2010 Compliance Review -- What Did I Miss?
The Red Flags Rule
The rules have been modified that "creditor" no longer includes any business that extends credit or permits payment plans for fees incident to its services. Because healthcare providers are no longer "creditors" under this law, healthcare providers no longer need to comply with the Red Flags Rule.
The Stark Self-Disclosure Protocol
Published March 23, 2010, the Stark Self-Disclosure Protocol outlines how providers are to disclose actual or potential Stark violations. There was no disclosure requirement prior to these new criteria.
New Refund Requirements include False Claims Act consideration
The Patient Protection and Affordable Care Act ("PPACA"), explicitly states that "[a]ny overpayment retained by a person after the deadline for reporting [60 days] and returning the overpayment  is an obligation [under the False Claims Act]." An overpayment must be reported by the later of sixty days after the date on which the overpayment was identified or the date any corresponding cost report is due. Thus, retention beyond this period may subject the retaining person or entity to liability under the False Claims Act. Considering the steep penalties, up to $11,000 per claim plus treble damages, and Congress' direct link from PPACA to the False Claims Act, health care providers and others receiving federal money must proceed with caution and enhanced vigilance.
As part of the PPACA, effective January 2011, any healthcare provider that offers MRI, CT or PET services under the in-office ancillary service exception must inform patients in writing at the time of the referral for such services that the patient may obtain such imaging services elsewhere and provide a list of other imaging providers within a 15 mile radius.
Case Law Update
A federal court announced that Ohio's patient confidentiality statute is more strict than HIPAA and can trump HIPAA's disclosure exceptions in several areas (e.g., grand jury subpoenas).
The next phase of HITECH is effective:
- Revised Minimum Necessary Rule: When using or disclosing PHI or when requesting PHI from another covered entity, a provider must make reasonable efforts to limit the PHI to the "minimum necessary" to accomplish the intended purpose of the use, disclosure or request.
- Stricter Marketing Disclosure exceptions.
- Patients have right to access their records in electronic format.
- Self-pay patients have the right to restrict treatment, payment or healthcare operations disclosures.
- HHS required to start HIPAA compliance audits.
- Beginning in January 2011, all providers using EMR after January 1,2009 are required to track ALL disclosures of PHI, including routine disclosures for treatment, payment or healthcare operations. Such tracking must be kept current for at least 3 years.
- In Feb. 2011, providers are prohibited from receiving remuneration for exchange of PHI.
Congress recently delayed the Medicare reimbursement reduction for another year. As has been done no less than 10 times in the past 8 years, Congress has once again delayed implementation of the Sustainable Growth Rate (SGR) formula, which ties Medicare physician reimbursement to the U.S. gross domestic product, modifying provider payments on an annual basis. This formula has mandated percentage reductions since 2002, but Congress has acted each time to delay such cuts.
OIG Semiannual Report to Congress
For the first half of fiscal year (FY) 2010, the Department of Health & Human Services (HHS) Office of Inspector General (OIG) reported expected audit and investigation recoveries of about $3.1 billion. For this same period, the OIG reported exclusions of 1,935 individuals and entities from participation in Federal health care programs, 293 criminal actions against individuals or entities that engaged in crimes against departmental programs; and 164 civil actions, which included False Claims Act Amendments of 1986 (FCA) and unjust enrichment lawsuits filed in Federal district court, Civil Monetary Penalties Law (CMPL) settlements, and administrative recoveries related to provider self disclosure matters.