Blog Archives

HIPAA Penalties on the Rise and New HIPAA Penalties Reduced

HIPAA mandates the privacy of private health care records. HIPAA is a serious issue, both financially and in the risk-management aspect, for health care providers. Providers need to delegate annual funds to the defense of regulatory audits proactively – before the actual adverse action occurs. Because it’s not an “if;” it’s a “when,” when you accept Medicare/caid. In the Medicare/caid world, HIPAA violations can catastrophically render a company dead for an infraction. In the current days of technical, daily advances and allegations of cybersecurity breaches, health care providers must be cognizant of cyber criminals, their intent, their modus operandi, and what personal/company information is valuable to such criminals. The HIPAA statutes are vague and lack detailed explanations as to penalties.

In 2018, the Office for Civil Rights (OCR) issued a record-breaking $28 million in fines for HIPAA violations. The number of health care providers currently under investigation by HHS, in 2019, will be another record-breaking number.

As more and more data is maintained on computer systems, the more and more accessible the information becomes to potential scammers. In 2017, the number of cyber attacks increased exponentially to 5,207. There is actually an itemization as to how many of the attacks were germane to health care; health care breaches accounted for 8.5% of all breaches. 2.3 billion health care records have been exposed. This isn’t new. In 2015, the most healthcare records ever were breached. 113 million healthcare records were exposed that year. Now, in 2019, we may witness an all-time-high.

2019-05-01 -- IMG 2009-2018-healthcare-data-breaches-1

Human error is the number 1 reason for HIPAA violations. Employees gossiping and disclosing private health care information among each other is another culprit, along with social media and lack of training.

The largest individual HIPAA settlement was reached in October 2018, when OCR fined health insurer Anthem $16 million.

The oxymoron is that the government (Medicare/caid) and private payors are pushing for collaborative health care and the sharing of health care records amongst varying providers. Yet the possible HIPAA breaches increase with collaboration.

In April 2019, HHS randomly selected 9 HIPAA-covered entities—a mix of health plans and clearinghouses—for Compliance Reviews. The CMS Division of National Standards, on behalf of HHS, has launched a volunteer Provider Pilot Program to test the compliance review process.

The Trump administration has interpreted HIPAA penalties differently than the Obama administration did. Now HHS will apply a different cumulative annual CMP limit for the four penalties tiers in the Health Information Technology for Economic and Clinical Health (HITECH) Act.

There are four tiers of HIPAA violation severity outlined in the HITECH Act, based on the violator’s level of culpability:

Screen Shot 2019-05-02 at 11.41.11 AM

Under the Obama administration, the annual limit for each tier was $1.5 million.

HIPAA penalties are appealable and with the disparate amount of penalties, it is well worth the time and expense to appeal.

 

Recent Case Law May Change the Relationship Between Hospitals and Physicians Forever!

No, this is not a Shakespearean blog post. The Hamlet in this case is not the Prince of Denmark; it is a hospital system who hired a doctor, Dr. Hernandez as an independent contractor and whose private practice flopped. When the hospital at which he had privileges refused to hire him as an employee, Hernandez sued Hamlet under the False Claims Act (FCA) and Unfair Trade Practices- AND WON!!

Relationships between hospitals and physicians may forever be changed.

In an October 2018 decision, Hamlet H.M.A., LLC V. Hernandez, the NC Court of Appeals ruled that a hospital can be liable to a physician for Unfair and Deceptive Trade Practices (UDTP) – causing a new level of care to be needed in negotiations between hospitals and physicians.

Dr. Hernandez accepted a position with Sandhills Regional Medical Center. The original offer was for Dr. Hernandez to set up his own independent practice and to be an independent contractor for the hospital. The offer guaranteed a minimum collection amount for the first 18 months of the 36-month contract. The base salary was $325,000, with a bonus based on worked RVUs. Dr. Hernandez countered and asked to be considered as an employee instead of as an independent contractor. Sandhills sent an email offering a base salary of $275,000 as an employee. As any reasonable, logical person would do, Dr. Hernandez responded with an email stating that it would be irrational to accept a base salary so much lower in order to obtain employee status. The hospital offered an “employee status option” at the end of 18 months.

Dr. Hernandez then sent Sandhills an email asking to extend the time period of guaranteed income to 24 months, rather than 18 months. Plaintiff replied that it could not extend the period of guaranteed income, but raised the monthly salary from $47,616.82 to $49,500.00 and also added a signing bonus of $30,000.00. After further negotiations, the parties entered into a Physician Recruitment Agreement on March 9, 2011.

Dr. Hernandez’s private practice flopped, and at the end of the first 18-month period, he requested to exercise the employment option in his contract and to become an employee of Sandhills. But Sandhills did not give Dr. Hernandez an employment contract.

On August 29, 2014, Sandhills filed a complaint against Dr. Hernandez alleging breach of contract and demanding repayment of the entire amount paid to Dr. Hernandez, a total of 21 payments amounting to $902,259.66. Dr. Hernandez filed an answer with counterclaims for breach of contract, fraud, unfair or deceptive trade practices, and unjust enrichment. A jury trial was held in Superior Court in Richmond County at the end of August and the beginning of September 2016. The jury returned a verdict for Sandhills for $334,341.14 (a random number).

Dr. Hernandez countered sued the hospital for Unfair and Deceptive Trade Practices (UDTP) alleging that the hospital fraudulently induced him to enter into the contract with the hospital as an independent contractor. His allegations that the hospital violated UDTP because the hospital offered a lower salary to be considered an employee was shocking and unprecedented. Most likely, Sandhills never even contemplated that it could be held liable under UDTP because of a disparity in salary offered to Dr. Hernandez depending on his employment status. Most likely, the man or woman who sent the email to Dr. Hernandez with the disparate salaries never asked its general counsel whether the action could penalize the hospital. Who would have thought to?

One exception to UDTP is the “learned profession” exception. Basically, the courts have held that if the two parties to an agreement are learned professionals and the topic of the contract has to do with the parties’ speciality; i.e, medicine, in this case, then the parties cannot allege UDTP because both parties were knowledgeable. The issue of first impression presented by Hamlet is whether the “learned profession” exception set forth in N.C. Gen. Stat. § 75-1.1(b) applies to a dispute between a physician and a hospital relating to alleged false claims made by the hospital to induce the physician to enter into an employment contract. If the learned profession exception were to apply, then Dr. Hernandez’s UDTP claim against Sandhill would be dismissed.

Dr. Hernandez alleged that the hospital made false representations to induce him to enter into a contract. The Court held that the fact that he is a physician does not change the nature of the negotiation of a business contract. The Court found that the “learned profession” exception does not apply to any negotiation just because the two parties are physicians. For example, if a physician and a hospital were to contract to buy a beach house, then the exception would not apply because the nature of the contract (were something go awry and cause an UDTP lawsuit) because buying a beach house has nothing to do with being a physician or hospital. Similarly, here, the Court held that an employment contract had nothing to do with rendering medicine. Therefore, the exception did not apply. The Court of Appeals reversed the trial court’s directed verdict against Dr. Hernandez.

This decision definitely creates more tension between hospitals and physicians. Now, in negotiations with employees and independent contractors, hospitals need to be mindful that UDTP claims can be alleged against them. This case is recent precedent for an unfamiliar modern world of health care negotiations.

New Revisions to the Justice Manual -The New World of Health Care Fraud and Abuse in 2019

So many memos, so little time. Federal prosecutors receive guidance on how to prosecute. Maybe “guidance” is too loose a term. There is a manual to follow, and memos are just guidance until the memos are incorporated into what is known as the Justice Manual. Memos are not as binding as the Justice Manual, but memos are persuasive. For the last 22 years, the Justice Manual has not been revised to reflect the many, many memos that have been drafted to direct prosecutors on how to proceed. Until recently…

Justice Manual Revised

The Justice Manual, which is the manual that instructs federal prosecutors how to proceed in cases of Medicare and Medicaid fraud, has been revised for the first time since 1997. The Justice Manual provides internal Department of Justice (DOJ) rules.

The DOJ has new policies for detecting Medicare and Medicaid fraud and abuse. Some of these policies are just addendums to old policies. Or formal acceptance to old memos. Remember the Yates Memo? The Yates Memo directed prosecutors to indict executives, individually, of fraudulent companies instead of just going after the company.

The Yates Memo has now been codified into the Justice Manual.

Then came the Granston Memo – In a January 10, 2018, memo (the “Granston Memo”), the DOJ directed its prosecutors to more seriously consider dismissing meritless False Claims Act (“FCA”) cases brought by whistleblowers. It lists 7 (non-exhaustive) criteria for determining whether the DOJ should dismiss a qui tam lawsuit.  The reasoning behind the Granston Memo is that whistleblower lawsuits have risen over 600 cases per year, but the government’s involvement has not mirrored the raise. This may indicate that many of the whistleblower lawsuits are frivolous and filed for the purpose of financial gain, even if the money is not warranted. Remember qui tam relators (people who bring lawsuits against those who mishandle tax dollars, are rewarded monetarily for their efforts…and, usually, the reward is not a de minimus amount. In turn, people are incentivized to identify fraud and abuse against the government. At least, according to the Granston Memo, the financial incentive works too well and frivolous lawsuits are too prevalent.

The Granston Memo has also been codified into the Justice Manual.

Talk about an oxymoron…the Yates Memo instructs prosecutors to pursue claims against more people, especially those in the executive positions for acts of the company. The Granston Memo instructs prosecutors to more readily dismiss frivolous FCA allegations. “You’re a wigwam. You’re a teepee. Calm down, you’re just two tents (too tense).” – a horrible joke that my husband often quips. But this horrible quote is apropos to describe the mixed messages from DOJ regarding Medicare and Medicaid fraud and abuse.

The Brand Memo, yet another memo that we saw come out of CMS, instructs prosecutors not to use noncompliance as subject to future DOJ enforcement actions. In other words, agency guidance does not cannot create binding legal requirements. Going forward, the DOJ will not enforce recommendations found in agency guidance documents in civil actions. Relatedly, DOJ will not use noncompliance with agency guidance to “presumptively or conclusively” establish violations of applicable law or regulations in affirmative civil enforcement cases.

The Brand Memo was not incorporated into the Justice Manual. It also was not repudiated.

Medicare/caid Audit Targets Broadened

Going forward, traditional health care providers will not be the only targets – Medicare Advantage plan, EHR companies, and private equity owners – will all be audited and reviewed for fraud and abuse. Expect more audits with wider nets to catch non-provider targets to increase now that the Yates Memo was codified into the Justice Manual.

Anti-Kickback Statute, Stark Law, and HIPAA Narrowed

The Stark Law (42 U.S.C. 1395nn) and the Anti-Kickback Statute (42 U.S.C. §1320a‑7b(b)) exist to minimize unneeded or over-utilization of health-care services payable by the federal government. Stark Law and the Anti-Kickback regulations criminalize, impose civil monetary penalties, or impose other legal sanctions (such as termination from Medicare) against health care providers and other individuals who violate these laws. These laws are esoteric (which is one reason that I have a job) and require careful navigation by specialized legal counsel. Accidental missteps, even minute documentation errors, can lead to harsh and expensive results.

In a health care world in which collaboration among providers is being pushed and recommended, the Anti-Kickback, Stark, and HIPAA laws are antiquated and fail to recognize the current world. Existing federal health-care fraud and abuse laws create a “silo effect” that requires mapping and separating financial interests of health-care providers in order to ensure that patient referrals cannot be tainted by self-interest. Under Stark, a strict liability law, physicians cannot make a referral for the provision of “designated health services” to an entity with which they have a financial relationship (unless one of approximately 30 exceptions applies). In other words, for example, a hospital cannot refer patients to the home health care company that the hospital owns.

Going forward – and this has not happened yet – regulators and the Department will begin to claw back some of the more strict requirements of the Stark, Anti-Kickback, and HIPAA regulations to decrease the “silo effect” and allow providers to collaborate more on an individual’s whole health method. I had an example of this changing of the tide recently with my broken leg debacle. See blog. After an emergency surgery on my leg by an orthopedic surgeon because of a contracted infection in my wound, my primary care physician (PCP) called to check on me. My PCP had nothing to do with my leg surgery, or, to my knowledge, was never informed of it. But because of new technology that allows patient’s records to be accessed by multiple providers in various health care systems or practices, my PCP was informed of my surgery and added it to my chart. This never could have happened 20 years ago. But this sharing of medical records with other providers could have serious HIPAA implications if some restrictions of HIPAA are not removed.

In sum, if you haven’t had the pleasure of reading the Justice Manual in a while, now would be an appropriate time to do so since it has been revised for the first time in 22 years. This blog does not enumerate all the revisions to the Justice Manual. So it is important that you are familiar with the changes…or know someone who is.

Detroit Hospitals and Funeral Home Under Fire by Medicare and Police

What in the health care is going on in Detroit??

Hospitals in Detroit, MI may lose Medicare funding, which would be financially devastating to the hospitals. Is hospital care in Detroit at risk of going defunct? Sometimes, I think, we lose sight of how important our local hospitals are to our communities.

The Center for Medicare and Medicaid Services (CMS) notified DMC Harper University Hospital and Detroit Receiving Hospital that they may lose Medicare funding because they are allegedly not in compliance with “physical environment regulations.”

42 C.F.R. § 483.90 “Physical environment” states “The facility must be designed, constructed, equipped, and maintained to protect the health and safety of residents, personnel and the public.”

CMS will give the hospitals time to submit corrective action plan, but if the plans of correction are not accepted by CMS, Medicare will terminate the hospitals’ participation by April 15, 2019 (tax day – a bad omen?).

The two hospitals failed fire safety and infection control. Section 483.90 instructs providers to ensure fire safety by installing appropriate and required alarm systems. Providers are forbidden to have certain flammable goods in the hallways. It requires sprinkler systems to be installed. It requires emergency generators to be installed on the premises. Could you imagine the liability if Hurricane ABC destroys the area and Provider XYZ loses power, which causes Grandma Moses to stop breathing because her oxygen tube no longer disseminate oxygen? Think of the artwork we would have lost! Ok, that was a bad example because there are no hurricanes in Detroit.

Another important criterion of the physical environment regulations is infection control, which, according to the letters from CMS, is the criterion that the two hospitals allegedly have failed. Each hospital underwent a survey on Oct. 18th when the alleged deficiencies were discovered.

“We have determined that the deficiencies are significant and limit your hospital’s capacity to render adequate care and ensure the health and safety of your patients,” stated the Jan. 15 letters to the hospitals from CMS. CMS informed the hospitals they had until Jan. 25 to submit a plan of correction. It is unclear whether the hospitals submitted these plans. Hopefully, both hospitals have a legal team that did draft and submit the plans of correction.

Michigan is a state in which if Medicare funds are terminated, then Michigan will terminate Medicaid funds automatically. So termination of Medicare funding can be catastrophic. Concurrently, Scott Steiner, chief of Detroit Receiving Hospital, is resigning (shocker).

Detroit must have something in the water when it comes to health care issues in the news because, also in Detroit, a police task force Monday removed 26 fetuses from a Detroit Medical Center (DMC) morgue, all of which were allegedly mishandled by Perry Funeral Home. Twenty of the bodies taken from the DMC cooler had dates-of-birth listed from 1998 and earlier, with six dating to the 1970s. The earliest date of birth of a discovered fetus was Aug. 11, 1971.

State authorities are looking into another case of dozens of infant remains allegedly hidden for years in a DMC hospital. News articles do not mention the DMC hospital’s name, but one cannot help but wonder whether the two incidents – (1) Detroit hospitals failing infection control specifications; and (2) decomposing bodies found in a hospital – are intertwined.

Detroit has to be winning a record here with health care issues – Medicare audit failures in hospitals, possible loss of Medicare contracts, possible suspension of Medicaid reimbursements, and, apparently decomposing fetuses in funeral homes and hospitals.

Medicaid Incidents: To Report or Not To Report?

The answer resides in the injury, not the quality of the care.

A consumer trips and falls at your long term care facility. It is during her personal care services (PCS). Dorothy, a longtime LPN and one of your most trusted employees, is on duty. According to Dorothy, she was aiding Ms. Brown (the consumer who fell) from the restroom when Ms. Brown sneezed multiple times resulting in a need for a tissue. Dorothy goes to the restroom (only a few feet away) when Ms. Brown’s fourth sneeze sends her reeling backward and falling on her hip.

To report or not to report? That is the question. 

Whether ’tis nobler in the mind to suffer
The slings and arrows of outrageous fortune,
Or to take arms against a sea of troubles
And by opposing end them.

What is your answer?

Is Ms. Brown’s fall a Level I, Level II, or a Level III incident? What are your reporting duties?

  • If you answered Level II and no requirement to report – you would be correct.
  • If you answered Level III and that you must report the incident within 24 hours, you would be correct.

Wait, what? How could both answers be correct? Which is it? A Level II and no reporting it or a Level III and a report due within 24 hours?

It depends on Ms. Brown’s injuries, which is what I find fascinating and a little… how should I put it… wrong?! Think about it…the level of incident and the reporting requirement is not based on whether Dorothy properly provided services to Ms.Brown. No…the answer resides in Ms. Brown’s injuries. Whether Dorothy acted appropriately or not appropriately or rendered sub-par services has no bearing on the level of incident or reporting standards.

According to the Department of Health and Human Services’ (DHHS) Incident Response and Reporting Manual, Ms. Brown’s fall would fall (no pun intended) within a Level II of response if Ms. Brown’s injuries were not a permanent or psychological impairment. She bruised her hip, but there was no major injury.

However, if Ms. Brown’s fall led to a broken hip, surgery, and a replacement of her hip, then her fall would fall within a Level III response that needs to be reported within 24 hours. Furthermore, even at a Level III response, no reporting would be required except that, in my hypothetical, the fall occurred while Dorothy was rendering PCS, which is a billable Medicaid service. Assuming that Ms. Brown is on Medicaid and Medicare (and qualifies for PCS), Dorothy’s employer can be reimbursed for PCS; therefore, the reporting requirement within 24 hours is activated.

In each scenario, Dorothy’s actions remain the same. It is the extent of Ms. Brown’s injury that changes.

See the below tables for further explanation:

INCIDENT RESPONSE AND REPORTING MANUAL

Screen Shot 2018-11-08 at 12.49.35 PM

Screen Shot 2018-11-08 at 12.54.44 PM

These tables are not exhaustive, so please click on the link above to review the entire Incident Response and Reporting Manual.

Other important points:

  • Use the federal Occupational Safety and Health Administration’s (OSHA) guidelines to distinguish between injuries requiring first aid and those requiring treatment by a health professional. 
  • A visit to an emergency room (in and of itself) is not considered an incident. 
  • Level I incidents of suspected or alleged cases of abuse, neglect or
    exploitation of a child (age 17 or under) or disabled adult must still be reported
    pursuant to G.S. 108A Article 6, G.S. 7B Article 3 and 10A NCAC 27G .0610.

Providing residential services to anyone is, inevitably, more highly regulated than providing outpatient services. The chance of injury, no matter the cause, is exponentially greater if the consumer is in your care 24-hours a day. That’s life. But if you do provide residential services, know your reporting mandates or you could suffer penalties, fines, and possible closure.

Lastly, understand that these penalties for not reporting can be subjective, not objective. If Ms. Brown’s fall led to a broken hip that repaired without surgery or without replacement of the hip, is that hip injury considered “permanent?” 

In cases of reporting guidelines, it is prudent to keep your attorney on speed dial.

 

Medicare ACOs: Too Much Risk, Too Quickly?

As seen on RACMonitor.

More than a third of ACOs might leave if the proposed rule takes effect.

The comment period closed for the Centers for Medicare and Medicaid Services (CMS) Medicare Shared Savings Program (MSSP) proposed rule on Oct. 16. The MSSP has been a controversial program since its inception. The chief concern is that the financial “dis-incentives” will decrease the number of Accountable Care Organizations (ACOs). The proposed rule for MSSP intensifies the financial “dis-incentives,” causing even more concern about the number of ACOs.

What is the Medicare Shared Savings Program? It is a voluntary program that is supposed to encourage groups of doctors, hospitals, and other healthcare providers to come together as ACOs to give coordinated, high-quality care to their Medicare patients. Providers can choose among three distinctive tracks, depending on the amount of risk the providers want to bear. The purpose of the MSSP is to diversify risk – of both loss and gain – between the government and the ACOs. For example, Track 1 ACOs do not assume downside risk (shared losses) if they do not lower growth in Medicare expenditures.

CMS created the MSSP in hopes that doctors, hospitals, and other healthcare providers would want to participate, with the incentive of the chance to make more money, rather than remaining in the traditional Medicare relationship. The program turned out to be more successful than anticipated, with the majority of ACOs opting to become Track 1, or the least risky model (one-sided risk).

CMS’s new proposed rule, however, increases the risk placed on the ACOs. Needless to say, providers aren’t happy, and many ACOs in the program warn that they’ll drop out if CMS finalizes its proposal as is.

What are these proposed changes to the MSSP?

Restricting Track 1 Enrollment

ACOs currently have six years to shift to a risk-bearing model from a shared savings-only model (Track 1). The proposed rule would give existing ACOs one year and new ACOs two years to transfer to a risk-bearing model. This one change could cause mass exodus from the MSSP, as many providers are, by nature, risk-averse.

Morphing to Five-Year Agreement Periods

The proposed rule requires CMS and the ACOs to morph into using five-year agreement periods. I am on the fence regarding this change. It could strengthen ACOs’ incentives to reduce spending by breaking the link between ACOs’ performance in the first two years of each agreement period and their future benchmarks. However, this modification could worsen incentives during the first two years of each agreement period. I would love to hear your opinions.

Slashing Shared Savings Rates

The proposed rule purports to slash shared savings rates for upside-risk models from 50 percent to as low as 25 percent. Under the one-sided model years of the glide path, an ACO’s maximum shared savings rate would be 25 percent, based on quality performance, applicable to first-dollar shared savings after the ACO meets the minimum savings rate. The glide path concludes with a maximum 50 percent sharing rate, based on quality performance, and a maximum level of risk, which qualifies a provider as an Advanced APM for purposes of the Quality Payment Program.

Other proposed changes include the following:

  • A bifurcated system for high- and low-revenue ACOs, which functionally would penalize certain ACOs for the size of their patient populations and volume of services.
  • A differential system for experienced versus inexperienced ACOs, which would allow experienced ACOs to choose from a more robust menu of participation options.
  • Dis-incentives to lower spending: ACOs have had little incentive to lower spending because of the link between the spending reductions they achieve and subsequent benchmarks. One could argue that it is astonishing that the MSSP has produced any savings at all. CMS proposes that the MSSP needs to be re-vamped.
  • A modified and more rigorous application review process to screen for good standing among ACOs seeking to renew or re-enter MSSP after termination or expiration of their previous agreement. ACOs in two-sided models would be held accountable for partial-year losses if either the ACO or CMS terminates the agreement during a performance year.

Will there be too much risk too quickly placed on the ACOs? Stay tuned for whether this proposed rule becomes finalized.

Medicare and Medicaid in the News: An Overview

With so much news about Medicare and Medicaid, I decided to do a general update of Medicare and Medicaid in the news. To the best of my ability, I am trying not to put my own “spin” on the stories, but just relay what is happening. Besides, Hurricane Florence is coming, and we have to hunker down. FYI: There is no more water at Costco.

Here is an overview of current “hot topics” for Medicare and Medicaid:

Affordable Care Act

On September 5, 2018, attorneys argued in TX district court whether the Affordable Care Act should be repealed. The Republican attorneys, who want the ACA repealed will argue that the elimination of the tax penalty for failure to have health insurance rendered the entire law unconstitutional because the Supreme Court upheld the ACA in 2012 by saying its requirement to carry insurance was a legitimate use of Congress’ taxing power. We await the Court’s decision.

Patient Dumping

In Maine, two hospitals illegally turned away emergency room patients in mental health crises and sometimes had them arrested for trespassing. The hospitals are Central Maine Medical Center and St. Mary’s Regional Medical Center, and they have promised to address and change these policies. It is likely that the hospitals will be facing penalties. Generally, turning away a patient from an ER is over $100,000 per violation.

Kickbacks

Six San Francisco Bay Area medical professionals have been indicted for an alleged kickback scheme in which three paid and three received kickbacks for healthcare referrals in home health.

Medicaid Work Requirements

In June, Arkansas became the first state to implement a work requirement into its Medicaid program. The guinea pig subjects for the work requirement were Medicaid expansion recipients aged 30-49, without children under the age of 18 in the home, did not have a disability, and who did not meet other exemption criteria. On a monthly basis, recipients must work, volunteer, go to school, search for work, or attend health education classes for a combined total of 80 hours and report the hours to the Arkansas Department of Human Services (DHS) through an online portal. Recipients who do not report hours any three months out of the year lose Medicaid health coverage until the following calendar year. September 5th was the reporting deadline for the third month of the policy, making today the first time that recipients can lose Medicaid coverage as a result of the work requirement. There are 5,426 people who missed the first two reporting deadlines, which is over half of the group of 30-49 year olds subject to the policy beginning in June. If these enrollees do not do not log August hours or an exemption into the portal by September 5th, they will lose Medicaid coverage until January 2019.

Accountable Care Organizations

According to a report in late August, accountable care organizations (ACOs) that requires physicians to take on substantial financial risk saved Medicare just over $100 million in the model’s first year, the CMS said in a report released Monday.

Lower Medicare Drug Costs

Back in May, the Trump administration published a “blueprint” for lowering drug costs. Advocacy groups are pushing back, saying that his plan will decrease access to drugs.

Balance Billing

Balance billing is when a patient presents at an emergency room and needs emergency medical services before the patient is able to determine whether the surgeon at the hospital is “in-network” with his insurance…most likely, because the patient is unconscious and no one has time to check for insurance networks. More and more states are passing laws to protect consumers from balance billing. An example of balance billing was Drew Calver, whose health plan paid $56,000 for his 4-day emergency stay at St. David’s Medical Center. Once he was discharged, he received a bill from the hospital for $109,000. The Employee Retirement Income Security Act (ERISA) regulates company plans that practice this. The hospital eventually reduced the bill to $332.

Patient Abandonment

During a fire, staff at two Santa Rosa, California-based nursing homes “abandoned their residents, many of them unable to walk and suffering from memory problems, according to a legal complaint filed by the California Department of Social Services.” The Department of Social Services accused the staff members of being unprepared for the emergency fire.

Makes you wonder what could possibly happen in the fast-approaching hurricane. At least with a hurricane, we have days advance notice. Granted there is no more water in the stores or gasoline at the pumps, but Amazon Prime, one-day service still works…for now.

Licensing and Tax Implications of Telemedicine; Will the Regulations Inhibit Telemedicine’s Ability to Thrive?

My husband and I recently decided to try new insurance. It is always hard to change from what you know, so we were a bit hesitant. But the insurance costs under half of what we were paying, and it seemed that nothing was covered with our old insurance. So we took the leap. The absolute best thing about our new insurance is that we have 24/7 access to a physician for prescriptions. For example, I was ill last week, so at about midnight on Tuesday, I called the 24/7 hotline for anti-nausea medicine. A doctor called me within 30 minutes, listened to my complaints, and I had a prescription to be picked from my local Costco within minutes. Obviously, I waited to pick up my prescription the next day when Costco opened, but you see my point. Technology is amazing and scary. Had I preferred, I could have opted to talk to my tele-doctor through Facetime, but, quite frankly, I doubt he would have enjoyed that image of me sick with vomit in my hair. But if my issue were a rash or a questionable mole, Facetime would have worked.

There I am – last Tuesday – at midnight, talking to my new tele-doctor. I don’t even know his name. Most likely, next time I call the 24/7 hotline I will talk to someone else. I may never speak to my prescribing provider again. Nor would I know if I did.

But it worked. It was efficient. Oh, and did I say “free?” We pay a monthly premium and the cost of the prescription was $9.75, but no cost of a doctor visit. I didn’t have to drive to an office. I spoke to the doctor while laying on bed. This is telehealth.

I found myself wondering why doesn’t every health insurance implement this system of free access to a doctor 24/7, the ability to get a prescription at any time, and at nominal cost?? Medicare and Medicaid recipients would benefit highly from telehealth.

And I wondered so much (and couldn’t sleep) that I decided to research. My Melatonin works less and less as time passes. I guess I am getting resistant.

The tele-doctor that wrote me a prescription for anti-nausea was not a North Carolinian. I know this for a fact because when I said to tele-doctor, “I cannot believe that you work at midnight.” He said, “Oh, it’s only 9:00 here.” Based on his sentence, I deduced that tele-doctor was somewhere on the west coast. (I could be a PI).

How could tele-doctor write me a prescription when I live in North Carolina and he lives in CA, OR, or WA? Does he have to be licensed in NC to prescribe to me? And what about the tax implications on providing a medical service in a different state?

One thing that I need to make clear for my readers is that this blog is made possible by the standoff in our U.S. Congress that failed to pass legislature regarding telemedicine in its 2017-2018 session, the first week of August 2018. The opioid bill (which is what it has been dubbed) was to boost telemedicine by breaking down state law barriers disallowing telemedicine or imposing high taxes on telemedicine, which inhibits its growth. In case you are curious, Massachusetts has been named the worst state in which to perform telemedicine. Apparently, Massachusetts has many laws suppressing the advancement of telemedicine.

According to (hopefully not fake) news, what ultimately sunk this year’s wide-ranging health bill was a philosophical disagreement over the funding of community hospitals, which, apparently is a hot topic to debate between the Senate and the House.

As for the telemedicine elements of the failed bill, word on the street is that it could return in a standalone bill come January. Consult your horoscope or 8-ball for more information.

Telemedicine – How Does It Work Legally?

The World Health Organization’s has defined telemedicine as “The delivery of healthcare services, where distance is a critical factor, by all healthcare professionals using information and communication technologies for the exchange of valid information for diagnosis, treatment and prevention of disease and injuries, research and evaluation, and for the continuing education of healthcare providers, all in the interests of advancing the health of individuals and their communities.”

The type of telemedicine in which I participated is considered “real time telemedicine.” I had a consultation with no delay in communication at a distance.

While real estate tax is relatively simple, other taxes are not. Sales and use taxes, income taxes, and business privilege taxes are complex because of the interstate commerce issues. If my tele-doctor lives in CA and provides taxable services to me in North Carolina, does California or North Carolina benefit from the tax? Is the tax due where the provider lives or the consumer? And, BTW, Dr. Tele-health did not ask my location or state of residence. How will he do his taxes?

One of the pinnacle, legal cases that speaks to jurisdictional issues, such as interstate tax issues, is the Supreme Court case, International Shoe Co. V. Washington (I hated this case in law school). According to International Shoe:

  • A state may only impose a tax if it has a substantial nexus to the persons and transactions that would be subject to tax. (Now you see why I hate this case. What is substantial nexus? This case creates a riddle.) Oh, and it gets better.
  • The tax must be a fairly apportioned to reduce the prospect of double taxation.
  • A state cannot adapt a tax that discriminates against interstate commerce.
  • Any tax must be fairly related to services provided by the state. (Can you hear the Charlie Brown teacher reciting this?)

Wait, what?

Because we are the United States of America and believe in States remaining sovereign over its own people, unsurprisingly, the tax laws in every state differ – dramatically.

Telemedicine providers need to be cautious of income tax, unrelated business income tax, sales and use tax, sales tax, and use tax and be knowledgable about the state-by-state  licensing requirements for telehealth. Most states require that a physician is licensed in the state where their patient is located, which presents a problem for telehealth. Some states have exceptions carved out for telehealth.

Here is the Cliffnotes version:

Income Tax

The telehealth professional will be paid, and income will be reported to the IRS on a 1099. Most states have income tax, but some do not. Alaska, Florida, Nevada, South Dakota, Texas,Washington and Wyoming do not have income tax.

Even more complicated for the telehealth providers, is the question of whether the “source” of the income received by the surgeon is the country or state where the provider is located or the country or state where the patient is located. You can see why this is an important issue to the state, which wants to collect the most income tax possible, and to the physician, who doesn’t want to pull a Martha Stewart.

The current IRS definition of “patient” originated in 1968. The current definition of a “patient” contemplates a bricks-and-mortar structure at which patients receive treatment. Even though the IRS’ definition of “patient” is prehistoric, there have been several subsequent private letter rulings (PLRs) permitting the term “patient” to extend to recipients of services conducted by providers, even though performed at a variety of locations.

Unrelated Business Income (UBI)

The IRS defines UBI as income from a trade or business that is regularly carried on by a tax-exempt organization and that is not substantially related to the organization’s exempt purpose.

To date, the IRS has not issued any guidance or rulings regarding telemedicine UBI, specifically. For now, tax-exempt healthcare organizations participating in telemedicine are subject to the IRS rules and principles that apply more broadly to UBI and healthcare activities – some of which, frankly, don’t neatly fit, and some of which require careful documentation to avoid triggering UBI status.

One problem with UBI (like income tax) is the IRS’ definition of “patient.” The IRS’ definition does not contemplate telemedicine because the setting is not traditional.

In PLR 8122013, a tax-exempt hospital was not liable for UBI tax on its provision of laboratory services to patients of private physicians because such services contributed importantly to meeting the health needs of the community. In discussing Rev. Rul. 68-376, the IRS noted: “[I]t is important that the Service take cognizance of the changes in health care delivery brought about by modern technology. For example, the technology is now in place for a hospital to monitor the results of an electrocardiogram attached to a patient who is 80 miles away. The point is that who is legitimately considered a patient of a hospital today is not necessarily the same as 12 years ago, when the cited revenue ruling was published.” This shows, at the very least, that the IRS understands the definition of “patient” needs to be updated, even if no steps are taken to do so.

Sales and Use Tax

Sales and use taxes are typically imposed upon tangible personal property. Medical services provided in a traditional face-to-face setting would not trigger any sales and use tax issues. However, many states have adopted legislation that defines some intangible items to be treated like tangible personal property. For example, the data transmission component of telemedicine services could be subject to sales and use tax, which would mean that my “free” telehealth consult could have a tax implication of which I was unaware.

Sales Tax

If a provider renders health care services to someone in a foreign state, that provider may be liable to collect sales tax. Quite recently, I noticed this issue, not with telehealth, but with the internet sales of durable medical equipment. Providers who sell equipment, prescriptions, or vitamins over the internet need to be mindful of cross-state, sales tax.

The potential sales tax arises from the data transmission component of telemedicine. For example, in New Jersey, the sales tax expressly exempts services of of a physician. Juxtapose Connecticut, which has an administrative ruling that the provision of medical records through an online service is a taxable service.

Licensing Issues

This issue – cross-state licensing issues – really deserves a blog of its own. I will discuss this issue with the author of this blog. Much like an attorney, physicians and other health care providers have to be licensed in the state in which they practice.Most states require that a physician is licensed in the state where their patient is located.  Telehealth challenges states’ borders. Some states have attempted to solve this problem by creating a limited telemedicine license for which out-of state physicians can apply. However, this solution doesn’t exist in all states.

The Federation of State Medical Boards (FSMB), is a non-profit representing more than 70 medical and osteopathic boards. It also has about 17 states as members. FSMB is a proponent of allowing physicians to practice beyond state lines.

Partly due to the efforts of FSMB, approximately nineteen states have passed legislation to adopt the Interstate Medical Licensure Compact, which allows physicians to obtain a license to practice medicine in any Compact state through a simplified application process. The state medical boards retain their licensing and disciplinary authority, but agree to share information for licensing purposes.

The state boards of medicine recognize that standard of care is also largely a state-by-state analysis, sometimes even a community-by-community expectation. Some states, such as California, passed policy requiring the standard of care in telemedicine services to be the same as if providing the service in person.

All in all, I was happy with my very first telehealth experience. I do recognize, however, that there are legal barriers preventing telehealth and regulatory risks for the health care providers to contemplate before jumping on the telehealth boat. But, as a consumer…I’m hooked!

 

 

A Federal Regulation Violates the U.S. Constitution and Ruins Careers; Yet It Sits…Vaguely

There is a federal regulation that is putting health care providers out of business. It is my legal opinion that the regulation violates the U.S. Constitution. Yet, the regulation still exists and continues to put health care providers out of business.

Why?

Because so far, no one has litigated the validity of the regulation, and I believe it could be legally wiped from existence with the right legal arguments.

How is this important?

Currently, the state and federal government are legally authorized to immediately suspend your Medicare or Medicaid reimbursements upon a credible allegation of fraud. This immense authority has put many a provider out of business. Could you survive without any Medicare or Medicaid reimbursements?

The federal regulation to which I allude is 42 CFR 455.23. It is a federal regulation, and it applies to every single health care provider, despite the service type allowed by Medicare or Medicaid. Home care agencies are just as susceptible to an accusation of health care fraud as a hospital. Durable medical equipment agencies are as susceptible as dentists. Yet the standard for a “credible allegation of fraud” is low. The standard for which the government can implement an immediate withhold of Medicaid/care reimbursements is lower than for an accused murderer to be arrested. At least when you are accused of murder, you have the right to an attorney. When you are accused to health care fraud on the civil level, you do not receive the right to an attorney. You must pay 100% out of pocket, unless your insurance happens to cover the expense for attorneys. But, even if your insurance does cover legal fees, you can believe that you will be appointed a general litigator with little to no knowledge of Medicare or Medicaid regulatory compliance litigation.

42 USC 455.23 states that:

The State Medicaid agency must suspend all Medicaid payments to a provider after the agency determines there is a credible allegation of fraud for which an investigation is pending under the Medicaid program against an individual or entity unless the agency has good cause to not suspend payments or to suspend payment only in part.

(2) The State Medicaid agency may suspend payments without first notifying the provider of its intention to suspend such payments.

(3) A provider may request, and must be granted, administrative review where State law so requires.”

In the very first sentence, which I highlighted in red, is the word “must.” Prior to the Affordable Care Act, this text read “may.” From my years of experience, every single state in America has used this revision from “may” to “must” for governmental advantage over providers. When asked for good cause, the state and or federal government protest that they have no authority to make a decision that good cause exists to suspend any reimbursement freeze during an investigation. But this protest is a pile of hooey.

In reality, if anyone could afford to litigate the constitutionality of the regulation, I believe that the regulation would be stricken an unconstitutional.

Here is one reason why: Due Process

The Fifth and Fourteenth Amendments to the Bill of Rights provide us our due process rights. Here is the 5th Amendment:

“No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”

There have been a long and rich history of interpretation of the due process clause. The Supreme Court has interpreted the due process clauses to provide four protections:  (1) procedural due process (in civil and criminal proceedings), (2) substantive due process, (3) a prohibition against vague laws, and (4) as the vehicle for the incorporation of the Bill of Rights.

42 CFR 455.23 violates procedural due process.

Procedural due process requires that a person be allowed notice and an opportunity to be heard before a government official takes a person’s life, liberty, or property.

Yet, 42 CFR 455.23 allows the government to immediately withhold reimbursements for services rendered based on an allegation without due process and taking a provider’s property; i.e., money owed for services rendered. Isn’t this exactly what procedural due process was created to prevent???? Where is the fundamental fairness?

42 CFR 455.23 violates substantive due process.

The Court usually looks first to see if there is a fundamental right, by examining if the right can be found deeply rooted in American history and traditions.

Fundamental rights include the right to vote, right for protection from pirates on the high seas (seriously – you have that right), and the right to constitutional remedies. Courts have held that our right to property is a fundamental right, but to my knowledge, not in the context of Medicare/caid reimbursements owed; however, I see a strong argument.

If the court establishes that the right being violated is a fundamental right, it applies strict scrutiny. This test inquires into whether there is a compelling state interest being furthered by the violation of the right, and whether the law in question is narrowly tailored to address the state interest.

Where the right is not a fundamental right, the court applies a rational basis test: if the violation of the right can be rationally related to a legitimate government purpose, then the law is held valid.

Taking away property of a Medicare/caid provider without due process violates substantive due process. The great thing about writing your own blog is that no one can argue with you. Playing Devil’s advocate, I would anticipate that the government would argue that a suspension or withhold of reimbursements is not a “taking” because the withhold or suspension is temporary and the government has a compelling reason to deter health care fraud. To which, I would say, yes, catching health care fraud is important – I am in no way advocating for fraud. But important also is the right to be innocent until proven guilty, and in civil cases, our deeply-rooted belief in the presumption of innocence is upheld by the action at issue not taking place until a hearing is held.

For example, if I sue my neighbor and declare that he is encroaching on my property, the property line is not moved until a decision is in my favor.

Another example, if I sue my business partner for breach of contract because she embezzled $1 million from me, I do not get the $1 million from her until it is decided that she actually took $1 million from me.

So to should be – if a provider is accused of fraud, property legally owned by said provider cannot just be taken away. That is a violation of substantive due process.

42 CFR 455.23 violates the prohibition against vague laws

A law is void for vagueness if an average citizen cannot understand it. The vagueness doctrine is my favorite. According to census data, there are 209.3 million people in the US who are over 24-years. Of those over 24-years-old, 66.9 million have a college degree. 68% do not.

Although here is a quick anecdote: Not so sure that a college degree is indicative of intelligence. A recent poll of law students at Columbia University showed that over 60% of the students, who were polled, could not name what rights are protected by the 1st Amendment. Once they responded “speech,” many forgot the others. In case you need a refresher for the off-chance that you are asked this question in an impromptu interview, see here.

My point is – who is to determine what the average person may or may not understand?

Back to why 42 CFR 455.23 violates the vagueness doctrine…

Remember the language of the regulations: “The State Medicaid agency must suspend all Medicaid payments to a provider after the agency determines there is a credible allegation of fraud…”

“Credible allegation of fraud” is defined as an allegation, which has been verified by the State, from any source, including but not limited to the following:

  • Fraud hotline complaints.
  • Claims data mining.
  • Patterns identified through provider audits, civil false claims cases, and law enforcement investigations. Allegations are considered to be credible when they have indicia of reliability and the State Medicaid agency has reviewed all allegations, facts, and evidence carefully and acts judiciously on a case-by-case basis.”

With a bit of research, I was able to find a written podcast published by CMS. It appears to be a Q and A between two workers at CMS discussing whether they should suspend a home health care agency’s reimbursements, similar to a playbook. I assume that it was an internal workshop to educate the CMS employees considering that the beginning of the screenplay begins with a “canned narrator” saying “This is a Medicaid program integrity podcast.”

2018-08-07 -- pic of cms podcast

The weird thing is that when you pull up the website – here – you get a glimpse of the podcast, but, at least on my computer, the image disappears in seconds and does not allow you to read it. I encourage you to determine whether this happens you as well.

While the podcast shimmered for a few seconds, I hit print and was able to read the disappearing podcast. As you can see, it is a staged conversation between “Patrick” and “Jim” regarding suspicion of a home health agency falsifying certificates of medical necessity.

On page 3, “Jim” says, “Remember the provider has the right to know why we are taking such serious action.”

But if your Medicare/caid reimbursements were suddenly suspended and you were told the suspension was based upon “credible allegations of fraud,” wouldn’t you find that reasoning vague?

42 CFR 455.23 violates the right to apply the Bill of Rights to me, as a citizen

This esoteric doctrine only means that the Bill of Rights apply to State governments. [Why do lawyers make everything so hard to understand?]

Medicaid Reform: As Addictive as Fortnite

Do you have a kid addicted to Fortnite? The numbers are rising…

For those of you who have been living under a rock for the past year, this is how Fortnite is explained on the internet:

“In short, it’s a mass online brawl where 100 players leap out of a plane on to a small island and then fight each other until only one is left. Hidden around the island are weapons and items, including rifles, traps and grenade launchers, and players must arm themselves while exploring the landscape and buildings. It’s also possible to collect resources that allow you to build structures where you can hide or defend yourself. As the match progresses, the playable area of land is continually reduced, so participants are forced closer and closer together. The last survivor is the winner.”

More than 40 million people play Fortnite. According to the May 2018 Medicaid Enrollment Report, 73,633,050 Americans are enrolled in Medicaid or CHIP, so government-assisted health insurance definitely trumps Fortnite on participation.

Recently, the General Assembly passed and the Governor signed two Bills into law pertaining to Medicaid reform: (1) HB 403 (Session Law 2018-48); and (2) HB 156 (Session Law 2018-49). Notice that the Session Laws are one digit separate from each other. That is because Governor Cooper signed these two bills consecutively and on the same day. But did he read them? I do not know the answer, but I do know this: Medicaid reform in NC has become a Fortnite. The MCOs, provider-led entities, ACOs, auditors, DHHS…everyone is vying for a piece of the very large Medicaid budget, approximately $3.6 billion – or 16% of NC’s total budget. It is literally a firehose of money if you can manage to be a player in the Medicaid Fortnite – a fight to eliminate everyone but you. Unlike Fortnite, the pay-off for winning Medicaid Fortnite is financially lucrative. But it is a fight with few winners.

Session Law 2018-48 is entitled, “An Act to Modify the Medicaid Transformation Legislation.”

Session Law 2018-49 is entitled, “An Act to Require Medicaid Prepaid Health Plans to Obtain a License from the Department of Insurance and to Make Other Changes Pertaining to Medicaid Transformation and the Department of Insurance.”

Don’t you like how the House decided to use the term “transformation” instead of “reform?” The term “reform” had been over-utilized.

Recently, the North Carolina Medical Society announced that it is throwing its metaphoric hat in the ring to become “Carolina Complete Health,” a provider-led patient-care center.

The New Laws

Session Law 2018-48

Session Law 2018-48 defines provider-led entity (PLE) as an entity that meets the following criteria: (1) A majority of the entity’s ownership is held by an individual or entity that has its primary business purpose the operation of a capitated contract for Medicaid; (2) A majority of the entity’s governing body is composed of licensed physicians, physician assistants, nurse practitioners, or psychologist and have experience treating Medicaid beneficiaries; (3) Holds a PHP license issued by the Department of Insurance (see Session Law 2018-49).

Services covered by PHP’s will include physical health services, prescription drugs, long-term services and supports, and behavioral health care services for North Carolina Health Choice recipients. The PHP’s will not cover services currently covered by the managed care organizations (MCOs).

Session Law 2018-48 allows for 4 contracts with PHPs to provide services for Medicaid and NC Health Choice (statewide contracts). Plus, it allows up to 12 regional contracts.

What is the future of behavioral health and the MCO system?

For now, they will still exist. The double negative wording of the new Session Law makes it seem like the MCOs will have less authority, but the MCOs will continue to cover for services described in subdivisions a, d, e, f, g, j, k, and l of this subdivision.

Session Law 2018-48 also creates new entities called BH IDD Tailored Plans. Session Law 2018-48 carves out developmentally disabled services (or IDD). It mandates that DHHS create a detailed plan for implementation of a new IDD program under the 1115 Waiver. Services provided by the new Tailored Plans shall pay for and manage services currently offered under the 1915(b)(c) Waiver.

Here’s the catch for providers: “Entities operating BH IDD Tailored Plans shall maintain closed provider networks for behavioral health, intellectual and developmental disability, and traumatic brain injury services and shall ensure network adequacy.” (emphasis added). Fortnite continues with providers jockeying to be included in the networks.

For the next four years only an MCO may operate a BH IDD Tailored Plan. This tells me that the MCOs have sufficiently lawyered up with lobbyists. After the term of the initial contracts, the Tailored Plans will be the result of RFPs issued by DHHS and the submission of competitive bids from nonprofit PHPs.

DHHS was to report to the Joint Legislative Oversight Committee with a plan for the implementation of the Tailored Plans by June 22, 2018. – Sure would’ve loved to be a fly on that wall.

Starting August 31, 2018, DHHS is authorized to take any actions necessary to implement the BH IDD Tailored Plans in accordance with all the requirements in this Act.

Session Law 2018-49

A provider-led entity must meet all the following criteria: (1) A majority of the entity’s ownership is held by an individual or entity that has as its primary business purpose operating a capitated contract with with Medicaid providers; and (2) A majority of the governing body is composed of individuals who are licensed as physicians, physician assistants, nurse practitioners, or psychologists and all of whom have experienced treating Medicaid beneficiaries.

Session Law 2018-49 requires that all PHPs apply for a license with the Commissioner of Insurance. With the application, all entities would need to provide proof of financial stability and other corporate documents. This new law definitely increases the authority of the Commissioner of Insurance (Mike Causey).

The remaining portion of the law pertains to protection against insolvency, continuation of healthcare services in case of insolvency, suspension or revocation of licenses, administrative procedures, penalties and enforcement, confidentiality of information, and that sort.

Session Law 2018-49 also applies to the current opioid crisis. It allows a “lock-in programs” for those consumers who use multiple pharmacies and multiple doctors to “lock them in” to one pharmacy and one doctor.

Besides the “lock-in” program, Session Law 2018-49 is basically a law that brings the Department of Insurance into the Medicaid arena.

Let Fortnite begin!