Banner
Home → Compliance Update

Compliance Update
A Hospital's Deserving Stark and AKS Victory-But At What Cost? Print E-mail
Written by MWE.com   
Monday, 05 June 2017 00:00

This April, providers cheered when a federal district court in the Middle District of Florida found insufficient evidence to support a relator's theory that a hospital had provided free parking to physicians, in violation of the Stark Law and Anti-Kickback Statute (AKS). In the Report and Recommendation for United States ex rel. Bingham v. BayCare Health Systems, 2017 WL 126597, M.D. Fla., No. 8:14-cv-73, Judge Steven D. Merryday of the Middle District of Florida endorsed magistrate judge Julie Sneed's recommendation that Plaintiff Thomas Bingham's Motion for Partial Summary Judgment be denied and that Defendant BayCare Health System's Motion for Summary Judgment be granted.

Read More
 
Why you need a HIPAA-compliant business associate agreement Print E-mail
Written by Vitale Health Law   
Monday, 01 May 2017 00:00

The recent announcement by The Department of Health and Human Services' Office for Civil Rights (OCR) that it agreed to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) with The Center for Children's Digestive Health (CCDH) should serve as a lesson to other healthcare organizations about the need to obtain signed, HIPAA-compliant business associate agreements with all vendors before disclosing any protected health information.

Last month, CCDH, a seven-center pediatric subspecialty practice based in Park Ridge, Illinois, agreed to pay OCR $31,000 to resolve potential HIPAA violations. CCDH also agreed to adopt a corrective action plan which includes updating policies and procedures, conducting staff training on said policies and procedures and ensuring one or more employees are made responsible for ensuring HIPAA-compliant business associate agreements obtained from all business associates.

Read More
 
New OIG Rules Change Patient Incentive Program Landscape: Where Are the Limits Now? Print E-mail
Written by MWE.com   
Thursday, 13 April 2017 00:00
 
With health care becoming more consumer-driven, health care providers and health plans are wrestling with how to incentivize patients to participate in health promotion programs and treatment plans. As payments are increasingly being tied to quality outcomes, a provider's ability to engage and improve patients' access to care may both improve patient outcomes and increase providers' payments. In December 2016, the Office of Inspector General of the US Department of Health and Human Services (OIG) issued a final regulation implementing new "safe harbors" for certain patient incentive arrangements and programs, and released its first Advisory Opinion (AO) under the new regulation in March 2017. Together, the new regulation and AO provide guardrails for how patient engagement and access incentives can be structured to avoid penalties under the federal civil monetary penalty statute (CMP) and the anti-kickback statute (AKS). 

Last Updated on Friday, 14 April 2017 17:28
 
OIG Opinion Applies Access to Care Exception Print E-mail
Written by Vitale Health Law   
Monday, 27 March 2017 00:00

Can a hospital system provide free or reduced-cost lodging and meals to certain financially needy patients, or would such an arrangement (a) constitute either a violation of the federal anti-kickback statute or (b) constitute grounds for the imposition of civil monetary penalties because it would violate a provision of the Social Security Act that prohibits remuneration to a federal healthcare program beneficiary that might influence the beneficiary's selection of a particular provider?

That was the question recently answered in an Advisory Opinion issued by the U.S. Department of Health and Human Services Office of the Inspector General (OIG).

The requestor, whose name is redacted, owns and operates an academic medical center consisting of four hospitals and a number of hospital-based clinics. One of those hospitals operates a Level I trauma center and provides care to patients, some of whom live in rural and medically underserved areas. 

Read More>> 
 
Last Updated on Tuesday, 28 March 2017 14:39
 
Patient Privacy Concerns in Our Social Media World Print E-mail
Written by Chanel A. Mosley, Esq.   
Monday, 06 March 2017 16:15

Social media is now at the very core of our culture and gone are the days when websites like Myspace and Facebook were nothing more than a guilty pleasure of adolescents and college students.  Social media outlets like Facebook, Twitter, Instagram, Snapchat, and numerous others are now utilized not only by our younger generations, but also corporate giants, local businesses, celebrities, and just about everyone, everywhere.  The use of social media in the professional healthcare setting is widely accepted, but with it comes ever growing concerns about patient privacy and the consequences associated with the unauthorized use and disclosure of protected health information.  Consider the following scenarios:
  • A nursing student creates a post on her Myspace page that details her experience with a mother's birth of her child.  Although the post does not contain the mother's name, the student's Myspace page indicates the hospital at which the birth occurred, the date of the birth, and details of the medical treatment administered during the birth.
  • A nurse posts a statement on her Facebook page excitedly sharing that she met a celebrity at work today and identifies the celebrity by name.
  • A receptionist at a physician's office snaps a photo of a patient in the waiting room and posts it on Facebook with a comment that he is drug-seeking.  The comment also contains the name of the patient's employer and details regarding the patient's referral to another medical provider.
  • A medical student obtains video of a physician inserting a chest tube into a patient and posts the video on YouTube.  The patient's face is visible in the video.
  • Employees of a nursing home use Snapchat to record and transmit videos of themselves harassing the residents.
Each of these scenarios implicates serious patient privacy concerns that have the potential to expose the health care provider, as well as the provider's employer, to a variety of administrative, civil, and potentially criminal penalties.  It does not matter that the social media posts omit the patient's name or other identifiers.  Rather, the Health Insurance Portability and Accountability Act (HIPAA) defines protected health information to include individually identifiable health information, meaning any health information created or received by the health care provider that relates to the past, present or future physical or mental health or condition of a patient.  § 45 C.F.R. §§ 164.501, 164.502, 160.103.  Therefore, social media posts containing information regarding a patient's physical or mental health, or condition will likely constitute HIPAA violations if disclosed to unauthorized users for a purpose unrelated to the patient's treatment or other limited exceptions. 

In the first scenario, irrespective of the fact that the Myspace post contains no information regarding the patient's name, the patient-specific information in the post discusses the patient's pregnancy and healthcare, and was found by a Federal District Court to implicate patient privacy concerns.  In the second scenario, although the nurse did not identify the celebrity as a patient or specify the treatment provided, her profile page identifies the hospital at which she works and the date on which the post was made.  The remaining three scenarios are much easier to identify, as the patient's identity is clearly depicted.

From the employer's perspective, HIPAA violations involving social media require the employer to take action.  For example, notification must be sent to the individual patient within a set period of time after discovery of the violation, and this information is ultimately submitted to the U.S. Department of Health and Human Services.  Based upon the matter at issue, employers may be subject to civil monetary penalties and, if warranted, criminal fines.  Importantly, the individual employee who made the unauthorized disclosure may also be subject to these civil and criminal penalties. 

Not only do these social media posts implicate possible civil and criminal fines under HIPAA, but they also expose the health care provider to potential disciplinary actions by the Department of Health.  For example, a physician engaging in such conduct may be faced with an administrative action and possible discipline on his or her license, including the assessment of fines, by the Board of Medicine.  Further, the employee responsible, and likely the employer, may find themselves faced with the threat of litigation in a civil lawsuit filed by the patient.  Causes of action sounding in breach of privacy or fiduciary duty, negligent hiring and supervision, or defamation are possible as a result of the social media post.  In those instances, employers and employees alike may spend thousands of dollars and countless hours defending the lawsuits.

To avoid these unfortunate situations, employers should take preventative measures to ensure that employees are fully aware of the possible repercussions associated with posting patient information on social media sites.  It is also a good business practice for the employer to implement policies concerning employee use of social media, and to educate employees on the importance of avoiding any situations which implicate patient privacy concerns.  An example of this guidance is the ethical opinion issued by the American Medical Association in 2011 concerning physician use of social media and networking applications online.  This opinion highlights the importance of refraining from posting any information that may contain identifiable patient information.  By ensuring that all employees are abiding by such guidelines, employers are in a much better position to avoid the unauthorized use and disclosure of protected health information on social media.

Chanel A. Mosley is an attorney in the Orlando, Florida office of Marshall Dennehey Warner Coleman & Goggin.  She devotes her practice to the defense of claims involving medical malpractice, long-term care, and other healthcare and general liability matters.  She can be reached at camosley@mdwcg.com or through the firm's website at www.marshalldennehey.com.

Last Updated on Monday, 06 March 2017 16:22
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 2 of 44


Banner
Website design, development, and hosting provided by
Netphiles