Parkview Health System will pay $800,000 and adopt a corrective action plan as a result of deficiencies in its HIPAA compliance program

Violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are just plain bad for business and as the old saying goes an ounce of prevention is worth a pound of cure.   When was the last you had an external review to identify risks?  The compliance team at Parkview Health System is probably asking themselves today whether a once of prevention could have saved $800,000 dollars and an immeasurable loss of confidence in the community.

Parkview Health System, Inc. agreed to settle potential Privacy Rule with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). Parkview will pay $800,000 and adopt a corrective action plan to address deficiencies in its HIPAA compliance program. OCR opened an investigation after receiving a complaint from a retiring physician alleging that Parkview had violated the HIPAA Privacy Rule. In September 2008, Parkview took custody of medical records pertaining to approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice. On June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue.

Notably, this settlement highlights the significance of conducting routine risk and vulnerability assessments, having adequate written policies in place, and conducting workforce training on HIPAA privacy and security policies. It is imperative that all covered entities and business associates proactively review the mandatory requirements under HIPAA and carefully evaluate and monitor to compliance. To ensure you are compliant, you and business associates should update security policies and procedures and provide ongoing HIPAA compliance training. SiddelLaw can assist you in implementing protections as well as conduct an in-depth risk assessment. If you have any questions or require assistance developing and implementing a compliance plan for your entity or conducting a risk assessment, please contact an experienced healthcare attorney at 831-718-9340.

Even Responding to Fraud Allegations can be Risky

Last week a regional California medical center entered a $275,000 settlement for disclosing patient information to the media, spotlighting HIPAA’s tight reign over covered health providers even when they try to defend their reputations against fraud allegations. On June 13, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced a new settlement with Shasta Regional Medical Center (“SRMC”) related to the medical center’s use and disclosure of protected health information while attempting to rebut media reports of alleged Medicare fraud. The settlement includes a one-year corrective action plan covering 16 facilities and serves as a sharp reminder that under HIPAA, a covered entity often cannot use or disclose protected health information to respond to allegations without patient authorization, even if the information is publicly known or disclosed by a patient. The settlement stems from a 2011 media report alleging Medicare fraud. In response, SRMC allegedly disclosed protected health information to substantiate that it provided and billed for appropriate medical services. Senior leadership also allegedly sent an e-mail to its entire workforce and medical staff of 785 to 900 persons detailing the patient’s medical information in response to the media attention. According to the resolution agreement, SRMC also allegedly failed to sanction any employees for HIPAA violations related to the incident. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/shasta-agreement.pdf Contact Siddel Law for advice on how to respond to Health Care Fraud Allegations

Hospitals Sue to Compel HHS to Meet Deadlines for Reviewing Appeals

Following a hearing earlier in the week where the mounting Medicare appeals backlog took center stage, the American Hospital Association (AHA) and several hospitals filed a lawsuit May 22 seeking to compel the Department of Health and Human Services (HHS) Secretary to meet statutory deadlines for reviewing Medicare claim denials. At the end of last year, the Office of Medicare Hearings and Appeals (OMHA) decided to suspend assignment of most new requests for Administrative Law Judge (ALJ) hearings for at least two years as a result of the Medicare appeals backlog, which AHA said stood at 480,000 as of February 12, with 15,000 new appeals filed each week. According to the lawsuit, which was filed in the U.S. District Court for the District of Columbia, "[l]engthy, systematic delays in the Medicare appeals process, which far exceed statutory timeframes, are causing severe harm to providers of Medicare services, like the Plaintiff hospitals." At the third level of appeal, an ALJ has a statutory deadline of 90 days from the time a provider files its appeal with OMHA to hold a hearing and render a decision. But the complaint said "it is taking far longer than ninety days even to docket new requests for an ALJ hearing, let alone decide them." Coupled with delays in other steps of the appeals process, hospitals may be waiting up to five years or even longer to have their claims proceed through the four-level administrative appeals process, which is supposed to conclude by statute within a year, the lawsuit alleges. "Because the appeals process, as currently operating, cannot provide adequate redress, Plaintiffs have no option but to bring this mandamus lawsuit to require the Secretary's compliance with the deadlines established by law," the complaint says. The hospitals that joined the lawsuit are Baxter Regional Hospital, Inc., in Mountain Home, AK; Covenant Health, in Knoxville, TN; and Rutland Hospital, Inc., in Rutland, VT. Lawmakers Question Medicare Appeals Backlog The House Oversight and Government Reform Subcommittee on Energy Policy, Health Care and Entitlements held a hearing May 20 where government witnesses faced tough questioning about the Medicare appeals backlog and its impact on providers. At the hearing, Representative Mark Meadows (R-NC) noted the backlog, which he said already is at a tipping point, is projected to reach 1 million. “[A]t what point does it become a crisis?” he asked. Meadows said even with increased funding, at the current maximum adjudication rate of 79,000 a year, it would still take about ten years to work through the backlog of appeals. “That’s a taking in my book. Would you wait 10 years for your salary?” he said. Improve Contractor Oversight Lawmakers have said the recovery audit contractor (RAC) program is contributing significantly to the backlog, which some say will only get worse if the controversial two-midnight policy is implemented. See related item in this issue. “Today, our subcommittee sought answers from CMS on the significant burden of the Medicare MAC [Medicare Administrative Contractor] and RAC audit processes on our nation’s healthcare providers,” said Subcommittee Chairman James Lankford (R-OK). “Our focus today was to figure out why the audit process is failing both providers and beneficiaries. We cannot allow this broken process to continue without significant reform.” “Small, community healthcare providers continue to buckle under the weight of Medicare’s withheld payments, paperwork and compliance procedures,” Lankford said, urging CMS to improve its oversight of contract auditors to ensure they are focusing on fraud, not “overburdening honest providers." An official from the HHS Office of Inspector General (OIG) testified that CMS needs to do a better job of ensuring its contractors are performing effectively. “OIG reviews of [Medicare] contractors over the past decade have consistently identified problems, including failure to use data to assess contractor performance and inadequate response when contractors do not meet performance standards,” said OIG Acting Deputy Inspector General for Evaluation and Inspections Brian P. Ritchie. Kathleen King of the Government Accountability Office told the panel different requirements for Medicare’s various contractors “may reduce the efficiency and effectiveness of such reviews.” RAC Improvements Centers for Medicare & Medicaid Services (CMS) Center for Program Integrity Deputy Administrator and Director Shantanu Agrawal, MD said RACs have returned over $7.4 billion to the Medicare Trust Fund from their implementation in fiscal year (FY) 2010 through the first quarter of FY 2014. Agrawal said CMS currently is in the process of procuring the next round of contracts for the RAC program. In February, CMS announced a “pause” in the Medicare RAC program during the procurement process. CMS said the “pause in operations” would give the agency an opportunity “to continue to refine” and improve the Recovery Audit Program. To that end, the agency also announced several changes to the program based on industry feedback. Agrawal said the agency believes the changes, which include requiring RACs to wait until the second level of appeal is exhausted before receiving their contingency fee and establishing revised additional document request limits that will be diversified across different claim types, “will result in a more effective and efficient program, including improved accuracy, less provider burden, and more program transparency.”

Google Glass in Healthcare

OR Executive Summit attendees get peek at Google Glass As part of the OR Executive Summit, Keith Siddel, MBA, JD, CHC, led the session, “The Future of Google Glass: Half Empty or Half Full?,” which discussed the effects of new wearable technology in the perioperative setting and why Google Glass may be a game changer for health care delivery models. Siddel, the first person in the world to go skydiving wearing Google Glass, is part of a Google Glass test group known as “explorers.” He shared his own personal experience of applying for the test group, getting fitted for the technology, and wearing his Google Glass for the first time. “Wearing Google Glass I can see everything that’s on my smartphone on a 19-inch screen next to your head when I talk to you,” said Siddel. “You might think that would be a little distracting. You’re right, it is.” Siddel stressed that wearing his Google Glass very quickly became as normal as putting a smartphone on his belt. “It’s no more distracting when there isn’t any information to see,” he said. Siddel walked attendees through how to use Google Glass (eg, tilt your head to turn it on) and shared examples of how to use it (eg, getting directions to a location). “Anything you can do on Google search, you can do with Google Glass,” said Siddel. “The possibilities are endless.” Siddel described how Google Glass has the potential to change health care delivery models, for example, those related to documentation, patient engagement, and patient data. For example, Siddel, shared that there are apps in development that can be used on Google Glass to video record discharge instructions given to patients. Siddel concluded the presentation by asking audience members if their facility has a policy for wearable technology and recommended developing such policies now.

Recovery Audit Program Procurement Update and Transition

Today, the Centers for Medicare & Medicaid Services (CMS) is posting an update to its website regarding changes to the Medicare Fee-For-Service Recovery Audit Program. CMS is currently in the procurement process for the next round of Recovery Audit Program contracts. We plan to award five regional recovery auditor contracts through open competition, which is already underway and should be completed in the coming months. To help facilitate the transition, there will be a transition phase that includes a cease of active work by current recovery auditors to allow current audits to be completed before adding new audits to the process. Once new contracts are awarded we anticipate audits will resume and the new Recovery Auditors will be able to review most claims that were paid during the pause. This pause in operations will allow CMS to continue to refine and improve the Medicare Recovery Audit Program. For example, CMS is reviewing the Additional Documentation Request (ADR) limits, and the timeframes for review and communications between Recovery Auditors and providers. In an effort to address provider concerns, CMS is announcing several changes to the Recovery Audit program effective with the new contract awards. These changes can be found at: http://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/?redirect=/recovery-audit-program/ CMS is committed to constantly improving the program and listening to feedback from providers and other stakeholders. Providers should note the important dates below: * February 21, 2014 is the last day a Recovery Auditor may send a post payment Additional Documentation Request (ADR) * February 28, 2014 is the last day a MAC may send prepayment ADRs for the Recovery Auditor Prepayment Review Demonstration * June 1, 2014 is the last day a Recovery Auditor may send improper payment files to the MACs for adjustment CMS will continue to update this website with more information on the procurement and awards as information is available. Providers should contact RAC@cms.hhs.gov with additional questions. Moratorium on Recovery Audit Reviews of Inpatient Status For 1-Year Period CMS also recently issued an update to its Inpatient Hospital Prepayment Review "Probe & Educate" review process (or "2 Midnight" policy) on January 31, 2014. As part of this update, CMS announced that Recovery Auditors and other Medicare review contractors will not conduct post-payment patient status reviews of inpatient hospital claims with dates of admission on or after October 1, 2013 through October 1, 2014. Medicare Administrative Contractors (MACs) will continue to conduct prepayment probe and educate reviews through September 30, 2014. More information regarding this announcement is available at: http://cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medical-Review/InpatientHospitalReviews.html

First Steps Taken to Challenge the Two-Midnight Rule

 

Some in the provider community has been grumbling about CMS' decision behind the rulemaking for the two-midnight rule.  What is interesting is that this action was taken in response to providers asking for relief from the arbitrary actions of the RAC.   Be careful what you ask for, the devil you know may be better than the one you don’t.

 

January 22, 2014

The AHA, several hospital associations (Greater New York, New York State, New Jersey and Pennsylvania) and four hospital systems today took the first steps to bring a federal court challenge to the Centers for Medicare & Medicaid Services’ two-midnight inpatient admissions criteria and related policies. Taking that initial action, hospitals that are part of Banner Health (AZ), Einstein Healthcare Network (PA) and Wake Forest University Baptist Medical Center (NC) and The Mount Sinai Hospital (NY) filed appeals asking the Provider Reimbursement Review Board to grant expedited judicial review for the hospitals’ claims that the rule’s 0.2% payment cut for Fiscal Year 2014 inpatient prospective payment system hospitals is unlawful. “The Providers seek judicial review of pure questions of law regarding the substantive and procedural validity of the 0.2% reduction,” the hospitals’ appeals state. “Because the [PRRB] lacks the power to grant the Providers’ requested relief, it should grant expedited judicial review.” The hospitals contend that the reduced inpatient payment they receive under the final rule is arbitrary and capricious because CMS relied on indefensible assumptions and offered no reasoned explanation for them. They also argue that the payment cut fails to comply with Administrative Procedure Act’s requirements for proper notice and comment and was not codified in regulation as the law requires.

YELP Online Reviews: Virginia Appeals Court Forces...

1/10/14

YELP Online Reviews: Virginia Appeals Court Forces YELP to Identify 7 Anonymous Reviewers Who Wrote Bad Reviews

Those who wrote anonymous negative reviews placed upon the YELP online review site are no longer protected from being identified, rules a Virginia appellate court in Hadeed Carpet Cleaning, Inc., v. John Doe #1, et al. (Read the complete opinion below.)

Precedent-Setting Case: Anonymous Reviewers Must Be Identified by Yelp.com

The Virginia Court of Appeals has set precedent in a case where the owner of a carpet cleaning company, Joe Hadeed, sued Yelp and seven John Does (anonymous reviewers) because Mr. Hadeed believes that seven (7) anonymous reviews placed on Yelp.com about his company, Hadeed Carpet Cleaning, Inc., have hurt his business.

Hadeed wants Yelp to reveal the identities of the seven anonymous reviewers, in order to enable him to prove that they were not customers of his business and therefore had placed reviews on the online review site that were false, defamatory, and illegal.

Yelp, represented by Public Citizen, argued that the anonymity of the seven reviewers is protected by the First Amendment and that their names should remain secret. Yelp argued that before identities are revealed, the court must determine if the plaintiff’s claim of defamation is viable. This argument failed at trial and the appellate court has now confirmed that these anonymous bad reviews aren’t going to receive constitutional protection.

The Virginia appeals court found that the trial court judge did not abuse his discretion by holding Yelp in civil contempt for failing to comply with a subpoena duces tecum served upon it by Hadeed. Yelp must provide the identities behind the seven bad reviews to Hadeed.

The anonymous reviews, which claimed that Hadeed Carpet Cleaning was guilty of false advertising in its offers of low prices for carpet cleaning, were consumer reviews that would violate Yelp’s Terms of Service if they were written by people who were not actual customers of Hadeed Carpet Cleaning.

What the Hadeed Carpet Cleaning Case Against YELP Means To You 

This Virginia case may change how online reviews for goods and services are treated not only in Virginia but in other states around the country. By requiring Yelp to reveal the names of the seven anonymous reviewers, bad reviews left online are not as safe from the writers having their identities revealed as in times past. (Note: we don’t know if there are really seven different people here. This could boil down to one person who has posted online using seven different IP addresses from different devices.)

1. Anonymous Reviewers Aren’t As Safe From Revelation 

Anonymous reviews left on YELP or other review sites may not be protected if their anonymity is legally challenged. This means anyone writing a negative review online should be aware that if they don’t want to leave their name as a reviewer, it doesn’t mean that they won’t be identified in the future.

Anonymous isn’t as anonymous anymore. Critics argue that this ruling may discourage people from leaving valid criticism of bad service with online review sites. Others argue that trial judges are going to be making the privacy decisions here, and legitimate, honest negative reviews aren’t the target here. It’s fake bad reviews left behind the mask of the name “Anonymous” that judges will allow to be disclosed.

2. Businesses Victimized By Bad Reviews Have Increased Ability to Fight Back 

Bad reviews that are real are one thing. Bad reviews that are fake, and placed on a review site with the intent to hurt and harm a business, are another.  This case may help companies, including law firms, protect themselves in the future from the real harm that can come from fraudulent online negative reviews. 

Reba Kennedy.Lawyer.Writer.: YELP Online Reviews: Virginia Appeals Court Forces...: