June 25, 2015

Supreme Court Decision in King v. Burwell Turns Away Challenge to Affordable Care Act

Held: Section 36B's tax credits are available to individuals in States that have a Federal Exchange.

Read the full opinion here.

June 12, 2015

The Practice Through A Network Diagram

by Nathan Prystowsky

In a former life before I settled into health law I spent some time thinking about a career in land-use law. During one summer in law school I interned with the counsel's office for a local town. The town counsel at the time made sure that I got to know the planning and building departments by immersing myself in how to look at all the charts, diagrams, and architectural layouts. It was a valuable experience because when it came time to work at my first job in a midsized law firm I needed to be able to read an architectural layout, know what a curb cut was, and determine if the drawings conformed to regulations. So how does this apply to me now? Well it's the same skill but a different picture.

Now that the healthcare field has transitioned to electronic medical records and practice management systems ("EMR/PM"), healthcare lawyers need to picture how those technologies fit across multiple vendor relationships, in-office regulatory requirements, and practice needs. Knowing how to read a network diagram will help a lawyer sketch out any practices legal information landscape, and that's why it's essential. So let's take a look at a simple small practice network diagram to get the basics.

Small Office Network Diagram.jpg

Like any drawing we have the usual title, practice information, and author information that tells you the office being diagramed and who set up or presently maintains the IT for that office. Once you know you have the correct office the best place to start is the server. I think of it as the center of a wheel, where every spoke grows out from that center and connects to a piece of the office. Some very small offices don't have a server, but for most EMR/PM systems the specifications prefer the use of a server. The reason is that, for medical record data bases, it's easier to use a server with SQL to query the databases (that's just fancy talk for when you point and click on something it pulls up the information you want). The server basically houses all the information and performs most of the computing functions for the office.

I then follow the dots till I get to where the server connects to a firewall. In smaller offices you will find a most likely SonicWall device. Cisco devices are also popular, especially in larger practices and hospitals, but those devices are not the only option that are cost effective and allow the practice to protect against intrusions. The firewall connects to a switch. The switch functions by connecting all the local devices to the network. Local devices are workstations (desktop computers) and tablets and Smart Phones. Smart phones and tablets are becoming more widely used in practices because of the medical applications that are useful for practitioners.

Next, I like to see the uninterrupted power source on the network diagram because it shows some extra care has been put into protecting the server. It's commonly called a UPS and it's basically a surge protector with a battery and some nifty software that will shut down the server in a controlled way if the power goes out. You can toss this one in the technical safeguard bucket because it prevents some predictable data integrity issues that can happen during a random loss of power that forces an uncontrolled shutdown of a server which is known to corrupt data files. Uncontrolled shut downs are like those moments during a thunderstorm when the power goes out in the house and every electrical device turns off instantly with a "click." The UPS keeps things going long enough to go through the longer process necessary for a server. If you have ever shut down a computer this is where the pop up window says "preparing to shut down. This may take several minutes."

Most offices should have a backup appliance that copies images of the entire server and allows them to be accessed virtually from the cloud. The appliance works by making copies of the server and sending an encrypted copy into the cloud. In this case putting a copy on the cloud means a couple of big data centers with stacks of servers in different parts of the country hold onto a copy that can be accessed in an emergency if the office server gets damaged beyond repair. IT people call this a cloud restored virtualized backup.

It's also not uncommon to indicate external providers who have access to the network, like a hosted website with a built in portal to the electronic medical record that patients use to create or modify a profile. Sometimes a practice will host its own website and keep another server on site to do this. Two servers are necessary because it takes a lot of computer power to run a website and it will take away from using the EMR/PM if both the website and the EMR/PM are on the same server. You may be familiar with this problem that tech people call latency but our office calls the "slows." That's when you click on anything and it seems like it takes forever. Opening an email feels like it takes minutes not seconds, a new document feels like it takes minutes not seconds, and that webpage you want to look at online eventually gives up and says "cannot be loaded, would you like to retry?" Since its expensive to buy and maintain two separate servers most practices use an offsite host. This has an added benefit because it also protects the practice from intrusions from potential cyber threats. Remember websites are trying to get visitors. It's best not to keep visitors and private information in the same place.

Whether it's a small practice or a large hospital reviewing a network diagram also is a great way to get the gist of the IT contract and compliance picture at a glance. Looking over one tells me whether a backup vendor is being used, and whether I need to see if there are business associate agreements, a contract, and hopefully diligence done on the contract like obtaining a certificate of insurance or a SOC or SSAE audit. It also tells me what technical safeguards have been put in place for compliance purposes. Spend some time looking at one. It will help.

June 5, 2015

ACO Medicare Shared Savings Program Rule Released

If you breezed through the 653 pages of the Medicaid Managed Care regulations CMS released 10 days ago, there's another hefty portion of rules for you to take a run at. Yesterday, CMS released the pre-publication version of the Medicare Shared Savings Program ACO regulations, weighing in at a scrapping but nonetheless impressive 592 pages. Here's the summary from the final rule:

This final rule addresses changes to the Medicare Shared Savings Program including provisions relating to the payment of Accountable Care Organizations participating in the Medicare Shared Savings Program. Under the Medicare Shared Savings Program, providers of services and suppliers that participate in an Accountable Care Organizations continue to receive traditional Medicare fee-for-service payments under Parts A and B, but the Accountable Care Organizations may be eligible to receive a shared savings payment if it meets specified quality and savings requirements.

Read the rules here. They are scheduled to appear in the June 9 Federal Register, with most of the rule taking effect August 3, 2015. Certain provisions are delayed to November 1, 2015 and January 1, 2016.

June 4, 2015

OCR Confirms Launch of Phase II HIPAA Audits

According to a May 18 article in the National Law Review, covered entities have reported receiving notices of the Phase II audits, which were supposed to have begun last year.

The audits begin with surveys, which are going out to between 500 and 800 entities, from which OCR will select 350 covered entities to participate in audits. Most of the audits will be desk audits, but many will be comprehensive on-site audits.

Red the full article in the National Law Journal here.

New York City HHC Reports Data Breach

From the May 22 Becker's Health IT and CIO Review:

A former New York City Health and Hospitals Corp. employee improperly accessed and transmitted files containing protected health information, prompting the health system to notify nearly 90,000 patients their data may be compromised.

Read the full article here.

May 28, 2015

OPWDD Ups Ante for Late Filing Cost Reports

The Office for Persons with Developmental Disabilities recently adopted regulations imposing a penalty on providers that fail to meet filing deadlines for cost reports. The amended regulations provide for automatic imposition of penalty after 120 days if the provider does not apply for a 30 day extension, and eliminate both written notice of failure to file a cost report and the 15 day grace period.

For further information, see the regulations in the May 27 and March 11 State Registers.

CMS Criticizes NYSDOH Oversight of Home Care

According to a report recently released by CMS:

CMS could not rely on New York's qualification requirements to ensure the quality of care provided to Medicaid beneficiaries receiving home health services during 2007 through 2009 because some home health agencies did not meet certain State requirements for employee health screenings and inservice training.

Read the full report here.

May 26, 2015

CMS Posts Sweeping New Medicaid Managed Care Regs

CMS has released the pre-publication version of the long-awaited and highly anticipated Medicaid managed care regulations. The proposed rule is intended to "modernize the Medicaid managed care regulations to reflect changes in the usage of managed care delivery systems." According to the summary accompanying the proposed rule, it would:

  • align the rules governing Medicaid managed care with those of other major sources of coverage, including coverage through QHPs and Medicare Advantage plans
  • strengthen actuarial soundness payment provisions to promote the accountability of Medicaid managed care program rates
  • promote the quality of care and strengthen efforts to reform delivery systems that serve Medicaid and CHIP beneficiaries
  • ensure appropriate beneficiary protections and enhance policies related to program integrity, and
  • require states to establish comprehensive quality strategies for their Medicaid and CHIP programs regardless of how services are provided to beneficiaries

The document is scheduled to be published in the June 1 Federal Register with comments due no later than July 27, 2015.

View the pre-publication version of this rule here.

May 22, 2015

Deadline to Apply as a Registered Organization is Quickly Approaching

By: Nicole Ozminkowski

On April 27, 2015, the New York State Department of Health ("DOH") announced that it would begin accepting applications from businesses interested in manufacturing and dispensing medical marijuana under the Compassionate Care Act.

The deadline to apply for one of the five registered organization licenses was initially May 29, 2015. More recently, the Department has extended the deadline to June 5, 2015. The Department has not, however, extended the timeframe within which it expects to issue the registrations. The DOH has set an ambitious timeline to get the program up and running and hopes to make its selection for the limited registered organization licenses this summer.

More information as provided by the DOH can be found in the Governor's press release and on the DOH's web page on medical marijuana.

May 18, 2015

Westchester Medical Center Settles Anti-Kickback and Stark Claims for $18+ Million

Preet Bharara, US Attorney for the Southern District of New York, announced the settlement Thursday by way of a press release.

Preet Bharara, the United States Attorney for the Southern District of New York, Scott J. Lampert, Special Agent in Charge of the U.S. Department of Health and Human Services, Office of Inspector General's ("HHS-OIG") New York Region, and Diego Rodriguez, the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation ("FBI"), announced today that the United States has settled civil fraud claims under the False Claims Act against WESTCHESTER COUNTY HEALTH CARE CORPORATION d/b/a WESTCHESTER MEDICAL CENTER ("WMC") related to WMC's alleged violations of the Anti-Kickback Statute and the Stark Law and submission of costs reports to Medicare seeking reimbursement for charges WMC did not incur. In connection with the settlement, which was approved by U.S. District Judge Lewis A. Kaplan on May 14, 2015, the defendant agreed to pay a total of $18,800,000 to resolve its liabilities, and made admissions as to its conduct.

Read the full press release, including details regarding the relationships that were found to be problematic, here.

May 8, 2015

Blog Welcomes Young Lawyers' Committee

The NYSBA Health Law Section recently established a Young Lawyers' Committee for members who were admitted less than ten years ago. The committee supports members who are establishing themselves in the health law profession, as well as those in other fields who are interested in exploring health law. Members of the committee will soon begin contributing to this blog.

Check the blog for posts tagged as "young lawyers," and please comment. Notes of encouragements and questions for young lawyer contributors would be welcome!

April 29, 2015

Trinity Health to Acquire St. Joseph's in Syracuse

Healthcare Dive is reporting that Trinity Health has struck a definitive agreement to acquire Syracuse, NY-based St. Joseph's Hospital Health Center. Read the brief here.

February 27, 2015

Albany Medical Center Boasts BP Success

Yesterday's Albany TimesUnion covers the payoffs from Albany Medical Center's focused effort on controlling hypertension in its patients.

A concentrated effort among all Albany Medical Center physicians to monitor hypertension has continued to increase the number of patients there who are keeping their blood pressure in check, the health system reported Thursday.

Albany Med patients are nearly twice as likely to have their high blood pressure under control than all Americans who have hypertension, a result attributed to a program developed more than two years ago.

Read the rest of the article here.

February 26, 2015

An Interesting Take on AKS Referrals

Here's a clip from a National Law Review article from Tuesday, February 17:

On Feb.10, 2015, the U.S. Court of Appeals for the Seventh Circuit expanded the definition of "referral" under the Anti-Kickback Statute (AKS) by holding that a referral under the AKS is found when a provider authorizes a patient for specialist treatment even if the provider does not recommend a certain specialist.

Read the full article here.

February 25, 2015

Governor's Effort to Take Down NY Doc Profiles Causing a Stir

Modern Healthcare covers a dustup over Governor Cuomo's proposal to save some money by doing away with the Department of Health's Doctor Profile website.

New York Gov. Andrew Cuomo's proposal to save $1.2 million by defunding the state's NYDoctorProfile.com website is coming under fire from a coalition of 16 patient- and consumer-advocacy groups who call the plan "a dangerous step backwards in the effort for greater transparency in healthcare."

Read the rest of the article here.

For additional posts, see the archive headings in the right hand column.