Reed Tinsley, CPA

A client called to my attention that a (seemingly) very HIPAA savvy patient she had recently seen refused to allow her to make a copy of his insurance information. His reason was that copiers store the information and he was concerned about our protecting the copier that holds his PHI. Do copiers indeed store PHI in their little brains? 

YES!  Photocopiers with hard drives DO store copies of each and every image it makes.  You need to make sure you have a plan in place to destroy the PHI when you get rid of the copier/fax/whatever machine it is. This usually involves destroying the hard drive or at least wiping it clean. 

The FTC has a wonderful, free guide on copier data security.  See this page:

http://business.ftc.gov/documents/bus43-copier-data-security

Usually with a multifunction copier hard drive it can be accessed and items printed from the keypad. If removed and not encrypted you can simply slave it to a computer and read the drive images directly. Along with the FTC document, NIST SP800-88 R1 (draft) Table A-4 speaks to copiers. It talks about how to purge, clear or destroy electronic media in equipment, which includes copiers. OCR calls out NIST 800-88 as an approved method for reuse or destruction.

Some copier companies offer encryption, others will destroy and give you a certificate of destruction. You will want to know how they destroy the drives and what protections they have for transport. Of course you always have the option to destroy yourself. I recommend you use a NSA certified destruction vendor. Depending on where you live there are companies that will come onsite and grind the drive to dust in your parking lot. I had over 1000 drives destroyed in this manner.

This Special Fraud Alert addresses physician-owned entities that derive revenue from selling, or arranging for the sale of, implantable medical devices ordered by their physician-owners for use in procedures the physician-owners perform on their own patients at hospitals or ambulatory surgical centers (ASCs). These entities frequently are referred to as physician-owned distributorships, or "PODs." The Office of Inspector General (OIG) has issued a number of guidance documents on the general subject of physician investments in entities to which they refer, including the 1989 Special Fraud Alert on Joint Venture Arrangements and various other publications. OIG also provided guidance specifically addressing physician investments in medical device manufacturers and distributors in an October 6, 2006 letter. In that letter, we noted "the strong potential for improper inducements between and among the physician investors, the entities, device vendors, and device purchasers" and stated that such ventures "should be closely scrutinized under the fraud and abuse laws." This Special Fraud Alert focuses on the specific attributes and practices of PODs that we believe produce substantial fraud and abuse risk and pose dangers to patient safety.

More: https://oig.hhs.gov/fraud/docs/alertsandbulletins/2013/POD_Special_Fraud_Alert.pdf

One of the largest settlements with an individual under the False Claims Act (FCA) in U.S. history has been announced by the Department of Justice (DOJ). A Florida dermatologist, Steven J. Wasserman, M.D., has agreed to pay $26.1 million to resolve allegations that he violated the FCA by accepting illegal kickbacks from Tampa Pathology Laboratory (TPL), a clinical laboratory in Tampa, Florida, and billing the Medicare program for medically unnecessary services, according to the announcement. In addition, Dr. Wasserman is being excluded from participation in Medicare, Medicaid, and all other federal health care programs. The United States previously settled with TPL and Dr. José SuarezHoyos, a pathologist and the owner of TPL, for $950,000 to resolve the allegations asserted against them in the same lawsuit.

According to court documents, the government alleged that around 1997, Dr. Wasserman entered into an illegal kickback arrangement with TPL and Dr. SuarezHoyos under which they submitted tens of thousands of false claims to Medicare for biopsies, slide preparations, and slide readings. Under that agreement, Dr. Wasserman allegedly sent biopsy specimens for Medicare beneficiaries to TPL for testing and diagnosis. In return, to increase Dr. Wasserman’s referrals to TPL, TPL allowed Wasserman to bill Medicare for the professional component for the specimen even though TPL had performed the diagnostic work. TPL allegedly provided Dr. Wasserman a diagnosis on a pathology report that included a signature line for Dr. Wasserman to make it appear to Medicare that he had performed the diagnostic work that TPL had performed. Dr. Wasserman then billed the Medicare program for TPL’s work, passing it off as his own, for which he received more than $6 million in Medicare payments.

In addition, the government alleged that Dr. Wasserman substantially increased the number of skin biopsies he performed on Medicare patients, thus increasing the referral business for TPL. Dr. Wasserman also allegedly falsely billed Medicare for patient office visits and unnecessary skin surgeries referred to as adjacent issue transfers on Medicare beneficiaries.

http://docs.justia.com/cases/federal/district-courts/florida/flmdce/8:2004cv00933/114255/81/0.pdf?1300535749

The Federal Trade Commission (FTC) said February 13 that it will not take any enforcement action against Norman Physician Hospital Organization (Norman PHO) in relation to its proposed formation or operation of a clinically integrated healthcare network.
 
FTC said in a staff opinion letter that the network’s proposed activities “appear unlikely to unreasonably restrain trade.” Instead, the letter concluded the “proposed clinical integration program offers the potential to create a high degree of interdependence and cooperation among its participating physicians and to generate significant efficiencies in the provision of physician services.” 
 
Norman’s network includes approximately 280 participating physicians and hospitals but the proposal contemplates horizontal combinations or pricing agreements only in the provision of physician services.
 
Norman represented that the network’s “operations will not involve horizontal agreements among competing providers of inpatient hospital services, or outpatient hospital and ambulatory care services, because Norman Regional Health System is the only provider of such services that will participate in the network.”
 
Because FTC concluded the proposed joint contracting “appears to be subordinate” to the network’s effort to improve efficiency and quality through the clinical integration of its participating physicians, the agency analyzed the proposal using a rule-of-reason analysis, rather than subjecting it to a per se bar under the antitrust laws.
 
The letter noted concerns about market power are mitigated by Norman PHO’s representations that it will not attempt to force payors to contract with it, and payors who do not want to contract with the network for any reason may bypass the network and contract individually with the participating providers, either directly or through other networks, and without interference from Norman PHO.

http://ftc.gov/opa/2013/02/healthcare.shtm

The Stage 2 rule for the Electronic Health Record (EHR) Incentive Programs included changes to the Stage 1 meaningful use objectives, measures, and exclusions for eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs). Some of these Stage 1 changes took effect on October 1, 2012, for eligible hospitals and CAHs, or January 1, 2013, for EPs. Several are optional, but others are required, this according to the American Institute of Healthcare Compliance (AIHC).
 
Stage 1 Changes and Timing:
 
Computerized Physician Order Entry (CPOE)
Change: Addition of an alternative measure based on the total number of medication orders created during the EHR reporting period
Timing: 2013 and onward
Change: Revised the description of who can enter orders into the EHR and have it count as CPOE
Timing: 2013 and onward (regardless of what stage of meaningful use the provider is attesting to)
 
Electronic Prescribing
Change: Additional exclusion to the objective for electronic prescribing for providers who are not within a 10 mile radius of a pharmacy that accepts electronic prescriptions
Timing: 2013 and onward
 
Record and Chart Changes in Vital Signs
Change: Age limit increased for recording blood pressure in patients from ages 2 to ages 3;  no age limit for height and weight
Timing: Optional in 2013; required starting in 2014
Change: Exclusion if the EP sees no patients 3 years or older, if all three vital signs are not relevant to their scope of practice, if height and weight are not relevant to their scope of practice, or if blood pressure is not relevant to their scope of practice
Timing: Optional in 2013; required starting in 2014
 
Public Health Reporting Objectives
Change: Require that providers perform at least one test of their certified EHR technology's capability to send data to public health agencies, except where prohibited
Timing: Required in 2013 and onward (for all Stage 1 public health objectives)
 
Electronic Exchange of Key Clinical Information
Change: Objective for electronic exchange of key clinical information no longer required for Stage 1 for EPs, eligible hospitals, and CAHs
Timing: No longer required in 2013 and onward

For more details about each of these changes review the CMS Stage 1 Changes Tipsheet.

http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/Stage1ChangesTipsheet.pdf

I have a physician client who is conducting weekly eye wash station checks. In a conference earlier this year attending by the office administrator, it was mentioned that medical practices need to be doing these checks twice a week to meet OSHA standards. However I have not been successful in finding this regulation and a person I know in a hospital system says you only have to do it weekly.

The "testing" of the eyewash stations is really 3-fold in it's purpose:

1) You want to make sure it works.
2) You want to make sure the water temperature is appropriate.
3) You want to flush the lines weekly, to assure that nothing is growing in the stagnant water in the line.

These three measures assure the safety of the worker who runs to the station, turns it on and flushes their eyes in an emergent situation. I'm not seeing (no pun intended) the purpose of a bi-weekly test - unless you've cultured the water and found that you have something that grows on a more frequent basis.

Thoughts?

Another hospital decides to self-disclose possible Stark violations. The following are the violations disclosed:

(1) Failing to satisfy the requirements of the physician recruitment exception for an arrangement with one physician;

(2) Failing to satisfy the requirements of the fair market value (FMV) exception for arrangements with two physicians to provide medical director services;

(3) Failing to satisfy the requirements of the FMV exception for the provision of leadership stipends to thirteen physicians;

(4) Failing to satisfy the requirements of the personal services arrangement exception for an arrangement with a group practice to provide ophthalmology services.

(5) Failing to comply with the FMV exception for arrangements with two physicians to provide hospice services.

I repeat, this administration is all-in when it comes to combating healthcare abuses. As such, an annual compliance review is mandatory these days, both for healthcare facilities and physian medical practices.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) Work Plan for Fiscal Year 2013 (Work Plan) summarizes new and ongoing reviews and activities that OIG plans to pursue with respect to HHS programs and operations during the next fiscal year (FY) and beyond. The following are items in the Work Plan directed towards physicians and physician practices:

Non-Hospital-Owned Physician Practices Billing Medicare as Provider- Based Physician Practices

The OIG will determine the impact of non-hospital-owned physician practices billing Medicare as provider-based physician practices. Also, the OIG will determine whether practices using the provider-based status meet the CMS billing requirements. Additional Medicare payments are paid for services furnished at provider-based facilities, so the OIG has an interest in making sure that those claiming provider-based status are accurate.
 
Physicians Encountering Beneficiaries Face-to-Face When Certifying Them for Medicare Home Health Services

This item focuses on a requirement of the Affordable Care Act that physicians who certify beneficiaries as eligible for Medicare home health services have face-to-face encounters with the beneficiaries. The OIG will examine current practices. The statute dictates that the encounters must occur within the 90 days before the beneficiary starts home health care or up to 30 days after care begins.
 
Physicians’ Improper Use of Commercial Mailboxes

In this item, the OIG directs attention to physicians’ use of commercial mailboxes. The OIG will determine the extent to which Medicare Part B providers and suppliers had practice locations matching commercial mailbox addresses in 2011. These types of mailboxes are forbidden, and the OIG believes that physicians were using commercial mailboxes in order to defraud Medicare.
 
Physicians Failing to Refund Overpayments Will Have Recent Medicare Payments Reviewed

The OIG will review providers and suppliers that have failed to refund their overpayments. Physicians begin to bill Medicare under a different provider number after overpayments are found on their first number. CMS may deny a physician’s enrollment in the Medicare program if he or she has an overpayment outstanding at the time of filing an enrollment application. Thus, the OIG is interested in knowing how many physicians are abusing Medicare by billing under a new provider number that he or she should not have.
 
Questionable Billing By Ophthalmologists

The OIG will focus on 2011 and questionable billing for ophthalmological services during that year. The OIG is also interested in the geographic locations of providers exhibiting questionable billing.
 
Questionable Billing for Electrodiagnostic Testing

The OIG is interested in questionable billing for electrodiagnostic testing. In reviewing this billing, the OIG will also focus on provider specialty, diagnosis, and geographic area to see if these factors make a difference in the billing of electrodiagnostic testing.
 
Interest in Recent Increase of Medicare Payments for Polysomnography

OIG found that Medicare payments for polysomnography – a sleep study service – increased from $62 million in 2001 to $235 million in 2009. Sleep studies may be reimbursable for certain patients, but the OIG believes this increase in payments to be questionable. The OIG will review payments from 2009 through 2010.
 
Review of High Utilization of Sleep Testing Procedures

The OIG is interested in Medicare payments for high utilization of sleep testing procedures. Medicare will only pay for items and services that are "reasonable and necessary," and the OIG is skeptical as to the reasonableness and necessity of the high increase in sleep testing procedures. Medicare payments to physicians will be examined.
 
Orthopedic Implant Devices Used in Spinal Fusion Procedures

The OIG and Congress are giving increased focus to physician-owned distributors (POD) which provide devices to hospitals. Currently, PODs provide spinal implants, but the concern arises from growth into other areas. The OIG and Congress believe that PODs could create conflicts of interest and safety concerns for patients. Physicians that plan to enter such high-risk arrangements should seek qualified legal advice.
 
Safety and Quality of Surgery and Procedures in Ambulatory Surgical Centers and Hospital Outpatient Departments

The OIG is interested in the safety and quality of care provided by ambulatory surgical centers (ASC) and hospital outpatient departments (HOPD). Physicians perform certain procedures in ASCs and HOPDs when they do not require hospitalization, so they must be prepared for the OIG’s review of the safety and quality of such procedures for Medicare beneficiaries. The OIG will assess care in preparation for and provided during surgeries and procedures in both settings.
 
Medicare Payments for Practice Expenses Related to Part B Imaging Services

The OIG will review Medicare payments for practice expenses related to Part B imaging services. The OIG will also determine whether the utilization rates reflect industry practices.
 
Medical Necessity of High-Cost Tests for Diagnostic Radiology

The OIG will review payments made for high-cost diagnostic radiology tests. It plans to determine whether these tests are medically necessary. The OIG also is interested in determining the extent to which primary physicians and specialty physicians are ordering the tests for the same patient.
 
Noncompliance with Assignment Rules

The OIG is interested in the extent to which physicians and other suppliers fail to comply with assignment rules. The OIG intends to determine the extent of inappropriate billing in excess of amounts allowed by Medicare.
 
Incident-To Services

The OIG plans to review physician billing for "incident-to" services. Specifically, the OIG will look to see whether payment for such services had a higher error rate than that for non-incident-to services. The OIG is also interested in determining whether Medicare can monitor services that are billed as "incident-to."
 
Errors in Coding Based on Place-of-Service

Medicare pays a physician differently based on the location where the service is provided. The OIG is interested in errors in coding the place-of-service. Specifically, the OIG will review physicians’ coding on Medicare Part B claims for services performed in ambulatory surgical centers and hospital outpatient departments.
 
Appropriateness of Use of Claim Modifiers

The OIG will focus on the global surgery period in determining whether certain claims modifiers were correctly coded. The OIG is interested in this time period because prior OIG work found improper use of modifiers during the global surgery period.

Sometimes we need a wakeup call with regards to healthcare compliance. Remember we can choose to comply because we understand that it benefits us and others, or we can choose not to comply and reap the consequences. No one likes a lot of rules, but the rules have been established to protect us all. On some occasions, individuals may unintentionally fail to comply. Sometimes that happens because of poor communications regarding written standards, inaccessible written standards, or other failures regarding review practices. People do make mistakes, but the goal is to limit the number of mistakes through good communication and good documentation of processes.

Is your physician practice or healthcare entity in full compliance??

Of the OSHA inspections held last month, 75% were physician practice settings. While Region 4 did represent 43% of those audits, none were from the 4 targeted states in that Region! 25% of those surveyed were actually from Region 9 (CA, WY, AZ, HI). Physician practices, urgent care centers and ASC's should beware. Have you had OSHA training in the last 12 months? Have you reviewed your procedures with a compliance checklist? Have you prepared a policy for theft / violence in the workplace as required by OSHA and have you trained your staff on this policy?

Like HIPAA, almost all practices "think" they are in compliance when in fact they are not. This is not an issue you should ignore.