On September 24, 2020, President Trump issued an Executive Order encouraging Congress to restrict surprise billing and prevent third party payors from denying care to patients with pre-existing conditions. President Trump wants Congress to act prior to the end of the year, but obviously there is not much chance of that happening.
Most medical practices view HIPAA compliance as maintaining appropriate documentation regarding patient notices and consents, and controlling access to the PHI within the office; that’s PRIVACY. Practices tend to forget the technology/security side of HIPAA, which requires maintaining, or reasonably attempting to maintain, secure EHR/IT systems; that’s SECURITY.
Athens Orthopedic Clinic PA agreed to pay $1.5 million in damages to settle potential violations of HIPAA following a self-reported breach report informing OCR that approximately 208,000 patient files were affected because of a hacker breach.
The OCR investigation revealed “long standing, systemic non-compliance with the HIPAA privacy and security rules”.
Remember that HIPAA requires both PRIVACY and SECURITY.
The American Health Law Association and Health IT News recently published reports indicating enormous increases in telehealth hacking attacks.
Sam Kassoumeh, COO of Health IT News and Co-Founder of SecurityScorecard, stated:
“The rapid pace at which telehealth applications were ruled out during the pandemic made them attractive targets for cyber criminals . . . Our report (SecurityScorecard) findings illustrate that in order for the health care industry to protect patients and provide data, bidding and enforcement security protocols around new technology providers remains paramount”.
The rapid increase is attributed to several factors:
- Individual fears of the pandemic making them susceptible to phishing attacks
- Patients connecting with telehealth providers using web-based applications with inadequate security protection
- Insufficient endpoint security in medical devices and COVID diagnostic services
- Telehealth services operating over under protected networks
A conclusion, stated by Andy Riley, Executive Director of Security Strategy at managed securities vendor, Nuspire, was:
“Any time you make a change to an IT environment, you have the potential to increase risk”.
For additional information contact Mike Cassidy.
Michael Cassidy has been included by his peers in the Health Care Law category in The Best Lawyers in America 2021. Best Lawyers is the oldest and most respected peer review publication in the legal profession, and has been compiling a list of best lawyers for 27 years. Best Lawyers is widely regarded within the legal profession as a signal honor, confirmed upon lawyers by their peers.
Attached is a link to the fact sheet for “proposed policy, payment, and quality provisions changes to Medicare physician fee schedule for calendar year 2021”.
Among other things, Centers for Medicare & Medicaid Services (CMS) proposes to:
- Significantly decrease the Medicare Work Relative Value Unit (WRVU) conversion factor from $36.09 to $32.26
- Significantly revise the WRVU waiting and coding guidelines for popular E&M Codes 99211-99215
- Significant WRVU decreases for radiology, CRNAs and chiropractors
- Additional telehealth approved services
Contact Mike Cassidy for additional information.
Centers for Medicare & Medicaid Services (CMS) published the new hospital outpatient and ambulatory surgical center fee schedule for 2021 on August 12, 2020 at this this link: https://www.federalregister.gov/documents/2020/08/12/2020-17086/medicare-program-hospital-outpatient-prospective-payment-and-ambulatory-surgical-center-payment
As part of the proposed revisions, CMS intends to transfer over 1,500 procedures from the “inpatient only” category, including 266 musculo-skeletal procedures as of 2021, the explanation and list of which begins on page 386 in the attached link.
For additional information contact Mike Cassidy.
Mike Cassidy’s article, “Return to practice under the COVID threat” appears in the Bulletin of the Allegheny County Medical Society June edition.
On June 23, 2020, the United States District Court for the District of Columbia denied the American Hospital Association’s (AHA) summary judgment motion claiming the Trump Administration had exceeded its authority and violated the First Amendment when it issued a new rule requiring greater price transparency.
The Opinion is attached in the link below. It begins by stating “the impenetrability of hospital bills is legendary”, “arcane”, and “mystifying”.
By way of background, the Affordable Care Act of 2010 required hospitals to post a list of their standard charges. For the next 8 years, hospitals were able to satisfy the technical requirements of this Act by posting chargemasters. However, the standard charges and the actual prices are, as everybody knows, essentially unrelated to each other.
On June 24, 2019, President Trump issued an Executive Order, identified in the Opinion, directing HHS to promulgate regulations requiring hospitals to post standard charge information and actual price information. The final rule, also explained in the Opinion, is scheduled to go into effect January 1, 2021. HHA and other plaintiffs sought summary judgment banning the rule has having exceeded HHS’ statutory authority.
HHS filed a motion for summary judgment, seeking the opposite. The Court concluded HHS had fulfilled its duty to examine the evidence before issuing a final rule, had acted appropriately and with its statutory authority, and rejected HHA’s motion and granted HHS’ motion.
This is a link to the update of the OIG Work Plan that you will see it includes several new entries regarding COVID issues at nursing homes:
- Meeting the challenges presented by COVID
- Audit of nursing homes reporting of COVID-19 information
- Nursing home oversight during COVID-19.
The COVID pandemic has illuminated the need to modernize professional licensing. Although professional licensing has always been a necessary vigilance with licensing has always been appropriate, and never more so than as highlighted by the opioid epidemic and telemedicine fraud schemes when physicians could issue prescriptions and orders for services over the internet for patients with whom they had no meaningful professional contact, there is obviously new interest in this area. State licensing boards were appropriately vigilant, although perhaps they overreacted, because the shortage of available healthcare providers has dramatized the deficiencies of state-by-state licensing and unnecessary bureaucracy.
Professional licensing in the age of instant information access has confirmed the necessity for some degree of reciprocity or national licensing. For those that oppose national licensing, the most effective solution is probably the multi-state licensing compact promulgated by the Federation of State Medical Boards (FSMB). Almost 30 states participate in the Interstate Medical Licensure Compact (IMLC) now, and allow physicians to qualify for multi-state licensing with the participating physicians without the need of individual state-by-state licensing.
This should not be confused with expanding the scope of practice. The COVID pandemic has also prompted state licensing boards to relax scope of practice restrictions or perhaps just suspend enforcement and, when the pandemic is over, those who would have benefited from the expanded scope of license will resist retrenchment, presumably citing the efficacy of the process as highlighted by the COVID experience. However, the data from the COVID experience will be so jumbled for several years that it is unlikely to actually prove the effectiveness of expanded scope of practice, but it does highlight the need and appropriateness of reviewing those issues.