Med Law Blog : Pennsylvania Health Care Lawyers & Attorneys : Tucker Arensberg Law Firm : Employee Benefits, HIPAA & HIT in Pittsburgh, PA

Contributed by Scott R. Leah

One of the provisions of the new health care legislation recently enacted by Congress and signed by the President which has not received much publicity is a section that amends the Fair Labor Standards Act to include a guarantee of "a reasonable break time for an employee to express milk for her nursing child for 1 year after the child's birth each time the employee has a need to express the milk."

Employers must permit the employee to do so in "a place, other than a bathroom, that is shielded from view and free from intrusion from co-workers and the public." 

There is no provision that employees be paid for that time, but they must be given unpaid break time to do so.

An employer need not do so if it has less than 50 employees and to permit this would pose an "undue hardship" on the employer. However, the burden will be on the employer to prove that it would truly be an "undue hardship."

The Department of Labor will undoubtedly issue further regulations implementing this new law. For example, the law does not require that employees be given access to a place to store the expressed milk, define what is a reasonable break time, or define what is an appropriate place to do this. 

For now, employers should immediately ensure that unpaid break time is being provided to employees in that situation, and should make reasonable efforts to provide a private place for such employees.

We will further update you when new regulations are issued.

If you have any questions about the Fair Labor Standards Act, please contact Scott Leah at (412) 594-5551 or sleah@tuckerlaw.com.

• Email This
• Print
• Comments
• Share Link

The United States District in Kosenske v. Carlisle HMA Inc. has concluded that this whistleblower case must go to trial on the factual issue of whether Carlisle Hospital violated the False Claims Act by submitting claims for anesthesia services provided arising from referrals from Blue Mountain Anesthesia Associates (BMAA). Dr. Kosenske, the whistleblower in this case, has alleged that the exclusive service agreement between the hospital and BMAA did not comply with the personal service exceptions under the Stark and Anti-Kickback Statutes. 

The Kosenske case was first discussed in the Med Law Blog on February 4, 2009. At that time the third circuit had reversed the prior district court finding that the contracts involved had complied with the personal services exceptions. On remand, the district court has now dismissed cross motions for summary judgment by both parties, and concluded that, because of the fact that false claims violations require that the claims knowingly be made in violation of the statute, the trier of fact must decide both whether the parties were aware of the potential Stark and Anti-Kickback violations and that the claims were thereafter knowingly made. Dr. Kosenske was a former member of BMAA and continued his association with BMAA until 2005, when he left to establish a competing independent pain management practice. Dr. Kosenske is alleging that the exclusive agreement between the hospital and BMAA executed in 1992 did not meet the personal services exceptions of the federal statutes, after the hospital added a separate pain management clinic and ambulatory surgery center in 1998.

• Email This
• Print
• Comments
• Share Link

The law firm of Tucker Arensberg is hosting a complimentary seminar covering the important issues impacting employers regarding the recently passed health care legislation.  The program 'Health Care Reform: What Every Employer Needs to Know and Do' will take place on May 5, 2010 at the Doubletree Pittsburgh/Monroeville Convention Center.  Registration and breakfast are from 8:30 am until 9:00 am with the program running from 9:00 am until NOON. 

To register for this program or if you have any questions, please contact Valerie Scandrol at 412.594.5583 or vscandrol@tuckerlaw.com by April 30, 2010. 

• Email This
• Print
• Comments
• Share Link

From PhysicansNews.com:

• Email This
• Print
• Comments
• Share Link

Today the Senate passed an amended version of H.R. 4851, the act to extend SGR relief ( Continuing Extension Act of 2010 ) by continuing 2009 rates. Since an earlier but different version has already passed the House, this version must be approved again. The AMA predicts action by the end of the week.

Although CMS delayed processing Medicare claims to allow for SGR relief, some claims may now start being processed. CMS has assured that such claims will be reprocessed if SGr relief is enacted retroactively to avoid any window period.

• Email This
• Print
• Comments
• Share Link

Section 6503 of the Patient Protection and Affordable Care Act (PPACA) requires that all billing agents, alternate payees, and clearinghouses that submit claims on behalf of health care providers must register with the state and the Secretary in a form specified by the Secretary. This provision will be effective January 1, 2011.

Section 6505 also prohibits payments to institutions or entities located outside of the United States by states for Medicaid services. You can download a PDF of Sections 6503 & 6505 for more information.

• Email This
• Print
• Comments
• Share Link

Section 6409 of the Patient Protection and Affordable Care Act (PPACA) requires the Secretary of Health and Human Services to develop a Medicare self-referral disclosure protocol, which is intended to allow providers to disclose self-referral violations and negotiate reduced civil penalties. The protocol shall be developed no later than six months following the date of enactment and the Secretary specifically authorized to reduce the amount due and owing for all violations under § 1877 of the Social Security Act, in consideration of the following factors:

1. The nature and extent of the improper or illegal practice; 
2. The timeliness of self-disclosure; and
3. The cooperation in providing additional information related to the disclosure.

• Email This
• Print
• Comments
• Share Link

The Patient Protection and Affordable Care Act (PPACA) contains several provisions aimed to reduce fraud and abuse in home health and Durable Medical Equipment (DME) programs, which CMS and OIG consider to be high risk programs. Effective July 1, 2010, physicians who order covered home health or DME services must be enrolled in Medicare (§ 6405). 

Physicians who provide home health and DME services must maintain records of referring physicians, and CMS is authorized to revoke the enrollment of physicians who fail to provide those records upon request (§ 6406). 

Finally, § 6407 requires that physicians who certify home health services and physicians who order DME services, along with any other providers as determined by the secretary (must have conducted face to face encounters, subject to certain telehealth exceptions) in order to order or certify such services. These requirements will be effective as of January 1, 2010, which means they are effective already. You can download a PDF of Sections 6405-6407 for more information.

• Email This
• Print
• Comments
• Share Link

Contributed by Piyush Seth

As of April 5, 2010 US Citizenship and Immigration Services reported that only 6,791 of the 65,000 "regular" cap  and only 2,734 of the 20,000 advance degree cap petitions had been received.  Click AILA for more information.

In previous years the 65,000 H-1B cap has been reached within the first week of April.  The current availability of visas provides employers a continuing opportunity to find and hire the best and brightest of the World's talent including individuals from the almost 700,000 foreign students currently attending United States universities.  

• Email This
• Print
• Comments
• Share Link

Contributed by Lee Kim, Esquire

The American Medical Association has posted HIPAA Security Rule guidance for physicians.  It recommends that electronic protected health information ("ePHI") should be encrypted and suggests that AES technology should be used (as a more secure alternative to RSA technology).  Both data at rest (e.g., files which reside on your hard drive or other storage media) should be encrypted as well as data in transit (e.g., e-mail and other information transacted by way of the Internet or other network).  Encryption is an addressable implementation specification under the HIPAA Security Rule.  However, it is highly recommend that encryption should be implemented across all computing devices including mobile devices (e.g., thumb drives, laptops, etc.).  Backups should also be encrypted. 

In addition, policies and procedures should be put in writing and implemented to comply with the HIPAA Security Rule.  The workforce must be trained to comply with the HIPAA Security Rule.  In addition to technical safeguards, physical and administrative safeguards must be implemented to ensure the confidentiality, integrity, and availability of ePHI.  Compliance with the HIPAA Security Rule also should be documented.

If you are a covered entity or a business associate in need of HIPAA Security compliance, please contact us for assistance if interested.

• Email This
• Print
• Comments
• Share Link

Section 6003 of the Patient Protection and Affordable Care Act (PPACA), which is the 2010 Healthcare Reform Act, imposes a new disclosure requirement for in office ancillary service referrals of imaging services.  Section 6003 requires that referrals of MRI, CT, PET, and other designated health services as specified by the secretary, must be accompanied by a written notice that the patient may obtain services from other suppliers in the area, a written list of whom must be provided. 

There is considerable controversy regarding the effective date of this requirement.  The statute states that it shall apply to services furnished on or after January 1, 2010.  Commentators have suggested that the statute cannot be applied until the secretary defines certain items, the least of which is the “area in which such individual resides.”

• Email This
• Print
• Comments (1)
• Share Link

Contributed by Albert Lee & Katherine Koop

alee@tuckerlaw.com, kkoop@tuckerlaw.com

Graduating from medical school, joining a practice and staying until retirement rarely happens these days. (Although nationwide physician turnover rates have been on the decline, from 6.7% in 2006 to 6.1% in 2008, some estimate that 40% of newly practicing physicians leave their initial practice group within two years of joining. A recent study of community family practices in Northeastern Ohio found mean duration of work at the current practice location to be 9.1 years.  It is more common for a physician to be employed by multiple practices over his or her career, often within the same community.   Therefore, as an employer it is important to protect your practice from a departing employee joining a competitor or opening their own practice down the block and taking your most valuable asset, the patient. As a physician entering the profession or presented with the opportunity to join a practice, it is likewise important to ensure that you won’t be unreasonably limited to practicing medicine should you choose to ever leave your new employer.

Medical practices often protect themselves from the damage that can result from an employee leaving to work for a competitor by the use of non-competition clauses (also known as restrictive covenants). From the practice's standpoint, a non-competition clause can be a valuable asset when drafted reasonably and, if challenged, can be upheld by a court of law. Because practices are utilizing non-competes, it is important for physicians joining a practice to know if such an agreement is reasonable under the law and in light of all of the circumstances.

The basic tenets of a non-competition clause in Pennsylvania are straightforward:

1)    A non-compete agreement must be tied to a lawful purpose such as entering into or extending an employment relationship.

 2)    The agreement must be reasonably necessary to protect the employer’s actual business interests. In other words, the agreement will likely not be upheld by a court if the actual loss of the employee to a competitor would pose no threat to the practice.   

 3)    The employee's agreement to restrict future employment must be in exchange for receiving something of value, such as the initial job offer, a raise or promotion, or some other tangible benefit. Without such consideration for entering into the agreement, the non-compete will not be upheld.

 4)    To be enforceable, the agreement must be reasonable in time and geographic scope. For example, courts have upheld non-competition agreements with a 1-2 year time frame and limitations on the employee’s ability to practice anywhere from a 1 mile radius to 5 mile radius.

Please note that non-competition agreements that satisfy the above criteria may still be invalidated if either of the following circumstances apply:

First, due to the special position of a physician, the lack of competition in the subject area may invalidate a normally valid non-competition agreement. Pennsylvania case law shows that the public interest can be the determinative factor which dictates enforceability of a non-competition covenant as applied to a health care provider. Courts ruling on the enforcement of a physician non-competition covenant have considered the effect of the covenant on the patients who are in need of the physician’s service. For example, if there is a lack of medical providers, or of a specialist’s services, in a certain geographic area, courts will either invalidate the agreement entirely or blue-line the agreement so as to assure that the covenant would not compromise patients' ability to obtain adequate skilled care in the geographical area in which the health care provider is planning to work. In other words, the employer must evaluate the likelihood that consumers could be adequately served by existing health care providers or the hiring of a new physician of the same discipline to meet patient demand.

Second, past practices of enforcing or failing to enforce breaches of existing non-competes may prove detrimental to enforcing breaches of non-competes in the future. Specifically, it may be appealing to have a strong, all-encompassing non-compete and have all of your physicians and employees sign it upon joining the practice, but thereafter only fight to enforce non-competes for certain employees and only when their separation threatens the viability of your practice. However, this is not a prudent practice. Employers that require non-competes for all employees or certain positions, but then neglect to enforce those non-competes have later found it hard to justify their ad hoc enforcement against some employees, but not others. Courts are likely to find that the failure to pursue some employees' violations of non-competes demonstrates that there is no real need for the restriction in the first place. Thus, a practice should bind with a non-competition agreement only those employees whose breach of such an agreement would warrant enforcement. You should consistently enforce breaches of any non-compete or be prepared to explain the reasons behind any decisions to not pursue enforcement.

Questions to ask prior to entering into a non-compete agreement:

For the employer:

Before demanding that all employees in your practice sign what appears to be an iron-clad non-compete agreement, as an employer you should ask yourself a few questions:

What activity do you need to prohibit?

If a particular physician leaves your employ to work for a competitor, could you provide the same medical services of that physician to your patients and/or the geographic region?

How far from your practice do most of your patients live? Do your patients travel 2 miles or across the county to be treated? Do the geographic limitations in your non-compete reflect the answer to this question?

Are you part of a regional hospital group, and if so, would the non-compete restrict the physician from practicing within a certain distance of other related hospital group practices? Is this restriction necessary to protect your practice?

Have you consistently enforced your non-competes in the past? If not, what are the reasons you chose not to enforce the non-compete?

Are you offering something of value in exchange for the non-competition agreement? If the non-competition agreement is part and parcel of the original job offer, have you clearly indicated to the physician - prior to the commencement of the employment relationship - that the agreement is a condition of the employment? 

Before tendering a non-competition agreement to a potential hire, do I need to consult an attorney?

For the employee:   

When presented with a non-compete agreement, as an employee, you should consider asking yourself and/or your potential employer the following questions:

Are there other physicians practicing your specialty within the area? If so, where?

How far from the practice do most of the practice’s patients live? If the non-compete appears overly restrictive in scope, consider asking the employer to modify the agreement.

If you were bound to the proposed terms of the non-compete, how would this affect your current living situation? Would there be opportunities for employment outside of the restricted geographic area?

Before executing an agreement or accepting new employment that may violate my non-compete, do I need to consult an attorney?

• Email This
• Print
• Comments
• Share Link

• Email This
• Print
• Comments (1)
• Share Link

Contributed by Lee Kim, Esquire

lkim@tuckerlaw.com, 412.594.3915

The mention of the HIPAA security rules often provokes an irrational fear in people who are not so technically inclined, but there is a difference between knowing the legal compliance requirements and being an information technology specialist. Here is a simple summary of your security obligations and otherwise recommended practices under the HIPAA security rule. Please note: the HIPAA security rules apply to both covered entities and business associates. Covered entities are obligated to follow the HIPAA security rules and business associates will be obligated to follow them as of February 17, 2010. 

In order to have an effective HIPAA security compliance program, the following technical safeguards must be implemented under the current HIPAA Security Rules by both covered entities and business associates:

1)  Access control under 45 C.F.R. §312(a).

Policies and procedures must be implemented for information systems that maintain ePHI to ensure that only those persons or software programs that have been granted access rights.

In particular, a unique user identification must be assigned to each user for the purpose of identifying and tracking that user.

Policies and procedures must also be established and implemented as needed for obtaining necessary ePHI during an emergency (e.g., natural or manmade disaster). Key considerations include what situations would require emergency access to ePHI and which people would require emergency access to ePHI in an emergency situation.

* Automatic logoff after a period of inactivity and encryption/decryption of ePHI may be addressed and implemented to ensure access control.

2)  Audits on access to electronic protected health information (“ePHI”) under 45 C.F.R. §312(b).

Hardware, software, and/or procedural mechanisms must be implemented which record and examine information systems activity that contain or use ePHI especially in relation to a security incident. The audits may be manual or automated and may involve the use of reports.

The purpose of this measure is to ensure that authorized individuals or entities are accessing the ePHI.

3)  Person/entity authentication under 45 C.F.R. §312(d).

Policies and procedures must be implemented for information systems that maintain ePHI to allow access only to persons or entities that are authorized to do so. In other words, authorized users must confirm that they are who they claim to be. 

Authentication may be accomplished many ways including by way of information which only the authorized user knows (e.g., a password or PIN), something which only the authorized user possesses (e.g., a smart card, digital signature, token, or a key), or a biometric pattern which is unique to that individual (e.g., a fingerprint, iris pattern, voice pattern, etc.).

4)  Integrity of ePHI under 45 C.F.R. §312(c)(1).*

If deemed appropriate, measures must be implemented to protect ePHI from unauthorized alteration or destruction. ePHI may be altered or destroyed intentionally or unintentionally, whether by way of technical or non-technical means. 

Regardless of the reason for unauthorized alteration or destruction of ePHI, measures may be implemented to protect the integrity of ePHI. For example, check sum verifications may be done to ensure that the ePHI has not been altered or destroyed in an unauthorized manner. Similarly, ePHI may be digitally signed to ensure that ePHI has not been altered or destroyed in an unauthorized manner.

5)  Secure transmission of ePHI under 45 C.F.R. §312(e).*

If deemed appropriate, ePHI must be encrypted to guard against improper modification of ePHI that is being transmitted over an electronic communications network. Key considerations include whether encryption is needed to protect the ePHI during transmission.

* The entity should assess whether the technical safeguard is reasonable and appropriate in the operating environment and whether it is likely to contribute to protecting the entity’s ePHI. If the safeguard is reasonable and appropriate, then it should be implemented. If not, the entity should document why it would not be reasonable and appropriate and implement an equivalent alternative measure, if deemed to be reasonable and appropriate.

• Email This
• Print
• Comments
• Share Link

All are invited to join a White House Conference Call on Health Insurance reform today, Thursday April 1 at 5:00PM EST. Call 800-230-1951 (a phone number for the AT&T teleconference service) a few minutes prior to the scheduled time and ask the operator for the "Health Care Call." Thank you to Lynn Sweet, columnist and Washington Bureau Chief for the Chicago Sun-Times for passing on this information via Twitter.

• Email This
• Print
• Comments
• Share Link