“Meaningful Use” Defined in Final Rule

On July 13, 2010 CMS issued the final rule defining meaningful use of Electronic Health Record (“EHR”), and the Office of the National Coordinator for Health Information Technology issued the final rule setting for the standards and certification criteria for establishing “certified EHR technology”. Both rules can be viewed at http://www.ofr.gov/inspection.aspx As discussed in previous Health care postings (April and July 2009) in order for Hospitals and eligible healthcare professionals to receive Medicare and Medicaid incentive payments over a five – six year period, they must show that they are using EHRs in a meaningful way. The final rule on Meaningful Use will be published in the Federal Register on July 28, 2010.

Stage I - The Meaningful Use Rule provides for a phased in approach to implementing the meaningful use criteria. The first phase, Stage I, will be the first two years of the program, years 2011 and 2012. Stage 2 and Stage 3 meaningful use criteria will be provided for in future rulemaking.

Stage I meaningful use requires eligible professionals to meet 15 core set objectives. Eligible hospitals will be required to meet 14 core set objectives. Eligible professionals and hospitals will be required to also meet 5 of 10 additional objectives, as they choose. To review the Stage I Meaningful Use Objectives go to http://www.ofr.gov/OFRUpload/OFRData/2010-17207_PI.pdf#page=221.

Eligible professionals and hospitals must also report on clinical quality measures. Eligible professionals must report on a total of six clinical quality measures using certified EHR technology. Hospitals must report on all 15 clinical quality measures, both for Medicare and Medicaid. Those clinical quality measures for eligible professionals and hospitals may be reviewed at the following website pages:  http://www.ofr.gov/OFRUpload/OFRData/2010-17207_PI.pdf#page=287 and http://www.ofr.gov/OFRUpload/OFRData/2010-17207_PI.pdf#page=303, respectively.

E-Prescribing – To establish meaningful use of EHR, 40 percent of all permissible prescriptions written by an eligible professional must be electronically transmitted using certified EHR technology.

Certification Standards Rule – The final certification standards are very similar to the interim standards published on January 13, 2010. EHR vendors can now evaluate their technology to determine if it meets the certification requirements for Stage I implementation, and ultimately governmental incentive payments.

Registration for Receipt of Incentive Payments, for Medicaid providers, should begin in January 2011, with incentive payments being issued in May 2011. As for the states Medicaid incentive payments, CMS expects the states to launch their programs by the summer of 2011.

 _______________________________________________________________________

HITECH – Notice of Proposed Rulemaking

On July 14, 2010, the Health and Human Services Office of Civil Rights published a Notice of Proposed Rulemaking (“Proposed Rule”) to modify the HIPAA Privacy, Security and Enforcement Rules, and implement various provisions of the HITECH Act. The Proposed Rule can be reviewed at http://edocket.access.gpo.gov/2010/pdf/2010-16718.pdf For background information on how HITECH impacts and clarifies HIPAA please review the Healthcare Posting of April 2009. The highlights of the Proposed Rule are as follows:

Business Associate Definition Is Expanded to included subcontractors and any agent or other person who acts on behalf of a Business Associate in handling PHI, even if no contract exists between the parties. The Proposed Rule also revises the definition of “workforce member” to include employees, volunteers, trainees, and other persons whose work performance is directly controlled by the Business Associate.

Privacy, Security, and Enforcement Rules will apply to Business Associates (and Subcontractors) in the same way they apply to Covered Entities. This means that Business Associates shall by civilly and criminally liable for violations of the Privacy and Security Rules.

Business Associate Agreements are revised by the Proposed Rule to require Business Associates: 1. Comply with the Security Rule with regard to electronic PHI; 2. Report breaches of unsecured PHI to Covered Entities; and 3. Ensure that any Subcontractors that create or receive PHI on behalf of the Business Associate agree to the same restrictions and conditions that apply to the Business Associate.

Reporting Noncompliance is modified by the Proposed Rule. Covered Entities would no longer be required to report to HHS when they are aware of noncompliance by a Business Entity. However, if a Business Associate becomes aware that a Subcontractor is noncompliant, the Business Associate must take reasonable steps to cure the breach, and if such steps are unsuccessful, terminate the contract with the Subcontractor, if feasible. The Proposed Rule also emphasizes that in addition to having direct liability for civil monetary penalties, Business Associates are still contractually liable to Covered Entities through the Business Associate Agreements.

Decedents’ PHI, under the Proposed Rule would exclude from the definition of PHI, individually identifiable health information of a person deceased for more than 50 years. Also proposed would be to allow decedent’s information released to family members and others who were involved in their care or payment for care prior to death, unless a contrary expressed preference is known by the Covered Entity. This change would allow family members to access needed patient information without having to go to court to be named personal representative of the decedent’s estate.

Postponement of Compliance Date - Until final regulations are published, it will be difficult for Covered Entities and Business Associates to comply with the law. Given that, the Office of Civil Rights intends to allow 180 days after the effective date of the final rule for Covered Entities and Business Associates to come into compliance. Also, for those Covered Entities and Business Associates who have existing Business Associate Agreements in place prior to the final rule, they would be “grandfathered” in and have up to one year after the compliance date (18 months after the effective date of the final rule) to come into compliance with the final regulations.

Cincinnati Health Alliance Hospital Settles Claim – The Health Alliance of Greater Cincinnati and one of its former hospitals, The Christ Hospital, have agreed to pay the federal government $108 million to settle allegations that they violated the Anti-Kickback and False Claims Statutes. The case was initiated by a qui tam action brought by cardiologist Harry Fry, M.D., who alleged cardiologists at the Hospital that performed a minimum of two (2%) percent of the Hospital’s gross revenues were provided corresponding amounts of time in the Hospital’s cardiology outpatient unit; a pay-to-play scheme.

As a result of the settlement, Dr. Fry will be awarded $23.5 million. Since the Christ Hospital declined to enter into a Corporate Integrity Agreement acceptable to the OIG, the OIG will continue to evaluate the case, including the possibility of imposing administrative exclusion sanctions. Since 2009, the Justice Department, including this recovery, has cited total recoveries on behalf of the federal government to more than $3.7 billion.

_____________________________________________________________________________

Red Flags Rule

Federal Trade Commission Delays Red Flags Rule Again – Once more the Federal Trade Commission (“FTC”) has delayed the enforcement of the Red Flags Rule. Instead of enforcement to take effect on June 1, 2010, the FTC has delayed enforcement until December 31, 2010. The FTC has cited the reason for the adjournment as Congress’ need to fix the unintended consequences of the legislation.

This adjournment comes on the heels of legal action taken by the American Medical Association, American Osteopathic Association and the Medical Society for the District of Columbia. The legal action asserts that physicians should not be deemed to be “creditors” under the Red Flags Rule, and applying the Rule to physicians exceeded the FTC’s statutory authority. The complaint also alleges that the FTC failed to follow the required notice and comment procedures under the Administrative Procedures Act. Finally, the action references the recent American Bar Association’s ruling in the District of Columbia that resulting in the ruling that the Red Flags Rule did not apply to lawyers.

Charges Brought For Falsifying Private Pharmaceutical Research Data – Healthcare fraud charges have been filed against a former chief of acute pain at Baystate Medical Center in Massachusetts, for falsifying medical research studies which were published in medical journals. The criminal charges stem from Dr. Scott Reuben soliciting and obtaining research grants from Merck and Pfizer to perform pain management studies, which were never performed. Instead of conducting the research, Dr. Reuben falsified the patient data and used the false data in various articles in medical journals, such as the Anesthesia & Analgesia Journal.

This is the first time a researcher has been criminally charged with falsifying research data that did not involve federal research grants or a FDA Investigational New Drug approval. The funding in this case came from private pharmaceutical companies.

Dr. Reuben has filed a plea agreement in which he agrees to pay restitution of $361,932 to the Merck and Pfizer, along with the forfeiture of $50,000 and a fine of $5,000. He has agreed to future disqualification as a clinical investigator for the U.S. Food and Drug Administration. Dr. Reuben will also be incarcerated for a period of time, for a term yet to be determined.

__________________________________________________________________________

Dismissal of Qui Tam Case Based on Recent Supreme Court Decision – In United States ex rel. Haight v. Catholic Healthcare West, No. 07-16857 (9th Cir. Feb. 4, 2010), plaintiffs filed their notice of appeal 51 days after a qui tam action under the False Claims Act was dismissed. The plaintiffs relied on an earlier Ninth Circuit precedent holding that ruled that the United States was a “party” to a qui tam action even if it declined to intervene, and therefore the time frame for plaintiff’s to file an appeal would be 60 days after entry of judgment. [Haycock v. Hughes Aircraft Co, 98 F.3d 1100 (9th Cir. 1996)]

Unfortunately, in United States ex rel. Eisenstein v. City of New York, 129 S. Ct. 2230 (2009) decided less than a year earlier, the Supreme Court ruled that when the United States declines to intervene in a qui tam action, it is not a party to the litigation and the 30 day filing deadline (Fed. R. App. P. 4 (a) (1) applies instead of the 60 day period allowed when the federal government is a party to the action.

In light of the Supreme Court’s decision in Eisenstein, the Ninth Circuit in Haight lacked jurisdiction, and plaintiff’s appeal was dismissed.

Note: Donna Craig and Associates does not endorse political positions. Updates posted at this site should be regarded solely for informational purposes.

OIG Special Fraud Alert - On January 13, 2010, the Office of Inspector General (“OIG”) issued a Special Fraud Alert, reminding durable medical equipment (“DME”) suppliers that federal law prohibits DME suppliers from making unsolicited telephone calls to Medicare beneficiaries. Under Medicare, any submitted claim generated by improper telemarketing, may subject the DME supplier to criminal, civil, and administrative penalties.

DME suppliers may only make unsolicited telephone calls to Medicare beneficiaries if:

• the beneficiary has given express written permission to the supplier to contact him by phone;
• the contact is about a covered item that the supplier has already furnished to the beneficiary; or
• the supplier has furnished at least one covered item to the beneficiary during the preceding 15 months.

False Claims Act –  Additional fraud prosecutions and settlement agreements have come to light during the last month.

• On December 21, 2009, St. Joseph Mercy Oakland Hospital in Michigan agreed to pay the federal government $205,000 to settle allegations that it improperly overbilled Medicare for medical services purportedly billed by either a neonatologist or an oncologist, when the services were actually performed by nurse practitioners, clinical nurse specialists, and physicians’ assistants. The case was initiated as a qui tam lawsuit, filed by the former director of physician billing at another one of Trinity’s hospitals.
• On December 22, 2009, an Oklahoma hospital and health system entered into a settlement agreement with the Department of Justice (“DOJ”) in the amount of $13.2 million. St. John Health System self disclosed to the OIG that arrangements with twenty-three physicians violated the Stark Law and potentially the anti-kickback statute. The DOJ alleged that the health system made payments to these physicians to induce referrals for medical services. It appears that St. John Health System was not required to enter into a corporate integrity agreement as a condition of settlement.
• On December 24, 2009 it was reported that Boston Scientific, a heart device manufacturer agreed to pay $22 million to resolve allegations that its Guidant division paid kickbacks to doctors to get them to use its heart devices. Physicians received between $1,000 and $1,500 each to participate in four studies designed to assess the performance of pacemakers and defibrillators. The DOJ asserted that payments were really made to induce physicians to use the Guidant devices. Boston Scientific will also enter into a corporate integrity agreement with the Department of Health and Human Services.
• On December 28, 2009, the U.S. Attorney for the Eastern District of Michigan announced that Genesys Health System would pay $669,413 to settle a lawsuit alleging the healthcare system violated the False Claims Act by billing Medicare for higher levels of services than were actually provided to patients. The case was initiated by a whistleblower as a qui tam suit.
• On December 29, 2009, Spectranetics, a Colorado based medical device manufacturer agreed to pay $4.9 million in civil damages to resolve allegations that it illegally imported unapproved medical devices and provided them to physicians for use with patients, causing false claims to be submitted to Medicare. The company will not be criminally prosecuted, but will enter into a corporate integrity agreement with Department of Health and Human Services.

Senior Medicare Patrol –  The Centers for Medicare and Medicaid Services (“CMS”) announced that a senior citizen volunteer group, formed to prevent Medicare fraud, has been credited with saving taxpayers more than $100 million since 1997. The Senior Medicare Patrol consists of 4,700 senior citizen volunteers who serve as the government’s “eyes and ears”. The group informs CMS where fraud is occurring and where problems are arising.

_________________________________________________________________

Electronic Health Record (“EHR”)

On December 30, 2009, CMS posted a proposed “Meaningful Use Rule”, which defines the “meaningful use” of electronic health records, and implements the Medicare and Medicaid EHR Incentive Program as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”). See the April 2009 posting on this website for an overview of the ARRA. In addition to the Meaningful Use Rule, the Office of the National Coordinator for Health Information Technology (“ONC”) also posted its interim final rule, which sets the initial standards, implementation specifications, and certification criteria for EHR technology (referred to as the “Standards Rule”). The proposed rule and interim final rule were published in the Federal Register on January 13, 2010 [See 75 FR 1843]. The Standards Rule will become effective on February 12, 2010, while it is anticipated that a final Meaningful Use Rule will be published after March 2010.

In order for physicians and hospitals to be eligible to receive ARRA incentive payments, they must be able to demonstrate “meaningful use” of a certified EHR system. CMS proposes a phased approach to “meaningful use” starting with Stage 1. Stage 2 criteria will be proposed by the end of 2011, and Stage 3 criteria will be proposed by the end of 2013.

For hospitals, “meaningful use” criteria for Stage 1 includes, but is not limited to the following:

• At least 80% of patients admitted have at least one entry of an active medication list.
• At least 80% of patients admitted have demographics recorded as structured data.
• At least 80% of patients admitted have insurance eligibility checked electronically.
• At least 80% of transitions of care and patient referrals contain a summary of care record.

For physicians, “meaningful use” criteria for Stage 1, includes, but is not limited to the following:

• At least 75% of all prescriptions are transmitted electronically using certified EHR technology.
• At least 80% of all claims are filed electronically
• Clinical summaries are provided to at least 80% of patients seen for office visits
• Record smoking status for at least 80% of patients 13 years or older

_________________________________________________________________

HIPAA and HITECH

HIPAA Business Associate Amendment – In less than a month, covered entities must have in place amended Business Associate Agreements, addressing the changes set forth in HITECH. Unfortunately we all are still waiting for guidance and clarifying regulations from HHS. The regulations are meant to provide guidance as to a Business Associate’s obligation to maintain the privacy and security of protected health information, and sanctions for breaching such standards. For a review of the HITECH Act, see the April and July 2009 postings on this website.

First Action by a State Attorney General to Enforce HIPAA - Connecticut’s attorney general recently sued Health Net for failing to secure 446,000 patient medical records and financial information. This marks the first action by a state attorney general, since HITECH authorized state attorneys general to enforce HIPAA violations. In May 2009, Health Net learned that one of its portable disk drives disappeared, containing the patient information. Despite it own policies and federal law requirements, Health Net failed to encrypt the patient information, and failed to timely notify authorities or the patients involved.

Fighting Medicare Payment Fraud Act of 2009 - The Fighting Medicare Payment Fraud Act of 2009 was introduced by Senator Charles Grassley on November 16, 2009. The proposed legislation would modify the Medicare prompt payment rule to allow the Secretary of HHS (in certain situations where there is a likelihood of fraud, waste, or abuse) to extend the payment of claims to 365 days. During this one-year period, the Secretary would engage in heightened scrutiny of claims, such as prepayment review. The bill also requires the Office of Inspector General (on at least an annual basis) to recommend categories of providers or suppliers where additional scrutiny is needed, before payments are made under the prompt payment rule.

_________________________________________________________________________

Genetic Information Nondiscrimination Act of 2008 (GINA)

On November 21, 2009 GINA became effective. GINA prohibits employers with 15 or more employees from requesting genetic testing, or from considering an employee or applicant’s genetic background when hiring, firing, or promoting. The law also prohibits health insurers and group plans from requiring such testing or using genetic information to deny coverage or set premiums or deductibles. GINA does not apply to life insurers.

Health Care Fraud Enforcement Act of 2009 – On October 28, 2009, Senator Ted Kaufman (D-DE) introduced the Health Care Fraud Enforcement Act of 2009. The introduction of the bill followed the Senate Judiciary Committee’s hearing on “Effective Strategies for Preventing Health Care Fraud”. Citing that health care fraud against public and private health plans costs between $72 and $220 billion annually, Senator Kaufman went on to state that “rooting out waste, fraud, and abuse is critical to making health care reform work”. The bill seeks to:

Modify Sentencing Commission Guidelines to increase the sanctions for health care fraud offenses and clarifies that the full potential scope of the fraud should be considered at sentencing. The “intended loss” attributable to a health care fraud scheme, not the “actual loss” should be the basis for imposing sentencing. Also the level of sentencing will be increased two to four levels, based on the monetary loss involved.

Redefine “health care fraud offense” to include all health care crimes regardless of whether they are codified (ERISA, drug marketing, and kickback crimes are currently not included). These offenses would be added to the definition of health care fraud.

Improve Whistleblower Claims to clarify that all payments made pursuant to illegal kickbacks are false for purposes of the False Claim Act. The bill will amend the anti-kickback statute to ensure that all claims resulting from illegal kickbacks are false, even when the claims are not submitted directly by the wrongdoers themselves.

Clarify “Willful Conduct” to restore the original intent of Congress that a person is guilty of health care offense if he knowingly does what the law forbids, regardless of whether the defendant is aware that his/her actions violate a specific criminal law. The bill clarifies that “willful conduct” does not require proof that the defendant had actual knowledge of the law in question or specific intent to violate that law.

Expand Subpoena Powers to provide that an obstruction of a criminal investigation involving administrative subpoenas under HIPAA should be treated in the same manner as obstruction of criminal investigations involving grand jury subpoenas. The bill provides the Department of Justice with new administrative subpoena authority to investigate violations of the Civil Rights for Institutionalized Person Act (CRIPA), 42 USC §1997.

Increased Funding to authorize an increase in federal antifraud spending of $20,000,000 per year through 2016. The funds will be distributed to the United States Attorneys’ Offices, Criminal Division of the Department of Justice, and the Civil Division of the Department of Justice.

Health Care Fraud and Abuse Control (”HCFAC”) – This Program’s annual report by the Office of Inspector General announced on October 23, 2009 that it won or settled approximately $1 billion during the 2008 fiscal year. The OIG further reported that the U.S. Attorneys’ Offices opened 957 new criminal health care fraud investigations involving 1,641 defendants in fiscal year 2008. Also the Department of Justice reported it opened 843 new civil healthcare fraud investigations and had 1,311 civil healthcare fraud cases pending in fiscal year 2008.

U.S. Attorney in Detroit Indicts Infusion Center Owners – Terry Berg, U.S. Attorney in Detroit, announced the indictment of three people who operated the X-Press Center, a Detroit-based clinic that specializes in providing injection and infusion therapies. The scheme was to open the fraudulent infusion and injection therapy clinic and to split the proceeds of fraud among themselves. None of the Medicare beneficiaries were referred to the clinic by their primary care doctors. The defendants then altered, falsified, and destroyed patient records to attempt to justify the medically unnecessary services that were purportedly being provided at the clinic, then billed Medicare $2.3 million.

New HHS and DOJ Website – On October 15, 2009, the Departments of Health and Human Services and Justice unveiled a new website http://www.stopmedicarefraud.gov to help seniors and Medicare beneficiaries to deter, detect, and defend against medical identity theft. The site reminds beneficiaries to beware of offers of free medical equipment, services, or goods in exchange for their Medicare numbers.

___________________________________________________________________

HITECH/HIPAA Enforcement

On October 30, 2009, HHS issued an interim final rule which amends HIPAA’s enforcement regulations so as to conform to the civil monetary penalties set forth in HITECH regulations. The interim final rule incorporates HITECH’s categories of violations, tiered ranges of civil money penalty amounts, and revised limitations on HHS’s authority to impose civil money penalties for established violations of the HIPAA rules. This interim final rule does not amend the enforcement provisions of the HITECH Act. This interim final rule is effective November 30, 2009, and can be reviewed at Vol. 74 Federal Register No. 209, pages 56123 – 56131.

__________________________________________________________________

 Red Flags Rule

Rep. John Adler (D-NJ) introduced legislation on October 8, 2009 (bill H.R. 3763) to exclude health care, accounting, and legal practices with 20 or fewer employees from the Red Flags Rule requirements. In addition, the Federal Trade Commission could exclude other businesses if it determined that the businesses “knows all of its customers or clients individually”; “only performs services in or around the residences or it customers”; or “has not experienced incidents of identity theft and identify theft is rare for business of that type.”

In related stories, on October 30, 2009 the United States District Court for the District of Columbia has ruled that the Federal Trade Commission may not apply the Red Flags Rule to attorneys. Donna Craig and Associates will be following this story and reporting on future postings.

Also, the Federal Trade commission has again delayed the enforcement of the Red Flags Rule. The latest delay moves the enforcement from November 1, 2009 to June 1, 2010.

___________________________________________________________________

Genetic Information Nondiscrimination Act of 2008 (”GINA”)

The Department of Health and Human Services (”HHS”) and Office for Civil Rights (”OCR”) has issued an interim final rule in an effort to strengthen privacy protections for genetic information under the HIPAA Privacy Rule. The proposed rule would modify the HIPAA Privacy Rule to clarify that genetic information is health information and prohibits the use and disclosure of genetic information by heath plans for underwriting purposes. There is a sixty (60) day public comment period. The interim rule can be reviewed at Vol. 74 Federal Register No. 193, pages 51663-51697.

__________________________________________________________________

Michelle’s Law Goes Into Effect

On October 9, 2009, a federal law took effect, sparing seriously ill or injured college students from having to choose between taking time off and keeping their health insurance. The federal legislation was named after Michelle Morse who died of colon cancer at the age of 22, just six months after graduating from college. Against medical advice, Michelle maintained a full course load while undergoing chemotherapy because she would have otherwise been dropped from her parents’ health insurance plan.

___________________________________________________________________

Unionized Registered Nurses

The Massachusetts Nurses Association is the latest union to ratify a decision to unite and create the largest union representing 154,000 registered nurses in 22 states. The Massachusetts Nurses Association joined members of the California Nurses Association/National Nurses Organization Committee. The United American Nurses are scheduled to vote November 2 – 3, 2009. If ratified by all three groups, the new group, the National Nurses United, would hold its first convention in December 2009.

Health Care Fraud Prevention and Enforcement Team a/k/a “HEAT” – As discussed in the June 2009 Healthcare Law posting, HEAT, the federal government fraud enforcement task force, has increased its presence in Southeast Michigan. Eight FBI agents and three additional prosecutors have been assigned to the task force. The total task force includes 30 members, including eight full-time FBI agents, four prosecutors, and 15 investigators. Over the past nine months, the Detroit Medicare Health Care Fraud Strike Force has announced two major indictments involving nearly 60 healthcare executives and healthcare providers. The indictments allege the wrongful billing of Medicare for infusion therapy, physical therapy, and home health services that were either unnecessary or never provided. The Strike Force is also targeting durable medical equipment companies, occupation therapy, and rehabilitation providers. Hospitals, physician clinics, and nursing homes are also not exempt for examination, and may become targets from whistleblower claims or suspicious billing trends. U.S. Attorney Terrance Berg states that his agency has quadrupled the number of cases they investigate and prosecute in Detroit, and expects the Strike Force will be in intact for at least another two years.

Pfizer – Federal prosecutors have fined Pfizer a record-breaking $2.3 billion in fines for illegal drug promotions. Prosecutors call Pfizer a repeat offender, noting that this latest action was the fourth settlement with Pfizer in the last decade. It is alleged that the action was based on the marketing of 13 different drugs, including Viagra, Zoloft, and Lipitor. As part of the alleged illegal marketing, the company invited doctors to resort locations, paying for their expenses and providing perks such as golf, massages, and other activities. Pfizer will be monitored by HHS’s OIG for the next five years. The case originated as a whistleblowers case initiated by five Pfizer employees and one Pennsylvania doctor.

Covenant Medical Center – In another case, Covenant Medical Center in Iowa agreed to pay the federal government $4.5 million to settle allegations of healthcare fraud. The government alleged that Covenant paid commercially unreasonable compensation in excess of fair market value to five employed physicians who referred their patients to Covenant for treatment. IRS 990 forms showed the five highest paid physicians at Covenant earned between $633,000 and $2.1 million a year. These salaries are compared to an average of $360,000 at a nearby Hospital.

__________________________________________________________________

EMTALA 

On August 14, 2009 CMS issued guidance regarding the applicability of the Emergency Medical Treatment Active Labor Act (”EMTALA”) when there are surges in emergency department volumes due to the H1N1 influenza. CMS reminds hospitals that an extensive medical workup is not required, but only an appropriate medical screening examinations (”MSE”) of patients is needed. Also, the MSE does not need to take place in the emergency department. Hospitals may set up alternative sites on its campus to perform medical screening examinations. However, if patients present to an emergency department, the hospital may not redirect them to an off-site location for their MSE.

To minimize large volumes of patients with influenza symptoms from coming to emergency departments, hospitals and communities may set up off-campus sites for patients to go for MSEs. These alternative sites must be staffed with medical personnel trained to evaluate patients with influenza-like illnesses.

An EMTALA waiver does allow hospitals to redirect patients from the emergency department to an alternative off-campus site, provided such relocation is in accordance with the State’s emergency or pandemic preparedness plan. MSE and stabilization requirements can only be waived if: (i) the President has declared an emergency or disaster under the Stafford Act or the National Emergencies Act; and (ii) HHS has declared a Public Health Emergency; and (iii) the Secretary of HHS invokes its waiver authority and notifies Congress at least 48 hours in advance; and (iv) the waiver includes the waiver of EMTALA requirements and the hospital is covered by such waiver.

The duration of an EMTALA waiver continues for pandemic infectious disease until the declaration of the public health emergency terminates, or in other cases, the waiver terminates 72 hours after the hospital has activated its disaster plan.

__________________________________________________________________

Breach of Health Information  

Personal Health Record Vendors – On August 18, 2009 the Federal Trade Commission (”FTC”) released its final rule regarding breaches of unsecured healthcare information. The rule was published in the August 25, 2009 Federal Register. The rule went into effect on September 24, 2009. This rule applies to vendors of personal health records and not to covered entities, which are regulated by HIPAA. Under the FTC’s final rule, any breach of unsecured healthcare data, by a vendor, must be reported without unreasonable delay, but in no event, later than 60 days from discovery. If the breach involves more than 500 individuals, the notice must appear in a media outlet. Breaches without regard to the number of individuals involved must also be reported to the FTC.

The FTC defines a breach as “the acquisition of the healthcare data without the individual’s authorization”. As far as whether the healthcare data is unsecured, the FTC relies on HHS’s rule and standards established by the National Institute of Standards and Technology to determine when health care data is “unsecured”.

HITECH – In tandem with the FTC’s final rule, published a day earlier, HHS released an interim final rule on August 19, 2009, implementing HITECH breach notification requirements. For breaches occurring on or after September 24, 2009, hospitals and other HIPAA covered entities and their business associates must notify individuals when their privacy of “unsecured” personal health information is breached. Because of the time needed to implement compliance programs, HHS will use its enforcement discretion to not impose sanctions for failure to provide notices for breached discovered for first 180 days (beginning on September 24, 2009). This interim rule allows for a 90 day comment period. HITECH was previously discussed in the April and July 2009 Healthcare Law postings.

Last month the Michigan Court of Appeals reversed a trial court’s dismissal of claims brought against physicians and a hospital for failure to report suspected child abuse. The case resulted from the death of a four-year-old boy who had been seen over a three-month period of time by several physicians and in an emergency room for weight loss and failure to thrive. There were discrepancies in the medical records as to whether the boy had bruises and marks on his body. None of the physicians filed a Form 3200 with the Department of Human Services. Three months later the child was found dead at home. An autopsy revealed the boy died of cerebral edema as a result of head trauma. The foster father confessed to the child abuse and was convicted of second-degree murder.

Subsequently the biological mother filed suit against the physicians and hospital. While the mother’s claims were dismissed by the trial court, the Michigan Court of Appeals ruled that such dismissal was in error. The Court also ruled that the employer could be held liable for its employee’s failure to report suspected child abuse or neglect.

Child Protection Law (MCL 722.623) — Pursuant to Michigan’s Child Protection Law, the following individuals are required to report suspected child abuse and child neglect. Those individuals include: physician, dentist, physician’s assistant, registered dental hygienist, medical examiner, nurse, person licensed to provide emergency medical care, audiologist, psychologist, marriage and family therapist, licensed professional counselor, social worker, social service technician, social service technician, a person employed in a professional capacity in any office of the friend of the court, school administrator, school counselor or teacher, law enforcement officer, member of the clergy, or regulated child care provider.

If such an individual has “reasonable cause to suspect child abuse or neglect” he is mandated to file a Form 3200 with the Department of Human Services. If in fact such report is made and it is later found that there was no such child abuse or neglect, the reporting individual would be granted immunity as to acts required by the Child Protection Law. However if an individual, required to report suspected child abuse or neglect fails to report, criminal and civil sanction may be imposed. MCL 722.633 provides that (1) a person who knowingly fails to report when required to do so may incur criminal liability, while; (2) a person who fails to report when required to do so may incur civil liability.

Follow Up Actions — Employers should in-service employees on their legal responsibilities for reporting suspected child abuse or neglect, when “reasonable cause” is established.

________________________________________________________________

OIG Opines a Hospital Can Pay Physicians for On Call Services to Indigent and Uninsured Patients

The Department of Health and Human Services’ OIG posted Advisory Opinion 09-05, which addresses emergency department on-call compensation arrangements with physicians. The OIG concluded that a non-profit hospital could compensate physicians for on-call services provided to the hospital’s indigent and uninsured patients. The hospital which sought the advisory opinion was experiencing difficulty in maintaining its on-call specialty list, forcing it to outsource emergency care pursuant to transfer agreements with neighboring hospitals.

The key components of the hospital’s program included:

• Physicians participating in the program must be members of the medical staff;

• Physicians must enter into a letter agreement in which they agree to: (i) participate in an organized call schedule; (ii) give up all billing and collection rights with respect to services furnished; and (iii) arrive in the emergency department within 30 minutes of receiving a request for consultation;

• The program only applies to patients without insurance coverage;

• Hospital will verify that no payer source (including Medicaid) is available; and

• If no insurance coverage is available the hospital will compensate the physician based on established fee schedules.

While this Advisory Opinion only applies to the hospital which sought it, healthcare facilities can expect more physicians will approach them for similar arrangements.

_________________________________________________________________

Enforcement of Red Flag rule is Postponed Again

On July 29, 2009 the Federal Trade Commission announced another delay in the enforcement of the Red Flag Rule. The FTC moved enforcement from August 1, 2009 to November 1, 2009, one year after the Rule was to be originally enforced. With yet another postponement, there may be a possibility that the Red Flag Rule could be amended to narrow its scope and reduce compliance burdens.

________________________________________________________________

Part B Payment Policy

In the July 13, 2009 Federal Register (pages 33520 – 33825), the Department of Health and Human Services published it proposed rule for changes to the Medicare Part B Physician Fee Schedule. The proposed rule addresses a number of topics, including practice expense and malpractice relative value units, telehealth services, payment for a variety of health services and physician self-referral law. This posting will limit its discussion to the “stand in the shoes” provision of the physician self-referral law (the Stark Law).

HHS attempts to clarify the meaning of the word “parties” as used in the second sentence of 42 CFR §411.354 (c) (3) (i). Some physician groups suggest that “parties” means that everyone in the physician organization (members, employees, and independent contractor physicians) is required to sign the contract. HHS clarifies that even though a physician may stand in the shoes of his physician organization, the contract is deemed to be executed when signed by a legal representative of the physician organization, and does not require everyone in the physician organization to sign the contract.

HHS also attempts to address another misconception that physicians in a physician organization who do not stand in the shoes of the physician organization are deemed to be “parties” to the contract. In the proposed rule, HHS seeks to clarify that this is not the case and the other physicians in the physician organization are not required to be signatories. While HHS welcomes alternative approaches to address these issues, it proposes the following changes to the second sentence of 42 CFR §411.354 (c) (3) (i):

“For purposes of applying the exceptions in Section 411.355 and 411.357 to arrangements in which a physician stands in the shoes of his or her physician organization, the “parties” to the arrangement are considered to be the relevant referrals and other business generated “between the parties” are referrals and other business generated between the entity furnishing DHS and the physician organization (including all members, employees, or independent contractor physicians).”

Arguably HHS’ attempt to clarify the word “parties” does not completely resolve the issue. Expect the submission of additional comments by representatives of physician organizations.

__________________________________________________________________

HIPAA Security Rule

On August 3, 2009 HHS Secretary Kathleen Sibelius announced that the interpretation and enforcement of HIPAA security rule violations would be transferred from the Centers for Medicare and Medicaid Services to HHS’s Office of Civil Rights (”OCR”). This means that OCR will now be responsible for the enforcement of both HIPAA privacy and security standards. As with privacy violations, OCR will determine if HIPAA security standards preempt contrary state laws. Likewise, OCR will have the authority to issue subpoenas requiring witness testimony and production of evidence for investigations and reviews. OCR also has the authority to impose civil monetary penalties for violations of both HIPAA privacy and security standards.

This article supplements the article “American Recovery and Reinvestment Act of 2009 (the “Stimulus Bill”): It’s Impact on Healthcare”, which was posted in April 2009.

The following highlights the impact that the HITECH Act will have on the Health Insurance Portability and Accountability Act (”HIPAA”). Unless otherwise stated, the HITECH Act will go into effect on February 17, 2010.

A: Security Provisions

Technical Safeguard Guidance: The Department of Health and Human Services (”HHS”) is required to issue, on an annual basis, guidance on the “most effective and appropriate technical safeguards for use in carrying out” HIPAA security standards. If healthcare providers choose not to implement those technical safeguards, they will need to justify the use of other technical systems. No doubt, while HHS’s guidance is not mandatory, such guidance will be used as a template by which other systems will be judged.

Breach Notification Requirements: Healthcare providers will be required to notify individuals in the event there is a breach of unsecured Protected Health Information (”PHI”). The following requirements apply:

• Written notification must be provided by first-class mail.
• If the breach involves more than ten (10) individuals, the healthcare provider must post the notification on its website home page, or in a major print or broadcast media.
• For breaches involving more than 500 individuals, notification must also be made in prominent media outlets in the state or jurisdiction.
• All notifications must be made within sixty (60) calendar days after the healthcare provider “discovered” the breach of unsecured PHI. HHS defines “discovery” as not only when a covered entity or business associate knows of the breach, but also when the breach shuld reasonably have been known by the covered entity or business associate.
• All notifications must include (1) a brief description of what happened, including the date of breach (if known); (2) the date of discovery; (3) the steps the individuals should take to protect themselves from potential harm from the breach; and (4) a brief description of what the covered entity is doing to investigate the breach, to mitigate losses, and to protect against further breaches.
• Covered entities must provide notice to HHS of all breaches. If the breach involves more than 500 individuals, notice must occur immediately, otherwise breaches of less than 500 individuals must be submitted annually in a summary log.

Notification of such breaches only applies to unsecured PHI. HHS does not consider encrypted or destructed PHI as being unsecured PHI. [See 74 Fed. Reg. 190006 (April 27, 2009)] Given HHS’s guidance, if covered entities comply with approved encryption methodologies, covered entities will not need to comply with these notification requirements in the event of a breach.

B: Privacy Provisions

Minimum Necessary: HIPAA requires that covered entities take reasonable efforts to use and disclose only such information which is the “minimum necessary” to accomplish the intended purpose. HIPAA however, does not define “minimum necessary”. The HITECH Act defines compliance with “minimum necessary” as use of the “limited data set”, as defined in HIPAA. HIPAA defines a “limited data set” as information which excludes names, postal addresses (other than city, state and zip code), telephone and fax numbers, email address, social security and medical record numbers, and nine other identifiers. [See 45 CFR 164.514 (e)] Until HHS publishes its guidance as to what constitutes “minimum necessary”, covered entities should comply with limited data set requirements as a means of complying with the minimum necessary standard.

Accounting of Disclosures: The HITECH Act will now require covered entities, which use or maintain an electronic health record, to provide an accounting of disclosures for treatment, payment, and healthcare operations. (This is not required under HIPAA) Within six (6) months of issuing its guidance on recommended technologies, HHS will announce new regulations setting forth what information must be collected about treatment, payment and healthcare operations.

Covered entities may provide an accounting in one of two ways. They may either:

• Provide an accounting of all disclosures made by the covered entity and business associates; or 
• Covered entities may make disclosures for themselves only, and provide individuals with a list of business associates, so that those individuals may request disclosures directly from the business associates. This option puts more responsibility on business associates to provide accountings of their disclosures. What is not clear at this time is whether a business associate would need to provide an accounting of treatment, payment, or healthcare operations if they do not maintain electronic health records.

Individual’s Restriction Requests: Under HIPAA, an individual may request restrictions on the use or disclosure of PHI, but the covered entity is not required to honor such restriction requests. Now under the HITECH Act, in limited situations, covered entities must honor an individual’s request for disclosure. If an individual pays out-of-pocket for a service or product, and the individual does not want his/her health plan to be notified, the covered entity must comply with the individual’s restriction request.

Prohibition on Sale of Records: The HITECH Act prohibits a covered entity and business associate from directly or indirectly receiving payment in exchange for PHI, unless the individual authorizes such payment. Two exceptions to this requirement are 1): when PHI is exchanged during a sale, transfer, merger or consolidation of covered entities, or for research purposes; and 2): when payment is assessed to recoup the costs of preparing and transmitting the data. HHS will be issuing regulations in the future regarding these sale prohibitions.

Patient Access to Electronic Health Records: If a covered entity maintains PHI in an electronic health record, an individual who requests such information has the right to receive the health record in an electronic format. Any fees for providing individuals with electronic PHI must not be any greater than the cost of labor in providing the PHI in an electronic format.

Marketing Communications: The HITECH Act further restricts marketing communications. Paid marketing communications by a covered entity are restricted unless either:

• The communication describes a drug that is currently being prescribed to the individual, and the payment is reasonable;
• The covered entity makes the communication on behalf of itself and obtains a written authorization from the patient; or
• A business associate makes the communication, consistent with the business associate agreement.

Fundraising Communications: Similar to HIPAA requirements all fundraising communications must provide, in a clear and conspicuous manner, an opportunity for the individual to elect not to receive future fundraising communications.

C: Impact on Business Associates

Security and Privacy Standards: Under the HITECH Act, business associates like covered entities, must comply with HIPAA privacy standards and security administrative, physical, and technical safeguards. If a business associate uses or discloses PHI in violation of the business associate agreement, the business associate will be liable to the covered entity and now, under the HITECH Act, it will be directly liable to HHS. Failure of business associates to comply with these privacy and security standards may result in actions by HHS and state attorneys general. Because of these changes, business associate agreements must be amended to reflect the new business associates responsibilities.

Other Business Associate Requirements: Business associates, like covered entities will be required to comply with the marketing limitations, minimum necessary standards, prohibitions on sale of PHI, and accounting of disclosures.

D: Non-HIPAA Entities

The HITECH Act will regulate vendors of personal health records and other non-covered entities and non-business associate entities that interact with personal health records. In the event a vendor of personal health records breaches the security of unsecured identifiable health information, the vendor will be required to notify the person if such unsecured identifiable health information was acquired by an unauthorized person. The vendor will also be required to notify the Federal Trade Commission.

E: New Enforcement Provisions

The HITECH Act creates new Civil Monetary Penalty, based on the level of intent of the violator. The range of penalties is as follows:

• No knowledge of the breach: $100 to $50,000 per violation, but not more than $25,000 to $1,500,000 for the same violations in the calendar year.
• Breach based on “reasonable cause” but not “willful neglect”: $1,000 to $50,000 per violation, up to $50,000 to $1,500,000 for the same violations in the calendar year.
•  Breaches due to willful neglect, which are corrected within 30 days of when the violator knew or should have known of the violation: $10,000 to $50,000 per violation, up to $250,000 to $1,500,000 for the same violations in the calendar year.
•  Breaches due to willful neglect, which are not corrected within 30 days: the minimum is $50,000, with no maximum penalty.

F: State Attorney General Actions

The HITECH Act allows state attorneys general to enforce violations of HIPAA privacy and security rules against covered entities and business associates, if: (1) such violations have not been cured within 30 days; and (2) the violation threatens or adversely affects one or more of the state’s residents.

Follow Up Items:  In light of the HITECH Act, covered entities and business associates should:

Covered Entities:

• Determine if current use and disclosure of PHI is consistent with “minimum necessary” standard;
• Amend business associate agreements to include their additional responsibilities;
• Determine how changes to marketing, fundraising, and individual’s requested restrictions have on the use and disclosure of PHI; and
• Determine how the new accounting of disclosures and breach notification requirements will affect the covered entity.

Business Associates:

• Review current policies and procedures and infrastructure as they relate to compliance with administrative, technical, and physical security safeguards.
• Comply with administrative, technical, and physical security safeguards, prior to February 17, 2010.
• Comply with notification requirements for breaches of unsecured PHI.

_________________________________________________________________________________

Electronic Medical Records Update 

As was discussed in the April 2009 article, physicians and hospitals will receive additional Medicare payment if they use EHR technology in a meaningful way prior to 2015. A step toward defining “meaningful use” of electronic health records was taken on June 16, 2009 when the Meaningful Use Workgroup of the Health Information Technology (HIT) Policy Committee released its initial recommendations. These recommendations will serve as the basis for the final rules under which stimulus funds will be distributed. The deadline for publication of the final rules is the end of 2009.

The Committee developed a Meaningful Use Matrix which identifies proposed EHR functionality and standards for demonstrating meaningful use. The Committee went on to identify 21 objectives for achieving its priorities and goals. The Meaningful Use Matrix can be reviewed by going to:

http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11113_872719_0_0_18/Meaningful%20Use%20Matrix.pdf

While there is much work to be done, the Committee’s recommendations and the Matrix should be viewed as guidelines for EHR systems’ minimum standards. These recommendations should be reviewed as part of a healthcare provider’s due diligence in selecting and implementing an EHR system.

____________________________________________________________________________________

Class Action Suit Over Electronic Health Registry 

A class action suit alleges that the Stimulus Act requires healthcare providers to create an electronic health record for every patient in the United States, even if they are not Medicaid or Medicare beneficiaries, which would violate privacy rights. The suit claims that by 2014 when the full impact of the Stimulus Act takes effect, that the personal health information of individuals would be a “mouse click away from being accessible by an intruder”.

A New Hampshire attorney, Robert Heghmann, has sued the Secretary of Health and Human Services, White House Office of Health Reform Director, and Administrator of the Centers of Medicare and Medicaid Services. The class filing suit consists of anyone enrolled in the public health plan established by HHS, those not covered by Medicare and Medicaid, and anyone who ever has or will provide personal health information to a healthcare provider.

Under the American Recovery and Reinvestment Act, part of the Stimulus Bill, the government officials may link a person’s medical information with other forms of personal identification, such as a driver’s license number or Social Security number, according to Mr. Heghmann. The attorney seeks an injunction to protect personal health information and to prevent the defendants from distributing $22 billion budget for Electronic Health Records Systems.

______________________________________________________________________________________

BREAKING NEWS

On July 1, 2009, the Department of Health and Human Services published its proposed rule on the Medicare Program, Physician Fee Schedule. The proposed rule seeks to clarify the physician “stand in the shoes” provision of 42 CFR §411.354(c).

The proposed rule may be viewed at:

http://federalregister.gov/OFRUpload/OFRData/2009-15835_PI.pdf

Donna Craig & Associates will provide a summary of  the proposed rule in the August Healthcare Law Update. 

In the last few weeks, the federal government has taken several steps to protect taxpayer money that has been expended on recent economic stimulus and rescue packages. While the government’s actions are meant to combat a variety of areas ripe for fraudulent practices such as mortgage fraud, securities and commodities fraud, money laundering, and related offenses, some anti-fraud steps directly relate to the healthcare industry. The Department of Justice and the Department of Health and Human Services announced that it would expand its Health Care Fraud Prevention and Enforcement Action Team (”HEAT”) in Detroit and Houston as a means of addressing healthcare fraud concerns. On May 20th, President Obama signed into law the Fraud Enforcement and Recovery Act of 2009 (”FERA”), which in part amends the federal False Claims Act. Finally, the Office of Inspector General issued an Advisory Opinion addressing compensation of on-call physicians who provide services to uninsured patients. The following summarizes the impact these actions have on the healthcare industry.

________________________________________________________________

Health Care Fraud Prevention and Enforcement Action Team (”HEAT”)  Expands Operations

In order to further combat Medicare and Medicaid fraud, the United States Department of Justice (”DOJ”) and the Department of Health and Human Services (”HHS”) have taken steps to expand the Health Care Fraud Prevention and Enforcement Action Team (”HEAT”). The new initiatives will build on the existing HEAT program, with the investment of new resources and technology to prevent fraud, waste, and abuse.

The HEAT program is currently operational in South Florida and Los Angeles. With last week’s announcement, the fraud prevention task force will expand into the Detroit and Houston areas. In addition to this expansion other HEAT initiatives include:

• Continued focus on suppliers of durable medical equipment;
• Offering providers increased training and resources to assist in the identification and prevention of fraud;
• Improving data sharing between the Centers for Medicare and Medicaid Services and law enforcement; and
• Increase program integrity activities related to Medicare Parts C (Medicare Advantage plans) and D (prescription drug coverage) compliance and enforcement objectives.

______________________________________________________________ 

Fraud Enforcement and Recovery Act (”FERA”) Amends the Federal False Claims Act

On May 20, 2009, President Obama signed into law the Fraud Enforcement and Recovery Act of 2009 (”FERA”). Included in FERA are amendments to the federal False Claims Act. The amendments were enacted to “clarify and correct erroneous interpretations of the law” stemming from the Supreme Court’s decision in Allison Engine Co. v. United States ex rel. Sanders, 128 S. Ct. 2123 (2008). It is expected that this amendment to the False Claims Act will expand the scope of liability for healthcare providers, while also making it easier for qui tam relators to bring and maintain False Claim Act suits on behalf of the government.

The key changes to the False Claims Act include:

• Liability attaches whenever a person knowingly makes a false claim to obtain money or property, any part of which is provided by the government without regard to whether the wrongdoer directly deals with the federal government. This means that liability can attach when an entity knowingly makes a false claim to an agent acting on the government’s behalf, with a third party contractor, grantee, or other recipient of such money or property. No longer will it be required that an entity present the claim directly to a government officer or employee in order for the entity to be liable. In the past this narrow interpretation has limited the recovery of fraudulent funds when the funds were expended by a government grantee and not directly from the government.
• The term “obligation” has been changed to now include the “knowing retention of an overpayment”. This means that innocuous overpayments (e.g. innocent billing or coding mistakes by staff; payor error regarding medically necessary covered services; improper or insufficient documentation of services by providers) could potentially lead to liability under the False Claims Act.
• Liability may be imposed if an entity knowingly and improperly fails to return an overpayment if there is an established duty to do so. Given this, entities need to have processes in place to track and return overpayments, and to document that any retention of overpayments will not be interpreted as an intent to retain the funds.
• Attorney general may delegate to the Department of Justice attorneys the power to issue civil investigative demands for testimony, documents, and interrogatory answers in False Claim Act investigations. Prior to this civil investigative demands had to personally be approved by the attorney general. 
•  Information obtained through the use of the civil investigative demands can be used in a range of federal investigations and prosecutions.

Background on the False Claims Act:

Under the False Claims Act, 31 U.S.C. §§ 3729-3733, those who knowingly submit, or cause another person, or entity to submit, false claims for payment of government funds are liable for three times the government’s damages plus civil penalties of $5,500 to $11,000 per false claim.
In the past, the government has been successful in prosecuting the following types of false claims

• A contractor falsifies test results or other information regarding the quality or cost of products it sells to the government;
• A health care provider bills Medicare or Medicaid for services that were not performed or were unnecessary;
• A grant recipient charges the government for costs not related to the grant;
• Performing inappropriate or unnecessary medical procedures in order to increase Medicare reimbursement;
• Unbundling services, such as using multiple billing codes instead of one billing code for a drug panel test in order to increase remuneration;
• Bundling services, including billing more for a panel of tests when a single test was asked for;
• Upcoding bills by inflating them using diagnosis billing codes that suggest a more expensive illness or treatment;
• Upcoding employee work by billing at doctor rates for work that was actually conducted by a nurse or resident intern;
• Prescribing a medicine or recommending a type of treatment or diagnosis regimen in order to win kickbacks from hospitals, labs or pharmaceutical companies; and
• Forging physician signatures when such signatures are required for Medicare or Medicaid reimbursement.

The terms “knowing” and “knowingly” mean that a person;

• Has actual knowledge of the information;
• Acts in deliberate ignorance of the truth or falsity of the information; or
• Acts in reckless disregard of the truth or falsity of the information, and no proof of specific intent to defraud is required.

While the False Claims Act imposes liability only when the claimant acts “knowingly,” it does not require that the person submitting the claim have actual knowledge that the claim is false. A person who acts in reckless disregard or in deliberate ignorance of the truth or falsity of the information, also can be found liable under the Act. 31 U.S.C. 3729(b).

These changes to the False Claims Act are retroactive, effective back to June 7, 2008, and apply to all claims pending on or after that date.

_________________________________________________________________

Compensation for On-Call Physicians Providing Services to UnInsured Patients

On May 14, 2009 the Office of Inspector General (”OIG”) issued Advisory Opinion 09-05 that allows a hospital to compensate on-call physicians for providing services to uninsured patients. The hospital which sought the advisory opinion was a nonprofit general hospital which experienced a declining willingness of its physicians to provide on-call coverage. As a means of meeting the healthcare needs of its community, the hospital sought to amend its bylaws to allow for payments to physicians for services rendered to uninsured patients. The proposed bylaw amendment would allow on-call physicians to submit claims to the hospital for payment for services rendered to indigent and uninsured patients presenting to the hospital’s emergency department.

A requirement of the on-call reimbursement program required patients to be without sponsoring insurance plans (e.g. Medicare, Medicaid, worker’s compensation, hospice program). Participating physicians were required to: (1) be members of the active medical staff; (2) respond within 30 minutes to evaluate the patient in person and provide clinical care as appropriate; (3) provide on-call coverage per the hospital’s on-call schedule on a rotating basis; and (4) follow the claims processing protocol. The claims process provides for flat fees for emergency consultations, inpatient care, and surgical and endoscopy procedures.

The OIG concluded that the proposed arrangement would present a low risk of fraud and abuse. This was based on the certification that the payments to be made to the on-call physicians were within the range of fair market value. Also, payment would only be made for actual services rendered, such as consultations, surgical procedures, etc. There would be no payment unless services were rendered. Payments would only be made to physicians for services rendered to uninsured patients, so there would be no concern that a physician would get paid for being on-call and also receive payments from an insurer. Physicians would also be at risk to provide follow-up care to patients, without additional compensation. Based on the above rationale and the fact that the on-call arrangement would be available to all physicians on the medical staff, the OIG determined that the proposed arrangement contained sufficient safeguards to reduce the risk that the remuneration would be intended to generate patient referrals.