Health Law Blog - Healthcare Legal Issues

Archive for January, 2017

Ambulatory Surgery Center National Legal Practice ASC Compliance Issues

Monday, January 30th, 2017

Ambulatory Surgery Center Compliance Legal Practice

Ruder Ware has developed an active practice counseling ambulatory surgery center providers and has served as special counsel in several cases involving ambulatory surgery center exclusions.  The firm’s health care and compliance attorneys are knowledgeable on the numerous legal and regulatory requirements that are applicable to ASCs.  The regulations applicable to these entities are complex and nuanced.  The consequences of failing to comply or with taking improper steps to exclude providers can be very costly.

Some of the issues that our health care practice has recently addressed include the following:

  • Counseling ASC’s on the application of the Stark law, Anti-Kickback Statute, and ASC safe harbor issues.
  • Advising and representing providers on issues relating to conditions of participation and governmental surveys.
  • Representing organizations in preparing and submitting self-disclosure to the government.
  • Development of ASC investment entities.
  • Establishment of ASC compliance programs
  • Decisions regarding exclusion of “under-performing” providers.
  • Structuring exclusion provisions to minimize risk of violating regulations or enhancing the risk of litigation.
  • Sale and purchase of surgery centers.
  • ASC licensure and governmental approval.
  • Compliance with patient confidentiality and privacy laws.
  • Risk assessment, audits, compliance work plans, staff compliance training.
  • Contractual relationships with outside parties.

Ambulatory Surgery Center Lawyers – Ambulatory Surgery Center Lawyers

Ambulatory Surgery Center Attorney

John H. Fisher has practiced health care law for over 25 years.  One of John’s significant areas of expertise involves the regulatory and business aspects of ambulatory surgery centers.  Over the years, John has represented numerous clients on legal and compliance issues related to ambulatory surgery centers.  John consults as a subject matter expert and provider legal backup to other attorneys and law firms from around the country on issues relating to ambulatory surgery centers.  Some of John’s more recent ASC related projects include:

  •  Representation of an ASC in connection with the exclusion of non-complying owners.
  • Representation of excluded providers in litigation and settlement.
  • Creating operating documents that comply with ambulatory surgery center safe harbors and other applicable regulatory requirements.
  • Creation of policies and procedures required to gain certification as an ASC.
  • Consultation with local litigation attorneys regarding regulatory issues relevant to ASC litigation.
  • Consultation with ASCs on establishment of compliance programs and identification of related risk areas.
  • Assisting ASC providers in addressing detected deviations in operating and compliance requirements.

Anti-Discrimination Plans/Part D Sponsors

Monday, January 30th, 2017

Anti-Discrimination Rules in Medicare Advantage Plans

42 CFR 422.110, 422.2268(c), 423.2268(c)

Plans/Part D Sponsors may not discriminate based on race, ethnicity, national origin, religion, gender, sex, age, mental or physical disability, health status, claims experience, medical history, genetic information, evidence of insurability or geographic location. Plans/Part D Sponsors may not target beneficiaries from higher income areas or state/ imply that plans are only available to seniors rather than to all Medicare beneficiaries. Only Special Needs Plans (SNPs) and MMPs may limit enrollments to individuals meeting eligibility requirements based on health and/or other status. Basic services and information must be made available to individuals with disabilities, upon request.

Requirements Pertaining to Non-English Speaking Populations Medicare Health Plans

Sunday, January 29th, 2017

Requirements Pertaining to Non-English Speaking Populations

42 CFR 422.111(h)(1), 422.112(a)(8), 423.128(d)(1)(iii), 422.2264(e), 423.2264(e)

All Plans’/Part D Sponsors’ call centers must have interpreter services available to call center personnel to answer questions from non-English speaking or limited English proficient (LEP) beneficiaries. Call centers are those centers that receive calls from current and prospective enrollees. This requirement is in place regardless of the percentage of non-English speaking or LEP beneficiaries in a plan benefit package (PBP) service area. Plans/Part D Sponsors must make the marketing materials identified in sections 30.6, 30.7, 30.9, and the Part D Transition Letter(s) available in any language that is the primary language of at least five (5) percent of a Plan’s/Part D Sponsor’s PBP service area. Final populated translations of all marketing materials must be submitted in HPMS (see section 90.2 for material submission process).

Historically, regardless of the five (5) percent service area threshold, CMS required that all Plans/Part D Sponsors communicated the availability of language assistance services in the fifteen most common non-English languages spoken in the US via the Multi-Language Insert (MLI). The MLI was required to accompany the Summary of Benefits (SB), Annual Notice of Change (ANOC)/Evidence of Coverage (EOC), and the enrollment form. Because Section 1557 of the Patient Protection and Affordable Care Act contains a similar yet more robust requirement, CMS will now defer to the requirements under Section 1557 when it comes to communicating the availability of language assistance services. Plans/Part D Sponsors should consult with the Office for Civil Rights (OCR), the Federal Agency responsible for Section 1557, for questions pertaining to Section 1557 Compliance. In addition, OCR has a Section 1557 resource website that can be accessed at: https://www.hhs.gov/civil-rights/for-individuals/section-1557/index.html

 

Co-Branding Requirements Under Medicare Advantage Marketing Standards

Sunday, January 29th, 2017

Plans/Part D Sponsors co-branding relationships

Plans are prohibited from displaying the names and/or logos of co-branded providers on the Plan’s member identification card, unless the provider names and/or logos are related to a member’s selection of a specific provider/provider organization, (e.g., physicians, hospitals).

Part D Sponsors are prohibited from displaying the names and/or logos of co-branded providers/pharmacies on the Part D Sponsor’s member identification card. Plans/Part D Sponsors that choose to co-brand with providers/pharmacies must include on marketing materials (other than ID cards) the language in section 50.9.

Neither the Plan/Part D Sponsor nor its co-branding providers/pharmacies, whether through marketing materials or other communications, may imply that the co-branding partner is endorsed by CMS, or that its products or services are Medicare-approved.
Co-branded marketing materials must be submitted to CMS by the Plan/Part D Sponsor.
Note: Consistent with the National Council for Prescription Drug Program’s (NCPDP’s) “Pharmacy and/or Combination ID Card” standard, the Pharmacy Benefit Manager (PBM) name may be included on a enrollee ID card.

Medicare Advantage Marketing Standards 2018 Draft Requirements

Sunday, January 29th, 2017

Marketing Material Subject to CMS Guidelines for MA Marketing Materials

Medicare broadly defines the types of marketing materials that must comply with with CMS requirements. (42 CFR Section 417.428, Section 422.2260, and Section 423.2260) Examples of the types of marketing materials that must meet the CMS requirements include, by way of example, materials such as:

  • General audience materials, such as general circulation brochures, direct mail, newspapers, magazines, television, radio, billboards, yellow pages, or the Internet;
  • Marketing representative materials, such as scripts or outlines for telemarketing or other presentations;
  • Presentation materials, such as slides and charts;
  • Promotional materials, such as brochures or leaflets, including materials circulated by physicians, other providers, or third-party entities;
  • Membership communication materials, including: membership rules, subscriber agreements, enrollee handbooks, and wallet card instructions to enrollees (e.g., Annual Notice of change (ANOC), Evidence of Coverage (EOC));
  • Communications to enrollees about contractual changes, such as changes in providers, premiums, benefits, plan procedures;
  • Communications related to membership activities (e.g., materials on rules involving non-payment of premiums, confirmation of enrollment or disenrollment, or non-claim specific notification information); and
  • The activities of a Plan’s/Part D Sponsor’s employees, independent agents or brokers, Third Party Marketing Organizations (TMO) (downstream contractors), or other similar organizations that contribute to the steering of a potential enrollee toward a specific plan or limited number of plans, or may receive compensation directly or indirectly from a Plan/Part D Sponsor for marketing activities, among others.
  • The following types of materials are not subject to CMS marketing review,  should not be submitted in HPMS, and do not require a material ID number. However, Plans/Part D Sponsors are still responsible for maintaining such materials and must make them available, through HPMS or other means, upon request.
  • HIPAA Privacy notices (which are subject to enforcement by the Office for Civil Rights);
  • OMB-approved forms/documents, except when otherwise specified by CMS;
  • Press releases that do not include any plan-specific information (examples of plan-specific information include information about benefits, premiums, co-pays, deductible, how to enroll, networks);
  • Enrollee newsletters that do not include any plan-specific information (examples of plan-specific information include information about benefits, premiums, co-pays, deductible, benefits, how to enroll, networks);
  • Blank letterhead/fax coversheets/blank pages that do not include promotional language;
  • General health promotion materials that do not include any specific plan related information (examples of general health promotion materials include health education and disease management materials). In general, health promotion materials should meet CMS’ definition of “educational” (Refer to section 70.8, Educational Events);
  • Non-Medicare beneficiary-specific materials that do not involve an explanation or discussion of Part D, MA, or Section 1876 cost plans (examples of materials within this category include notice of check return for insufficient funds, letter stating Medicare ID number provided was incorrect, billing statements/invoices, sales, and
    premium payment coupon book);
  • Documents to recruit or train sales/marketing representatives;
  • Medication Therapy Management (MTM) program materials (see definition in Appendix 1);
  •  Ad hoc Enrollee Communications Materials (see definition in Appendix 1);
  • Educational materials, such as those used at educational events for the education of beneficiaries and other interested parties (also see section 70.8), that do not contain plan specific information;
  • Coordination of Benefits notifications (as provided in Chapter 14 of the Medicare Prescription Drug Benefit Manual);
  • Health Risk Assessments;
  • Mail order pharmacy election forms;
  • Enrollee surveys and focus groups;
  • Value-Added Items and Services (refer to Chapter 4 of the Medicare Managed Care Manual) See definition in Appendix 1;
  •  Documents encouraging enrollees to use preventive services;
  • Mid-year Change Enrollee Notifications (see section 60.7);
  • Informational Scripts;
  • Marketing materials created by State government; and
  • Password protected websites that only current enrollees can access;
  • Marketing materials included on the website are still subject to review (e.g., Plan/Part D Sponsor advertisements).

Draft 2018 Medicare Marketing Guidelines Medicare Advantage Plans

Sunday, January 29th, 2017

New draft Medicare marketing requirements have been released The Medicare Marketing Guidelines (MMG) implement the Centers for Medicare Advantage Plans, Medicare Prescription Drug Plan, Employer/Union-Sponsored Group Health Plans, and Section 1876 cost plans. These requirements also apply to Medicare-Medicaid
Plans (MMPs), except as modified or clarified in state-specific marketing guidance for each state’s demonstration. I will post various provisions in the propose marketing requirements as I work through them with my review, so keep tune if you are looking for a summary of requirements.  In the meantime, if you want to review the source document yourself, you can download it from this page.

2018 Draft MMG for Industry Comment

Compliance Comittment from the Top – Medical Practice Compliance

Friday, January 27th, 2017

Establishing Commitment From the Top of the Organization

An important and often overlooked aspect of developing a compliance program is the need to obtain commitment from the top of the organization.  Many times in a physician practice this will mean the physician owners of the practice.  It is important that the physician have a clear understanding of the need and benefit of establishing a focused compliance program.

There will inevitably be initial expenditures involved with establishing a compliance system.  In some cases it may even necessitate retaining additional staff.  There will almost certainly be fees to outside attorneys and consultants if the organization is not large enough to hire the needed expertise internally.  It is important that sufficient resources be allocated to compliance and that the physicians and administration understand that in the long term, these expenditures will pay off by reducing the risk of institutional compliance problems.  The difficulty is that if the compliance program works to reduce risks, there will never be a serious event that proves the benefit of the expenditures.  However, if an event occurs in the future and there is no compliance program in place, the regrets will be very deep because compliance issues are much more difficult to solve if there is no compliance plan in place.

As a practical matter, the institutional “buy-in” is often the most difficult hurdle to overcome.  It is somewhat easier now that compliance plans are becoming mandatory.  Yet there is still risks associated with under-funding compliance activities or providing enough resources to do the “bare minimum” when it comes to compliance due to a reluctant attitude on the part of physician leaders who are now being forced to develop compliance programs that they have not fully embraced.

Certain groups may be in a position that they have not been dependent upon institutions who have implemented compliance programs.  Some practices completely reject policies and procedures of any kind that could bind the physicians in their practices.  These organizations present the greatest challenges and unfortunately the greatest potential risk of violations of federal and state laws occurring due to the low level of leadership embracing appropriate compliance activities.  Even as these groups are forced to adopt compliance programs, they present the greatest residual risk because of a low level of physician commitment.

We suggest that physician practices begin the process of implementing formal compliance programs immediately to provide more time to gain physician commitment and appropriately assess the risks associated with the specific practice.  It takes a great deal of time to develop a system for establishing compliance programs, perform a “gap analysis” or other baseline analysis, perform employee interviews and take other steps to identify specific risk areas.  Developing a compliance program is much more than simply adopting a form compliance program.  Even though the precise effective date that compliance programs will become mandatory for physician practices has not yet been set, providers should consider this time a gift to permit them to develop appropriate policies rather than a reprieve.

Self Disclosure Settlements Help Identify Compliance Risk Areas

Friday, January 27th, 2017

Self Disclosure Settlements Indicate Areas of Compliance Risk

Compliance officers can identify areas of potential compliance risk in a number of ways.  One way is to examine self disclosure settlements under the Stark Law and OIG self disclosure process.  This helps indicate issues that other providers are disclosing to the government and can help identify potential risk areas within your organizations.

Here are a handful of self disclosure settlements that have been published:

A Massachusetts hospital settled several Stark law violations involving failure to satisfy the requirements of the personal services arrangements exception with department chiefs and medical staff for leadership services, and for arrangements with physician groups for on-site overnight coverage for patients at the Hospital. Settlement Amount – $579,000.00

An Ohio physician group practice settled two Stark law violations involving prescribing and supplying a certain type of DME that did not satisfy the requirements of the inoffice ancillary services exception. Settlement Amount – $60.00

A Mississippi critical access hospital settled several violations of the Stark law relating to its failure to satisfy the requirements of the personal services arrangements exception for arrangements with hospital and emergency room physicians. Settlement Amount – $130,000

A California hospital settled two Stark law violations that exceeded the annual nonmonetary compensation limit for physicians. Settlement Amount – $6,700

A hospital in Georgia settled violations involving two physicians and the annual nonmonetary compensation limit. Settlement Amount – $4,500

A physician group practice in Iowa settled Stark law violations after disclosing that its compensation for certain employed physicians failed to satisfy the requirements of the bona fide employment relationship exception. Settlement Amount – $74,000

An Arizona acute care hospital settled a Stark law violation after disclosing a single physician arrangement that did not meet the personal service arrangements exception. Settlement Amount – $22,000

A hospital located in North Carolina settled six Stark law violations for $6,800 after disclosing that it exceeded the calendar year nonmonetary compensation limit for two physicians during three consecutive years. Settlement Amount – $6,800

An Alabama hospital resolved a Stark violation involving a rental charge formula that did not satisfy the requirements of the rental of equipment exception. Settlement Amount – $42,000

A hospital in Maine settled potential Stark law violations relating to arrangements with a physician and physician group practice that failed to satisfy the requirements of the personal services exception. Settlement Amount – $59,000

A Massachusetts hospital settled violations concerning arrangements with two physician practices for call coverage that did not satisfy the personal service arrangements exceptions. Settlement Amount – $208,000

A hospital located in Florida resolved arrangements with three physicians that did not satisfy the personal service arrangements exception. Settlement Amount – $22,000

A Missouri hospital settled Stark law violations involving two physicians for the provision of dental services that did not meet the requirements of the personal service exception. Settlement Amount – $125,000

A North Carolina-based general acute care hospital and its hospice agreed to settle several Stark law violations involving arrangements and payments that failed to meet the physician recruitment, fair market value, and personal services arrangement exceptions. Settlement Amount – $584,700

A hospital in California settled a Stark law violation, which arose from its failure to meet the physician recruitment exception. Settlement Amount – $28,000

An acute care hospital in California settled a violation of the Stark law after disclosing that it failed to meet the personal service arrangements exception for an on-call arrangement with a physician. Settlement Amount – $1,600

A South Carolina general acute care hospital settled several violations of the Stark law involving arrangements with physicians and physician group practices that failed to satisfy the requirements of the FMV compensation exception, the personal services arrangements exception, and the rental office space exception. Settlement Amount – $256,000

A Massachusetts acute care hospital settled several Stark law violations involving arrangements with physicians that failed to satisfy the definition of “entity”, the rental office space exception, and the personal services arrangement exception. Settlement Amount – $199,400

A Louisiana acute care hospital used the SRDP to resolve violations related to professional service arrangements with physicians, a professional staffing organization, and a physician group practice. Settlement Amount – $317,620

A Minnesota hospital agreed to settle a Stark violation that stemmed from a recruitment arrangement that failed to satisfy the requirements of the physician recruitment exception. Settlement Amount – $760.00

A Texas rehabilitation hospital resolved several Stark violations through the SRDP involving arrangements for ownership interests held by certain physicians that failed to satisfy the whole hospital exception. Settlement Amount – $23,730

A general acute care hospital in New York agreed to settle a violation of the Stark law that involved an arrangement that failed to satisfy the requirements of the rental office space exception. Settlement Amount – $78,500

A Florida acute care hospital settled several Stark violations relating to arrangements with multiple physicians for emergency cardiology call-coverage that did not satisfy the requirements of any applicable exception. Settlement Amount – $109,000

A general acute care hospital in Florida settled several Stark violations involving arrangement with a group practice to provide residency program services, a physician to provide electronic health records subject matter expert services, a physician to provide Medical Director services, and a physician to provide leadership services for a hospital committee, none of which satisfied applicable exceptions. Settlement Amount – $76,000

An Alabama acute care hospital resolved a violation of the Stark law involving an arrangement with a physician group practice for the rental of office space that did not satisfy the exception. Settlement Amount – $187,340

A Wisconsin critical access hospital used the SRDP to resolve a violation of the Stark law relating to an arrangement with one physician for the provision of emergency room call coverage services at adjacent walk-in clinics that failed to satisfy any applicable exception. Settlement Amount – $12,724

A Tennessee acute care hospital settled a Stark violation involving an arrangement with one physician for the supervision of cardiac stress tests that failed to satisfy the requirements of any applicable exception. Settlement Amount – $72,270

An acute care hospital in Pennsylvania resolved several Stark violations related to arrangements for Medical Director services with certain physicians and a physician practice that did not satisfy the personal services exception. Settlement Amount $24,740

A general acute care hospital in Ohio used the SRDP to settle violations of the Stark law that involved arrangements with certain physicians for EKG interpretation, medical director services, Vice-Chief of Staff services, and hospital services that did not satisfy the requirements of any applicable exception. Additional violations stemmed from arrangements with certain physicians and a physician group practice for the donation of EHR items and services that failed to satisfy the applicable exception. Settlement Amount $235,565

A Texas acute care hospital settled a Stark violation involving an arrangement for case management physician advisor services with a physician that did not satisfy the requirements of any applicable exception. Settlement Amount – $54,108

A physician group practice in Louisiana resolved a Stark violation relating to arrangements with two physicians that failed to satisfy the requirements of the in-office ancillary services exception. Settlement Amount – $13,572

A non-profit community hospital in Minnesota settled a violation of the Stark law that involved an arrangement with a physician group practice for the rental of office space and provision of support services that failed to satisfy the requirements of any applicable exception. Settlement Amount – $9,570

A California acute-psychiatric hospital resolved two Stark violations relating to arrangements with two physicians for the provision of psychiatric services that did not satisfy the requirements of any applicable exception. Settlement Amount – $67,750

A North Carolina acute care hospital used the SRDP to settle several violations of the Stark law relating to arrangements with a physician to provide Medical Director Services, a physician group practice to provide medical coding and consulting services, and a physician and a physician group practice for the lease of office space, that failed to satisfy the requirements of any applicable exception. Settlement Amount – $87,110.00 19.

A general acute care hospital in Texas resolved a Stark violation involving an arrangement with a physician to provide utilization review services that did not satisfy any applicable exception. Settlement Amount – $82,055 20.

A California acute care hospital resolved several violations of the Stark law involving arrangements with three physicians for the provision of on-call services to the Hospital’s emergency department that did not satisfy the requirements of any applicable exception. Settlement Amount – $42,630 21.

An acute care hospital in Oklahoma used the SRDP to settle several Stark violations relating to arrangements with four physicians for the provision of electrocardiogram interpretation services that failed to satisfy the requirements of the personal services exception. Settlement Amount – $124,008

Malware Infection Causes Breach – Lack of Firewall – Hybrid Entity

Friday, January 27th, 2017

Malware Infection and Lack of Firewall Protection Causes Breach

In yet another significant settlement by OCR, the University of Massachusetts Amherst (UMass) agreed to a monetary penalty of $650,000 resulting from a workstation that was contaminated with a malware program and resulted in impermissible disclosure of electronic health information.  This disclosure involved information about 1,670 individuals and included names, addresses, social security numbers, dates of birth, health insurance information, diagnoses and procedure codes.  The provider had determined that the malware was a generic remote access Trojan that was able to infiltrate their system because a proper firewall was not in place.

Central to OCR’s analysis was that the provider had failed to identify the components located in its hearing center as being part of covered components.  This resulted in the provider failing to apply and ensure compliance with HIPAA privacy and security rules at that location.  HIPAA permits legal entities that have some functions that are covered by HIPAA and some that are not to elect to become a “hybrid entity.”  To successfully “hybridize,” the entity must designate in writing the health care components that perform functions covered by HIPAA and assure HIPAA compliance for its covered health care components.  It was the failure to proper follow the hybrid entity rules that left the components at the applicable site vulnerable to outside malware attack.

UMass failed to implement technical security measures at the Center to guard against unauthorized access to ePHI transmitted over an electronic communications network by ensuring that firewalls were in place at the applicable location.  This settlement stresses the need to assure that all protected information is properly secured and that firewalls are used when needed.  It is also instructional regarding the proper application of the rules relating to hybrid status.

HIPAA Breach Notification Settlement – First Case of Untimely Notice of Breach

Wednesday, January 25th, 2017

Failing to Provide Breach Notification on Time

An OCR settlement with Presence Health is heralded as the first OCR settlement that resulted from a failure to report a breach of unsecured un-secured protected health information (PHI) within the time-frames required under applicable HIPAA regulations.  Failing to meet applicable time-frames cost Presence $475,000 to settle with OCR.

The case arose when paper-based operating schedules, which contain PHI of 836 individuals, were found to be missing from the surgery center at one of the provider’s medical centers.  The operating schedules were discovered to have been missing on October 22, 2013 but breach notification was not provided to OCR until January 31, 2014.  The notification was not provided in time to meet the requirement that a covered entity notify OCR of a breach without unreasonable delay and within 60 days of discovery.  The breach disclosure rules that are applicable to breaches affecting 500 or more individuals were applicable.  These rules required notification to prominent media outlets, the affected individuals, and OCR.

In its press release covering this settlement, the OCR stressed that “Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements…Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach.”

It is unclear exactly why the provider failed to meet the regulatory requirements in this case.  The settlement is a good example of why it is necessary for covered entities to have clear policies describing the process to be followed when faced with a potential breach situation.  This is also an area of OCR audit under the Stage II OCR audit program.  Providers should be certain that their breach disclosure policies and procedures are in place.  There have been changes to the breach disclosure regulations over the years, so policies should be reviewed to be certain that they are in compliance with current law and have been properly updated.

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

Search
Disclaimer
The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.