Archive for MVP

OSHA Issues COVID-19 Emergency Temporary Standard (ETS) for the Healthcare Industry

OSHA Issues COVID-19 Emergency Temporary Standard (ETS) for the Healthcare Industry

The Occupational Safety and Health Administration (OSHA) issued an Emergency Temporary Standard (ETS) for the healthcare industry on June 21, 2021.[1]

The Occupational Safety and Health Act (“the Act”) passed in 1970 and created OSHA to administer the Act. It has been thirty-eight years since OSHA issued its last ETS. That ETS was issued in 1983, covered asbestos, and was eventually struck down by a federal court.

The Act generally covers most employers, with some specific employers, such as “State(s) and political subdivision of a state,” being specifically excluded from OSHA’s jurisdiction.[2]  OSHA determined that COVID-19 causes health care industry employers and their employees to be in “grave danger,” which is the legal requirement allowing OSHA to issue an ETS.  Along with the ETS, OSHA issued General COVID-19 Guidance to most other workplaces, which followed the CDC’s guidance on COVID-19 in the workplace.  

The ETS generally applies to any workplace where employees provide healthcare services or healthcare support services, except for some specific exclusions such as retail pharmacies; home health care settings where all non-employees are screened prior to entry; healthcare support services not performed in a healthcare setting (e.g., off-site laundry); and telehealth services performed outside of a direct patient care setting.  Other exemptions include allowing employees to work from home and exemptions for those employees who cannot be vaccinated because of medical or religious reasons. One exemption could possibly apply to some physicians’ offices.  This exemption reads in full, “Non-hospital ambulatory care settings where all non-employees are screened prior to entry and people with suspected or confirmed COVID-19 are not permitted to enter those settings.”[3] More on this later.

It is clear that the ETS generally applies to physicians’ offices, as physician’s offices are used as examples in various parts of the ETS.[4]  However, employers with 10 or fewer employees have fewer requirements under the ETS.  For example, employers with more than 10 employees must have a written COVID-19 plan for each workplace. Employers with 10 or fewer employees must have COVID-19 plans, but the plan is not required to be in writing. OSHA’s plan is to include updates to the ETS as needed.  

The ETS covers the following subjects, as they relate to employment activities of health care workers in the health care industry:

COVID-19 Plan

Patient screening and management

Respiratory protection

Training

Ventilation of rooms and buildings

Health screening and medical management

Physical barriers

Physical distancing

Hand hygiene and cleaning

Record keeping

Reporting

Following is a brief discussion of each of the ETS requirements.

COVID-19 Plan.

Employers must have a plan to minimize the transmission of COVID-19 in the health care workspace.  Employers with more than 10 employees must have a written COVID-19 Plan.

Patient Screening and Management.

In settings where direct patient care is provided, employers must limit and monitor points of entry, screen and triage all non-employees entering the setting, and implement other patient management as necessary, including developing and implementing procedures regarding standard transmission-based precautions.

Respiratory Protections.

Employers must provide the personal protective equipment (PPE) necessary to protect employees, at no cost to the employees.

Training.

Employers must ensure and document that each employee receives training on the ETS, in a language and at a literacy level the employee understands.  Training should include various topics pertinent to COVID-19 safety measures, such as COVID-19 transmission and employer policies and procedures regarding COVID-19 transmission.

Ventilation of Rooms and Building.

HVAC systems should be operating at maximum efficiency, per the manufacturer’s recommendations.  Air filters that remove particles and aerosols that can transport the COVID-19 virus should be used where the HVAC system can accommodate the filters.

Health Screenings and Management.

All employees must be screened every day they work in a health care setting.  This can be accomplished by the employees answering questions before entering the workplace, or by the employee self-evaluating prior to entering the workplace. Where appropriate, employees must be kept from the workplace or removed from work (e.g., an employee develops a fever, cough and loss of the sense of taste while at work and is asked to leave). Employees must be informed of possible COVID-19 exposures (e.g., told of an employee (without giving their name) who has developed fever, cough and loss of the sense of taste at work, and is sent home). There are mandatory paid leave provisions for employees who develop COVID-19, or who must stay out of work because of a COVID-19 exposure, which are in addition to other employee paid leave provisions already in place for employers. Employees must be paid for the time they take while at work to be vaccinated against COVID-19, and for the day after receiving a vaccination, where there is a physical reaction to the vaccine.  

Physical barriers.

These include Plexiglas barriers when patients initially check in the office and between workers who must work at specific locations (e.g. computer billing) most of their workday.

Physical Distancing.

This is also referred to as “social distancing.”  Where there is room, employees should maintain at least six feet of distance between themselves and other employees (e.g., employee break rooms).

Hand Hygiene and Cleaning.

Hand hygiene and cleaning work together to reduce the spread of the COVID-19 virus. Offices and clinical spaces should be cleaned at least daily, and handwashing should occur between patient encounters.

Record Keeping and Reporting.

For employers covered by OSHA standards, there are already record-keeping requirements in place. Additional record-keeping and reporting are added by the ETS for employees who test positive for COVID-19 and employees who die because of a COVID-19 infection. Employers with more than 10 employees must keep a log of any employee diagnosed with COVID-19, whether or not the infection arose because of an occurrence at work.

This article began with an introduction to one of the exemptions that could possibly keep a physician’s office from having to comply with the ETS. That exemption reads “Non-hospital ambulatory care settings where all non-employees are screened prior to entry and people with suspected or confirmed COVID-19 are not permitted to enter those settings.”[5] Those physician’s offices that could operate under this provision — no suspected or confirmed COVID-19 patients or employers are allowed to enter the office — would be able to operate as they have in the past in regard to OSHA requirements. However, there are legal pitfalls with using this exemption to avoid compliance with the ETS.  For example, many surgeries require office follow-up. If a surgeon refused to see a patient who developed COVID-19 after surgery, but before the office follow-up, the patient could make a claim of abandonment.  There are other risks with this course of action, and many physicians could ill afford to refuse to see patients “suspected” of having COVID-19.  There may be ways to stay within the exemption; however, careful thought will need to be given for each patient in a similar situation. For instance, perhaps the post-surgery patient could be seen in a hospital ER, or evaluated/examined through a telehealth appointment, rather than in the surgeon’s office.  

Conclusion.

As is often the case, the ETS has been issued almost beyond the point of usefulness. Physician offices, health care facilities, and other health care providers are going on two years of their response to the COVID-19 pandemic. To mandate changes to their well-established COVID-19 precautions at this time is disruptive, to say the least; and it places additional administrative burdens on employers subject to OSHA, without adding much, if any, additional value. Nevertheless, physician’s offices and others are well-advised to take the ETS seriously because it will likely be the subject of complaints, investigations, and audits by OSHA. OSHA investigates complaints of violations of federal law based upon anonymous employee complaints and random “audits” of employer compliance and has indicated it will enforce the ETS using both of these methods.


[1] Occupational Exposure to COVID-19; Emergency Temporary Standard, 86 Fed. Reg. 32376, available at https://www.federalregister.gov/documents/2021/06/21/2021-12428/occupational-exposure-to-covid-19-emergency-temporary-standard.

[2] 29 U.S.C. § 652(5). 

[3] 29 C.F.R. § 1910.502(a) (2) (iii).

[4] 29 C.F.R. § 1910.502(a), n. 2.

[5] 29 CFR Section 1910.502(a) (2) (iii).

Posted in: Legal Watch, MVP

Leave a Comment (0) →

Payor Auditing Activities

Payor Auditing Activities

By: Kelli Carpenter Fleming

During the height of the COVID-19 pandemic, the Centers for Medicare & Medicaid Services (“CMS”) suspended certain payor audit and oversight activities. However, now that communities are beginning to reopen, so are the audit activities. CMS and other third-party payors are increasing their audit activities, including claims filed during the public health emergency. 

Providers who are the subject of a billing audit must take such investigations seriously. Providers should identify one person in the organization to handle audit responses, calendar deadlines, and track findings and appeals. This avoids missing a deadline and helps ensure effective use of personnel resources. 

Providers should respond to any records request in connection with an audit in a timely manner, which may be more burdensome these days due to staffing shortages. The failure to timely provide requested records will, in most instances, automatically result in the denial of the claims. Providers should retain a copy of any records and information submitted in response to the document request, and, if sending by mail, obtain confirmation of delivery. 

In responding to any records request, it is wise to conduct an “internal self-audit” to determine if there are any areas of risk. This not only helps determine if there is a repayment obligation to the payor, but also helps gather information and arguments for appeal if necessary.

Lastly, depending on the scope of the audit or the type of the audit, providers may want to consider putting both their insurance carrier and their legal counsel on notice of the audit. There are some steps that can be taken upfront, as well as some traps to avoid, in connection with the audit response process, and the insurance carrier and legal counsel may be able to assist in that regard.

Kelli Fleming is a partner at Burr & Forman LLP and works exclusively in the Healthcare Industry Group. Kelli may be reached at 205-458-5429 or kfleming@burr.com.

Posted in: Management, Members, MVP

Leave a Comment (0) →

No Honor Among Thieves

No Honor Among Thieves

Most Americans will likely never forget where they were in March of 2020 when the world seemingly shut down.  While many used that time to reflect, enjoyed down time with family or even binge watched streaming services, health care workers geared up to save the lives of people impacted by COVID-19.  The novelty of this coronavirus posed exceptional challenges, placed unparalleled strain on the health care industry and exposed vulnerabilities.

One vulnerability in particular has, does and will continue to be a significant risk.  That threat is cybercrime.  It is as relentless as it is lucrative, and it has taken the health care industry by storm during a time when resources are low, and distractions are high.

DIGITAL CALM BEFORE THE STORM

In an almost unbelievable twist, some major cybercrime groups promised a “ceasefire” on cybersecurity attacks of the health care industry at the beginning of the pandemic.  DoppelPaymer Ransomware stated that they “always try to avoid hospitals…nursing homes” but if they happened to be responsible for a ransomware attack of a health care provider during the pandemic, they would provide a decryptor key free of charge. Likewise, Nefilim Ransomware took the same approach.  However, groups like Netwalker Ransomware and Maze promised not to intentionally target health care facilities, but would not commit to decryption if a health care entity was inadvertently impacted. 

While the alleged truce made by some of the larger cybercriminal groups may have appeared to be altruistic, the motivation may have been totally self-serving. During a global crisis, these groups likely decided that staying below the radar of law enforcement and military agencies was more about self-preservation than kindness to their fellow man.

CYBERCRIMINAL LEAVY BREAKS

While hopes were high that a global pandemic would cause bad actors to have mercy on mankind, data reflects that cybercrimes escalated during the pandemic.  On October 28, 2020, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) issued a joint advisory warning of an “increased and imminent cybercrime threat to U.S. hospitals and health care providers.”  It further stated that these bad actors were producing attacks which caused “data theft and disruption of healthcare services.”

As the global threat of cybercriminal activity proliferates within the health care sector, the industry must find ways to fight back.  One way that the health care industry can stand up against these persistent threats is more investments in their information security infrastructure, similar to that of the financial sector. These investments should include stronger password requirements, endpoint protection, and multi-factor authentication. 

MITIGATE RISK

Every effort must be made to determine and mitigate risk to protected health information.  There are several proactive measures that health care entities can take to decrease their risk of inappropriate disclosures of patient data.  Those measures include, but are not limited to, the following:

  • Invest in Anti-Virus Protection Software – Anti-virus protection software is a tool that can help entities detect and neutralize threats.  Most entities prefer efficiency.  This software will assist by filtering out malware which often slows down information system processes.  It has the added benefit of protecting your investment and allowing you to avoid the expense of purchasing new operating systems should your existing system become damaged due to malware.
  • On-Site and Off-Site System Backup – Federal regulations require covered entities to ensure on-site and off-site backup.  Should an entity become a victim of a ransomware attack or be forced to pivot to emergency operations, it is necessary to have backup systems that allow the entity to access and utilize reliable data.
  • Workforce Training – There is no greater defense to cyber threats than a well-trained workforce.  Entities should ensure that cybersecurity threats are emphasized to workforce members in refresher training so that employees are able to appropriately identify and report suspicious activity.
  • Segregation of Data – Entities should ensure that they are complying with the Minimum Necessary Rule for access to their information systems.

The COVID-19 pandemic has produced significant uncertainty in the health care environment and highlighted the need for renewed emphasis on protecting patient data.  HIPAA covered entities should use this time to assess whether they are operating in compliance with the Privacy Rule, Security Rule and Breach Notification Rule.  Likewise, they should reassess their Risk Analysis to ensure that it is HIPAA-compliant and take necessary action to avoid unauthorized disclosures. 

Samarria Dunson (samarria@dunsongroup.com) is attorney/principal of Dunson Group, LLC, a health care compliance consulting and law firm in Montgomery, Alabama.  She is also Of Counsel with the law firm of Balch & Bingham, LLP.

www.dunsongroup.com

Posted in: Members, MVP, Technology

Leave a Comment (0) →

Potential HIPAA Changes That Would Allow Healthcare Providers to Disclose Phi and Better Protect Patients

Potential HIPAA Changes That Would Allow Healthcare Providers to Disclose Phi and Better Protect Patients

by Lindsey Phillips, Burr & Forman

On December 10, 2020, the Office for Civil Rights (“OCR”) at the United States Department of Health and Human Services (“HHS”) announced proposed changes to the regulations implementing the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The proposed changes, which are set out in the Notice of Proposed Rulemaking (“NPRM”), are a part of the broader initiative to promote value-based care, enable better coordination among healthcare providers, and facilitate patient autonomy and engagement. 

One key theme found in the NPRM that will likely enable better coordination among healthcare providers and potentially increase patient safety is expanded permission to disclose protected health information (“PHI”) to third parties in emergency situations. For example, under the proposed changes, covered entities would be allowed more flexibility to disclose PHI in emergencies like a mental illness and substance abuse crisis. The current standard for disclosure of PHI in an emergency or health crisis is based on the covered entity’s “professional judgment.” This standard has often left covered entities unsure as to when a disclosure is permitted. The proposed modification relaxes this standard slightly in that it would allow a covered entity to disclose PHI in an emergency situation or health crisis when the covered entity has a good faith belief that the disclosure is in the best interest of the individual. A good faith belief could be based either on direct knowledge of relevant facts or representations by a person who can reasonably be expected to know relevant facts. For example, OCR has provided the following scenarios:

Good faith would permit a licensed health care professional to draw on experience to make a determination that it is in the best interests of a young adult patient, who has overdosed on opioids, to disclose relevant information to a parent who is involved in the patient’s treatment and who the young adult would expect, based on their relationship, to participate in or be involved with the patient’s recovery from the overdose. Likewise, front desk staff at a physician’s office who have regularly seen a family member or other caregiver accompany an adult patient to appointments could disclose relevant information to the family member or caregiver as a way of checking on the welfare of the patient, when a patient misses an appointment, based on the staff’s knowledge of the person’s involvement and a good faith belief about the patient’s best interest.

But not only would covered entities be allowed more flexibility to disclose PHI when individuals are experiencing emergencies or health crises, they would also be allowed more leniency to disclose PHI to avert a threat to safety. While covered entities are currently allowed to disclose PHI to prevent threats to health and safety, the current standard is considerably more stringent in that it allows the disclosure of PHI to avert a threat to health or safety only when the threat is “serious and imminent.” Under the changes proposed in the NPRM, covered entities could make a disclosure when the threat is “serious and reasonably foreseeable.” OCR has stated that “[a]dopting a ‘serious and reasonably foreseeable’ standard can enable a health care provider to timely notify a family member that an individual is at risk of suicide, even if the provider cannot predict that a suicide attempt is ‘imminent.'” In addition, “[a]n emergency room doctor who sees an elderly patient with COVID-19 could contact the patient’s nursing home to alert them of the potential exposure of other residents and staff based on the serious and reasonably foreseeable threat of infection with COVID-19 without delay caused by the need to assess whether the threat is sufficiently ‘imminent’ to permit the disclosure.” 

These proposed modifications provide additional clarity regarding PHI disclosures that would assist in the Department’s initiatives to increase coordination among healthcare providers and ultimately improve patient safety. Both of these proposed changes would hopefully empower covered entities to disclose PHI in situations where there is a genuine belief that harm is likely without being fearful of HIPAA penalties because the harm was not imminent.

Lindsey Phillips is an associate at Burr & Forman LLP practicing exclusively in the firm’s Healthcare Industry Group. 

Posted in: HIPAA, Legal Watch, MVP

Leave a Comment (0) →

Physician Recruitment Agreements – What You Need to Know

Physician Recruitment Agreements – What You Need to Know

by Howard E. Bogard

Both the federal Anti-kickback Statute and the Stark Law allow a hospital to provide certain financial assistance to aid a medical practice in its efforts to recruit and hire a new physician. Financial assistance can take many forms, including a collection guarantee, net income guarantee and/or payments with respect to a physician’s moving expenses, school debt and marketing.  A recruitment agreement reflecting financial assistance is typically signed by the medical practice, physician and hospital and is structured as a loan that is forgivable as long as the physician practices medicine in the hospital’s service area for a defined time period. The amount of financial assistance cannot take into account past or future referrals from the recruited physician (or medical practice) to the hospital.

In order for a hospital to provide a medical practice financial assistance to recruit and hire a new physician, the hospital must first determine that there is a documented need in the community for the physician’s specialty.  Once confirmed, the arrangement must be in writing and the physician must “relocate his or her medical practice” to the “geographic area served by the hospital” to become a member of the hospital’s medical staff. With some exceptions for hospitals located in rural areas, the geographic area served by a hospital is the area composed of the lowest number of contiguous zip codes from which the hospital draws at least 75 percent of its inpatients.  A physician will be considered to have relocated his or her medical practice if the physician moves his or her practice at least 25 miles and into the geographic area served by the hospital or the physician moves his or her practice into the geographic area served by the hospital and the physician derives at least 75 percent of revenues from patients not seen or treated by the physician at his or her prior medical practice site. There are also exceptions for residents or physicians who have been in practice one year or less or for physicians who meet other requirements.  The main point is that it is not permissible for a hospital to provide recruitment assistance with respect to a physician who is already working in the hospital’s service area.  

A common form of recruitment assistance is a collection or net income guarantee that runs for one or two years after the physician is first employed by the medical practice.   In either case, the recruitment agreement “guarantees” that the physician will generate a certain amount of revenue to satisfy a collection “target” or a net income “target”.  If the physician’s collections are not high enough in a particular month to meet the target amount, the hospital pays the difference.  With respect to a net income guarantee, the target is based on the physician’s collections after certain “direct expenses” are subtracted.  By law, direct expenses can only consist of new, incremental expenses incurred by the medical practice by virtue of the physician’s employment. Examples of new, direct expenses include the cost of the physician’s compensation and benefits, license fees and dues, malpractice insurance and other costs incurred by the medical practice to the extent that such expenses increase directly as a result of the physician’s employment.  Existing expenses, such as office rent and personnel costs, cannot be included as a direct expense. 

When reviewing a physician recruitment agreement, it is important to not only review the financial terms of the assistance but also to consider the following:

 Commitment Period – What is the length of time the recruited physician must practice in the hospital’s geographic service area for the recruitment assistance loan to be forgiven? The typical time period is one to three years after the financial assistance period ends.

   Repayment Obligations – It is important to review whether the medical practice, physician or both are obligated to repay the loan upon a default of the recruitment agreement.  Oftentimes, if the physician is the direct recipient of the loan proceeds, such as moving expense reimbursement and payments for student loans, the physician will be solely responsible. However, a collection or net income guarantee will often obligate both the physician and medical practice to repayment in the event of a default. A promissory note is often signed by the physician and sometimes the medical practice to secure the repayment of the loan.

Physician Obligations – While the physician will need to remain on the medical staff of the hospital during the term of the recruitment agreement, it is important to determine if other obligations are imposed on the physician.  Often, during the term of the recruitment agreement the physician will be obligated to certain hospital call obligations and restricted from having an ownership interest in a provider that competes with the hospital. 

Security Interest – To secure the recruitment agreement loan sometimes the hospital will want a security interest in the medical practice’s accounts receivable generated by the recruited physician. These provisions must be carefully reviewed since medical practices often pledge their accounts receivable as collateral to a bank or other financial institution.

A physician recruitment agreement can provide a medical practice significant financial assistance with the recruitment and hiring of a new physician. However, the agreement may also impose significant financial restrictions and penalties on both the medical practice and physician if the terms of the agreement are breached.  Any recruitment agreement should be carefully reviewed and negotiated.

Howard Bogard is a Partner at Burr & Forman LLP and chairs the firm’s Health Care Practice Group. He can be reached at 205-458-5416 or at hbogard@burr.com.

Posted in: Legal Watch, Management, Members, MVP

Leave a Comment (0) →

Are You Ready for Your PPP Loan Audit?

Are You Ready for Your PPP Loan Audit?

By: Jim Hoover, Burr & Forman

PPP loans received by individuals and businesses under the CARES Act will be audited (“reviewed”) by the SBA.  PPP loans of $2 million or more will automatically be audited by the SBA.  Many PPP loans of less than $2 million will also be audited.

Borrowers will often receive notification of the audit through their lending bank, but the SBA is directly notifying PPP borrowers as well.  The SBA is receiving support from the Internal Revenue Service and other federal agencies in these audits such as the Department of Justice.  There have been several criminal investigations resulting from these audits.

PPP loan audits request documents and information from the borrower, including income and employment tax returns, payroll records, financial statements, and bank account statements including deposit and payment information in order to verify information reported by the borrower on its PPP loan application.  However, the SBA PPP loan audits focus on much more.

SBA audits of PPP loans have thus far focused on whether the individual or business was eligible to receive a PPP loan, and whether the borrower correctly calculated its PPP loan amount.  Specific issues being reviewed by the SBA in these audits include “economic necessity” for a PPP loan, and “head-count” related issues including affiliation with other businesses, the appropriate “NAICS” code for the business, and whether the business counted all employees – full-time, part-time, and even temporary – in filing the loan application.  The SBA is also looking at other “business-specific” issues of the borrower.

The PPP loan application contains a borrower certification that “[c]urrent economic uncertainty makes this loan request necessary to support the ongoing operations of the Applicant“.  This same certification is also required in new PPP loan applications under the “Economic Aid Act”.  For borrowers that received PPP loans of less than $2 million, the borrower is deemed by the SBA to have made this “economic necessity” certification in “good faith.” As a result, the SBA may not be looking specifically at this issue for borrowers that received loans of less than $2 million.  However, for PPP loans of $2 million or more, borrowers are not eligible for this “good faith economic necessity presumption”, and the SBA is auditing this certification issue.

Without being an alarmist, false certifications is the keystone issue for most False Claims Act prosecutions.  Accordingly, it is important for borrowers to carefully review and gather the documentation that supports the certification.  

The SBA is beginning many audits by sending out a “Loan Necessity Questionnaire” (SBA Form 3509), which the SBA first sends to the lending bank and then the bank sends the questionnaire to the borrower.  The borrower has a limited amount of time, 10 days, to complete and return the questionnaire to the bank, and the bank then provides the completed questionnaire to the SBA.

If a borrower applies for forgiveness of a PPP loan, the forgiveness application may be separately reviewed by the SBA and, as a practical matter, if a borrower files for forgiveness this will likely trigger or at least accelerate a full SBA audit of the PPP loan.

Once an SBA PPP loan audit is completed, and where an adverse audit determination is made by SBA, including that the borrower may not qualify for the loan, the borrower then has administrative appeal rights within the SBA to have the audit determination reviewed, which can lead to a hearing before a federal administrative law judge. Those appeal rights are the subject of a future article.  

______________________

Jim Hoover is a partner at Burr & Forman LLP and works exclusively within the firm’s Health Care Practice Group and predominantly handles healthcare litigation. Burr & Forman has a dedicated team to counsel individuals and businesses in government audits, investigations and defense-related to the PPP under the CARES Act, and also new PPP loans under the Economic Aid Act. The PPP and CARES Act Audit, Investigations and Defense Team represents and advises clients in audits and investigations involving PPP loans and tax benefits that may have been claimed under the CARES Act. This multidisciplinary team combines more than 230 years of legal experience and attorneys with previous government positions, including attorneys with IRS Chief Counsel, the United States Department of Justice, and United States Attorneys’ Offices.  More information can be found at www.burr.com.

Posted in: Coronavirus, Legal Watch, Management, MVP

Leave a Comment (0) →

Physician Compensation Models in Light of Recent Stark Law Changes

Physician Compensation Models in Light of Recent Stark Law Changes

by Kelli C. Fleming, Burr Forman

On December 2, 2020, the Centers for Medicare and Medicaid Services (“CMS”) finalized sweeping changes to the federal Physician Self-Referral Law, commonly known as the Stark Law. At least one such change may materially impact how physician group practices allocate profits from Stark Law designated health services (“DHS”).

Under the Stark Law, a medical practice with at least two physicians must qualify as a “group practice” in order to take advantage of the Stark Law in-office ancillary services exception, which is the exception often used to allow a physician owner or physician employee to order DHS from his or her own medical practice. As part of the group practice requirements, DHS profits must be distributed to all physicians in the group, or to a pool of five or more physicians in the group, in a manner that does not directly take into account the volume or value of a physician’s referrals for DHS.

Currently, many physician group practices, especially large or multi-specialty practices, allocate DHS profits to its physicians based on DHS categories. For example, profits from one DHS category (e.g., imaging services) may be allocated to certain physicians in the group practice while profits from a second DHS category (e.g., physical therapy) may be allocated to a different (or possibly overlapping) subset of physicians in the group practice.

However, under the new Stark Law rules, CMS has clarified that DHS profits can no longer be allocated based on DHS category. Instead, profits from all DHS categories for all physicians in the group practice (or a component of at least five physicians in the group practice) must be aggregated and then distributed to all physicians in the group practice (or a component of at least five physicians in the group practice) in a manner that does not directly take into account the volume or value of referrals. Using the example above, under this new clarification, DHS profits from both imaging services and physical therapy services ordered by physicians in the group practice (or a component of at least five physicians in the group practice) must be aggregated and then the total aggregated profits distributed to such physicians in a manner that does not take into account the volume or value of referrals.

CMS also clarified that if a physician practice has more than one pool of five physicians, each pool does not have to be treated in an identical manner. For example, one pool may utilize one distribution methodology and a second pool may utilize another distribution methodology, as long as the methodologies used are Stark Law compliant (i.e., not based on the volume or value of referrals).

CMS recognizes that its prior regulatory guidance on the distribution of DHS profits has led to confusion by industry participants. While the other recent changes to the Stark Law take effect on January 19, 2021, the changes with regard to the distribution of DHS profits take effect on January 1, 2022.

Kelli Fleming is a Partner at Burr & Forman LLP and practices exclusively in the firm’s Health Care Practice Group.

Posted in: Legal Watch, MVP

Leave a Comment (0) →

CMS and OIG Issue Historic Revisions to the Federal Anti-Kickback Statute and Stark Law

CMS and OIG Issue Historic Revisions to the Federal Anti-Kickback Statute and Stark Law

By: Anthony Romano with Burr Forman

On November 20, 2020, the Centers for Medicare & Medicaid Services and the Office of Inspector General of the Department of Health and Human Services issued two significant final rules to reform the Anti-Kickback Statute and Stark Law in an aim to reduce regulatory barriers to coordination of patient care, and to accelerate the transformation of the health care system to value-based care (a value-driven health care system that pays for health and outcomes, as opposed to the traditional fee-for-service payment system which rewards providers for the volume of care provided).

The 1,000-page Anti-Kickback Statute final rule does this by implementing seven new safe harbors, modifying four existing safe harbors, and codifying one new exception under the Civil Monetary Penalty Law.  As you are probably aware, the Federal Anti-Kickback Statute provides for criminal penalties for whoever knowingly and willfully offers, pays, solicits, or receives remuneration to induce or reward, among other things, the referral of business reimbursable under any of the Federal health care programs, including Medicare and Medicaid. Health care providers and others may voluntarily seek to comply with statutory and regulatory safe harbors so that they have the assurance that their business practices will not be subject to sanctions under the Anti-Kickback Statute. To receive safe harbor protection, an arrangement must squarely meet each requirement of an applicable safe harbor. However, failure to fit in a safe harbor does not mean that an arrangement violates the Federal Anti-Kickback Statute. Arrangements that do not fit in a safe harbor are analyzed on a case-by-case basis, including whether the parties had the requisite intent. Congress intended the safe harbor regulations to be updated periodically to reflect changing business practices and technologies in the health care industry, and the new final Anti-Kickback Statute regulations accomplish this by, among other things, removing potential barriers to more effective coordination and management of patient care, and by removing potential barriers to the delivery of value-based care.   

The 627-page Stark Law final rule creates new exceptions for value-based arrangements, provides additional guidance to make it easier for physicians and other health care providers to comply with the Stark Law, and provides protection for non-abusive, beneficial arrangements. Unless otherwise specified in the rules, the new provisions go into effect January 19, 2021.  When the Stark Law was enacted in 1989, healthcare was paid for primarily on a fee-for-service basis and the Stark Law recognized that a profit motive could influence some physicians to order services based on their financial self-interest rather than the good of the patient. For this reason, the Stark Law prohibits a physician from making referrals for certain healthcare services payable by Medicare or Medicaid if the physician (or an immediate family member of the physician) has a financial relationship with the entity performing the service. There are statutory and regulatory exceptions, but in short, a physician cannot refer a patient to any entity with which he or she has a financial relationship unless an exception is satisfied.  The Stark Law also prohibits the entity from filing claims with Medicare or Medicaid for services resulting from a prohibited referral, and Medicare or Medicaid cannot pay if the claims are submitted. Although the regulations that interpret the Stark Law have been updated several times, the Stark Law has not been significantly updated since it was enacted in 1989, and all previous changes left in place a framework that is tailored to a fee-for-service environment.  The new Stark Law final rule includes a comprehensive package of reforms to modernize the regulations that interpret the Stark Law while continuing to protect the Medicare program and patients from bad actors.

Overall, these new rules will have a significant, and expected positive, impact on healthcare providers by easing burdensome regulatory restrictions.  With over 1,600 pages of new rules to digest, be on the lookout for more detailed and specific analysis in the near future.  In the meantime, please do not hesitate to contact us if you have specific questions regarding the impact of the new Anti-kickback Statute or Stark Law final rules on you or your practice. 

Anthony Romano practices with Burr & Forman LLP in the firm’s Health Care Industry Group. Anthony may be reached at aromano@burr.com or (205) 458-5210.

Posted in: Legal Watch, MVP

Leave a Comment (0) →

The Effect Differing Medical Opinions Have On Falsity and Scienter in False Claims Act Lawsuits

The Effect Differing Medical Opinions Have On Falsity and Scienter in False Claims Act Lawsuits

By: Jim Hoover with Burr Forman, LLP

There is currently a circuit split among the Federal Circuit Courts of Appeals regarding the effect differing medical opinions have on the elements of falsity and scienter in False Claims Act lawsuits.  

Earlier this year the Third Circuit Court of Appeals ruled that conflicting medical opinions can create a genuine dispute of material fact on “falsity” in a False Claims Act action. The case is United States v. Care Alternatives. This holding directly conflicts with the Eleventh Circuit’s September 2019 decision in United States v. AseraCare, which held that a mere difference in medical opinion between physicians regarding a patient’s prognosis was not enough to establish falsity under the FCA. In Care Alternatives, the Third Circuit rejected AseraCare and found that conflicting physician testimony about the validity of physician’s certifications was sufficient to raise a dispute of material fact regarding the element of “falsity.” The Third Circuit sought to make clear that in its Circuit, findings of falsity and scienter must be independent from one another for purposes of FCA liability. According to the Third Circuit, the scienter element helps limit the possibility that providers will be exposed to liability under the FCA any time the Government or relator can find an expert who disagreed with the certifying physician’s medical prognosis.

Former employees of Care Alternatives filed a qui tam action against the hospice provider, alleging the hospice had improperly admitted patients who were not eligible for Medicare’s hospice benefit and directed employees to falsify Medicare certifications in order to meet the eligibility requirements. The relators’ physician opined that in 35% of the sample cases he reviewed a reasonable physician would not have certified the patient as terminally ill with a prognosis of six months or less based on the accompanying documentation. Reviewing the same sample set, Care Alternatives’ physician disagreed, finding that a reasonable physician could reasonably certify each case. Thus, there was a disagreement among the parties’ experts. The United States District Court for the District of New Jersey agreed with AseraCare by adopting and applying AseraCare’s holding that an “objective falsehood,” something more than a retrospective difference of opinion, was required to create a genuine dispute of fact.

On appeal, the Third Circuit Court of Appeals disagreed and reversed and remand the case for consideration of the other elements of FCA liability, particularly the element of scienter. The Third Circuit noted it is well-established that subjective opinions can be false, and applied this reasoning to the FCA’s falsity element. The Third Circuit opined that AseraCare’s “objective falsity” standard improperly conflated falsity with scienter, i.e., that the whistleblower prove a certifying physician was making a knowingly false certification. The Third Circuit held that these elements must be considered separately, and the purpose of the scienter requirement is to limit the possibility that a provider could be found to violate the FCA any time the Government or a relator could find an expert who may establish falsity simply by disagreeing with a physician’s prognosis.

Thus, in the Third Circuit a determination that a claim was false does not immediately trigger FCA liability. Relators must still establish that the provider knew the claim was false when the claims was submitted. Unfortunately, however, one of the big problems for False Claims Act defendants is credibility determinations are typically reserved for the jury thus almost forcing the False Claims Act case to trial.  

Because of the circuit court split, a United States Supreme Court opinion is needed to resolve the differing circuits’ approaches. In the meantime, the key takeaway for health care providers across the country is these differing standards will be fought in FCA cases where defendants have made reasonable subjective judgments.  The arguments should focus on both the falsity element and the scienter element.  

Jim Hoover is a partner at Burr & Forman LLP and works exclusively within the firm’s Health Care Practice Group and predominantly handles healthcare litigation.

Posted in: Legal Watch, Members, MVP

Leave a Comment (0) →

Lights, Camera, Action…No!

Lights, Camera, Action…No!

By: Kelli Carpenter Fleming, Esq.

The Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance and enforcement, has issued a series of guidance documents regarding the interplay of HIPAA and the COVID-19 pandemic. The most recent guidance serves as a reminder to health care providers to follow the requirements of HIPAA when speaking with the media or allowing filming within the office or facility. This has even greater importance due to the increased amount of media attention on healthcare providers and the facilities treating COVID-19 patients. 

The recent guidance reminds health care providers that the HIPAA Privacy Rule is not altered during the COVID-19 public health emergency. HIPAA does not permit a health care provider to give media and film crews access to facilities where patients’ protected health information (“PHI”) will be accessible without the patients’ prior authorization. Even during the current COVID-19 public health emergency, health care providers are still required to obtain a valid HIPAA authorization from each patient whose PHI will be accessible to the media. Consistent with past guidance, OCR reminds providers that masking or obscuring patients’ faces or identifying information before broadcasting a recording of a patient is not sufficient. According to the guidance, by way of an example, “a covered hospital may not allow media personnel access to the emergency department where patients are receiving treatment for COVID-19, without first obtaining each patient’s authorization for such filming.”

We have seen at least two (2) previous OCR investigations regarding inappropriate disclosure of PHI to film crews (in 2016 and 2018), both of which were resolved with corrective action plans and monetary settlements. I would not be surprised if we see additional future OCR enforcement actions in this regard in light of the increased media coverage surrounding COVID-19. 

The recent guidance may be found here.

Kelli Fleming is a partner at Burr & Forman, LLP practicing exclusively in the firm’s Health Care Industry Group.

Posted in: Coronavirus, Legal Watch, MVP

Leave a Comment (0) →
Page 1 of 3 123