Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services.
It's kind of our bag.

Contact Us

250 Character(s) Remaining
Type the following characters: hotel, six, niner, whisky, niner

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Nursing Homes Agree To Pay $3.8 Million Settlement

Posted In Uncategorized

Life Care Services, a Des Moines-based company that manages nursing homes across the United States, and ParkVista, a California nursing home company, have agreed to pay a $3.8 million settlement for the alleged overbilling of Medicare. The two companies were, according to Department of Justice officials, involved in an arrangement under which a therapy company provided “unreasonable and unnecessary” rehabilitation services to nursing home residents. More >

Reminder: Update Your “Grandfathered” HIPAA Business Associate Agreements Now!

In January 2013, the Department of Health and Human Services (“HHS”) published its Final Rule, which significantly increased the privacy and security responsibilities for the “business associates” of “covered entities,” as those terms are defined by HIPAA. A provision within the Final Rule mandated that all covered entities and their business associates revise their business associate agreements to reflect the new responsibilities. Specifically, a business associate must now, among other things: More >

A Recap of Part II of the Webinar, “Medicaid: Getting Paid and Keeping It”

Posted In Uncategorized

On Wednesday, August 27, the McBrayer Health Care Group co-hosted Part II of a webinar entitled, “Medicaid: Getting Paid and Keeping It.” Co-hosts included Joe Smith from the Kentucky Primary Care Association and Barry Smith from Primary Care Centers of Eastern Kentucky. The series drew a large crowd of participants all wanting to know the same thing: how to navigate the Medicaid reimbursement and audit process. Part II focused on the following topics:

  • Federal Medicaid Audit Authority;
  • Overview of the Medicaid Integrity Contractors;
  • What to do if you are contacted by a MIC auditor;
  • Opportunities to contest a MIC Auditor’s adjustments/denials/identification of overpayment

In addition, panelists from McBrayer discussed the top issues that they encounter in practice, as well as emerging trends and questions. If you missed the webinar series, don’t worry! We have both the slides and the recording available for download. In addition, check out some of the questions that were addressed in the conversation below:

What are some of the ways that a Recovery Audit Contractor (RAC) and Medicaid Integrity Contractor (MIC) differ?

RACs, established in 2012 under the ACA, are paid based on the amount of money in improper payments they identify. MICs, in contrast, are not paid a contingency fee. While MICs conduct postpayment auditing to identify overpayments, RACs are instructed to look for both overpayments and underpayments. In addition, RACs are overseen by the States, while the Centers for Medicare & Medicaid Services operates the MIC program.

My facility was recently audited. The Audit MIC concluded that there was a potential overpayment and prepared a report. Do I get a chance to respond to the report?

The MIC’s draft report will be shared with the State and the provider for comment. It is vital that you, as the provider, respond to the report. The report may be revised based on your input. It is important to note that once the report is final, the State will pursue collection of overpayment, not the Audit MIC.

What is the look-back period for MIC audits?

Audit MICs are now limited to a five year audit look-back period, beginning on the date of issuance of the notification letter to the provider. However, CMS stated that it retains the right to adjust the five year look-back period. There are currently no limits on the number of records that a MIC may request; therefore, if you are subject to an audit, it is important to make sure your staff is prepared to produce a voluminous amount of records in an organized and timely fashion.

What do I need to know about re-enrollment in Medicaid?

The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Based upon this requirement, States must complete the revalidation process of all provider types by March 24, 2016. A failure to re-enroll means that CMS will de-activate payment until a successful re-enrollment process is completed. Be sure to watch the mail for your re-enrollment notice and contact legal counsel should you have any questions about the process.

The McBrayer Health Care Group would like to thank Joe Smith and Barry Martin for co-hosting and we hope that attendees found the webinar insightful! If you are a provider and have questions about Medicaid, do not hesitate to contact us!

heap of dollars with stethoscope

Services may be performed by others.

This article does not constitute legal advice.

Health Care Industry Familiar with HIPAA Breaches, Not So Much Hackers

Community Health Systems (“Community”), which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems in a period between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.

Computer Crime Concept

It has been reported that the hackers responsible for the attack are a group of cybercriminals from China that traditionally go after intellectual property, including medical device and equipment development data.  They used malicious software to obtain the data, which has since been removed by Community from the network. Further remedial efforts are already underway, including notifying affected patients and offering them identity theft protection services.

Hospitals should be accustomed to protecting data against privacy breaches as part of their HIPAA obligations, but outright cybertheft is a threat that many providers have not likely considered. The FBI, which is now investigating the Community incident, said in April that health care providers typically do not use the same high levels of security technology as companies in other industries (such as banking or retail). This makes providers an easy target for hackers. If a leading hospital system like Community can be breached, then hospitals of every size are at risk.

It is crucial that HIPAA-covered entities (and their business associates) understand and identify potential threats to their secured information. The importance of HIPAA risk analysis cannot be stressed enough; in fact, a risk analysis is required as the first step in HIPAA Security Rule compliance. While it may be impossible to build an impenetrable fortress of secured online information, it is evident that health care providers must continue to make it a top priority to protect patient records – both from HIPAA breaches and hackers.

Christopher J. Shaughnessy is a member at McBrayer law.  Mr. Shaughnessy concentrates his practice area in healthcare law and is located in the firm’s Lexington office.  He can be reached at cshaughnessy@mcbrayerfirm.com or at (859) 231-8780, ext. 1251. 

Services may be performed by others.

This article does not constitute legal advice.

Join us for Part II of our Medicaid Webinar!

Posted In Uncategorized

Part II of the webinar is scheduled for Wednesday, August 27 from 12-1:30pm, EST. This session will discuss federal Medicaid audit authority, what to do if you’re contacted by a Medicaid Integrity Contractor (“MIC”), and opportunities to contest a MIC’s auditor’s adjustment/denials/identification of overpayment.

Attendees of Part I will automatically be enrolled in Part II. If you missed Part I, but would like to take part in next week’s webinar, sign up here: https://attendee.gotowebinar.com/register/6389912240505419777. We look forward to hearing from you!

Lisa English Hinkle is a Member of McBrayer law.  Ms. Hinkle concentrates her practice area in health care law and is located in the firm’s Lexington office.  She can be reached at lhinkle@mcbrayerfirm.com or at (859) 231-8780, ext. 1256. 

Services may be performed by others.

This article does not constitute legal advice.

Part I Medicaid Webinar A Success – Register Now for Part II!

On Wednesday, August 20, the McBrayer Health Care Group, along with panelists from the Kentucky Primary Care Association and the Primary Care Centers of Eastern Kentucky, hosted a free webinar entitled, “Medicaid: Getting Paid & Keeping It.”

Part I of the webinar provided an overview of the Medicaid administrative appeal process, the Dispute Resolution Meeting (“DRM”), appeal of the DRM decision, and settlement. In addition, McBrayer attorneys weighed in on the “top issues” they encounter when helping providers work through the complicated reimbursement process. Attendees received real-world advice about what to challenge when an overpayment demand is received and saw examples of actual letters received by others in the industry.

Part II of the webinar is scheduled for Wednesday, August 27 from 12-1:30pm, EST. This session will discuss federal Medicaid audit authority, what to do if you’re contacted by a Medicaid Integrity Contractor (“MIC”), and opportunities to contest a MIC’s auditor’s adjustment/denials/identification of overpayment.

Attendees of Part I will automatically be enrolled in Part II. If you missed Part I, but would like to take part in next week’s webinar, sign up here: https://attendee.gotowebinar.com/register/6389912240505419777.

 heap of dollars with stethoscope

Services may be performed by others.

This article does not constitute legal advice.

FDA Issues Guidance for Drug & Device Companies’ Social Media Interactions

In June, the U.S. Food and Drug Administration issued two draft guidance documents for the pharmaceutical and medical device industries related to social media. The guidance is part of an asserted effort by the FDA to provide more clarity regarding how drug and device manufacturers may appropriately communicate through Internet platforms.

The first document, Internet/Social Media Platforms with Character Space Limitations—Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices, addresses advertising and promotional communications concerning prescription drugs and medical devices on sites where character space is limited, such as Twitter and sponsored search engine results. The guidance specifies, among other things, that each “tweet” must include both benefits and risks of the promoted drug and should include a hyperlink to a more comprehensive list of risks and side effects.

The other draft guidance, Internet/Social Media Platforms: Correcting Independent Third-Party Misinformation About Prescription Drugs and Medical Devices, addresses how manufacturers may correct certain misinformation posted by independent third parties and in chat rooms. As long as the information appears on a site not controlled by the company, the FDA does not mandate that a company correct the misinformation. If, however, the company chooses to correct the misinformation, they must follow certain protocol as outlined in the guidance.

Manufacturers may submit comments regarding the draft guidance documents to the FDA until September 16, 2014. While the guidance is solely issued for pharmaceutical and medical device companies, all providers must use caution when using social media to promote their services, practice group, a certain procedure, etc. In 2013, the Kentucky Board of Medical Licensure adopted the Model Policy for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Model Policy”) that was issued by the Federation of State Medical Boards (“FSMB”). See more on the adoption here.

The unintended consequences of social media can lead to real consequences, as even seemingly innocent and inconspicuous postings and interactions can result in costly and serious repercussions. Inappropriate postings or patient-physician communications can lead to violations of HIPAA and the Kentucky Medical Practice Act, licensing violations, or even fraud and abuse charges (i.e., physicians pay money to third parties to promote their services through online media platforms). The FDA guidance, even if not binding on a particular health care profession, is still informative and can serve as a great reference tool in policymaking.

If you are a health care provider and have questions about drafting or implementing social media policies for your health care organization, contact a McBrayer healthcare attorney today.

Services may be performed by others.

This article does not constitute legal advice.

Preparing for Round Two, Continued

Earlier this week, information about OCR Phase 2 HIPAA audits was provided. Today, let’s take a look at how to prepare if your entity is selected for an audit:

  • Confirm that a recent comprehensive Risk Assessment has been completed and documented.
  • Confirm that all action items identified in the Risk Assessment have received attention and have been completed (or are in the process of being completed).
  • Verify that policies are up-to-date, including breach notification procedures, notice of privacy practices, and responses to patient requests.
  • Ensure that a current list of business associates (and their contact information) is readily available.

Because Phase 2 does not consist of on-site visits, there will not be an opportunity for dialogue with auditors. Therefore, it is crucial to ensure that documentation alone shows a complete picture of an entity’s compliance efforts. All documents should be carefully reviewed, dated, and signed before turned over to an auditor. While providing extraneous information is not recommended, it is important to double-check that all requested and necessary information is submitted.

Phase 2 audits set to occur in 2016 will focus on the Security Standard’s encryption and decryption requirements, facility access controls, breach reports and complaints. It is never too early to start considering what protocols, training, and procedures will need to be implemented in anticipation of a possible audit related to these items.

In the event you are selected for a Phase 2 audit and have any questions about your responsibilities or what you can do to ensure a smooth process, contact a McBrayer healthcare attorney today.

Services may be performed by others.

This article does not constitute legal advice.

Are You Ready for Round Two?

In February 2014, the Health and Human Services Office of Civil Rights (“OCR”) announced its plans to send pre-audit surveys to between 550 and 800 entities during the summer in preparation for Phase 2 HIPAA compliance audits. After collecting information from those surveyed, OCR will select about 400 of those entities for actual HIPAA audits. Those audits will begin this fall – which is quickly approaching. More >

DOJ Intervenes In Case Involving ACA’s 60-Day Overpayment Rule

Recently, the Department of Justice (“DOJ”) intervened in a qui tam whistleblower suit in the US District Court for the Southern District of new York, which involves Continuum Health Partners and several Mount Sinai-related hospitals. United States ex. Rel. Kane v. Continuum Health Partners, Inc. et al, (Civil Action, No. 11-2325(ER)). While DOJ intervention in whistleblower cases is not unusual, this case is significant because the DOJ’s complaint specifically alleges that the defendants failed to return Medicaid overpayments within 60 days, as required by the Affordable Care Act (“ACA”). The case is one of the first to explore the issues and interpret the requirements of the 60-Day Rule. More >

Lexington, KYLouisville, KYFrankfort, KYFrankfort, KY: MML&K Government Solutions