Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY

Similar documents
ANCILLARY services: How to Stay Out of Trouble. The neurosurgical minefield Informed consent

Fraud and Abuse Compliance for the Health IT Industry

Managing Financial Interests: The Anti Kickback Statute (AKS)

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Federal Fraud and Abuse Enforcement in the ASC Space

Provider and Provider Relationships. Primary Fraud and Abuse Issues

Compliance Program. Health First Health Plans Medicare Parts C & D Training

COMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

COMPLIANCE; It s Not an Option

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

HIPAA Compliance Under the Magnifying Glass

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA: Impact on Corporate Compliance

Hancock, Daniel & Johnson, P.C., P.O. Box 72050, Richmond, VA , ,

ARRA s Amendments to HIPAA Privacy & Security Rules

Region 10 PIHP FY Corporate Compliance Program Plan

Investigator Compensation: Motivation vs. Regulatory Compliance

Medicare Parts C & D Fraud, Waste, and Abuse Training

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA & The Medical Practice

FRAUD, WASTE, & ABUSE (FWA) for Brokers. revised 10/17

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

D E B R A S C H U C H E R T, C O M P L I A N C E O F F I C E R

Check Your Physician Contracts

HIPAA Basic Training for Health & Welfare Plan Administrators

HOSPITAL COMPLIANCE POTENTIAL IMPLICATION OF FRAUD AND ABUSE LAWS AND REGULATIONS FOR HOSPITALS

ARE YOU HIP WITH HIPAA?

7/25/2018. Government Enforcement in the Clinical Laboratory Space. The Statutes & Regulations. The Stark Law. The Stark Law.

Anti-Kickback Statute Jess Smith

PHYSICIAN ALIGNMENT: LEGAL AND FAIR MARKET VALUE COMPLIANCE

Physician Lease Arrangements: New Rules

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training

HIPAA Privacy & Security. Transportation Providers 2017

Gifts to Referral Sources. Kim C. Stanger (11-17)

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

DEPARTMENT OF HEALTH AND HUMAN SERVICES. Office of Inspector General s Use of Agreements to Protect the Integrity of Federal Health Care Programs

Conflicts of Interest 9/10/2017. Everything a Health Care Executive Needs to Know about the Anti-Kickback Statute. May 2, 2017 Article from JAMA:

This course is designed to provide Part B providers with an overview of the Medicare Fraud and Abuse program including:

HIPAA UPDATE/ OCR ENFORCEMENT

Developed by the Centers for Medicare & Medicaid Services

Health Care Compliance Association

CORPORATE COMPLIANCE POLICY AND PROCEDURE

Improving Integrity in Nursing Centers

Medical Ethics. Paul W. Kim, JD, MPH O B E R K A L E R

Anti-Kickback Statute and False Claims Act Enforcement

LEGAL ISSUES IN HEALTH IT SECURITY

Getting a Grip on HIPAA

Business Associate Agreement

NOTICE OF PRIVACY PRACTICES

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HHS, Office for Civil Rights. IAPP October 11, 2012

Stark and the Anti Kickback Statute. Regulating Referral Relationship. February 27-28, HCCA Board Audit Committee Compliance Conference.

Mission Statement. Compliance & Fraud, Waste and Abuse Training for Network Providers 1/31/2019

Ensuring Compliance with the Law - Properly Structuring Innovative Marketing and Creative Joint Ventures. Top 5 Things to Know for CE:

Ensuring Compliance with the Law - Properly Structuring Innovative Marketing and Creative Joint Ventures. Clay Stribling, Esq.

"HIPAA RULES AND COMPLIANCE"

HIPAA Notice of Privacy Practices

AHLA. F. Anti-Kickback Primer. David E. Matyas Epstein Becker & Green PC Washington, DC

The Basics of HIPAA Business Partner and Chain of Trust Agreements Coverage and Requirements

Repay Overpayments (18 USC 1347; 42 CFR et seq.)

Telemedicine Fraud and Abuse Under the Microscope

Industry Funding of Continuing Medical Education

Determining Whether You Are a Business Associate

PURCHASING INTERNET LEADS: SURE, IT CAN BE DONE, BUT BE VERY CAREFUL. Denise Leard, Esq Brown & Fortunato, P.C.

Completing the Journey through the World of Compliance. Session # COM6, March 5, 2018 Gabriel L. Imperato, Managing Partner Broad and Cassel

The Anti-Kickback Statute. May 3, 2013 Tennessee Hospice Organization Compliance Forum

S ark L aw aw An A t n i-kickbac b k S atut u e an an d Fal F se Cl C aims A c A t E f n orcement Jay y P. P A n A sti t n i e, e JD R adma m p

PI Compensation: Methods, Documentation, and Execution

PI Compensation: Methods, Documentation, and Execution

6/2015. Hospital Board Training Part 2: Laws Every Board Member Should Know. Holland & Hart LLP

HIPAA Privacy and Security Breaches 10 Things To Know

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

2016 Business Associate Workforce Member HIPAA Training Handbook

HIPAA and Lawyers: Your stakes have just been raised

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

Certifying Employee Training Navicent Health s Corporate Integrity Agreement Year Two

WHAT EVERY NEW PRACTITIONER SHOULD CONSIDER

Robert E. Parker, Ph.D., P.C st Ave S. #101 Normandy Park, WA (206)

SOONERCARE GENERAL PROVIDER AGREEMENT

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

Hospital Incentive Payments to Physicians for Quality and Cost Savings

To: Our Clients and Friends January 25, 2013

Management Alert Final HIPAA Regulations Issued

Developed by the Centers for Medicare & Medicaid Services Issued: February, 2013

Highlights of the Omnibus HIPAA/HITECH Final Rule

H e a l t h C a r e Compliance Adviser

REGULATORY ISSUES IMPACTING SUPPLY CHAIN

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

DEPARTMENT OF VERMONT HEALTH ACCESS GENERAL PROVIDER AGREEMENT

AFTER THE OMNIBUS RULE

Health Law 101: Issue-Spotting In Dealing With Health-Care Providers. by William H. Hall Jr.

Contracting With Research Sites And Investigators: A Fraud And Abuse Primer

FRAUD AND ABUSE LAW IMPLICATED BY COMPENSATION ARRANGEMENTS. Lee Rosebush, PharmD, RPh, MBA, JD

HIPAA Data Breach ITPC

Transcription:

LEGAL ISSUES IN PHYSICAL THERAPY Paul J. Welk, PT, JD Tucker Arensberg, P.C. pwelk@tuckerlaw.com 2017 PHCA Annual Convention 1 Disclaimer The purpose of this presentation is to provide a general overview of legal concepts and is not intended to serve as legal advice. It is important to consult an attorney for individual legal advice. 2 1

Learning Objectives Understand the basics of the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) as it relates to physical therapy services. Recognize lessons learned from prior HIPAA enforcement examples. Understand the basics of healthcare fraud and abuse laws to better identify potential compliance and legal issues affecting physical therapists. Through the review of recent enforcement examples, be able to return to the workplace and assess current practices for potential issues of concern. 3 Why HIPAA? The Privacy Rule assures that an individual s health information is properly protected while still permitting the flow of health information needed to provide health care. The Security Rule sets a national standard to protect an individual s electronic protected health information ( PHI ) that is created, received, used, or maintained by a covered entity (or by a business associate on behalf of the covered entity). 4 2

HIPAA Preemption Generally, state laws that are contrary to the Privacy Rule are preempted by federal requirements, meaning that federal HIPAA requirements will apply. Exception to this general rule occurs when an individual would have greater privacy protections under state law. 5 Who Does the Privacy Rule Cover? The HIPAA Privacy Rule applies to: o Covered entities o Business associates 6 3

Protected Health Information Protected health information: o Individually identifiable information (including demographic data) that relates to the individual s past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Examples 7 Disclosures Under HIPAA General Rule: A covered entity may not use or disclose protected health information, except: o as the HIPAA Privacy Rule or other state or federal law permits or requires; o as the individual who is the subject of the PHI (or the individual s personal representative) authorizes in writing; and o as required by the Secretary of Health and Human Services for HIPAA compliance purposes. 8 4

Required Disclosures A covered entity shall disclose protected health information: o to individuals when they request access to, or an accounting of disclosures of, their protected health information; o to the Secretary of Health and Human Services when it is undertaking a HIPAA investigation; and o when required by federal or state law. 9 Permitted Uses and Disclosures Treatment Payment Health care operations For public health activities and purposes For work-related illness or injury; and Workers compensation 10 5

Authorization As a general rule, a covered entity must obtain an individual s written authorization for any use or disclosure of protected health information that is not permitted or required by the Privacy Rule. Exception 11 Individual s Right to Access PHI As a general rule, an individual has a right to access PHI in a designated record set including the right to inspect and obtain a copy of: o medical and billing records, or o information used in whole or in part by or for the covered entity to make decisions about the individual. Exceptions 12 6

The Minimum Necessary Standard A covered entity must make reasonable efforts to use, disclose, and request only the minimal amount of PHI needed to accomplish the intended purpose of use, disclosure, or request. Exceptions 13 Incidental Uses and Disclosures An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the HIPAA Privacy Rule. Example 14 7

Notice of Privacy Practices Each covered entity must provide a notice of its privacy practices to individuals. Notice describes the covered entity s legal duties as well as the individual s rights. The covered entity is required to abide by the terms of the notice. The notice must be updated when there is a material change in the covered entity s legal duties or individual s rights. 15 HIPAA Requirements Training - A covered entity must train all members of its workforce as necessary and appropriate to carry out their function within the covered entity. Plan Must implement policies and procedures. Privacy Officer Covered entity must designate a privacy official. Record Retention 16 8

Business Associates A business associate is a person or organization that performs functions or activities on behalf of a covered entity that involve the use or disclosure of individually identifiable health information (i.e., PHI). Examples include claims processing, utilization review and billing functions. Business Associate Agreement. 17 PHI Disposal HIPAA requires reasonable safeguards to limit incidental disclosures of PHI in connection with disposal Work force members involved in disposal of PHI must receive training on disposal Enforcement Examples 18 9

The HIPAA Security Rule The HIPAA Security Rule is designed to protect the confidentiality and integrity of, and ensure the availability of, electronic protected health information and promote efficiency in the health care industry through the use of standardized electronic transactions (i.e., EDI Rules). 19 The Security Standard Requires administrative, physical, and technical safeguards to protect PHI. Not specific mandates, but rather general guidance. Risk analysis and risk management will give guidance on how best to comply with the Security Rule. Enforcement Examples 20 10

Risk Analysis Security Rule requires an assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of EPHI held by the organization. Nearly 70% of covered entities audited by OCR did not have a complete and accurate security risk analysis. Risk analysis is frequent component of OCR corrective action plan requirements. Security risk assessment tool available from OCR. 21 The Security Standard Particular measures utilized depend on factors such as: the size and complexity of the covered entity; the cost of the security measures; and the covered entity s technical infrastructure and hardware. 22 11

Breach Notification Requirements Without unreasonable delay and in no case later than sixty days after the discovery of breach of unsecured PHI, the covered entity or its business associate must notify individuals affected by the breach. 23 Breach Notification Requirements Content of breach notice to individuals: o Brief description o Steps individuals should take to protect themselves o What the covered entity is doing to investigate, mitigate, and protect o Contact procedures for individuals to ask questions or learn additional information. 24 12

Omnibus Rule Marketing Restrictions Sale of PHI Fundraising 25 Civil Money Penalties Tier Nature of Violation Range of Penalties Maximum Penalty A Violation unknown or by exercising reasonable diligence would not have known $100 - $50,000 for each violation $1,500,000 for all violations identical provision in calendar year B Violation due to reasonable cause and not willful neglect $1,000 - $50,000 for each violation $1,500,000 for all violations identical provision in calendar year C(i) C(ii) Violation due to willful neglect, if corrected within 30 days from knowledge of violation Violation due to willful neglect not corrected $10,000 - $50,000 for each violation $1,500,000 for all violations identical provision in calendar year $50,000 for each violation $1,500,000 for all violations identical provision in calendar year 26 13

Complaints Office of Civil Rights ( OCR ) is responsible for enforcing the HIPAA Privacy Rule. Complaints may be submitted to either the designated privacy official of the covered entity or the Office of Civil Rights ( OCR ). 160,000+ HIPAA Complaints (through 7/31/17). 27 OCR Report On Breaches Of Unsecured PHI Top 5 causes: o Theft o Loss of electronic media or paper o Unauthorized access o Human error o Improper disclosure 28 14

Practical Considerations Consider policies on laptops, smart phones, flashdrives, etc. Consider policies on use of personal email Consider policies on terminating access upon termination of employment Consider policies for verification of mailing addresses Review business associate relationships 29 Resources www.hhs.gov/ocr/privacy www.cms.gov/hipaageninfo www.apta.org/hipaa 30 15

FRAUD AND ABUSE 31 Federal Fraud and Abuse Laws The Anti-Kickback Statute (42 U.S.C. 1320a- 7(b)) Stark ( Self-Referral Law) (42 U.S.C. 1395nn) False Claims Act (31 U.S.C. 3729 et seq) 32 16

State Fraud and Abuse Laws In addition to federal fraud and abuse laws, there are state fraud and abuse laws that should be considered (insurance, antikickback, self-referral) 33 Anti-Kickback Statute Under the Anti-Kickback Statute it is a criminal offense to knowingly and willfully solicit, receive, offer, or pay any remuneration to induce referrals of items or services covered by Medicare or Medicaid or other federally-funded programs. 34 17

Anti-Kickback Statute An intent-based statute the government must prove that one intent of the remuneration paid is to induce referrals, even if there are other lawful or beneficial reasons for the business relationship. (United States vs. Greber) 35 Anti-Kickback Safe Harbors If all elements of a particular safe harbor are satisfied, the payments and business arrangement are not in violation of the Anti- Kickback statute. If an arrangement does not specifically fit within a safe harbor, it is analyzed depending upon the particular facts and circumstances to determine if it violates the Anti-Kickback statute. 36 18

Anti-Kickback Safe Harbors Space Rental ohistorically, many situations involved rental payments in excess of fair market value to induce referrals. ofor example, a facility rents space to a physical therapy practice at a rate above fair market value with the understanding (the intent ) that the facility will refer patients to the physical therapy office in exchange for the excessive rent. 37 To Satisfy Safe Harbor If access is for periodic intervals, the intervals and rent must be set in advance rather than variable; The lease is for at least one year; The charges reflect fair market value; The lease is in writing and signed; The lease specifies all the premises covered; and Space rented does not exceed that necessary for business purpose 38 19

Anti-Kickback Safe Harbors Personal Services o Medical Directors and other related services. OIG Fraud Alert 39 To Satisfy Safe Harbor Set out in a written agreement signed by the parties; Covers all of the services provided; If the agreement provides for part-time services, the schedule, length and charge for such intervals is included; The agreement is for not less than one year; 40 20

To Satisfy Safe Harbor Compensation is set in advance, consistent with fair market value in arms-length transactions and not dependent upon volume or value of referrals or business otherwise generated; Services do not promote arrangement that violates state or federal law; and Aggregate services under the contract do not exceed that reasonably necessary to accomplish the business purpose. 41 Stark Law In contrast to the Anti-Kickback statute, no intent is required to violate the Stark Law. In addition to the referral prohibition, the Stark Law prohibits the entity and the physician from billing for services provided pursuant to a referral in violation of the Stark Law. 42 21

Stark Exceptions There are various exceptions to the Stark Law. A relationship must meet all of the terms of an applicable exception to qualify. If an exception applies, the arrangement does not violate Stark. 43 The False Claims Act Basically, the False Claims Act imposes liability on any person who submits a claim to the federal government that he or she knows (or should know) is false. (31 U.S.C. 3729) 44 22

False Claims Act Qui Tam Relator A private party permitted to bring an action on behalf of the government under the False Claims Act. Treble Damages Enforcement Examples 45 Recent Developments Department of Justice announcement OIG Report on skilled nursing facilities Improper billing for splints Provision of services not reasonable, necessary or skilled 46 23

Practical Considerations Do not bill for services not rendered or provided. Consider auditing practitioners periodically. Do not bill for equipment, medical supplies or services that are not reasonable and necessary. Audit supporting documentation. 47 Practical Considerations Do make sure that documentation is complete, legible and supports the care provided and billed. Do implement policies and procedures covering financial arrangements, office and equipment leases, and gifts and gratuities and assure compliance with such policies. 48 24

Practical Considerations Do avoid payments in excess of fair market value for services and other items. Do avoid impermissible incentives to utilize services. 49 Resources http://oig.hhs.gov www.justice.gov www.medicare.gov 50 25

Questions / Comments PAUL J. WELK, PT, JD TUCKER ARENSBERG, P.C. pwelk@tuckerlaw.com 51 26

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback