Hospital Network Reports Large HIPAA Breach


Community Health Systems announced today, August 18th, that hackers broke into its computers and stole data on 4.5 million patients.  The information included names, Social Security numbers, physical addresses, birthdays and telephone numbers.  More information on the breach is available at


OIG Finds Privacy and Security Risks with ONC EHR Certification Process

It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).

In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.

I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.


ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.


To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

CMS Seeking Comments Regarding Expanding Coverage for Secondary Interpretation of Images

In the proposed 2015 Medicare Physician Fee Schedule, CMS is seeking comments regarding expanding coverage for secondary interpretation of diagnostic imaging.

I’m enclosing pages 40370 and 40371 of the proposed Medicare Physician Fee Schedule. The enclosed material sites the Medicare Claims Processing Manual provisions which make is clear that a professional component interpretation service should only be billing for the forward interpretation and report, and then Medicare pays for only one interpretation of an EKG or x-ray service to an emergency room patient.

CMS is acknowledging that technological advances such as the integration of picture and archiving communication systems across health systems and the growth of image sharing networks and health exchange platforms, make it possible for providers to share images, and that covering payment for second interpretations would contribute to improve care and potentially reduce costs by eliminating the need to perform the full professional and technical component of additional images. Specifically, CMS is seeking comment on the following questions:

  • For which radiology services are physicians currently conducting secondary interpretations, and what, if any, institutional policies are in place to determine when existing images are utilized? To what extent are physicians seeking payment for these secondary interpretations from Medicare or other payers?
  • Should routine payment for secondary interpretations be restricted to certain high-cost advanced diagnostic imaging services, such as those defined as such under section 1834(e)(1)(B) of the Act, for example, diagnostic magnetic resonance imaging, computed tomography, and nuclear medicine (including positron emission tomography)?
  • How should the value of routine secondary interpretations be determined? Is it appropriate to apply a modifier to current codes or are new HCPCS codes for secondary interpretations necessary?
  • We believe most secondary interpretations would be likely to take place in the hospital setting. Are there other setting in which claims for secondary interpretations would be likely to reduce duplicative imagine services?
  • Is there a limited time period within which an existing image should be considered adequate to support a secondary interpretation?
  • Would allowing for more routine payment for secondary interpretations be likely to generate cost savings to Medicare by avoiding potentially duplicative imaging studies?
  • What operational steps could Medicare take to ensure that any routine payment for secondary interpretations is limited to cases where a new imaging study has been averted while minimizing undue burden on providers or Part B contractors? For instance, steps might include restricting physicians’ ability to refer multiple interpretations to another physician that is part of their network or group practice, requiring that physicians attach a physician’s order for an averted imaging study to a claim for a secondary interpretation, or requiring physicians to identify the technical component of the existing image supporting the claim.

CMS Designates Global Surgery as “Potentially Misvalued Services”

In the recently proposed 2015 Physician Fee Schedule, CMS devoted significant resources to discussing potentially misvalued services, which I believe is code for places where CMS would like to reduce reimbursement. One of the areas is global surgery fees.

CMS has concerns with the 10 and 90 day global surgery fees because these global packages were designed several decades ago when care was “more homogenous”, as described by CMS. CMS is now concerned that the resource utilization assumptions made for valuing these codes and establishing reimbursement rates are no longer valid, for such reasons as there are not as many follow-up visits, care is provided by different individuals in specialties which may or may not be included in the global surgery fee, and the span of time for the services has decreased.

CMS has stated the following expected benefits:

We believe that transitioning all 10- and 90-day global codes to 0-day global codes would:

  • Increase the accuracy of PFS payment by setting payment rates for individual services based more closely upon the typical resources used in furnishing the procedures;
  • Avoid potentially duplicative or unwarranted payments when a beneficiary receives post-operative care from a different practitioner during the global period;
  • Eliminate disparities between the payment for E/M services in global periods and those furnished individually;
  • Maintain the same-day packaging of pre- and post-operative physicians’ services in the 0-day global; and
  • Facilitate availability of more accurate data for new payment models and quality research.

Therefore, CMS is proposing to eliminate the 10 and 90 day global surgery reimbursement models in 2017 and 2018 respectively, and simply pay separately for the surgical services and for follow-up visits and services that are provided by section of the global surgery payments will result in lower surgery payments, because CMS will now be assuming that other resources are going to be billed separately.

I have attached pages 40341 – 40348 of the Federal Register publication on July 11, 2014 regarding the 2015 proposed Medicare physician fee schedule for your review.

CMS Releases Proposed 2015 Physician Fee Schedule and Projects 20.9% SGR Reduction

CMS has issued the Proposed 2015 Physician Fee Schedule and Fact Sheets for specific issues (ASC, ESRD, Home Health, Physician Quality Programs).

SGR Reduction

Although the Protecting Access to Medicare Act Prohibits any SGR reduction for the first 60 days of 2015, i.e., until March 1, 2015, CMS predicts a 20.9% decrease without legislative action.

Value Based Payment Modifier (VBPM)

Increase the risk amount to 2% in 2016 and 4% in 2017, and adds solo practitioners.

Physician Quality Reporting System

The bonus phase ends in 2014 but penalties will continue.

Chronic Care Management (CCM)

CMS proposes a separate payment for CCM services of $41.92 that can be billed no more frequently than once per month.

Global Surgery

CMS is proposing to restructure global surgery payments. We will issue a separate report on this issue.


CMS is proposing to add annual wellness visits, psychoanalysis, psychotherapy, and prolonged evaluation and management.

Application of Beneficiary Cost Sharing to Anesthesia Related to Screening Colonoscopies

The Medicare law waives deductible and coinsurance applicable to screening colonoscopy. Increasingly, anesthesia separately provided by an anesthesia professional is becoming the prevalent practice in connection with screening colonoscopies, replacing the previous standard of moderate sedation provided intravenously by the endoscopist, which was bundled into the payment for the screening colonoscopy codes. When provided separately with a screening colonoscopy, Medicare did not waive deductible and coinsurance associated with the separately provided anesthesia. If adopted in the final rule, this revision would have the beneficial result of further reducing beneficiaries’ cost-sharing obligations under Part B. This is because the expanded definition of screening colonoscopy would bring anesthesia furnished in conjunction with the service within the scope of the provision that Medicare Part B pays 100 percent of the Medicare payment amount established under the PFS for certain colorectal cancer screening tests.

OIG Report: Questionable Billing for Medicare Part B Clinical Laboratory Services

Perhaps not coincidentally, immediately following the release of the Questionable Laboratory Payments Special Fraud Alert by the OIG, posted yesterday on the Med Law Blog, the OIG has followed up with Audit Report OIG – 03-11-00730: Questionable Billing for Medicare Part B Clinical Laboratory Services. Below are two quoted paragraphs from the executive summary stating the findings and recommendations of the OIG.

In 2010, over 1,000 labs exceeded the thresholds (i.e., had unusually high billing) for 5 or more measures of questionable billing for Medicare lab services. For example, a lab might have an unusually high percentage of claims with ineligible and/or invalid ordering-physician numbers, or an unusually high allowed amount per ordering physician. Almost half of the labs that exceeded the thresholds for five or more measures of questionable billing – compared to 13 percent of all labs – were located in California and Florida, areas known to be vulnerable to Medicare fraud. Some labs that exceeded the thresholds for fewer than five measures also exhibited billing that may warrant further review. Medicare allowed $1.7 billion across all labs for claims associated with questionable billing.

There may be some labs that have legitimate reasons for exceeding certain thresholds. However, collectively, these findings call for stronger oversight of labs and identify specific issues with Medicare payments for lab services that need to be addressed to more effectively safeguard Medicare. Therefore, we recommend that the Centers for Medicare and Medicaid Services (CMS) (1) review the labs identified as having questionable billing and take appropriate action, (2) review existing program integrity strategies to determine whether these strategies are effectively identifying program vulnerabilities associated with lab services, and (3) ensure that existing edits prevent claims with invalid and ineligible ordering-physician numbers from being paid. CMS concurred with all recommendations.

Anti-Kickback Laboratory Enforcement Actions – Special Fraud Alert

There has been significantly enhanced scrutiny of financial relationships between referring physicians by both the Office of Inspector General (OIG) and Pennsylvania authorities.


Pennsylvania enacted amendments to the Pennsylvania Clinical Laboratory Act on December 18, 2013 (the amendments are referred to as Act 122) and the Department of Health and Bureau of Laboratories just issued additional guidance on May 28, 2014 in the form of a Letter and Frequently Asked Questions.

Under Act 122 it is generally unlawful for clinical laboratories to:

  • Pay or receive a commission, bonus, kickback or rebate or engage in a split-fee arrangement in any form with a health care provider/practitioner.
  • Lease or rent space, shelves or equipment or other services within a health care provider’s/practitioner’s office. This includes leasing or renting space for the purpose of establishing a specimen collection station.
  • Directly or indirectly provide personnel to perform functions or duties within a health care provider’s/practitioner’s office for any purpose regardless of whether fair market value is offered or given.
  • Permit the placement of paid or unpaid personnel to perform services (e.g., specimen collection, processing, packaging or handling or genetic counseling) in a health care provider’s/practitioner’s office.


Act 122 also contains three enumerated exceptions to these prohibitions:

  1. A health care provider/practitioner that owns and operates its own clinical laboratory may place its employees in the clinical laboratory.
  2. A clinical laboratory licensed by the Department can refer specimens to another clinical laboratory licensed by the Department or to a CLIA-accredited or certified clinical laboratory.
  3. Clinical laboratories are allowed to own or invest in a building in which space is leased or rented for adequate and fair consideration to health care providers/practitioners.

Federal Enforcement

On June 25, 2014 the Office of Inspector General issued a “Special Fraud Alert: Laboratory Payments to Referring Physicians”.

The OIG has been monitoring physician and laboratory relationships since issuing a Special Fraud Alert on arrangements for the provision of clinical laboratory services in 1994. This new fraud alert addresses two areas:

  1. Blood-specimen collection, processing and packaging arrangements; and
  2. Registry payments.

Specimen Processing Arrangements

The OIG states that characteristics of a questionable specimen processing arrangement may be evidence of unlawful purpose include but are not limited to the following:

  • Payment exceeds fair market value for services actually rendered by the party receiving the payment.
  • Payment is for services for which payment is also made by a third party, such as Medicare.
  • Payment is made directly to the ordering physician rather than to the ordering physician’s group practice, which may bear the cost of collecting and processing the specimen.
  • Payment is made on a per-specimen basis for more than one specimen collected during a single patient encounter or on a per-test, per-patient, or other basis that takes into account the volume or value of referrals.
  • Payment is offered on the condition that the physician order either a specified volume or type of tests or test panel, especially if the panel includes duplicative tests (e.g., two or more tests performed using different methodologies that are intended to provide the same clinical information), or tests that otherwise are not reasonable and necessary or reimbursable.
  • Payment is made to the physician or the physician’s group practice, despite the fact that the specimen processing is actually being performed by a phlebotomist placed in the physician’s office by the laboratory or a third party.

Registry Payments

The OIG has become of arrangements under which clinical laboratories are establishing, coordinating or maintaining databases and paying physicians to collect this information under the alleged guise of research and categorizing these payments as “registry arrangements”.

Characteristics of the registry agreement may be evidence of such unlawful purpose include, but are not limited to the following:

  • The laboratory requires, encourages, or recommends that physicians who enter into Registry Arrangements perform the tests with a stated frequency (e.g., four times per year) to be eligible to receive, or to not receive a reduction in, compensation.
  • The laboratory collects comparative data for the Registry from, and bills for, multiple tests that may be duplicative (e.g., two or more tests performed using different methodologies that are intended to provide the same clinical information) or that otherwise are not reasonable and necessary.
  • Compensation paid to physicians pursuant to Registry Arrangements is no a per-patient or other basis that takes into account the value or volume of referrals.
  • Compensation paid to physicians pursuant to Registry Arrangements is not fair market value for the physicians’ efforts in collecting and reporting patient data.
  • Compensation paid to the physicians pursuant to Registry Arrangements is not supported by documentation, submitted by the physicians in a timely manner, memorializing the physicians’ efforts.
  • The laboratory offers Registry Arrangements only for tests (or disease states associated with tests) for which is has obtained patents or that it exclusively performs.
  • When a test is performed by multiple laboratories, the laboratory collects data only from the tests it performs.
  • The tests associated with the Registry Arrangement are presented on the offering laboratory’s requisition in a manner that makes it more difficult for the ordering physician to make an independent medical necessity decision with regard to each test for which the laboratory will bill (e.g., disease-related panels).

AMA Issues New Telemedicine Policy

Last week, the American Medical Association (AMA) issued a new report regarding coverage of and payment for telemedicine (CMS Report 7-A-14). The report recognizes the telemedicine is a “key innovation in support of health bill reform, being used in initiatives to improve access to care, care coordination and quality, as well as reduce the rate of growth and healthcare spending”.

Given the pace of healthcare reform, it is slighting ironic that the AMA uses, as background for it’s new report, a report issued in 1996 by the Institute of Medicine (IOM) entitled “Telemedicine: A Guide to Assessing Telecommunications for Healthcare”.

The AMA report addresses the three major issues for telemedicine:

  1. Technology;
  2. Reimbursement coverage; and
  3. Licensing and the establishment of an appropriate physician-patient relationship.


The report states that there are now three broad categories of telemedicine technology:

  • Store and forward (asynchronous)
  • Remote monitoring
  • Interactive or synchronous (real-time) services

The report does not approve or disapprove the efficacy of any technology. I believe it is appropriate that the AMA leave the issue of appropriate technology to the States and to commercial and government insurers regarding reimbursement policies. However, I also think it is important that the AMA has acknowledged that telemedicine can be delivered in more ways than simply real time interactions.


The report summarizes the existing reimbursement options or programs and provides examples of reimbursement policies by various insurers. Those summaries are available in the report.

Licensing and Physician-Patient Relationship

The AMA, correctly, acknowledges that licensing should be an issue for the respective medical boards of the states and territories and imposes a single national federalized system of medical licensure.

The AMA states that “a valid patient-physician relationship must be established before the provision of telemedicine services” through:

  • A face-to-face examination “if a face-to-face encounter would otherwise be required in the provision of the same services not delivered via telemedicine”;
  • A consultation with another physician who has an ongoing physician-patient relationship;
  • Meeting standards of establishing a physician-patient relationship is part of evidence based clinical practice guidelines developed by major medical specialties.

I believe the AMA therefore supports the fact that a face-to-face consultation or patient encounter is not a prerequisite for providing telemedicine services in situations in which the relevant standard of care does not necessarily require an actual physical visit. The AMA recognizes that appropriate specialty societies could establish standards of care for the delivery of telemedicine.