News and Insights

Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.

The Centers for Medicare & Medicaid Services announced its sixteenth settlement from a disclosure reported through the Self-Referral Disclosure Protocol for violations of the Stark Law. The disclosure was initiated by an acute care hospital in California that was unable to satisfy the personal service arrangement exception for an on-call physician arrangement. The disclosed violations were settled for $1,600. The government only publishes information related to certain disclosures.

The personal services arrangement exception is the most applicable exception to on-call arrangements with physicians. This exception requires an executed written agreement that describes the services to be performed by the parties. Among other elements, the compensation paid over the term must be fair market value and must not be determined in a manner that takes into account the volume or value of certain referrals.

Compliance with the Stark Law is particularly complex with on-call arrangements because of the difficult of determining fair market value of the compensation. In fact, the government only recently publicly approved providing compensation to physicians for on-call services. The government has been increasingly scrutinizing on-call arrangements due to the difficulty of valuing the services provided and the perceived opportunity to compensate referring physicians for referrals contemplated outside of the on-call arrangement. 

The government has published regulations that make sweeping changes to HIPAA. The regulations implement requirements of the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act of 2008.

The final rule implements the following changes:

  • Business associates are directly liable for certain aspects of compliance with HIPAA.
  • Disclosures of protected health information (“PHI”) for marketing and fundraising purposes are limited.
  • The authorization process for patients being enrolled in research studies is refined.
  • Requirements for notifying patients and the government in the event of a breach of unsecured PHI are clarified.
  • The penalty structure for violating HIPAA is revised.
  • Genetic information may not be used or disclosed by health plans for underwriting purposes.

Further changes to the HIPAA Privacy and Security Rules enable patients to exercise greater control over their information, and how it is used and disclosed. For example, Individuals may instruct their providers not to disclose treatment information to health plans if the individual has paid cash for the treatment, and patients will now be able to request their PHI to be provided to them in electronic form.

The official version of “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Act; Other Modifications to the HIPAA Rules,” will be published in the Federal Register on January 25, 2013.

The Office for Civil Rights entered into a $50,000 settlement with Hospice of North Idaho (“HONI”) relating to violations of HIPAA. This settlement, which stemmed from a breach of electronic protected health information (ePHI), has resulted in the first settlement for a violation involving fewer than 500 patients.

The HITECH amendments created an obligation that practices must report certain breaches of “unsecured protected health information” to the government. For breaches involving fewer than 500 individuals, the practice may report the violations in an annual report.

The investigation into HONI stemmed from a breach report submitted by HONI following the theft of a laptop computer that contained ePHI of 441 patients. During the investigation, the OCR found that HONI had no policies or procedures for protecting ePHI on mobile devices as required by HIPAA, nor had HONI conducted a risk analysis to safeguard this information. The OCR stated that “[t]his action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.”

Practices should ensure their policies and procedures are current and adapted to the practice’s methods of communicating about patients.

For more information, visit HHS’s Press Release.

The deal approved by Congress and President Obama on January 2, 2013, to avoid the “fiscal cliff” brings temporary relief and permanent grief to physicians.

First, Congress extended the Medicare physician payment rate for a one-year period, which is based upon the program’s Sustainable Growth Rate formula. Had this extension not been granted, Medicare payments to physicians would have been cut by 26.5%. Physician and hospital groups have been calling for the repeal of this formula, arguing that it will lead to a reduced number of providers willing to take on Medicare patients.

The fiscal cliff legislation also delays a pending two percent reduction to physician payment rates and an eight percent reduction to medical education programs for two months, each of which are mandated by the Budget Control Act. Congress is being urged to address these issues as it grapples with the upcoming round of budget measures.

Second, the fiscal cliff legislation also includes a provision, titled “Removing Obstacles to Collection of Overpayments,” that increased the amount of time for which the government may recoup no-fault overpayments to providers from three years to five years. This change comes at the recommendation of the Office of Inspector General, which reported that nearly $500 million of identified nonfraudulent overpayments (e.g., data entry error) could not be recouped from Medicare providers because of the three-year statute of limitation. The extended limitations period means that if the government identifies an overpayment within five years after the payment is made, and the overpayment was not made due to fraud or abuse by the provider, subsequent payments to that provider may be reduced to recoup the overpayment. If the government does suspect that fraud or abuse was involved in the overpayment, then the government has other avenues of recoupment, which are not bound by the five year limitations period.

For more information, see generally the American Taxpayer Relief Act of 2012

For more reading on the collection of overpayments, click here.