Med Law Blog : Pennsylvania Health Care Lawyers & Attorneys : Tucker Arensberg Law Firm : Employee Benefits, HIPAA & HIT in Pittsburgh, PA

The Department of Health and Human Services has published proposed regulations for the National Practitioner Data Bank (NPDB).  The new regulations are intended to incorporate Section 1921 of the Social Security Act, which was enacted as part of the Medicare and Medicaid Patient and Program Protection Act of 1987 (MMPPA). 

These proposed regulations were first published on March 21, 2006. Over the next several weeks we will provide summaries of the major changes. 

• Email This
• Print
• Comments
• Share Link

Contributed by Scott R. Leah, Esq.

sleah@tuckerlaw.com, 412.594.5551

In a recent case, several physicians challenged the ability of a medical practice to restrict their ability to practice medicine in accordance with a noncompetition agreement that they had signed. The physicians argued that the agreements were void as they violated state law on restricting the ability of physicians to practice medicine.

The Montana Supreme Court noted that the Montana law in question was not violated so long as the noncompetition agreement places only a reasonable restriction on the rights of a physician to practice medicine.

In that case, the noncompete did not absolutely bar the physicians from practicing medicine in the geographic area, but rather reduced the amount of their partnership interest that they would receive upon departure if they chose to practice medicine in that geographic area.

The Supreme Court reversed the trial court's granting of summary judgment to the departing physicians, holding that the trial court should have allowed for a factual determination as to whether that restriction was "reasonable."

• Email This
• Print
• Comments (2)
• Share Link

The case of Cowell v. Good Samaritan Community Health Care, a state court case in Washington, provides guidance on two of the four elements of HCQIA immunity, i.e. that the action was reasonably taken in the furtherance of quality health care and the necessary substance to establish a reasonable investigation. 

Dr. Cowell raised an unusual argument to defeat HCQIA immunity. She alleged that the conduct which was the subject of the peer review investigation caused no harm to patients, therefore, an adverse peer review action designed to eliminate that conduct obviously did not serve to further quality health care. 

As noted in the BNA Health Care Reporter, “The court found these arguments “misdirected” because they focused on whether Cowell actually harmed patients and whether the defendants’ actions actually improved health care at the hospital. The court said that HCQIA is not dependent upon those facts; the professional review need not result in actual improvement in health care – it need only be directed to actions reasonably believed to further quality.”

Dr. Cowell also complained about three instances which she believed established the lack of a reasonable investigation. The court responded by quoting the famous excerpt from Singh vs. Blue Cross/Blue Shield of Massachusetts, which states that physicians are entitled to “a reasonable investigation under the Act, not a perfect investigation.”

• Email This
• Print
• Comments (1)
• Share Link

The stalled healthcare reform initiative leaves the Medicare Physician Fee Schedule problem of the Sustainable Growth Rate (SGR) imposed 21.5% reduction as a stand alone separate issue. The physician fee schedule decrease was postponed for 2 months by an Obama addition to a defense approriation bill, with the expectation that a long term solution would be included in the healthcare reform legislation. That looks unlikely now. Below is the AMA lobbying response to that issue.

eVoice^® Alert

Jan. 20, 2010

Keep your patients, your practice at forefront of Congress' decision on SGR

As the U.S. Senate returns to Capitol Hill today—and continues its deliberations on the floor—now is the time to act.

The 21 percent Medicare physician payment cut that had been scheduled to take effect this month has been delayed until March 1, giving us a short window of opportunity. Now is our chance to help permanently repeal Medicare's sustainable growth rate (SGR) formula. Connect with your senators today by calling (800) 833-6354 and tell them to pass legislation to permanently repeal the SGR formula.

Continuing this game of "kick the can" harms the stability and security of the entire Medicare system and the millions of seniors and military families it is intended to serve. That's why the AMA has made it abundantly clear to members of Congress and the White House that the days for Band-Aids are over. Mobilizing grassroots networks across the country, the AMA has begun an aggressive advertising and publicity campaign this month—and developed a new television ad—to make sure patients and likely voters are aware of and can help address this problem.

But senators need to hear directly from you—America's physicians. Call the AMA's toll-free grassroots hotline at (800) 833-6354 today, and please encourage your colleagues to do the same. An AMA physician flier (PDF) can direct them on how they also can help repeal the Medicare SGR formula.

Time is running out. Call for the future of your practice and the patients in your care.

• Email This
• Print
• Comments
• Share Link

The Health Information Technology for Clinical Health Act (the "HITECH" Act) provides economic incentive for the adoption and meaningful use of health information technology and qualified Electronic Health Record systems ("EHR"s). A physician, other professional, or hospital shall be deemed to be a meaningful EHR user if:

This sounds great. But, the amount of information "out there" on meaningful use is overwhelming and it seems that the medical community is struggling with what it is and how it can be implemented. To this end, a commentator on "meaningful" use wrote a succinct, yet compelling, critique of "meaningful use." John’s post on the EMR and HIPAA blog may be found here: <http://www.emrandhipaa.com/emr-and-hipaa/2010/01/19/some-pointed-thoughts-on-meaningful-use/> (last accessed January 20, 2010).

 lkim@tuckerlaw.com or 412.594.3915

• Email This
• Print
• Comments
• Share Link

In Bansal vs. Mount Carmel Health Systems, Inc., an Ohio state appellate court ruled that the hospital had failed to prove that documents were protected by Ohio’s statutory peer review privilege (Ohio Rev. Code § 2305.25), and reversed a trial court summary judgment decision. Dr. Girraj K. Bansal was removed from the hospital’s call schedule, and then brought suit against the hospital alleging race, color, national origin, and age discrimination in violation of federal civil rights laws, tortious interference with business and contractual relationships, defamation and a violation of his rights under the First Amendment. During discovery, Dr. Bansal requested certain documents, but the hospital asserted the Ohio peer review privilege regarding certain documents. Dr. Bansal filed a motion to compel discovery, and the hospital filed a motion for summary judgment. 

Although the hospital asserted the state peer review privilege, the court decided that simply labeling a document as confidential, privileged or peer review was not sufficient to meet the burden of proof imposed by the statute stating, “The health care entity must provide evidence as to the specific documents requested, not generalities regarding the types of documents usually contained in the peer review committee’s records.”

The court stated that a health care entity may attempt to meet this burden by either submitting the documents in question to the trial court for an in camera inspection, or by presenting affidavit or deposition testimony containing the information necessary for the trial court to make an appropriate decision. The health care entity must first establish the existence of a committee that meets the statutory definition of “peer review committee,” and then must establish that each of the documents that it refuses to produce in response to a discovery request are records of that peer review committee.

Tags:               

Category:         Peer Review

http://op.bna.com/hl.nsf/r?Open=mapi-7zeqbh

• Email This
• Print
• Comments
• Share Link

 Contributed by Piyush Seth, Esquire

pseth@tuckerlaw.com, 412.594.5640

• Subject line: LAST NAME, First name of the adopting parent, and USCIS case number and NVC case number, if available
• If you are adopting more than one child, please send separate e-mails for each child
• Include the name, DOB, gender of the child, and the current location of the child in Haiti
• Include any contact information for the child’s current whereabouts
• Please include a recent photograph of the child
• Attachments: Limit attachments to 10 megabytes per e-mail message.  If necessary, split your communication into more than one message, and indicate in the subject line the total number of e-mails and the message number  (i.e. “1 of 2”)

The following case documents should be sent to USCIS for the process:

• Email This
• Print
• Comments (1)
• Share Link

Contributed by Lee Kim, Esquire

lkim@tuckerlaw.com or 412.594.3915

Connecticut Attorney General, Richard Blumenthal, as parens patriae for the State of Connecticut and on behalf of the State of Connecticut, sued Health Net of the Northeast, Inc. (“Health Net”) for multiple HIPAA violations. In a nutshell, Mr. Blumenthal stated in a press release, “The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable... Protected private medical records and financial information on almost a half million Health Net enrollees in Connecticut were exposed for at least six months - most likely by thieves - before Health Net notified appropriate authorities and consumers.” See press release.  (last accessed January 19, 2010).

 According to the complaint  (last accessed January 19, 2010), Health Net allegedly learned on or about May of 2009 that a portable disk drive, which contained protected health information (“PHI”), social security numbers, and bank account numbers for about 446,000 past and present Connecticut enrollees and 27.7 million scanned pages of documents, disappeared from Health Net’s Shelton, Connecticut office.

The complaint further alleges that Health Net, knowing that protected health information was subject to stringent privacy and security provisions of HIPAA, delayed and otherwise failed to properly and timely notify the Connecticut Attorney General’s Office or any other Connecticut government authorities regarding the missing PHI.   According to the complaint, Kroll Inc., a computer forensic consulting firm retained by Health Net, indicated that the data on the portable drive was not encrypted or otherwise protected from access and viewing by unauthorized persons or third parties and viewable through the use of commonly available software. 

Connecticut residents whose PHI was or was reasonably believed to have been accessed by an unauthorized person as a result of the data breach were not notified about the breach until a posting of a notice on its website on November 18, 2009 and by way of letters sent to these individuals starting November 30, 2009 as alleged by the complaint.

1.      Technical Safeguards (Required).

Access Control.

The HIPAA Security Rules require that an entity control access to PHI so that only authorized personnel can access it.

Encryption.

Encryption may be implemented to further secure the PHI under the Security Rules so that unauthorized persons may not have access to the PHI.

2.      Administrative Safeguards (Required).

Policies and procedures must be implemented to reasonably safeguard PHI so that unauthorized persons may not have access to the PHI including policies and procedures to prevent, detect, contain, and correct security violations involving PHI. In particular, this involves PHI that is created, received, maintained, or transmitted. 

The workforce, including employees and independent contractors, must be effectively supervised and trained to comply with the requirements of the HIPAA Security Rule which has the overall objective to ensuring that no unauthorized persons have access to PHI. The supervision and training must be necessary and appropriate for members of the workforce to carry out their respective functions and maintain security of PHI.

Once a security incident is identified or suspected, the entity must mitigate, to the extent practicable, the harmful effects of such incidents.

3.      Physical Safeguards (Required).

Policies and procedures must be implemented with regard to the receipt and removal of hardware and electronic media that contain electronic PHI into and out of a facility and the movement of items within a facility.

• Email This
• Print
• Comments
• Share Link

Contributed by Lee Kim, Esquire

lkim@tuckerlaw.com, 412.594.3915

The HIPAA Security Rules require covered entities and (soon) business associates to implement and adopt administrative, physical, and technical safeguards to ensure that electronic protected health information (“ePHI”) is adequately protected from those without legitimate cause to access such information.  Only authorized personnel should be allowed to access ePHI and only when there is a legitimate (e.g., medical) reason under the HIPAA provisions.  HIPAA audit trails should be monitored to ensure that ePHI is being accessed appropriately.  In addition, when an employee or a contractor has been dismissed, his or her access should be restricted to ensure that he or she will not access the information to ensure compliance with the HIPAA provisions.

The government has recently started to scrutinize HIPAA violations and invoke criminal sanctions against those individuals who violate the HIPAA provisions.  In a press release, the FBI has stated that Huping Zhou, 48, of Los Angeles, California is one of the first people in the nation to be convicted of violating the HIPAA privacy provisions according to the Los Angeles office of the Federal Bureau of Investigation.  On January 12, 2010, he pleaded guilty prior to a scheduled trial to begin next week to four misdemeanor counts of violating the HIPAA privacy provisions.

By way of background, Mr. Zhou was a licensed cardiothoracic surgeon in China who was employed in 2003 at UCLA Healthcare System as a UCLA School of Medicine Researcher.  On October 29, 2003, he received a notice of intent to dismiss him from employment for reasons unrelated to the HIPAA violations.  However, for the next three weeks, Mr. Zhou continued to access private and confidential medical records of various individuals including his immediate supervisor’s, other co-workers, celebrities, and high-profile people.  He accessed these records without any legitimate reason under HIPAA.

“There is a persistent problem with improper and illegal viewing of medical records by individuals who abuse the access they have as a result of their employment,” Acting United States Attorney George S. Cardona said.  “The FBI is committed to investigating violations of HIPAA laws, the compromise of which can cause major financial or emotional distress,” said Steven M. Martinez, Assistant Director in Charge of the FBI in Los Angeles.  “These laws exist to protect the privacy that must be afforded to all patients…” said Mr. Martinez.

Click here for the original press release.

• Email This
• Print
• Comments
• Share Link

Both the Senate and the House versions of the health care reform bills are 2,000 page unindexed monstrosities, making it extremely difficult to locate provisions of interest. The Sunday, January 10, 2010 edition of the Pittsburgh Post Gazette, reports that a retired business professor, Doug Lowry, has written a program allowing searches of the Senate and House bills on a free website, www.searchthebill.com. I have tried this and the results are impressive, but be forewarned that generic searches for items such as “improving quality health care” will still produce dozens of hits; 98 hits to be exact for that phrase. 

• Email This
• Print
• Comments
• Share Link

Tucker Arensberg’s Mike Cassidy will present at the American Health Lawyers Association (AHLA) Physician and Hospitals Law Institute in Miami, Florida in February 2010.

Sessions at the event will provide focused analysis of the legal challenges faced by hospitals, physicians and their counsel. Breakout sessions will cover hospital/physician relationships, electronic health records (EHRs) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, valuation, the False Claims Act, reimbursement, transactional issues, risk management and Mike’s presentation.

Mike will present Neutral Peer Review: Is MS.01.01.01 an Opportunity to Make Peer Review Less Litigious?

• Email This
• Print
• Comments
• Share Link

 Contributed by Nawshin Ali, Esquire

(412) 594-5530, nali@tuckerlaw.com

Certified registered nurse practitioners (CRNPs) in Pennsylvania now have expanded authority in prescribing drugs due to amendments to the rules and regulations of the Pennsylvania State Board of Nursing (49 Pa.Code Ch. 21) effective as of December 12, 2009.

CRNPs can now prescribe Schedule II controlled substances for up to a 30-day supply, where previously they could prescribe for only 72 hours. The revised regulations also eliminate the requirement that CRNPs notify their collaborating physician within 24 hours of prescribing a Schedule II controlled substance. Additionally, CRNPs may now prescribe Schedule III and IV controlled substances for up to a 90-day supply, up from the previous 30-day limit. 

The full text of the revised regulations can be found in The Pennsylvania Bulletin at http://www.pabulletin.com/secure/data/vol39/39-50/2276.html. 

CRNPs should file the State Board of Nursing’s Prescriptive Authority Change Form, available at http://www.dos.state.pa.us/bpoa/lib/bpoa/20/nurs_board/crnp_prescriptive_authoritity_change_form.pdf, to change controlled substance schedules, timeframes, or drug categories on existing collaborative agreements. More information can also be found on the State Board of Nursing’s list of frequently asked questions at http://www.dos.state.pa.us/bpoa/lib/bpoa/20/nurs_board/faqs_crnp_prescriptive_auth.pdf.

• Email This
• Print
• Comments
• Share Link

In a recent search for health care blogs, the Medlaw Blog was second on Google, out of millions of hits. The Health Care Blog was first, and we were impressed enough to add it as a link on ours. Happy New Year.

• Email This
• Print
• Comments
• Share Link