Contact Us
Categories
- Workplace Violence
- Assisted Living Facilities
- Department of Health and Human Services' Office of Civil Rights
- Medical Residents
- EMTALA
- FDA
- Reproductive Rights
- Roe v. Wade
- SCOTUS
- Medical Spas
- medical billing
- No Surprises Act
- Mandatory vaccination policies
- Workplace health
- Coronavirus Aid, Relief and Economic Security Act
- Code Enforcement
- Department of Labor ("DOL")
- Employment Law
- FFCRA
- CARES Act
- Nursing Home Reform Act
- COVID-19
- Families First Coronavirus Response Act
- Family and Medical Leave Act (“FMLA”)
- SB 150
- Acute Care Beds
- Clinical Support
- Coronavirus
- Emergency Medical Services
- Emergency Preparedness
- KBML
- medication assisted therapy
- Department of Health and Human Services
- Legislative Developments
- Corporate
- United States Department of Justice ("DOJ")
- Employee Contracts
- Non-Compete Agreement
- Opioid Epidemic
- Sexual Harassment
- Health Resource and Services Administration
- House Bill 333
- Litigation
- Medical Malpractice
- Senate Bill 79
- Locum Tenens
- Senate Bill 4
- Physician Prescribing Authority
- Chronic Pain Management
- HIPAA
- Prescription Drugs
- "Two Midnights Rule"
- 340B Program
- Drug Screening
- EHR Systems
- Electronic Health Records (“EHR")
- Hospice
- ICD-10
- Kentucky minimum wage
- Minimum wage
- Primary Care Physicians ("PCPs")
- Skilled Nursing Facilities (“SNFs”)
- Uncategorized
- Urinalysis
- Affordable Insurance Exchanges
- Compliance
- Department of Health and Human Services (HHS)
- Fraud
- Health Care Fraud
- HIPAA Risk Assessment
- HPSA
- KASPER
- Kentucky Board of Medical Licensure
- Kentucky’s Department for Medicaid Services
- Mental Health Care
- Office for Civil Rights ("OCR")
- Office of Inspector General of the United States Department of Health and Human Services (OIG)
- Pharmacists
- Physician Assistants
- Qui Tam
- Stark Laws
- Accountable Care Organizations (“ACO”)
- Affordable Care Act
- Alternative Payment Models
- Anti-Kickback Statute
- Centers for Medicare & Medicaid Services (“CMS”)
- Certificate of Need ("CON")
- Charitable Hospitals
- Data Breach
- Electronic Protected Health Information (ePHI)
- False Claims Act
- Federally Qualified Health Centers (“FQHCs”)
- Fee for Service
- Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Health Professional Shortage Area ("HPSA")
- Hospitals
- HRSA
- Kentucky Board of Nursing
- Limited Services Clinics
- Medicaid
- Medical Staff By-Laws
- Medically Underserved Area ("MUA")
- Medicare
- Mid-Level Practitioners
- Part D
- Patient Protection and Affordable Care Act (“ACA”)
- Rural Health Centers (“RHCs”)
- Rural Health Clinic
- Telehealth
- American Telemedicine Association (“ATA”)
- Criminal Division of the Department of Justice (“DOJ”)
- Health Care Fraud Prevention and Enforcement Action Team (“HEAT”)
- Hydrocodone
- Kentucky Pharmacists Association
- Qualified Health Care Centers (“FQHC”)
- Telemedicine
- United States ex. Rel. Kane v. Continuum Health Partners
- Webinar
- Agreed Order
- APRNs
- Chain and Organization System (“PECOS”)
- Douglas v. Independent Living Center of Southern California
- Drug Enforcement Agency ("DEA")
- Emergency Rooms
- Enrollment
- Hinchy v. Walgreen Co.
- Jimmo v. Sebelius
- Kentucky Senate Bill 7
- Maintenance Standard
- Medicare Part D
- Minors
- Overpayments
- Re-validation
- Texting
- Vitas Innovative Hospice Care
- 2014 Medicare Physician Fee Schedule (“PFS”)
- 501(c)(3)
- All-Payer Claims Database ("APCD")
- Appeal
- Cadillac tax
- Centers for Disease Control and Prevention
- Chiropractic services
- Chronic Care Management
- Clinical Laboratory Improvement Amendments of 1988 (“CLIA”)
- Compliance Officer
- Compounding
- CPR
- Dispenser
- Drug Quality and Security Act (“DQSA”)
- Essential Health Benefits
- Federation of State Medical Boards (“FSMB”)
- Food and Drug Administratio
- HealthCare.gov
- House Bill 3204
- ICD-9
- Individual mandate
- Kentucky Medical Practice Act
- Kindred v. Cherolis
- Kynect
- Long-term care communities
- Mobile medical applications ("apps")
- Model Policy for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Model Policy”)
- National Drug Code ("NDC")
- National Institutes of Health
- New England Compounding Center ("NECC")
- Ophthalmological services
- Outsourcing facility
- Physician Compare website
- Ping v. Beverly Enterprises
- Power of Attorney ("POA")
- Prescriber
- Social Media
- Spousal coverage
- State Health Plan
- Sustainable Growth Rate (“SGR”)
- UPS
- "Plan of Correction"
- Advanced Practice Registered Nurses
- Affinity Health Plan
- Arbitration
- Audit
- Call Coverage
- Community health needs assessment (“CHNA”)
- Condition of Participation ("CoP")
- Daycare centers
- Decertification
- Denied Claims
- Department of Medicaid Services’ (“DMS”)
- Division of Regulated Child Care
- Doe v. Guthrie Clinic
- EHR vendor
- Employer Group Health Plans
- Employer Mandate
- ERISA
- Fair Labor Standards Act (FLSA)
- False Billings
- Form 4720
- Grace Period
- Group Purchasing Organizations ("GPO")
- Health Professional Shortage Areas (“HPSA”)
- Health Reform
- Home Health Prospective Payment System
- Home Medical Equipment Providers
- Hospitalists
- House Bill 104
- Inpatient Care
- Intermediate Sanctions Agreement
- Kentucky Health Benefit Exchange
- Kentucky House Bill 217
- Licensed practical nurses (LPN)
- Licensure Requirements
- List of Excluded Individuals and Entities
- LLC v. Sutter
- Long-Term Care Providers ("LTC")
- Low-utilization payment adjustment ("LUPA")
- Meaningful use incentives
- Medicare Administrative Coordinators
- Medicare Benefit Policy Manual
- Medicare Shared Saving Program (MSSP)
- Network provider agreement
- Nonprofit hospitals
- Nonroutine medical supplies conversion factor (“NRS”)
- Nurse practitioners (NP)
- Office of the National Coordinator for Health Information Technology (“ONC”)
- Part A
- Part B
- Patient Privacy
- Payors
- Personal Service Entities
- Physician Payments
- Physician Recruitment
- Physician shortages
- Provider Self Disclosure Protocol
- Qualified Health Plan ("QHP")
- Quality reporting
- Registered nurses (RN)
- Residency Programs
- Self-Disclosure Protocol
- Statement of Deficiency ("SOD")
- Trade Association Group Coverage
- Upcoding
- “Superuser”
- Autism/ASD
- Business Associate Agreements
- Business Associates
- Center for Disease Control
- Compliance Programs
- Critical Access Hospitals (“CAHs”)
- Essential Health Benefits (“EHBs”)
- Genetic Information Nondiscrimination Act ("GINA")
- Healthcare Information and Management Systems Society (HIMSS)
- Kentucky House Bill 159
- Kentucky Primary Care Centers (“PCCs”)
- Managed Care Organizations (“MCOs”)
- Medicare Audit Improvement Act of 2012
- Patient Autonomy
- Personal Health Information
- Recovery Audit Contractors (“RAC”)
- Senate Bill 39
- Senate Finance Committee Report
- Small Business Health Options Program (“SHOP”)
- State Medicaid Expansion
- Sunshine Act
- Abuse and Waste
- Consumer Operated and Oriented Plan programs (“CO-OPS”)
- Free Conference Committee Report
- Health Care Fraud and Abuse Control Program
- House Bill 1
- House Bill 4
- Kentucky Cabinet for Health and Family Services
- Kentucky Health Care Co-Op
- Kentucky Health Cooperative (“KYHC”)
- Kentucky “Pill Mill Bill”
- Occupational Safety and Health Administration (“OSHA”)
- Pain Management Facilities
- Employee Agreement
- Health Care Law
- Health Insurance
- Healthcare Regulation
McBrayer Blogs
Nursing Homes Agree To Pay $3.8 Million Settlement
Life Care Services, a Des Moines-based company that manages nursing homes across the United States, and ParkVista, a California nursing home company, have agreed to pay a $3.8 million settlement for the alleged overbilling of Medicare. The two companies were, according to Department of Justice officials, involved in an arrangement under which a therapy company provided “unreasonable and unnecessary” rehabilitation services to nursing home residents. More >
Reminder: Update Your “Grandfathered” HIPAA Business Associate Agreements Now!
In January 2013, the Department of Health and Human Services (“HHS”) published its Final Rule, which significantly increased the privacy and security responsibilities for the “business associates” of “covered entities,” as those terms are defined by HIPAA. A provision within the Final Rule mandated that all covered entities and their business associates revise their business associate agreements to reflect the new responsibilities. Specifically, a business associate must now, among other things: More >
A Recap of Part II of the Webinar, “Medicaid: Getting Paid and Keeping It”
On Wednesday, August 27, the McBrayer Health Care Group co-hosted Part II of a webinar entitled, “Medicaid: Getting Paid and Keeping It.” Co-hosts included Joe Smith from the Kentucky Primary Care Association and Barry Smith from Primary Care Centers of Eastern Kentucky. The series drew a large crowd of participants all wanting to know the same thing: how to navigate the Medicaid reimbursement and audit process. Part II focused on the following topics:
- Federal Medicaid Audit Authority;
- Overview of the Medicaid Integrity Contractors;
- What to do if you are contacted by a MIC auditor;
- Opportunities to contest a MIC Auditor’s adjustments/denials/identification of overpayment
In addition, panelists from McBrayer discussed the top issues that they encounter in practice, as well as emerging trends and questions. If you missed the webinar series, don’t worry! We have both the slides and the recording available for download. In addition, check out some of the questions that were addressed in the conversation below:
What are some of the ways that a Recovery Audit Contractor (RAC) and Medicaid Integrity Contractor (MIC) differ?
RACs, established in 2012 under the ACA, are paid based on the amount of money in improper payments they identify. MICs, in contrast, are not paid a contingency fee. While MICs conduct postpayment auditing to identify overpayments, RACs are instructed to look for both overpayments and underpayments. In addition, RACs are overseen by the States, while the Centers for Medicare & Medicaid Services operates the MIC program.
My facility was recently audited. The Audit MIC concluded that there was a potential overpayment and prepared a report. Do I get a chance to respond to the report?
The MIC’s draft report will be shared with the State and the provider for comment. It is vital that you, as the provider, respond to the report. The report may be revised based on your input. It is important to note that once the report is final, the State will pursue collection of overpayment, not the Audit MIC.
What is the look-back period for MIC audits?
Audit MICs are now limited to a five year audit look-back period, beginning on the date of issuance of the notification letter to the provider. However, CMS stated that it retains the right to adjust the five year look-back period. There are currently no limits on the number of records that a MIC may request; therefore, if you are subject to an audit, it is important to make sure your staff is prepared to produce a voluminous amount of records in an organized and timely fashion.
What do I need to know about re-enrollment in Medicaid?
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Based upon this requirement, States must complete the revalidation process of all provider types by March 24, 2016. A failure to re-enroll means that CMS will de-activate payment until a successful re-enrollment process is completed. Be sure to watch the mail for your re-enrollment notice and contact legal counsel should you have any questions about the process.
The McBrayer Health Care Group would like to thank Joe Smith and Barry Martin for co-hosting and we hope that attendees found the webinar insightful! If you are a provider and have questions about Medicaid, do not hesitate to contact us!
Services may be performed by others.
This article does not constitute legal advice.
Health Care Industry Familiar with HIPAA Breaches, Not So Much Hackers
Community Health Systems (“Community”), which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems in a period between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.
It has been reported that the hackers responsible for the attack are a group of cybercriminals from China that traditionally go after intellectual property, including medical device and equipment development data. They used malicious software to obtain the data, which has since been removed by Community from the network. Further remedial efforts are already underway, including notifying affected patients and offering them identity theft protection services.
Hospitals should be accustomed to protecting data against privacy breaches as part of their HIPAA obligations, but outright cybertheft is a threat that many providers have not likely considered. The FBI, which is now investigating the Community incident, said in April that health care providers typically do not use the same high levels of security technology as companies in other industries (such as banking or retail). This makes providers an easy target for hackers. If a leading hospital system like Community can be breached, then hospitals of every size are at risk.
It is crucial that HIPAA-covered entities (and their business associates) understand and identify potential threats to their secured information. The importance of HIPAA risk analysis cannot be stressed enough; in fact, a risk analysis is required as the first step in HIPAA Security Rule compliance. While it may be impossible to build an impenetrable fortress of secured online information, it is evident that health care providers must continue to make it a top priority to protect patient records – both from HIPAA breaches and hackers.
Christopher J. Shaughnessy is a member at McBrayer law. Mr. Shaughnessy concentrates his practice area in healthcare law and is located in the firm’s Lexington office. He can be reached at cshaughnessy@mcbrayerfirm.com or at (859) 231-8780, ext. 1251.
Services may be performed by others.
This article does not constitute legal advice.
Join us for Part II of our Medicaid Webinar!
Part II of the webinar is scheduled for Wednesday, August 27 from 12-1:30pm, EST. This session will discuss federal Medicaid audit authority, what to do if you’re contacted by a Medicaid Integrity Contractor (“MIC”), and opportunities to contest a MIC’s auditor’s adjustment/denials/identification of overpayment.
Attendees of Part I will automatically be enrolled in Part II. If you missed Part I, but would like to take part in next week’s webinar, sign up here: https://attendee.gotowebinar.com/register/6389912240505419777. We look forward to hearing from you!
Lisa English Hinkle is a Member of McBrayer law. Ms. Hinkle concentrates her practice area in health care law and is located in the firm’s Lexington office. She can be reached at lhinkle@mcbrayerfirm.com or at (859) 231-8780, ext. 1256.
Services may be performed by others.
This article does not constitute legal advice.
Part I Medicaid Webinar A Success – Register Now for Part II!
On Wednesday, August 20, the McBrayer Health Care Group, along with panelists from the Kentucky Primary Care Association and the Primary Care Centers of Eastern Kentucky, hosted a free webinar entitled, “Medicaid: Getting Paid & Keeping It.”
Part I of the webinar provided an overview of the Medicaid administrative appeal process, the Dispute Resolution Meeting (“DRM”), appeal of the DRM decision, and settlement. In addition, McBrayer attorneys weighed in on the “top issues” they encounter when helping providers work through the complicated reimbursement process. Attendees received real-world advice about what to challenge when an overpayment demand is received and saw examples of actual letters received by others in the industry.
Part II of the webinar is scheduled for Wednesday, August 27 from 12-1:30pm, EST. This session will discuss federal Medicaid audit authority, what to do if you’re contacted by a Medicaid Integrity Contractor (“MIC”), and opportunities to contest a MIC’s auditor’s adjustment/denials/identification of overpayment.
Attendees of Part I will automatically be enrolled in Part II. If you missed Part I, but would like to take part in next week’s webinar, sign up here: https://attendee.gotowebinar.com/register/6389912240505419777.
Services may be performed by others.
This article does not constitute legal advice.
FDA Issues Guidance for Drug & Device Companies’ Social Media Interactions
In June, the U.S. Food and Drug Administration issued two draft guidance documents for the pharmaceutical and medical device industries related to social media. The guidance is part of an asserted effort by the FDA to provide more clarity regarding how drug and device manufacturers may appropriately communicate through Internet platforms.
The first document, Internet/Social Media Platforms with Character Space Limitations—Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices, addresses advertising and promotional communications concerning prescription drugs and medical devices on sites where character space is limited, such as Twitter and sponsored search engine results. The guidance specifies, among other things, that each “tweet” must include both benefits and risks of the promoted drug and should include a hyperlink to a more comprehensive list of risks and side effects.
The other draft guidance, Internet/Social Media Platforms: Correcting Independent Third-Party Misinformation About Prescription Drugs and Medical Devices, addresses how manufacturers may correct certain misinformation posted by independent third parties and in chat rooms. As long as the information appears on a site not controlled by the company, the FDA does not mandate that a company correct the misinformation. If, however, the company chooses to correct the misinformation, they must follow certain protocol as outlined in the guidance.
Manufacturers may submit comments regarding the draft guidance documents to the FDA until September 16, 2014. While the guidance is solely issued for pharmaceutical and medical device companies, all providers must use caution when using social media to promote their services, practice group, a certain procedure, etc. In 2013, the Kentucky Board of Medical Licensure adopted the Model Policy for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Model Policy”) that was issued by the Federation of State Medical Boards (“FSMB”). See more on the adoption here.
The unintended consequences of social media can lead to real consequences, as even seemingly innocent and inconspicuous postings and interactions can result in costly and serious repercussions. Inappropriate postings or patient-physician communications can lead to violations of HIPAA and the Kentucky Medical Practice Act, licensing violations, or even fraud and abuse charges (i.e., physicians pay money to third parties to promote their services through online media platforms). The FDA guidance, even if not binding on a particular health care profession, is still informative and can serve as a great reference tool in policymaking.
If you are a health care provider and have questions about drafting or implementing social media policies for your health care organization, contact a McBrayer healthcare attorney today.
Services may be performed by others.
This article does not constitute legal advice.
Preparing for Round Two, Continued
Earlier this week, information about OCR Phase 2 HIPAA audits was provided. Today, let’s take a look at how to prepare if your entity is selected for an audit:
- Confirm that a recent comprehensive Risk Assessment has been completed and documented.
- Confirm that all action items identified in the Risk Assessment have received attention and have been completed (or are in the process of being completed).
- Verify that policies are up-to-date, including breach notification procedures, notice of privacy practices, and responses to patient requests.
- Ensure that a current list of business associates (and their contact information) is readily available.
Because Phase 2 does not consist of on-site visits, there will not be an opportunity for dialogue with auditors. Therefore, it is crucial to ensure that documentation alone shows a complete picture of an entity’s compliance efforts. All documents should be carefully reviewed, dated, and signed before turned over to an auditor. While providing extraneous information is not recommended, it is important to double-check that all requested and necessary information is submitted.
Phase 2 audits set to occur in 2016 will focus on the Security Standard’s encryption and decryption requirements, facility access controls, breach reports and complaints. It is never too early to start considering what protocols, training, and procedures will need to be implemented in anticipation of a possible audit related to these items.
In the event you are selected for a Phase 2 audit and have any questions about your responsibilities or what you can do to ensure a smooth process, contact a McBrayer healthcare attorney today.
Services may be performed by others.
This article does not constitute legal advice.
Are You Ready for Round Two?
In February 2014, the Health and Human Services Office of Civil Rights (“OCR”) announced its plans to send pre-audit surveys to between 550 and 800 entities during the summer in preparation for Phase 2 HIPAA compliance audits. After collecting information from those surveyed, OCR will select about 400 of those entities for actual HIPAA audits. Those audits will begin this fall – which is quickly approaching. More >
DOJ Intervenes In Case Involving ACA’s 60-Day Overpayment Rule
Recently, the Department of Justice (“DOJ”) intervened in a qui tam whistleblower suit in the US District Court for the Southern District of new York, which involves Continuum Health Partners and several Mount Sinai-related hospitals. United States ex. Rel. Kane v. Continuum Health Partners, Inc. et al, (Civil Action, No. 11-2325(ER)). While DOJ intervention in whistleblower cases is not unusual, this case is significant because the DOJ’s complaint specifically alleges that the defendants failed to return Medicaid overpayments within 60 days, as required by the Affordable Care Act (“ACA”). The case is one of the first to explore the issues and interpret the requirements of the 60-Day Rule. More >