Pierce & Mandell, P.C.

11 Beacon Street, Suite 800
Boston, Massachusetts 02108-3002

Phone: (617) 720-2444
Fax: (617) 720-3693

Facebook Twitter

Health and Dental Law

RSS Grab Health and Dental Law RSS Feed

CMS and OIG Propose to Amend Stark and Anti-Kickback Rules for EHR Donations

Wednesday, May 01, 2013
By Dean P. Nicastro

Last month, the Centers for Medicare & Medicaid Services (CMS) and the Office of Inspector General of the U.S. Department of Health and Human Services (OIG) proposed similar amendments to the Stark exception and to the Anti-Kickback safe harbor for the donation of electronic health records (EHR).  The current rules permit hospitals, group practices and other entities to donate technology-related items and services to physicians, to be used to create, maintain, transmit or receive EHR.  Highlights of the proposed changes:

  • Eliminate the requirement that EHR must include an electronic prescribing component or interface ability
  • Change the procedure for deeming EHR software “interoperable,” so as to follow the current certification process employed by the Office of National Coordinator for Health Information Technology (ONC); and eliminate the 12-month prior timeframe for certification
  • Postpone the EHR sunset from December 31, 2013 to December 31, 2016

The two agencies believe that “sufficient alternative policy drivers” exist to advance electronic prescribing, and that the ONC certification program (which certifies to any edition of EHR certification criteria that is identified in the regulatory definition applicable at time of donation) is consistent with the objective of ensuring that EHR products are certified to the current standard of interoperability when they are donated.  In addition, the sunset extension is thought needed in order to help achieve more widespread adoption of EHR in the healthcare industry (the December 31, 2016 date corresponds with the closing timetable for Medicare/Medicaid EHR incentive programs; the agencies even suggest an extension to December 31, 2021).

The agencies have invited comment on the proposed amendments through June 10, 2013.  Also, they seek comment on whether to limit the class of permitted donors, so as to exclude certain ancillary suppliers, such as lab companies, durable medical equipment suppliers and independent home health agencies, and on other suggestions for preventing “data and referral lock-in” and for encouraging the free exchange of data.

The proposed changes are contained in the April 10, 2013 Federal Register.  Please contact the health law professionals at Pierce & Mandell for additional information on this subject.

New HIPAA Regulations Impact Health Care Providers and Business Associates - Boston, MA

Monday, March 18, 2013
The federal HHS Office of Civil Rights recently adopted final HIPAA regulations covering a broad range of topics, to strengthen privacy and security protections for individual health information.  This blog is Part 1 in a series.   

By Dean P. Nicastro, Esq.

Business Associates.

The new HIPAA regulatory amendments make business associates directly liable for various requirements in the HIPAA Privacy and Security Rules.  In particular, the amendment to the general applicability provision at 45 C.F.R. §160.102(b) states: “Where provided, the standards, requirements, and implementation specifications [of HIPAA privacy and security] apply to a business associate.”  Similar language has been added for both the Security Rule and the Privacy Rule (including particularly with respect to the protected health information (PHI) of a covered entity) at 45 C.F.R. §164.104(b) and 45 C.F.R. §164.500(c).  In effect, this means that business associates must implement administrative, physical and technical safeguards, and implement and document reasonable and appropriate policies and procedures, to protect PHI and electronic PHI under both the Security Rule and the Privacy Rule.

The amendments go on to expand the definition of a “business associate.”  The term now includes Health Information Organizations, E-prescribing Gateways, personal health record providers, and, most significantly, subcontractors of a business associate that create, receive, maintain or transmit PHI on behalf of the latter.  A definition of “subcontractor” has also been inserted: "a person to whom a business associate delegates a function, activity or service.”  HIPAA obligations thus now reach downstream entities that access or handle PHI of the main covered entity.

Additionally, the amendments add business associates to the HIPAA Enforcement Rule, in order to implement the imposition of liability for civil money penalties (CMPs) upon business associates for various HIPAA violations.

The new rules for business associate compliance become effective on March 26, 2013, and must be complied with by September 23, 2013.  Existing business associate agreements that were compliant with pre-existing regulations are deemed compliant with the new rules until the earlier of September 22, 2014 or the date the agreement is renewed or modified on/after September 23, 2013.

HIPAA Enforcement Rule.

The HIPAA regulatory amendments also strengthen HIPAA enforcement:

  • Private Complaints - HHS will investigate complaints about non-compliance filed by private persons when preliminary review of facts indicates possible violation due to willful neglect
  • Compliance Reviews - HHS will conduct a compliance review when preliminary review of facts indicates possible violation due to willful neglect
  • resolution of such investigations or compliance reviews can result in the imposition of CMPs or a determination of no violation
  • HHS may, for criminal or civil law enforcement activities, share PHI obtained in an investigation or compliance review with other legally-permitted governmental agencies (including state attorneys general)
  • Covered entities liable for violations by their business associates, and vice versa
  • governed by federal common law of agency
  • Increased tiered CMP penalty structure for violations, that takes into account whether the covered entity or business associate would have known of the violation, whether the violation was due to willful neglect or reasonable cause, and was corrected within 30 days
  • HHS will determine CMP amounts, considering mitigating or aggravating factors
    • nature and extent of violation (number of affected individuals, time period)
  • nature and extent of harm (physical, financial, reputation, patient’s ability to obtain health care)
  • prior compliance/violations
  • financial condition
  • other matters as justice may require

Covered entities and their business associates should be moving forward now that these final rules have been issued to review and update their business associate agreement templates and compliance policies accordingly.

Please contact the health law attorneys at Pierce & Mandell for additional information on this subject.

Health Law Provider Alert: New Notice Requirement for Material Change to Provider Operations or Governance

Friday, March 15, 2013
By: Rebecca Merrill, Esq.

Massachusetts hospitals and medical groups contemplating a proposed acquisition, integration or affiliation must be aware of a new governmental reporting mandate and cost/market based oversight unique to Massachusetts that has just gone into effect.

The Massachusetts Cost Containment Law, passed last year, establishes a new requirement that every Massachusetts provider and provider organization must submit notice at least 60 days in advance of any proposed “material change” to its operations or governance structure to (1) the Massachusetts Attorney General, (2) the Center for Health Information and Analysis (“CHIA”), and (3) the new Health Policy Commission (“HPC”) established under the 2012 Cost Containment Law.   

 “Provider” is defined as “any person, corporation, partnership, governmental unit, state institution or any other entity qualified under the laws of the commonwealth to perform or provide health care services.”   

“Provider organization” includes “any corporation, partnership, business trust, association or organized group of persons, which is in the business of health care delivery or management, whether incorporated or not that represents 1 or more health care providers in contracting with carriers for the payments of heath care services; provided, that ‘provider organization’ shall include, but not be limited to, physician organizations, physician-hospital organizations, independent practice associations, provider networks, accountable care organizations and any other organization that contracts with carriers for payment for health care services.”

The rather limited statutory definition of “Material Change” includes, but is not limited to:

  • Corporate mergers;
  • Acquisitions or affiliations of a provider or provider organization and a carrier;
  • Acquisitions of insolvent provider organizations; and
  • Mergers or acquisitions of provider organizations resulting in provider organization having near majority of market share in a given service or region.

HPC has been charged with adopting regulations for administering these notice and review requirements and for further defining key terms including “material change” and “non-material change.”  While the notice and market impact review regulations are presently being developed by HPC and have not yet been issued, HPC has just released some Interim Guidance.      

In the Interim Guidance HPC has clarified that the following events constitute a Material Change for notification purposes:

  • A Merger or affiliation with a carrier;
  • An Acquisition of or by a carrier;
  • A Merger with or by a hospital or a hospital system;
  • Any other acquisition, merger or affiliation with another provider or provider organization that would result in an increase in annual patient service revenue of the provider or provider organization of $10 million or more;
  • Any clinical affiliation with another provider or provider organization that has an annual patient service revenue of $25 million or more in the preceding fiscal year; and
  • Any formation of a partnership, joint venture, common entity, accountable care organization, or parent corporation created for the purpose of contracting on behalf of one or more provider or provider organizations.

HPC has announced that only those providers and provider organizations with at least $25 million in net patient service revenue in the preceding fiscal year that propose a Material Change to close after March 12, 2013 must file the notice. Acquisition targets with less than $25 million in net patient service revenue could still be party to a reportable proposed transaction if the acquiring provider is in excess of the reporting threshold. Also, all material changes completed on or before March 12, 2013, will not be subject to this notice requirement.

The intent of the new notice requirement and review process is to empower and enable the HPC to conduct cost and market impact reviews with the ultimate goal of improving the quality of care in Massachusetts while simultaneously reducing cost through increased collaboration, transparency and innovation.

In reaction to the rapidly evolving Massachusetts health care market, most hospitals and medical groups in Massachusetts are considering their affiliation and integration options and joining ACOs.  Not all considered ventures and initiatives will trigger the new notice of Material Change under the Interim Guidance, however, providers and their legal counsels must be aware of what types of proposed new relationships and transactions will trigger the required notices and review. These reviews are in addition to already required applicable reviews and approvals by federal and state agencies regarding licensure, DON, closure of facilities, Medicare and Mass Health participation, change in charitable status and anti-trust.  

The requisite Material Change notice must be submitted electronically at least 60 days in advance of the proposed material change. HPC will develop a notice template that will include instructions, definitions, and explanations for all requested information and the form will soon be available online at www.mass.gove/hpc. In the interim, providers and provider groups seeking to submit notice should request the form directly from HPC at HPC-Notice@state.ma.us.  

Stay tuned for developing regulations on Massachusetts Cost Containment Provider Material Change notice and reporting requirements for hospitals, other facilities, medical groups and health plans.  If you have questions about the reporting requirements or need assistance in evaluating affiliation and integration options or joining ACOs, health law attorneys at Pierce & Mandell, P.C., are here to assist you.

Mandatory Compliance and Ethics Programs for Nursing Homes

Thursday, February 21, 2013
By: Rebecca J. Merrill, Esq.

Time is Running Out: March 23rd is the Deadline for Nursing Facilities to Implement Mandatory Compliance & Ethics Programs

On or before March 23, 2013, Medicare and/or Medicaid certified nursing facilities must have in operation a Compliance & Ethics Program that is effective in promoting quality of care and preventing and detecting criminal, civil and administrative violations under the Patient Protection and Affordable Care Act of 2010 (Pub. L. 111-148) (the “ACA”).  While the ACA clearly required the Secretary and Inspector General of the Department of Health and Human Services to issue regulations further defining the ACA Mandatory Compliance & Ethics program requirements by March, 23, 2012, no such regulations have been promulgated.  The lack of clarifying regulations, however, does not relieve nursing facilities of the statutory obligation to have in operation such a Compliance & Ethics Program. Fortunately, the Office of Inspector General has long been committed to guiding nursing facility providers in the development of voluntary compliance plans and such guidance is an excellent starting point for developing or reviewing and updating existing compliance programs and documents. See OIG Supplemental Compliance Program Guidance for Nursing Facilities, Sept. 2008; and OIG Original Compliance Program Guidance for Nursing Facilities, Mar. 2000.  

Section 6201 of the ACA also sets forth several critical elements that must be addressed in nursing facility compliance and ethics programs to meet the ACA mandate.  These elements include:

A. Established compliance standards and procedures to be followed by employees and other agents that are reasonably capable of reducing the prospect of criminal, civil, and administrative violations.

B. Assign overall responsibility for compliance oversight to specific individuals within high-level personnel of the organization to ensure adherence to compliance and ethics standards and procedures and provide such individuals with sufficient resources and authority to accomplish such compliance.

C. Use due care not to delegate substantial discretionary authority to individuals whom the organization knows, or should know, through the exercise of due diligence, had a propensity to engage in criminal, civil, and administrative violations.

D. Take steps to effectively communicate its compliance and ethics standards and procedures to all employees and organizational agents (e.g., require participation in training program; disseminate training materials that explain requirements in a practical manner).

E. Take reasonable steps to achieve compliance with its standards (e.g., utilize monitoring and auditing systems designed to detect criminal, civil, and administrative violations under the ACA by its employee and agents; employ and publicize a reporting system that enables employees and agents to report violations without fear of retribution).

F. Consistently enforce standards and procedures through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect an offense.

G. After an offense has been detected, take all reasonable steps to respond appropriately to the offense and prevent further offenses of a like nature (e.g., make necessary modifications to existing compliance and ethics program to better prevent and detect criminal, civil, and administrative violations).

H. Perform periodic reassessment of the existing compliance and ethics program to identify changes necessitated by organizational evolution and changes in public policy.  

All nursing facilities should undertake a comprehensive review of existing compliance and ethics policies, if any, and update or draft new policies to ensure that the facility meets the statutory requirements for the March 23, 2013, Mandatory Compliance & Ethics Programs for CMS Certified Nursing Facilities.  The Health Care Team at Pierce & Mandell, P.C. is equipped and prepared to assist your facility in developing or updating its compliance and ethics standards and procedures.  

Apologizing for Medical Mistakes

Wednesday, February 06, 2013
By Dean P. Nicastro

Massachusetts health care providers (including hospitals, clinics, nursing homes, physicians, dentists, podiatrists, chiropractors, nurses, etc.) are now subject to the benefits and challenges of a new health care law impacting the arena of medical mistakes.  Section 79L of Massachusetts General Laws Chapter 233, which took effect November 4, 2012, the so-called “Disclosure and Apology Law,” protects a health care provider’s real-time statements expressing apology, sympathy, mistake or error (“apology,” for short) from being admissible as evidence against the provider in a medical malpractice case or in an administrative proceeding (for example, a medical board disciplinary proceeding).  Specifically, when the statement relates to an “unanticipated” medical outcome and when a provider communicates it to a patient or to the patient’s relative or representative, the law sets forth the general rule that the “apology” is not admissible.

However, the law makes exception for apology statements when the health care provider (or his/her defense expert witness) “makes a contradictory or inconsistent statement as to material facts or opinions,” when questioned under oath during the litigation.  In this case, the apology is admissible in evidence for all purposes.  Because this exception is not defined, plaintiffs and defendants may take to arguing over whether a particular subsequent statement made during testimony by the provider, or by the provider’s expert witness, is in fact inconsistent or contradictory to the original statement of apology.

The new apology law also imposes upon providers an obligation to “fully inform the patient and, when appropriate, the patient’s family,” about an unanticipated outcomewith significant medical complication resulting from the provider’s mistake.”  Because the term “significant medical complication” is not defined, questions of interpretation may arise, for purposes of determining just when the obligation to inform (disclose) applies in a given situation.    

The Massachusetts Medical Society sponsored the enactment of the Disclosure and Apology Law.  It is meant to be an innovative way to promote transparency, reduce litigation, and lower the costs of the health care system.  Future judicial interpretation will aid in understanding the full scope of its benefits.   Providers, in the meantime, will want to proceed carefully, and may wish to consult expert assistance, in proceeding under this statute.    

For more information on health care law, contact Pierce and Mandell, P.C.

Enter your e-mail address below to receive updates on new blog posts!

Recent Posts