Edward L. Vishnevetsky 2012-12-26 02:14:33
The year 2012 may be best remembered as the year the U.S. Supreme Court upheld the overall constitutionality of the Affordable Care Act of 2010.1 On June 28, the Supreme Court held the minimum essential coverage provision of the ACA (known as the individual mandate) constitutional under Congress’ taxing power. The court also held that Congress could extend additional federal money to a state to fund Medicaid expansion, but could not require a state to implement a Medicaid expansion program by threatening to take away the state’s federal Medicaid funding. Apart from the Supreme Court decision, there were numerous substantial developments in health law. New Rules for EFT and ERA Transactions Section 1104(b)(2)(A) of the ACA added electronic funds transfers to the list of electronic health care transactions under HIPAA. On Jan. 10, 2012, the U.S. Department of Health and Human Services adopted standards for health care claim payments made via EFT and for electronic remittance advice.2 On Aug. 10, 2012, HHS adopted EFT & ERA operating rules.3 Among other things, the operating rules clarify when entities that process electronic payment information handle protected health information such that they could be considered business associates under HIPAA. EHR Meaningful Use Rules The Centers for Medicare & Medicaid Services published a final rule that specifies the stage 2 criteria that providers and hospitals must meet in order to continue to participate in the Medicare and Medicaid Electronic Health Record Incentive programs. All providers must achieve meaningful use under the stage 1 criteria before moving to stage 2. Providers must adopt and demonstrate meaningful use of EHR systems by Oct. 1, 2014, or be assessed a 1 percent penalty. HIPAA Enforcement on the Rise HHS entered into several resolution agreements with covered entities relating to potential HIPAA violations. On March 13, 2012, Blue Cross Blues Shield of Tennessee paid $1.5 million to settle potential HIPAA violations related to stolen unencrypted hard drives containing electronic protected health information of more than 1 million patients. On April 13, 2012, Phoenix Cardiac Surgery paid $100,000 to settle potential HIPAA violations related to public accessibility of the practice’s internet-based calendar of appointments. On June 26, 2012, the Alaska Department of Health and Human Services paid $1.7 million to settle potential HIPAA violations related to a stolen USB drive that possibly contained ePHI of 501 patients. Finally, on Sept. 17, 2012, the Massachusetts Eye and Ear Infirmary and the Massachusetts Eye and Ear Associates Inc. paid $1.5 million to settle potential violations related to a stolen unencrypted laptop that contained ePHI of 3,500 people. HEAT Arrests More Than 200 Providers for Fraud-Related Crimes This year, the Health Care Fraud Prevention and Enforcement Action Team conducted numerous raids on healthcare providers. The defendants are accused of various health care fraud-related crimes, including conspiracy to commit health care fraud, health care fraud, anti-kickback violations, and money laundering. On Feb. 28, 2012, HEAT arrested a physician and the office manager of his medical practice, along with five owners of home health agencies, on charges related to their alleged participation in a nearly $375 million health care fraud scheme involving fraudulent claims. On May 2, 2012, HEAT arrested 107 individuals in six cities for potential health care fraud-related crimes worth $452 million. Similarly, on Oct. 4, 2012, HEAT arrested 91 individuals in seven cities for potential health care fraud-related crimes worth $430 million. Clarification of DME Telemarketing and Supplier Standards On March 14, 2012, the Centers for Medicare and Medicaid Services issued a final rule revising and clarifying various Medicare supplier standards for durable medical equipment suppliers.4 The final rule limits the prohibition on solicitation to telephone contact. Additionally, the final rule allows DME suppliers to use licensed contractors to provide DME supplies, unless prohibited by state law. The final rule also removes the requirement for compliance with local zoning laws and modifies certain state licensure requirement exceptions. U.S. 4th Circuit of Appeals Reverses and Remands Lawsuit with Stark Law Implications The U.S. 4th Circuit Court of Appeals reversed and remanded a $44.9 million judgment against Tuomey Hospital in South Carolina arising from Tuomey’s employment arrangements with physicians that allegedly violated the federal law prohibiting physician self-referrals, also known as the Stark Law.5 Although the reversal was made on procedural grounds, a majority of the panel also addressed substantive issues that could support a verdict against the hospital on remand. Specifically, the court opined that while personally performed physician services are not “referrals,” facility fees billed by a hospital in conjunction with those services are “referrals” that can lead to a violation of Stark. Additionally, the court stated that even a fixed compensation agreement can violate the Stark law if the amount of compensation takes into account anticipated referrals. CMS Issues Proposed Regulations on 60-Day Overpayment Rule Under the ACA, a Medicare provider has an obligation to return improper reimbursement to Medicare within 60 days after the overpayment has been “identified.” Failure to report and return an overpayment within this timeframe can give rise to liability under the False Claims Act. On Feb. 16, the Centers for Medicare and Medicaid Services issued proposed regulations providing that the 60-day period begins when the provider “acts with actual knowledge of” an overpayment. In addition, CMS has determined that providers should report overpayments using a 10-year look-back period. Texas Expands Patient Privacy Law H.B. 300, which went into effect Sept. 1, 2012, expands Texas’ patient privacy law by (1) broadening the defini- tion of “covered entity” beyond federal HIPAA standards; (2) requiring covered entities to ensure their workforce receives privacy training at least once every two years and within 60 days of new hire; (3) requiring covered entities to respond to patient requests for electronic medical records within 15 days; and (4) increasing monetary penalties for violating the Texas patient privacy law from $5,000 to $1.5 million per year. Notes 1. P.L. 111-148 (2010). 2. 77 FR 1556. 3. 77 FR 48008. 4. 77 FR 14989. 5. U.S. ex rel. Drakeford v. Tuomey Healthcare System, Inc., No. 10-1819 (4th Cir. Mar. 30, 2012). EDWARD L. VISHNEVETSKY is an attorney in the Dallas office of Munsch Hardt Kopf & Harr, P.C. His practice emphasis is on health care and commercial litigation. Vishnevetsky also maintains a busy litigation and arbitration practice spanning multiple jurisdictions and practice areas. He can be reached at firstname.lastname@example.org or (214) 855-7546.
Published by State Bar of Texas. View All Articles.
This page can be found at http://mydigimag.rrd.com/article/Health+Law/1271724/140244/article.html.