HIPAA Violation Costs Rite Aid $1 Million

Posted on July 27, 2010 by Erin McAlpin Eiselein

How much does it cost to violate HIPAA?  For drug store chain Rite Aid Corporation, the answer is $1 Million.  Today, HHS announced that Rite Aid will pay a $1 million fine, implement a corrective action program, and sign a consent order with the Federal Trade Commission to resolve this coordinated investigation that was triggered by television media outlets capturing images of prescription bottles containing protected health information improperly disposed in trash containers accessible to the public.  Even after Rite Aid pays the fine, it will feel the effects of its non-compliance for a long time to come as the FTC consent order will remain in place for 20 years.       

Tags: , , , ,

HHS issues final regulations on "meaningful use"

Posted on July 13, 2010 by Wallis S. Stromberg

Final regulations on "meaningful use" of electronic health records were released today by HHS. The 863 pages  specifies the initial criteria that hospitals and physicians hoping to obtain incentive support payments under the ARRA for their use of EHRs must meet.  The regulations will be published in the Federal Register on July 28, 2010.

Tags: , ,

New OCR Rule Strengthens HIPAA Requirements

Posted on July 9, 2010 by Lisa Rothrock

Yesterday the Office for Civil Rights (“OCR”) released a Proposed Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requirements. OCR issued this Proposed Rule pursuant to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The Proposed Rule will not be published in the Federal Register until July 14, 2010, and there will be 60 days from that date to comment.

More specifically, this Proposed Rule modifies and strengthens the HIPAA Privacy Rule, Security Rule, and Enforcement Rule as well as the penalties and investigation provisions. The most notable changes include the following:

  • The requirements of the Privacy Rule and Security Rule will apply to business associates in the same manner they currently apply to covered entities.
  • Subcontractors of business associates will be considered business associates, and the business associate must obtain “satisfactory assurances” through a contract or other arrangement that the subcontractor will comply with the applicable privacy and security requirements. 
  • There will be new limitations on the use and disclosure of protected health information (“PHI”) in marketing and fundraising, including a requirement that individuals be given opportunities to opt out of receiving marketing or fundraising materials without any impact on their future treatment.
  • Covered entities and business associates will be prohibited from selling an individual’s PHI without that individual’s authorization, and covered entities will not be allowed to coerce patients into authorization by conditioning treatment, payment, enrollment, or eligibility for benefits on authorization.
  • The Proposed Rule expands patients’ rights by allowing patients to request that a covered entity restrict uses or disclosures of their PHI, and by giving patients greater access to copies of their electronic health records.
  • Covered entities’ Notice of Privacy Practices given to patients must include additional information, such as the authorization requirements described above.
  • Penalties for violations of HIPAA privacy and security requirements will be increased to $1.5 million per calendar year for violations of the same requirement or prohibition.
  • The Proposed Rule defines the terms “reasonable cause,” “reasonable diligence,” and "willful neglect,” which provide the basis for the various categories of liability under the Enforcement Rule.
  • Covered entities will have certain identified responsibilities during complaint investigations and compliance reviews.
Tags: , , , , , ,

HHS Launches New Website - HealthCare.gov

Posted on July 6, 2010 by Erin McAlpin Eiselein

There is a brand new resource for navigating health care reform - a website managed by HHS called HealthCare.gov.  According to the website, it is "designed to help you take control over your health care and make the choices that are right for you."  Currently, the content is focused on four primary areas:  finding health insurance options, learning about preventative health care, comparing hospital quality, and learning more about the Affordable Care Act.  Admittedly a work in progress, HHS welcomes user comments to improve the site and make it more useful for the public.  This coming October, look for the website to include private health insurance pricing information. 

Tags: ,

Red Flags Rule Enforcement Postponed until Court Ruling

Posted on July 2, 2010 by Lisa Rothrock

The Federal Trade Commission (“FTC”) and several medical associations have agreed to a joint stipulation that the FTC would not enforce its Red Flags Rule with respect to physician members of various associations until the DC Circuit rules on the American Bar Association’s pending action challenging the Red Flags Rule. Although the FTC has already announced that it will again delay the deadline for compliance with the Red Flags Rule until December 31, 2010, this stipulation may extend further the compliance deadline for physicians in the medical associations and state medical societies referred to in the case.

Tags: , , , , ,

OIG Report on Improper ENT Billing

Posted on June 25, 2010 by Lisa Rothrock

The Department of Health and Human Services (“HHS”) Office of the Inspector General (“OIG”) recently released a report presenting the results of an extensive medical record review conducted in 2006 regarding payments made to nursing facilities for Medicare Part B enteral nutrition therapy (“ENT”) claims for non-Part A patients. The study found that 21 percent of the claims were inappropriate or inadequately documented, resulting in an estimated $39 million in Part B payments that the government should not have paid. Although in the 2010 Work Plan OIG already declared its intent to focus on review of nursing homes’ Part B ENT billing, this report may result in increased scrutiny of providers’ claims and documentation.

Tags: , , , ,

DGS Health Law Blog Recognized as Top Reference for HIPAA / HITECH

Posted on June 23, 2010 by Sara Kraeski

We are pleased to announce that the DGS Health Law Blog has been recognized by HealthInsuranceQuotes.org as one of 47 top-rated and top-referenced health blogs for understanding HIPAA issues.  We are delighted that people are finding our blog useful and we encourage you to contact any of our attorneys if you have further questions about HIPAA or HITECH matters.

Tags:

Grandfathered Health Plans: New Interim Regulations

Posted on June 21, 2010 by Lisa Rothrock

Last week the United States Departments of Treasury, Labor and Health and Human Services issued Interim Final Rules providing guidance on “grandfathered health plans” under health care reform. The Patient Protection and Affordable Care Act (“PPACA”) set different standards for grandfathered health plans than for those plans not grandfathered. According to these regulations, health plans that existed on March 23, 2010 will be significantly restricted in the changes they can make to copayments, deductibles and benefits covered if the plans want to maintain grandfathered status and avoid the new requirements of PPACA.

Most plans will fail to qualify for grandfathered status over the next three years, according to the Departments’ analysis in the Interim Final Rules. The greatest impact will be on small employers with between 3 and 99 employees. The Departments estimate that between 49% and 80% of small employer plans will relinquish their grandfathered status by 2013. In addition, the Departments estimate that between 34% and 64% of large employer plans will relinquish their grandfathered status by 2013.

Continue Reading...
Tags: , ,

Another Delay for the Red Flags Rule

Posted on May 28, 2010 by Erin McAlpin Eiselein

In not-so-surprising news today, the FTC has delayed the enforcement date of the Red Flags Rule for the fifth time.  The new forbearance deadline is December 31, 2010 - however, if Congress passes legislation on this issue with an effective date before December 31, 2010, the FTC will begin enforcing this rule on that earlier effective date.  This delay follows on the heels of a lawsuit filed last Friday by the American Medical Association and other challenging the Rule's definition of "creditor" to the extent that it includes medical professionals.   

Tags: , ,

PPACA - The Starting Point for Reform

Posted on May 20, 2010 by Wallis S. Stromberg

I recently led a class on the new health care reform law, the Patient Protection and Affordable Care Act (PPACA), and have attched the powerpoint presentation from that class.  I hope this provides a good start on understanding the scope of the this legislation.  A good overall detailed summary of the statute, which incorporates the Reconciliation changes into the PPACA provisions, is here.  The whole law, including the Reconciliation Act changes, is here.

PPACA is the start of a decades long process of remaking the health care system in the United States.The law calls for many new state or federal agencies, commissions, and other institutions, as well as scores of new federal rules and regulations, and will most likely require changes to other existing federal and state laws if it is to be fully implemented.  Congress has already begun talking about amending some of the provisions in PPACA due to "unintended consequences."

Cost estimates for the reformation are continually changing as well, and it now appears the purported $1 Trillion cap on cost will be significantly surpassed. 

For a timeline on when the various changes become effective, the Kaiser Family Foundation's is a good reference.

Tags: