including the U.S. Postal Service (USPS), and other law enforcement agencies often participate. Don’t wait until it’s too late. If you are concerned about possible violations and would like a confidential consultation, contact a qualified health attorney familiar with medical billing and audits today. Often Medicaid fraud criminal charges arise out of routine Medicaid audits, probe audits, or patient complaints.

The Health Law Firm’s attorneys routinely represent physicians, dentists, orthodontists, medical groups, clinics, pharmacies, assisted living facilities (AFLs), home health care agencies, nursing homes, group homes and other healthcare providers in Medicaid and Medicare investigations, audits and recovery actions. To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Sources:

Mullaney, Tim. “Federal Government Needs to Boost Medicaid Managed Care Oversight, GAO Says.” McKnight’s Long-Term Care & Assisted Living. (June 20, 2014). From: http://www.mcknights.com/federal-government-needs-to-boost-medicaid-managed-care-oversight-gao-says/article/356779/

Adamopoulos, Helen. “GAI Calls on CMS to Increase Medicaid Managed Care Oversight.” Becker’s Hospital Review. (June 20, 2014). From: http://www.beckershospitalreview.com/finance/gao-calls-on-cms-to-increase-medicaid-managed-care-oversight.html

Bergal, Jenni. “Advocates Urge More Government Oversight of Medicaid Managed Care.” Kaiser Health News. (July 5, 2013). From: http://www.kaiserhealthnews.org/stories/2013/july/05/medicaid-managed-care-states-quality.aspx?referrer=search

About the Author: Lenis L. Archer is as attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

 

The RACs, They’re Back! The Return of Medicare Recovery Audits

Patricia's Photos 013By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

All good things must come to an end. This includes the two-month hiatus from Recovery Audit Contractors (RACs) that healthcare professionals enjoyed. The Centers for Medicare and Medicaid Services (CMS) is restarting audits of Medicare fee-for-service claims on a limited basis. The program has been suspended since June 1, 2014, due to expired contracts.

CMS announced the return of RACs on August 4, 2014.

Click here to read the latest announcements on Medicare recovery audits from CMS.

From what we have heard, there were serious problems with some of the audits that had been conducted by the RACs and CMS desired to start over with a clean slate. Just saying!

What Does Limited Basis Mean?

According to CMS, current RACs will conduct a limited number of automated reviews and a small number of complex reviews on certain claims including, but not limited to:

– Spinal fusions;
– Outpatient therapy services;
– Durable medical equipment;
– Prosthetics;
– Orthotics; and
– Supplies and cosmetic procedures.

RACs will not conduct any inpatient hospital patient status reviews for now. In the past, short inpatient stays accounted for 91 percent of the money the program recovered for Medicare.

Controversial Program.

According to an article on HealthData Management, in February 2014, members of congress argued that parts of the RAC program are unfair and violate the way that the Medicare program was intended to operate by raising out-of-pocket costs for beneficiaries. To address this concern, CMS established a provider relations coordinator to increase program transparency. This was announced in June 2014, so it is too soon to determine if this position will help providers affected by the medical review process. Click here to read more from HealthData Management.

Healthcare providers have complained that they are fed up with Medicare recovery audits tying up crucial funds and physician time in endless appeals. Currently, appeals can take up to five years. There is also a two-year moratorium in place preventing new appeals from being filed. You may remember my previous blog on the enormous backlog of Medicare recovery audit appeals. Click here to read that post.

What Exactly is a RAC?

RACs are often referred to as “bounty hunters.” They are private companies contracted by CMS, used to identify Medicare overpayments and underpayments, and return Medicare overpayments to the Medicare Trust Fund. Since the program began in 2009, it has brought in more than $8 billion in allegedly fraudulent, wasteful and abusive payments to healthcare providers.

How to Prepare for a Medicare Recovery Audit.

There is no such thing as a routine Medicare audit. The fact is that there is some item you have claimed as a Medicare provider or the amount of claims Medicare has paid in a certain category that has caused you or your practice to be audited.

I previously wrote a blog highlighting some of the actions we recommend you take in responding to a Medicare audit. The most important step you should take is to consult an experienced health law attorney early in the audit process to assist in preparing the response. Click here to read more on how to respond to a Medicare audit.

We Told You RACs Would Be Back.

RACs apparently caught $3.7 billion in allegedly wasteful payments that Medicare made to healthcare providers in 2013, and was allegedly on pace to bring back $5 billion this year. That’s why the government was eager to get RACs back to work.

It is extremely common for state and federal regulators to enforce even the smallest violations, resulting in investigations, monetary fines and penalties. If found in violation, you will not only have to pay fines and face disciplinary action, you will also lose revenue because you will have to spend time dealing with the investigation, instead of practicing medicine. Whether you are trying to prevent Medicare and Medicaid audits, Zone Program Integrity Contractor (ZPIC) audits, or any other kind of healthcare audits, there are steps you can implement in your practice today that may save you down the line. Click here to read more on self audits.

Comments?

What do you think about the return of Medicare recovery audits? What are you thoughts on Recovery Audit Contractors? Please leave any thoughtful comments below.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Demko, Paul. “Controversial Medicare Recovery Audits Make Limited Return.” Modern Healthcare. (August 5, 2014). From: http://www.modernhealthcare.com/article/20140805/NEWS/308059962/controversial-medicare-recovery-audits-make-limited-return

Goedert, Joseph. “CMS Restarts Parts of the RAC Program.” HealthData Management. (August 5,2014). From: http://www.healthdatamanagement.com/news/CMS-Restarts-Parts-of-the-RAC-Program-48553-1.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Cyber Attack at Community Health Systems Affects 4.5 Million Patients-Could This be a New Trend?

Patricia's Photos 013By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar  in Health Law

On August 18, 2014, Community Health Systems, a Tennessee-based hospital chain that has 206 hospitals in 29 states, announced that its computer system was hacked. According to a number of news reports, an outside group of hackers, originating in China, used highly sophisticated malware and technology to steal 4.5 million patients’ non-medical data. The hackers were able to obtain patients’ names, Social Security numbers, addresses, birth dates, and telephone numbers.

According to the Orlando Sentinel, in Florida, St. Cloud Surgical Associates, St. Cloud Medical Group, and Urology Associates of St. Cloud were among the practices where medical data was stolen. The article did not mention how many patients in Florida were affected. Click here to read the story from the Orlando Sentinel.

How Community Health Systems will Handle Being Hacked.

According to The New York Times, Community Health Systems believes the attacks happened from April to June 2014. The company will be notifying affected patients and agencies under the Health Insurance Portability and Accountability Act (HIPAA).

The hospital system is now working with a security company to investigate the incident and help prevent future attacks. Federal law enforcement agents are also investigating the incident. Click here to read the entire article from The New York Times.

Because this breach affected more than 500 individuals, it will soon be posted on the Office for Civil Rights (OCR) Department of Health and Human Services’ (HHS) Wall of Shame. The law requires that any breach involving 500 or more individuals be publicly posted. To learn more on the Wall of Shame, click here for my previous blog.

Protect Your Practice As Best You Can From Cyber Attacks.

Cyber hacking in the medical community appears to be a crime of opportunity. Quickly there are becoming two types of companies: those that have been hacked and those that will be hacked.

While there is no way to guarantee protection from extrusion and external sources, there are steps that can be taken. For medical practices, many of these are required as part of a HIPAA risk assessment. Some areas to focus on include:

–    Background checks;
–    Comprehensive policies and procedures;
–    Vigilance when it comes to monitoring and data-leakage prevention tools; and
–    Employee education.

Medical practices are going to become bigger targets as the health care industry transitions to electronic health records. In addition, the hacking community is figuring out it is easier to hack a hospital or private practice, than it is a bank and you get the same information. To learn more on HIPAA risk assessments, click here.

Comments?

How do you protect your medical practice from hackers? Do you have regular risk assessments? Why or why not? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Perlroth, Nicole. “Hack of Community Health Systems Affects 4.5 Million Patients.” The New York Times. (August 18, 2014). From: http://nyti.ms/1pFpujC

Kutscher, Beth. “Chinese Hackers Hit Community Health Systems; Other Vulnerable.” Modern Healthcare. (August 18, 2014). From: http://bit.ly/1BxsLqH

Jacobson, Susan. “St. Cloud Medical Patients’ Information Among Millions Stolen in Cyber Attack.” (August 18, 2014). From: http://www.orlandosentinel.com/business/os-hospital-data-breach-st-cloud-20140818,0,3157319.story

Rose, Rachel. “Protecting Your Medical Practices From Cyber Threats.” Physicians Practice. (July 17, 2014). From: http://www.physicianspractice.com/blog/protecting-your-medical-practice-cyberthreats

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Department of Health and Human Services Announces Mental Health Parity Final Rule

By Lance O. Leider, J.D., The Health Law Firm

On November 8, 2013, the U.S. Department of Health and Human Services (HHS) Secretary Kathleen Sebelius announced the promulgation of the agency’s final rule related to parity of coverage of mental health and substance use treatment. According to Sebelius: “For way too long, the healthcare system has openly discriminated against Americans with behavioral health problems.”

The purpose of the regulations is to close the gaps in coverage that permit insurance carriers to treat mental and substance-abuse related treatment different from traditional medical and surgical benefits.

Among the key provisions of the regulations are the elimination of separate mental health deductibles, co-insurance, etc.; elimination of limits on lifetime benefits; as well as several other measures insuring that mental health benefits are treated on par with traditional medical and surgical benefits.

Compliance with the final rule will be required by group health plans and health insurance issuers offering group health insurance coverage on the first day of the first plan year beginning on or after July 1, 2014.

Click here to read the press release from the HHS.

Effects on Healthcare Providers.

From a business perspective, this final rule may change the type of coverage that is required to be offered by a practice to its employees. Likewise, employed practitioners may see changes in the way the coverage offered by their employers works.

Also, these rules may allow primary care providers to significantly limit their exposure to civil and administrative complaints resulting from the provision of basic mental health services. Often times patients who are unable to afford mental health coverage rely on their primary care physician for assistance. This sometimes leads to primary care doctors prescribing and managing medication for which they are inadequately trained or otherwise uncomfortable with.

By ensuring parity in coverage, primary care physicians should be able to make referrals to mental health providers with confidence that their patients will not face any artificial barriers to coverage.

Additionally, mental health providers will likely see an increase in patient volume and utilization. These increases will likely come from additional referrals from physicians as well as increased self-referrals from patients seeking to take advantage of their coverage.

Finally, with increased utilization comes increased revenue, and with increased revenue comes increased scrutiny. Private insurers have undertaken an auditing protocol that is remarkably similar to that of federal payors like Medicare, Medicaid, TRICARE, etc.

Considering the abuses that have been publicized in the mental health sector and the increased scrutiny coming from federal and state governments, we expect mental health providers will receive the same or similar audit treatment from private payors.

Be Prepared for Possible Change in Mental Healthcare Field.

Should the Affordable Care Act (ACA) ultimately serve to dramatically increase the number of Americans with insurance coverage, mental health providers may find themselves at the forefront of a rapidly expanding part of the healthcare field.

Be prepared for these changes by reviewing your processes and documentation. Consult with an experienced healthcare attorney or other similarly qualified expert to make sure your practice is ready.

The Health Law Firm Supports the Mental Health Parity Rule.

The Health Law Firm fully supports the Mental Health Parity Rule. The provision of mental health services for our citizens is long overdue.

Many fail to recognize the costs paid by our society to deal with those who have mental health issues outside of the healthcare system. Jails and prisons are often the final repository for those who should receive hospital treatment. Many individuals who are homeless, who are veterans, or who have serious mental health issues could lead constructive, productive lives if they receive proper mental health treatment.

Psychologists, psychiatrists, mental health counselors and social workers should be happy for the adoption of the regulation. In addition, law enforcement officials, judges and relatives of those with mental illness must also be thankful.

Contact Health Law Attorneys Experienced in the Representation of Mental Health Counselors, Psychologists, Social Workers, and Marital and Family Therapists.

The attorneys of The Health Law Firm provide legal representation to mental health counselors, psychologists, psychiatrists, social workers and family therapists in Department of Health (DOH) investigations, business transactions, contracts, structuring business ventures, clinical privileges actions, professional licensure matters, Board hearings, business litigation, Medicare and Medicaid audits, and other types of investigations of health professionals and providers.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

Were you familiar with the final mental health and substance use disorder parity rule? How do you think it will affect the mental healthcare field? Please leave any thoughtful comments below.

Source:

U.S. Department of Health and Human Services Press Office. “Administration Issues Final Mental Health and Substance Use Disorder Parity Rule.” U.S. Department of Health and Humans Services. (November 8, 2013). From: http://www.hhs.gov/news/press/2013pres/11/20131108b.html

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

 

 “The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Go to Top