HHS Proposes New Rules on Civil Monetary Penalties

HHS’s Office of the Inspector General (OIG) has issued a new proposed rule that makes a number of changes to its civil monetary penalty authority. Among other changes, this rule would increase the maximum reduction of penalties when providers can show mitigating circumstances. It also makes providers who cause more than $15,000 of losses to Medicare/Medicaid subject to increased penalties.

The rule also explains the factors that OIG will consider in determining how much in penalties it will assess. These include the provider’s history and whether other wrongful conduct was involved. OIG will also consider whether the provider followed self-disclosure protocols and took corrective action. Providers should review their self-disclosure policies to determine whether they reflect the new factors.

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

Advertisements

Beware of “Accidental Contracts” With Insurance Providers

Health care providers should be aware that informational forms sent by insurers may lock them into unfavorable contracts. In many cases, these forms are faxed to front-desk staff or mailed to physicians at home. The form may include language that purports to be a contract binding the practice to lower reimbursement rates for certain groups of patients or services.

 While these practices may be challenged in court under a number of different theories, the easiest way to avoid these issues is preventive. Your practice should establish policies for handling information update forms and other correspondence from insurers. These forms should be signed only after careful review, and not by a physician without appropriate authority to do so or a front-desk staff person.

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

FDA Releases New Report on Health IT Oversight

The FDA, in conjunction with other administrative agencies, has released a new report that describes its strategic plan for regulating health IT devices. The report suggests three different categories of health IT, based on the risks associated with each type. The lowest-risk category is administrative health IT functions. This includes software for admissions, scheduling, and practice management. The FDA has indicated that health management health IT functions pose a slightly higher risk. These include clinical decision support and medication management tools. Finally, the FDA identified medical device health IT functions, such as robotic surgical control and computer-aided detection software, as high risk areas.

The FDA has indicated that it will focus its attention on medical device health IT functions, and does not see a need for further regulatory oversight over the other two areas at this time.

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

Medical Providers Should Use Caution on Continued Use of Windows XP

Microsoft’s recent announcement that it will stop providing support for its Windows XP operating system could cause an increased HIPAA risk to certain medical providers. HIPAA generally requires medical providers to adequately safeguard its protected health information.  One effect of Microsoft’s decision is that it will no longer be helping to ensure that users of XP are secure from new forms of hacking and malware.  Therefore, medical providers using XP are at an increased risk of being attacked and possibly violating HIPAA.  To help prevent this, medical providers using Microsoft XP should ensure that their anti-virus software and firewalls are current while beginning to look into upgrading its operating systems.

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

Model Notices of Privacy Practices Released

Model Notices of Privacy Practices were recently released by the Department of Health and Human Services.  The models give an example of the notices that health care providers are required to provide to patients and post on their websites.  These model notices should generally be tailored to your health care practice.  Additionally, practices should obtain signatures from patients acknowledging receipt of the notices.

The sample notices can be found here: http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html

© 2013 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Follow the Money: Avoiding Embezzlement in Medical Offices

In recent months, Nebraska has been home to several medical embezzlement cases. One of these cases involved more than $500,000 stolen from a Lincoln practice. It’s clear that embezzlement can pose a threat to any medical practice. But, there are a few steps that any practice can take to reduce this risk.

One key step is to insure that cash controls are tight enough to avoid day-to-day embezzlement. This includes separating petty cash from change funds, locking up money at the front desk, and balancing money received with totals and posted payments. Build in doublechecks to everything involving money and rotate job duties to reduce the risk of collusion.

Other measures are critical to preventing and detecting embezzlement. Ensure that you conduct background checks on all employees who will handle money. You should also periodically audit patients who are listed as “no-shows” for appointments. In many cases, front desk staff has marked a patient as a “no-show” and simply pocketed the cash. Finally, you should look out for employees making extravagant purchases.

© 2013 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

The HIPAA-HITECH Omnibus Rule: What’s New?

New rules released under HIPAA require physicians to make several major changes over the next six months. These changes are complex and they will have a direct impact on how physicians do business, so physicians need to start planning now.

Business associate (BA) agreements must be reviewed. The new rules require physicians to use reasonable diligence in overseeing business associates. BAs should also take notice, because they may now be directly liable for breaches. The definition of who counts as a BA has expanded. So, any company working with a physician needs to figure out whether the new rules apply to it.

Physicians also need to prepare new NPPs to account for new patient rights. Patients will soon be able to limit disclosure if they pay for services in full. They will also be able to request machine-readable copies of EHR. Last, they will have to give written approval before the physician can use third-party marketing.

© 2013 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Health Care Reform to Increase Demand for Specialized Medical Staff

President Obama’s re-election all but guarantees that health care reform is here to stay. With millions of new patients gaining access to healthcare insurance, there is likely to be a significant increase in the demand for primary care.  As physicians are becoming more specialized, an alternative to meeting this demand for primary care is through nurse practitioners (NPs) and physician assistants (PAs).

Healthcare providers need to consider a number of issues prior to hiring PAs and NPs. Providers first need to anticipate the extent to which hiring a PA or NP will provide competitive advantage to market participants. Nebraska providers also need to understand where they can place PAs and NPs in the continuum of care. Recent changes in Nebraska law broaden the scope of practice for NPs giving providers more opportunities to make use of PAs and NPs. Accordingly, NPs and PAs may be valuable tools in meeting your practice needs.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Billing Policy Pointers

Physicians frequently lose revenue or create legal issues as a result of billing policies and collection attempts.  In order to ensure that patients are better served and that the practice does not lose revenues, it is important to inform patients of the practice’s billing policy as early as possible.  Staff should explain the practice’s billing policy over the phone when patients make their initial appointments.  The practice should also provide a clear, friendly explanation of the practice’s billing policy in the office for new patients.  Keep in mind that copayments, being an extremely common form of patient obligation, frequently create problems.  As such, it may be advisable for staff to inform patients that failure to make a copayment is a violation of their contract with a health insurer, if necessary.

Physicians should also consider the roles of staff in explaining and enforcing billing policy.  Clear policies and best practices should be set in place for office staff who handle payments, and privacy measures should be carefully planned out. Billing information may be a source of HIPAA violations if privacy becomes an issue, making it an especially important consideration.  Physicians also have an important role in billing policy issues, since the degree of trust they share with patients can help make conversations about billing more effective.  In short, physicians should evaluate how to discuss their practice’s billing policy over the phone or in writing at the office.  Remember that this is an ideal time to ensure that your billing policy is well-drafted and in compliance with state and federal laws.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Should Your Company Consider A Cybersecurity Disclosure Policy?

Cybersecurity breaches represent a significant, rapidly growing risk to virtually all companies doing business today. Small companies are particularly prone to a variety of potential cybersecurity breaches, including loss of physical property, social engineering, malicious attacks, or breaches caused by employee conduct.  The consequences of these breaches can include increased costs, lost revenues, reputational damage, and litigation.  As a result, the Securities Exchange Commission has recently indicated that public companies must consider cybersecurity risks when disclosing risks to their investors.  While the SEC guidance primarily applies to public companies, private companies may also be subject to these requirements if they do business with public companies.

Given the growth of cybersecurity risks and breaches, many states have also acted to promote disclosure of cybersecurity issues. Currently, 46 states have enacted legislation that requires companies to notify customers if a cybersecurity issue compromises their personal information. The potential ramifications of cybersecurity risks may create liability not only for the company itself, but also for its board of directors and officers. Accordingly, companies should regularly review their policies relating to the disclosure of cybersecurity risks and incidents.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com