Potential Employer Requirements Due to Anthem, Inc. Data Breach

On February 4, 2015, Anthem Inc., one of the largest U.S. health insurers, notified the public that their data systems were breached. This breach potentially left customer names, social security numbers, and other personal information vulnerable. Subsequently, Anthem Inc. has already seen a customer lawsuit filed in California over the breach, with many more expected.

Health plan participants that have been affected will be notified in compliance with federal law. However, as this investigation continues, this may place additional burdens on employers. Depending upon the nature of the breach, of which further details are expected soon, employers may have to issue breach notifications under the Health Insurance Portability and Accountability (HIPAA). Until it becomes clear what information was taken, specific notification requirements are unclear. For example, a key question is whether protected health information was taken.

Depending upon the type of health plan an employer offers, it will have a varying impact upon the obligations for each company. The requirements will become clearer once further information is released. Beyond the federal HIPAA requirements, 47 states have unique breach notification laws that may impose obligations.

If you have questions pertaining how this may impact your requirements under the law, please contact Houghton Vandenack Williams for further information.

© 2015 Houghton Vandenack Williams

For more information, Contact Us

Improvements in FDA Approval Timelines

According to a third party report by Pricewaterhouse Coopers (PwC), the Food and Drug Administration (FDA) has decreased the standard review time for new drugs, biologics, and devices. The report indicates the standard review time in 2009 was 14 months, but in 2012, it had decreased to 7 months.

Although low-priority new drug applications continue to require multiple review periods, high-priority applications were approved in the first review process at a rate of 81% in 2012. That represents a substantial increase in approval rates during the first review process. Similarly, as part of the Food and Drug Administration Safety and Innovation Act of 2012, the breakthrough therapy pathway has proven successful. Since its inception, it has received 260 applications, designating 74, and approving 17.

A full copy of the report regarding the FDA can be obtained at the following link: http://www.pwc.com/us/en/health-industries/health-research-institute/hri-pharma-life-sciences-fda.jhtml

© 2015 Houghton Vandenack Williams

For more information, Contact Us

HHS Announces Goal of Tying Medicare Payments to Quality of Service

On January 26, 2015, Health and Human Services (HHS) announced a new goal of tying Medicare payments to the quality of service provided through the use of alternative payment models. According to HHS, this is the first time Medicare has ever set explicit goals for payment to providers based upon value and quality. The alternative-payment goals include tying 30% of traditional fee-for-service payments to quality. The 30% goal is set for the end of 2016, with a 50% goal by the end of 2018.

In addition to the traditional fee-for-service payments, HHS has set a goal of tying 85% of all traditional Medicare payments to quality by 2016 and 90% in 2018. HHS points to the value-based purchasing and hospital readmission reduction programs as examples of tying fees and payments to quality.

HHS also hopes to make these goals scalable and created the Healthcare Payment Learning and Action Network. This network will work with all areas of the healthcare industry to advance alternative payment models.

The HHS announcement may be found at the following link: http://www.hhs.gov/news/press/2015pres/01/20150126a.html

© 2015 Houghton Vandenack Williams

For more information, Contact Us

FDA Center for Drug Evaluation and Research Starts New Office for Monitoring Drug Quality

On January 12, 2015, the Food and Drug Administration (FDA) Center for Drug Evaluation and Research (CDER) started a new office for monitoring drug quality. The Office of Pharmaceutical Quality (OPQ) will focus on drug application reviews, post-approval improvements, and monitoring pharmaceutical manufacturing.

This new office will primarily focus on ensuring that patients receive safe, quality products. In doing so, the OPQ will evaluate all aspects of drug quality to ensure consumer safety. Having established the new office, the FDA hopes to streamline quality control and monitoring processes for the benefit of the industry and consumer alike.

More information and answers to some specific questions may be found at the FDA website by following the link:

http://www.fda.gov/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDER/ucm429869.htm

© 2015 Houghton Vandenack Williams Whitted Weaver Parsonage LLC

For more information, Contact Us

FDA Proposed Guidance for 2015

The U.S. Food and Drug Administration (FDA) released a list of all the planned guidance for issuance in 2015. This list includes new guidance for items within Biopharmaceutics, Drug Safety, Pharmaceutical Quality, and other categories.

The full list of proposed guidance for 2015 by the FDA may be found at the following link:

http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM417290.pdf

© 2015 Houghton Vandenack Williams Whitted Weaver Parsonage LLC

For more information, Contact Us

Medicare Adds Payment for Chronic Care Management

By M. Thomas Langan II.

Beginning January 1, 2015, health care providers can submit claims to Medicare for staff time used for developing and implementing a care plan for a patient with at least two chronic conditions. This addition is in response to complaints from providers that they have to spend a lot of time coordinating care with numerous healthcare contacts that the patient has – time that was previously not billable. The applicable code can be submitted once per patient per calendar month. It is recommended that staff members document their time coordinating the care to support the claim.

© 2015 Houghton Vandenack Williams Whitted Weaver Parsonage LLC

For more information, Contact Us

New Regulations for Supplier & Service Provider Enrollment in Centers for Medicare & Medicaid Services

On December 3, the Centers for Medicare & Medicaid Services (CMS) issued a final rule with new provisions for supplier and service provider enrollment in CMS programs. In sum, three provisions are applicable to healthcare providers who participate in CMS billing.

First, CMS expanded the right to deny or revoke CMS enrollment if the provider or supplier has a previous felony conviction in the preceding 10 years. The crimes that qualify include crimes against persons, financial crimes, and malpractice felonies. Each potential violation will be reviewed under the lens of what is detrimental to CMS programs and beneficiaries.

Second, CMS may deny enrollment to a new CMS service provider, supplier, or owner if they had previously had an ownership relationship with an entity that had Medicare debt. This coincides with another rule enabling CMS to revoke billing privileges of a CMS entity if they have a demonstrated practice of submitting claims that do not fully meet Medicare billing requirements.

Third, for ambulatory service providers, the “back bill” provisions have been eliminated. This means that the services rendered while the application to CMS is pending will no longer be billable to CMS. CMS will save approximately $327 million dollars annually with this change.

The CMS rule will be published on December 5 in the Federal Register, becoming effective 60 days later on February 3, 2015. The final rule is available as a PDF at the following link:

https://www.federalregister.gov/articles/2014/12/05/2014-28505/requirements-for-the-medicare-incentive-reward-program-and-provider-enrollment-medicare-program

© 2014 Parsonage Vandenack Williams LLC
For more information, Contact Us

HHS Releases Bulletin: HIPAA Privacy in Emergency Situations

Generally, when you visit a healthcare facility or receive any health treatments, you expect a certain level of privacy. Patient privacy is protected by HIPAA, or the Health Insurance Portability and Accountability Act. However, the Department of Health and Human Services released a bulletin this month outlining situations when the privacy rules are not applicable.

Private health information is not protected when public health is at risk, treatment of the individual patient so requires, and other moments that may be necessary. As an example, in the middle of a public health crisis, a healthcare provider may disclose critical information “to prevent or control the disease, injury, or disability.”

Although a provider must still be extremely careful to not over-disclose private information, the release will generally be protected if they comply with requests from Federal entities, such as the Centers for Disease Control. The provider can disclose to other health providers for coordination of care efforts, family and friends who are involved in the treatment, relief organizations such as Red Cross, and potentially media outlets.

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

Provider Preparation for Infectious Diseases

Most hospitals and health-care providers have protocols and procedures for contending with infectious diseases, including those creating public-panic, such as the Ebola outbreak. However, when a new crisis hits, many of these protocols may have been forgotten or ignored. This was seen with the Nebraska Medical Center firing two health workers that treated an Ebola patient because they violated the Health Information Portability and Accountability Act (HIPAA). In light of a public health scare, maintaining current policy standards will help limit liability.

 

Beyond existing rules and regulations, with each specific outbreak, both federal and state agencies may update protocols and guidance to contend with the unique nature of that disease. As an example of outbreak specific guidance, in response to Ebola, the Center for Disease Control and Prevention (CDC) issued new guidance on personal protection equipment (PPE) for use in connection with the disease. Other guidance includes new Occupational Safety and Health Act (OSHA) standards, designed to protect the healthcare worker. This was seen at Texas Health Presbyterian Hospital in Dallas, when two nurses were infected with the disease. Failure to properly comply with newly issued, as well as existing, OSHA and CDC regulations may result in significant potential liability both to patients and workers.

 

Although many providers may believe they are properly equipped to handle potential Ebola patients, careful consideration must be paid to the newest guidance and regulations, without forgetting existing policy. Failure to do so could result in significant civil liability. As the examples in Texas and Nebraska teach us, hospital and health-care providers should take extra steps to limit their potential liability.

 

*CDC Guidance: http://www.cdc.gov/vhf/ebola/hcp/procedures-for-ppe.html ; http://www.cdc.gov/vhf/ebola/pdf/hospital-checklist-ebola-preparedness.pdf

*OSHA Guidance: https://www.osha.gov/Publications/OSHA_FS-3756.pdf 

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

OCR Offers Advice in Advance of Upcoming Audits

By M. Thomas Langan II.

A senior advisor for the Office for Civil Rights (OCR) recently gave health care providers advice on how to prepare for an OCR audit.  Speaking at a HIPAA conference, the advisor said that a provider’s top obligation when audited is to prove that its facility has the proper privacy and security systems in place.  The main way to show this is by previously conducting a comprehensive risk analysis and correcting any shortcomings the analysis might find. The advisor did not provide any updates on when the audits will begin.

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us