Health Care Reform

Buried deep in the CMS final rule with comment period on Hospital Outpatient and Ambulatory Surgery Center payments are a few modifications to the federal rules regarding expansion of physician-owned hospitals, physician self-referral prohibitions, and patient notification requirements.

The document mostly addresses the processes for a physician-owned hospital to request exemptions to restrictions on self-referral and expansion, and also summarizes comments that the CMS received on proposals it made in July.

The rule also includes provisions noting that physician-owned hospitals must not “discriminate against beneficiaries of federal healthcare programs” or “permit physicians practicing at the hospital to discriminate against such beneficiaries,” and specifying that any permitted capacity increases must not result in a hospital increasing its number of licensed operating rooms, procedure rooms, and beds by 200%.

The rule also clarified patient-notification regulations that mandate how “dedicated emergency departments “must conspicuously post notices if a facility does not have a physician on site 24 hours a day, 7 days a week.  CMS stated that medical residents would qualify as “physicians” and that the notification would apply to all hospitals, not just physician-owned hospitals.

Another change is that inpatients and outpatients who receive observation services, surgery, or services involving anesthesia must be given written notice that a hospital may not have a physician on-site 24 hours a day, and that this notification must be followed by a signed acknowledgment from the patient of this fact.

For more information on any of the above, contact Thomas N. Hutchinson at thutchinson@kdlegal.com or (317) 238-6254

The time has come for group health plan sponsors to stop procrastinating regarding HIPAA privacy and security compliance.  The Office of Civil Rights (“OCR”), which is the division of the Department of Health and Human Services (“HHS”) that is responsible for enforcement of the HIPAA Privacy and Security Rules and the Breach Notification standards, recently announced the “pilot phase” of a HIPAA audit initiative beginning immediately and extending through December of 2012.  The audit initiative is part of OCR’s implementation of the HITECH Act amendments to the Privacy and Security Rules enacted as part of the American Recovery and Reinvestment Act of 2009.  The HITECH Act mandates that HHS conduct periodic audits to ensure that HIPAA covered entities are complying with HIPAA’s requirements to protect the privacy and security of plan participants’ protected health information.

According to the OCR’s website, over the next year this initiative will include a broad range of HIPAA covered entities, including group health plans, health care providers, and health care clearinghouses.  Specifically, OCR will target up to 150 covered entities between now and December of 2012, including not only health care providers, but also “health plans of all sizes and functions.”  Although HIPAA business associates are not the target of the initial pilot program, OCR indicates that business associates will be included in future audits.

The beginning of this OCR’s formal audit program serves to highlight the importance of periodic review of group health plan HIPAA compliance by plan sponsors.  This HIPAA compliance review should include, at a minimum, the following steps:

·         Review of plan documentation to ensure that appropriate provisions addressing HIPAA obligations are included;

·         Implementation and periodic review of written HIPAA privacy policies and procedures;

·         Implementation and periodic review of required administrative, technical and physical safeguards related to electronic protected health information;

·         Implementation and documentation of a risk assessment and breach notification procedures;

·         Review of business associate agreements, as well as periodic audit of HIPAA compliance procedures adopted by business associates; and

·         Periodic workforce training regarding HIPAA’s privacy and security requirements for those workforce members with access to group health plan information.

On November 14, 2011, the United States Supreme Court announced its decision to hear legal challenges to federal health care reform legislation as part of the Court's scheduled 2012 docket.  Specifically, the Supreme Court will consolidate and hear various issues raised in three separate cases challenging the constitutionality of the Patient Protection and Affordable Care Act ("PPACA").  Parties to the lawsuits include the federal government, 26 states, and the National Federation of Independent Business, a trade association representing small businesses.  Key issues under review include the constitutionality of the individual mandate to purchase health insurance that is a fundamental part of PPACA's reforms, as well as the viability of the PPACA in its entirety if in fact the individual mandate is deemed unconstitutional.  The Court has scheduled oral arguments in March of 2012.  A decision is likely in late June or early July, before the end of the Court's 2012 term.

If you have any further questions, please contact Katy Stowers.

Susan Ziel of Krieg DeVault recently spoke at the 2011 NERVES convention and provided a comprehensive review of the updated requirements governing the selection, funding and implementation of EHR for physicians who are not hospital-based. 

Ziel noted that EHR selection is primarily driven by the new ONC certification requirements established under the HITECH Act in 2009 which also satisfy the "interoperable" criteria adopted in the 2006 Stark EHR exception and Anti-Kickback Statute (AKS) EHR safe harbor discussed below.  EHR funding, on the other hand, is driven by the "meaningful use" incentive payments that CMS will begin distributing to physicians during 2011 under the HITECH Act.  Krieg pointed out that the HITECH Act authorizes physicians to reassign their incentive payments to hospitals and other health care entities who provide EHR capabilities for the physicians' meaningful use as part of an employment or independent contractor relationship but only on the condition that all applicable requirements are satisfied. 

Another important EHR funding option was reviewed which involves EHR subsidies that hospitals and other DHS entities can extend to physicians under the Stark EHR exception and the AKS safe harbor, both of which will "sunset" in 2013.  Lastly, in the case of 501(c)(3) entities, the private inurement and private benefit requirements are also a consideration. 

In terms of EHR implementation, a myriad of action items essential to implementation were reviewed that begin with the well-advised negotiation of the EHR software and related agreements and the essential infrastruture updates that are necessary to comply with HIPAA and other  Federal and state laws concerned with the privacy and security of protected health (and other personal) information.

Ziel also reviewed several different levels of hospital-physician integration -- employment, independent contractor arrangements, EHR sublicensing agreements and even the looming ACO arrangements -- and the range of EMR selection, funding and implementation options that merit consideration in each case.   Ziel is available to speak with physician practices who are interested in learning more about these matters.    For additional information or to schedule a call to talk further, please contact Susan Ziel at (317) 238-6244 or sziel@kdlegal.com.  

From time to time, health care providers will be the subject of an external investigation or other review procedure which may be conducted by a Federal or state government agency or other third party acting on behalf of the governmental agency. As part of the investigation, providers will likely receive one or more requests for information, whether by telephone, regular mail or an unscheduled visit that can occur during normal business hours or otherwise. Depending on the nature of the request – whether it’s an audit request, subpoena, grand jury subpoena or even a search warrant – providers and their individual personnel must know how to properly respond in all such cases. 

To do so, providers must adopt and communicate clear guidelines to personnel at all levels. This can be accomplished by way of an updated compliance policy and related face-to-face training which addresses a range of scenarios. In all cases, the provider must emphasize that the compliance officer or other high-ranking official within the organization must be notified of any request for information so that they can work closely with the provider’s designated legal counsel in making a prompt and effective response.  Additionally, the provider must communicate to all personnel a “zero tolerance” policy against obstructing or interfering with any investigation or review procedure that may be the subject of a request for information, whether by way of making false or misleading statements or unauthorized document destruction. 

For additional information regarding the proper response to external investigations, please contact Susan Ziel at sziel@kdlegal.com or (317) 238-6244.

On March 31, 2011, CMS released the long-awaited rules proposed to implement the provisions in PPACA, the Health Care Reform legislation enacted on March 23, 2010, referred to as the Affordable Care Act, on Accountable Care Organizations ("ACOs") and the Medicare Shared Savings Program that is designed to contract with these organizations. Likewise, the same day, the antitrust agencies, the Federal Trade Commission ("FTC") and the Antitrust Division of the Department of Justice ("DOJ"), issued proposed enforcement guidelines relating to the size, scope and ability of an ACO to contract in the commercial market and how that affects Medicare Shared Savings Program contracts as well. Additionally, the Centers for Medicare and Medicaid ("CMS") and the HHS Office of Inspector General ("OIG") proposed various waivers for standard Stark, Antikickback and Civil Money Penalty rules relating to ACO activities. Finally, the Internal Revenue Service ("IRS") issued a notice requesting comments on its existing private inurement and private benefit rules relating to tax-exempt entities and their financial relationships with "insiders".

This week, two issues have drawn the attention of hospitals across the country, and have brought the practice of compounding pharmaceutical products for administration to hospital patients back into the spotlight.  Hospitals across the country rely extensively on pharmacy compounding, for products ranging from simple oral capsules and liquids, to sterile products intended for intravenous, intramuscular and intrathecal use.  Though the practice of compounding is regulated by state law, with oversight by state boards of pharmacy, the federal Food and Drug Administration has for years taken the position that while “traditional” pharmacy compounding is not of concern, certain types of compounding practices could fall within FDA’s jurisdiction.  The compounding of commercially available products, and certain “high risk” sterile products, are of particular interest to FDA.  Two events of this past week illustrate why hospitals should be reviewing their compounding practices.

FDA to Permit Continued Compounding of Hydroxyprogesterone Caproate

For many years, hospital pharmacies have been compounding products containing hydroxyprogesterone caproate, a drug used in maternal fetal medicine to delay the onset of labor and prevent premature births.  In February of this year, FDA granted approval to KV Pharmaceuticals to market Makena^® (hydroxyprogesterone caproate) for the reduction of the risk of certain preterm births in women who have had at least one prior preterm birth.  Hospitals that had been using the compounded formulation were concerned that they could no longer compound the product, which cost about $20 per dose when compounded, and would be forced to purchase the commercial product – at a cost of approximately $1,500 per dose.

In many cases, FDA takes the position that a pharmacy is not permitted to compound a drug that is FDA approved and commercially available.  However, on Wednesday, March 30, FDA announced that it “does not intend to take enforcement action against pharmacies that compound hydroxyprogesterone caproate based on a valid prescription for an individually identified patient unless the compounded products are unsafe, of substandard quality, or are not being compounded in accordance with appropriate standards for compounding sterile products.”  (See FDA Press Release, available here.) This statement is significant, as it signals to compounding pharmacies, as well as state boards of pharmacies, that FDA values the role that compounding pharmacies play in the provision of health care in the U.S.

State and Federal Regulators to Investigate Deaths Associated with Contaminated IV Solutions Used in Alabama Hospital

The second event this past week which involves hospital pharmacy compounding was the death of nine patients who were administered commonly used IV solutions that may have been contaminated with bacteria.  The cause and source of the contamination is still under investigation, but state and federal officials are trying to determine whether the deaths are somehow related to an outbreak of serratia marcescens bacteria at six other hospitals.  As a precaution, IV bags compounded by a Birmingham, Alabama based compounding pharmacy have been pulled from the market.

Compounding Practices Should Be Reviewed

Hospitals that rely on compounding, either internally, or by outsourcing with a compounding pharmacy, should take the time to review their compounding practices to ensure compliance with applicable state and federal laws and guidelines.  The United States Pharmacopeia has guidelines that most compounding pharmacies follow, including in particular USP 797, which is the guideline applicable to the compounding of sterile products. 

Hospitals that lack the expertise or facilities to compound can consider outsourcing compounding to a reputable compounding pharmacy, but must be mindful that state and federal laws may impose stringent requirements and limitations on the ability to share services with another pharmacy.  Also, it would be prudent for hospitals to periodically audit the practices of its contracted compounding pharmacies, and to insist upon strict compliance with all laws, regulations, and guidelines to ensure that the pharmacy is complying applicable laws and following USP guidelines as appropriate.

For more information, please contact Ed Rickert at erickert@kdlegal.com or (312) 423-9308.

As reported in our Health Care Newsletter on August 23, 2010, earlier this month a federal judge sentenced Sushil Sheth, M.D., a Chicago cardiologist, to five years in prison and ordered him to pay restitution totaling nearly $13 million for his role in filing false health insurance claims.  Dr. Sheth's case is a stark reminder of the serious criminal penalties associated with health care fraud - especially fraud against federal health insurance programs.  Federal prosecutors alleged that Dr. Sheth fraudulently billed Medicare and more than 30 other public and private health insurance programs for payments despite never actually providing cardiac care to patients.  Prosecutors also alleged Dr. Sheth "used his hospital privileges to access and obtain information about patients without their knowledge or consent. He then hired individuals to bill Medicare and other insurance providers for medical services that he purportedly rendered to patients whom he knew he never treated. Typically waiting almost a year after the treatment was purportedly provided, Sheth submitted more than 14,800 false claims for reimbursement for providing the highest level of cardiac care - requiring hands-on treatment in an intensive care unit - on multiple days during patients' hospital stays.  Sheth regularly submitted claims seeking payment that, when added together, had him providing more than 24 hours of medical services and treatment in a single day." Dr. Sheth pleaded guilty to the charges.

If you would like additional information, please contact Randall R. Fearnow at rfearnow@kdlegal.com or (312) 423-9304 or Mark W. Bina at mbina@kdlegal.com or (312) 423-9305 in Krieg DeVault LLP's Chicago Office.

As reported in our Health Care Alert Newsletter on August 23, 2010, a significant breach of medical information privacy has occurred in Massachusetts.  Health and insurance records containing, among other things, patient names, addresses and test results were recently discovered by a Boston Globe photographer while dumping his trash at a Georgetown dump, according to a recent Boston Globe article.  According to the article, the hospitals initially transferred confidential patient information to the pathologist groups, who in turn provided the confidential information to a third party billing company.  The billing company allegedly dumped the records at the public dump in Georgetown, where they were ultimately discovered.  One hospital spokesperson estimated between 8,000 and 12,000 patients' records were involved, while a second hospital estimated between 16,000 to 24,000 patients.   A copy of the article can be found by clicking here.

This case illustrates one of the many ways in which protected health information could be inadvertently disclosed and the public relations issues that can arise as a result of such a disclosure.  Under federal privacy laws, a compromise to health information protection triggers an obligation to perform an often complex and extensive analysis of whether it has resulted in a breach of unsecured protected health information.  Generally, where a breach of unsecured protected health information involves 500 or more individuals, the breach must be reported to the Secretary of the Department of Health and Human Services, to an appropriate prominent media outlet, and to the individuals whose records were involved within 60 days or sooner if reasonably possible.  

Situations such as these demonstrate the importance of obtaining a well thought-out and thorough business associate agreement to define the relative rights and responsibilities of the parties.

If you would like additional information, please contact Susan E. Ziel at sziel@kdlegal.com or (317) 238-6244, Gerald E. DeLoss at gdeloss@kdlegal.com or (312) 423-9307 or Nicholas K. Lagina at nlagina@kdlegal.com or (219) 227-6113.
 

Overview

Is your company or organization the sponsor of an employment-based group health plan providing coverage to "early retirees?" If so, you may be eligible to receive reimbursement for a significant portion of the early retirees' claims paid by your plan under a new program established under the provisions of federal health care reform.  However, the funding is available on a first-come basis, so you need to treat this as a sprint - not a distance race - for the reimbursement dollars!

Section 1102 of the Patient Protection and Affordable Care Act (PPACA), which was signed into law on March 23, 2010, established an Early Retirement Reinsurance Program (the "Program") under which reimbursements will be made available to sponsors of participating employment-based group health plans for qualifying medical claims incurred by plan participants who are early retirees.   On May 4, 2010, the Department of Health and Human Services ("HHS") issued interim final regulations establishing the Program, which provide much of the detail for the Program's implementation and administration.

Under the Program, reimbursements are available to sponsors of eligible employment-based group health plans. The reimbursable amount is equal to 80 percent of the claims incurred and paid on behalf of "early retirees" during the plan year that exceed $15,000 but do not exceed $90,000.  The Program defines an "early retiree" as an individual who is age 55 or older but is not eligible for coverage under Medicare, and who is not an active employee either of the employer maintaining (or currently contributing to) the plan, or of any employer who has made substantial contributions to fund the plan.  The term also includes the early retiree's spouse, surviving spouse and dependents, if they participate in your plan. 

The Program is effective June 1, 2010 and is temporary in nature.   The Program will end on the earlier of: (1) the date that the Program has received requests for reimbursements that equal the $5 billion allocated to the Program or (2) January 1, 2014.  Therefore, time is of the essence!  It is essential to apply as early as possible to have access to the funding available for the reimbursements. 

What Should Sponsors Do Now?

In order to participate in the Program, an "employment-based plan" must be certified by the Secretary of HHS (the "Secretary") and the sponsor must submit an application.  Because the Program has limited funding and reimbursements will be made on a first-come basis, it is important for sponsors who provide health plan coverage to early retirees to immediately begin planning for the application and certification process, by reviewing their current early retiree benefit structure and implementing the policies and procedures necessary to participate in the Program.

While additional guidance and an application form are expected to be issued by the Secretary in the near future, we already know that as part of the certification process sponsors will need to take the following actions:

1.  Determine whether their plan provides "health benefits" to early retirees, as defined in the Program, either on a self-funded or fully-insured basis. 

2. Implement cost-saving procedures and programs with respect to chronic and high-cost conditions, as required by the Program, if such programs are not already in place.

3. Enter into all required agreements with the plan's health insurance issuer and/or administrator (as applicable) which satisfy the Program requirements with regard to the maintenance of records and disclosure of information, data, documents and records to the Secretary, and develop similar procedures for maintenance of records and information disclosures to HHS by the sponsor. 

4. Develop policies and procedures to protect against fraud, waste and abuse under the Program.

5. Finally, in order to be certified, plan sponsors must submit an application to the Secretary with respect to each plan for which it wants to receive reimbursements.  Applications are processed in the order received.   

The timing aspect of the completed application cannot be overemphasized, since applications are processed in the order received by HHS, and incomplete applications will be rejected, requiring a new application and relegating the sponsor to the back of the priority line.   As part of the application process, the plan sponsor must estimate the amount of claims over a two-year period for which reimbursement will be sought.  As these estimates are received, the Secretary will determine when estimated claims will exhaust the $5 billion allotted for the Program.  Once that determination is made, the Program will stop accepting applications and the opportunity to participate will be lost.

An application for the Program and additional guidance regarding claims submission is expected to be issued by HHS very soon.  Given the temporary nature of the Program and the first-in-line nature of the distribution of funds, you should begin to take action now to determine your plans' qualifications, so that you are ready to complete and submit the Program application as soon as possible after its release by HHS.   

If you need more information about this topic or would like assistance with the Program's application and certification process, please contact Patricia L. Beaty at 317.238.6278 or pbeaty@kdlegal.com.