CMS Strengthens Enrollment Standards for DMEPOS Suppliers

Posted on August 27, 2010 by Lisa Rothrock

Earlier today, CMS issued a final rule increasing restrictions on durable medical equipment, prosthetics, orthotics and supplies (“DMEPOS”) to prevent fraud. Not only did CMS strengthen existing standards that suppliers must satisfy to provide DMEPOS to Medicare patients, but the final rule also adds several new standards.  The rule becomes effective on September 27, 2010.

The new standards for DMEPOS suppliers to receive payment from the Medicare program include the following:

 

·         Suppliers must obtain a state license for supplying oxygen if the state requires a license;

·         Suppliers must remain open to the public for at least 30 hours per week, with certain exceptions;

·         Suppliers must continue to maintain ordering and referring documentation from physicians or licensed practitioners; and

·         Supplier must not share a practice location with other Medicare providers or suppliers, with certain exceptions.

 

In addition, the final rule expands the existing standards for DMEPOS suppliers to receive payment from the Medicare program, including ensuring that suppliers maintain a physical location on an appropriate site. The rule details several requirements as to what will be an appropriate site. CMS also included in the final rule language explaining that suppliers must be licensed to provide licensed services and cannot contract with another to provide those licensed services. 

Tags: , , ,

HHS Withdraws HIPAA Breach Notification Final Rule

Posted on August 2, 2010 by Lisa Rothrock

The HHS final rule on breach notification was submitted to the OMB on May 14, 2010, which is typically the final step before the final rule is published. HHS, however, “withdrew” the final rule from the OMB to “allow for further consideration, given the Department’s experience to date in administering the regulations,” as it stated in a notice posted on the HHS website. HHS failed to explain the reason for withdrawing the final rule for further consideration except to note that the breach notification issue is “complex.” 

The breach notification interim final rule issued pursuant to the HITECH Act, was published in the Federal Register on August 24, 2009, and became effective on September 23, 2009. According to HHS, during the 60-day public comment period on the interim final rule, HHS received approximately 120 comments.

Many in the industry have speculated that this withdrawal may be related to the controversial “harm” threshold set forth in the rule. Under the harm threshold, a provider only needs to notify patients about a data breach if the provider determines that the breach presents a significant risk of harm to the patients. Critics of the harm threshold contend that all breaches should be disclosed and providers should not have the discretion to make such a risk assessment.

A final rule is expected in the coming months. This withdrawal does not have an impact on the interim final rule.

Tags: , , , , ,