Useful Links

Disclaimer

  • The materials and opinions presented by the author on this blog/website are the author's views, are for educational and informational purposes only, are not intended to be legal advice and should not be used for legal guidance or to resolve specific legal problems. You understand that by reading this blog no attorney client relationship is created between you and the author. In all cases, legal advice applicable to your organization’s own specific circumstances should be sought form knowledgeable counsel. The author may change this site without notice and does not guarantee the site to be complete, correct, or up-to-date. Neither the author, publisher, or the author's firm are responsible for the content of any linked sites.

« December 2009 | Main | February 2010 »

January 2010

01/29/2010

HIPAA Security Breach Rule Deadline Just Around the Corner

With everything else that has been going on - the holidays, health care reform, etc. - you may have forgotten that the HIPAA Security Breach Notification Rule deadline is February 22, 2010.  With less than a month before the deadline, many providers may not have started their compliance efforts yet.  If you don't recall what the Security Breach Notification Rule says or requires, you can take a look here and here.   

If you haven't started working on this yet, you still have close to a month, so don't panic.  You should begin looking at this issue and putting together a timeline for compliance by February 22.  You may have already addressed breach notification, due to state law requirements.  If so, you can start by reviewing what notification policies and procedures you have in place and comparing them to the notification rules requirements.  

If you do not have any notification procedures in place, I would recommend reconsidering the reasonableness of encryption as your first step.  As part of your original Security Rule compliance efforts you should have assessed the reasonableness of encryption.  At that time, you may have determined it was not reasonable to implement.  If you go back and revisit this consideration, the advances in technology, combined with the incentive of avoiding the notification issues, may change your assessment.

If you implement encryption, you eliminate the notification provisions, because you do not have any unsecured protected health information. Don't forget that the encryption guidance from HHS includes guidance on destroying PHI.  If you are not properly destroying old files, you still have a source of unsecured PHI and would still need notification procedures.

If you do not implement encryption, you need to implement notification policies and procedures.  There are a few things you should consider when implementing notification.  For example, you are required to provide a way for the individuals who are affected to contact you for more information.  Who will be responding to these calls.  You need to be sure that whoever is fielding contacts about the breach is comfortable dealing with the public (and potentially the press), understands what they can and cannot say and will stick to that.  You do not want your point of contact to create any more problems for you by giving bad answers.

Another thing to consider now - if you use the toll-free number contact option, how do you want to set up the call-in number?  If you already have a toll-free number, you may not want to just use it as the contact number in the event of a reportable incident.  Depending upon the number of individuals involved, this may make it difficult to take normal business calls and may result in someone fielding questions that you would rather not have fielding questions.

You will want to be sure to get everybody who would be involved in detecting and reporting a breach involved in training.  Everyone should know that on February 22, you have new policies and procedures going into effect and what this means.  There is no point to having these new policies and procedures if no one is aware of them or understands them.

Remember - even if you have not started working on this yet, there is still time.   You just need to be sure that you use this last month wisely - develop a plan, set deadlines and stick to them.  This is not at all like implementing HIPAA compliance from scratch, so try not to let this ruin your weekend - just don't forget about it come Monday.    (Another resource you might consider is this template my partner put together.  I apologize for the shameless plug, but if you haven't started yet, you could probably use the assistance.)

Posted by Robert Markette on 01/29/2010 at 06:11 AM in Compliance, HIPAA, Home Health and Hospice Regulations | | Comments (0) | TrackBack (0)

01/26/2010

The RACs are coming

Well, it has taken some time, but the Recovery Audit Contractors have finally started posting issues that relate to home health and hospice. 

Health Data Insights, the Region D Recovery Audit Contractor (Region D covers: "Alaska, Arizona, California, Hawaii, Iowa, Idaho, Kansas, Missouri, Montana, North Dakota, Nebraska, Nevada, Oregon, South Dakota, Utah, Washington, Wyoming, Guam, American Samoa, and Northern Marianas).  Has posted three issues related to hospice and home health.  One issue (Hospice Related services) was approved last September, the other two issue have been approved since December 22, 2009.  They all apply to claims billed after October 1, 2009

HDI has added two hospice related issues:  DME while in hospice and Hospice Related Services - B.  For both of these, Health Data Insights  explains that:"Services related to a Hospice terminal diagnosis provided during a Hospice period are included in the Hospice payment and are not paid separately."  The RAC will be looking at claims for DME and "Related Services" paid for separately by Medicare during a hospice admission.  Obviously, if it is equipment and services related to the terminal illness and was paid for outside of the hospice reimbursement, Medicare should not have paid for it again.

This audit will likely be triggered by an automated review.  They can churn through the numbers and identify claims submitted by non-hospice providers during a hospice episode. Whether or not a repayment is owed depends upon whether the claim is for DME or services related to the terminal illness.  The RAC cannot determine that simply by an automated review.   I say this, because, as anyone who has dealt with a hospice patient in a nursing home realizes, the question of what is and is not related to a terminal illness can often be disputed.  It requires looking at the documentation for the additional services and comparing to the terminally ill patient's diagnosis and needs.  Of course, if the hospice and the DME or other service provider both list the same illness, the issue becomes much simpler.

Health Data Insights has also added issues related to home health.  This issue is titled "Medical Supplies and Consolidated Billing".  Like the Hospice issue, this is an effort to identify services or supplies covered by the PPS episodic payment that were paid for separately.  For example, a patient receives physical therapy during a home health episode from a provider other than the home health provider - that is covered under the episodic payment and should not be billed separately.  This is another issue where the RAC can churn through the numbers and identify overlapping claims.  This is one that is actually easier for the RAC, because certain supplies and services are covered by the episodic payment, without much room to quibble.  (It's not like hospice where hospice patients can have other medical issues.)

Home health and hospice providers should be looking at their claims and trying to identify situations where other providers claims overlap for services that are covered under the payment they receive.  The RAC may pursue the entity that provided the additional service (which seems like the correct response to me), but they may come after the HHA or Hospice.  The best course of conduct is to attempt to avoid these overlapping claims.

Now that one RAC has identified home health and hospice issue, the others won't be too far behind.  You may expect to start seeing letters form the RAC (in region D at least for now).  When you receive a request for information, be sure to respond promptly.  One of my favorite statistics from the RAC demonstration was the percentage of claims recouped simply because the provider failed to provide documentation.  You should never have to pay back money because you just did not respond in time.  The government already pays you too little and routinely asks for more back - don't help them out by not being ready for the RACs.

Posted by Robert Markette on 01/26/2010 at 09:57 AM in Home Health and Hospice Regulations, Medicare/Medicaid, Reimbursement Issues | | Comments (0) | TrackBack (0)

01/20/2010

The Massachusetts Election and HomeCare and Hospice

Well, by now, I am sure you are all aware that Scott Brown won in Massachusetts.  This is not a political blog, per se, but the news this morning is covering how Scott Brown's election will effect the passage of a number of bills that are of concern to the home health, private duty, and hospice industries.

The first issue getting a lot of attention is whether or not Scott Brown's victory is the death knell of health care reform.  Many Democrats appear to be signaling that it is time to back away from the current bills and rethink health care reform.  This article also has some great quotes about the status of health care reform after last night.   Some Congressional Democrats are saying everything should be put on hold until Scott Brown is sworn in (you can read that story here).  Barney Frank was quoted as saying they may need to start over.  Susan Collins even specifically mentioned starting over and getting away from a bill that included the steep cuts to Medicare.  These articles give a pretty strong impression that the current bills, which were terrible for the home health industry are dying, if not completely dead.  If this is the end of health care in its current form (which seems likely) the election last night may have saved the home health industry from the draconian cuts proposed by the House and Senate.

Of course, this is not done yet.  Providers need to keep a close eye on what is happening.  Until the bills are officially scrapped and Congress starts over, the cuts are not dead.  Furthermore, if Congress starts over, the home health industry will need to keep a close eye on what they propose and, if necessary, be ready to respond loudly and clearly (you may find your representatives more willing to listen now).  Based on today's reports, it seems that health care reform may ultimately go forward, but in a much different fashion.  If so, home health providers may be able to breathe a sigh of relief that the $55 billion dollars in cuts will not happen.   

Another area of interest to the home health, private duty, and hospice industry is the Employee Free Choie Act.  At least two outlets (here and here) are predicting that the election of Scott Brown is the end of the Employee Free Choice Act for this year.  Scott Brown was clear in his campaign that he was opposed to the EFCA.  This is another bit of great news for the industry. (Although it is only a prediction.)  This aspect of the election has not gotten much press, because of the focus on health care reform, but it appears that with the election of Scott Brown, supporters of the EFCA no longer have the votes they need to pass the bill. 

[There was an interesting side note during the campaign in Massachusetts.  SEIU members were out campaigning for Brown while SEIU's leadership was campaigning for Coakley.  Here is the video.  


This video says a number of things, but I like to think it shows that  the union's leadership is out of touch with its members.  Always a good point to raise when in the midst of a union campaign.)

Posted by Robert Markette on 01/20/2010 at 10:00 AM in Employment Law, Home Health and Hospice Regulations, Labor, Medicare/Medicaid, Reimbursement Issues | | Comments (0) | TrackBack (0)

01/14/2010

First AG to sue under HITECH Act HIPAA Amendments

Yesterday, the Connecticut Attorney General announced it has sued Health Net of Connecticut for a security breach involving 446,000 Connecticut enrollees.  The Connecticut AG is using the authority provided to state AGs to enforce HIPAA under the HITECH Act.  You can read more about the case here.  

This is likely the beginning of a new trend of state level HIPAA enforcement.  As with previous "new waves" of health care regulatory enforcement, the enforcers are starting with a rather egregious case.  (At least in terms of number of people impacted.)  Now that Connecticut has taken the first step down this road, it will be interesting to see when other states follow suit.  It will also be interesting to see if the states pursue anything other than the largest breaches under this new authority.

The scope of breaches the states are willing to purse will be especially interesting to the home health and hospice community.  If, due to lack of staffing, etc., states only pursue the larger breaches, many home health and hospice providers may not have to worry about state AG enforcement.   In my opinion, this is likely to be the case initially, but as time goes on you will see the states become more accustomed to enforcing privacy in this fashion and they will devote more resources to this effort.  This will lead to broader enforcement.

For now, the main point is that we have now seen the first AG suit under the HITECH Act.  More suits are certain to follow.  This means that after years of moderate to non-existent HIPAA enforcement, HIPAA enforcement is on the rise.  If you have not considered your HIPAA compliance efforts recently, now is a good time to go back and review.  You want to be sure you are in compliance now, before enforcement really swings into high gear.

Posted by Robert Markette on 01/14/2010 at 11:42 AM in Compliance, HIPAA, Home Health and Hospice Regulations, Private Duty | | Comments (3) | TrackBack (0)

01/13/2010

Senator Kerry Continues Efforts on Behalf of Home Health Care

On Monday, Senator John Kerry sent a letter to Harry Reid, Max Baucus, Christopher Dodd, and Tom Harkin, urging them to "protect access to home health care" as they work to finalize health care reform legislation.  You can download the letter here.  The letter mentions that if the House cuts are enacted, by 2011 more than two-thirds of home health providers will be reimbursed for services at a rate that is less than the cost of care.  The letter does not state it explicitly, but the conclusion to be drawn is two-thirds of the Medicare home health providers will either go under completely or pull out of Medicare.

Unfortunately, the letter goes on to mention the Senate's proposed cuts as a "responsible level" for home health care cuts.  I continue to maintain that the Senate's cuts are very damaging to the industry, but I will concede they are less severe than the House's proposed cuts.  They are also phased in over a longer period of time, which gives providers more time to adjust (or retire).  Unless health care reform gets completely derailed (which, in my opinion, is the best outcome), the Home Health industry is going to end up with cuts.  The Senate bill simply denotes the floor of those cuts.

Today, in Roll Call, there was an article stating that the negotiators are facing real difficulties.  Due to this problem, they are not likely to have a final bill until February.  Some are indicating it may be even later than that.  This means there is still time to educate your representatives and Senators.  I know I keep beating a dead horse, but I fear that many in the home health industry may have simply accepted that these cuts are inevitable.  Ultimately, we may see these draconian cuts enacted, but as long as the bill is stalled on the Hill, you can continue to make noise.

Some of Senator Kerry's points in his letter are worth noting to your Senators and Representatives (you can mention that 32 of their colleagues in the Senate agree with these points):

    These cuts will reduce access to the home health care

    The populations served by home health are truly vulnerable

    People prefer to stay in their homes and receive care 

Another point to keep hammering away on is that home health care is very cost effective.  Why reduce access to cost effective care at a time when everyone wants to "bend the cost curve." Finally, you may want to reiterate the reality that home health providers do not operate with the margins that MedPAC thinks you do.  

I know I am repeating myself, but you need to keep trying to persuade your elected representatives that voting for these cuts will harm their constituents and cost Medicare more in the long run.  Until the bill is signed, there is still a chance we can change it and, at a minimum, get the lower cuts enacted in place of the House's cuts. 

Posted by Robert Markette on 01/13/2010 at 10:49 AM in Home Health and Hospice Regulations, Medicare/Medicaid, Reimbursement Issues | | Comments (0) | TrackBack (0)

01/11/2010

Happy New Year: Here comes OSHA

I meant to be back at the blog last week, but my Christmas vacation, but I ended up being out longer than anticipated due to illness.  Anyways, I am back and hope to post even more regularly this year.

With that said, a friend forwarded me an e-mail from her nursing association list serve that brings up even more areas for home health, home care, and hospice to be worried about in 2010.  According to a recent online Q&A with Secretary of Labor Solis, OSHA (the federal agency, not the state level agency) is looking at airborne infectious disease and patient safe handling issues for its regulatory agenda in 2010.

Secretary of Labor Solis stated that OSHA will publish a request for information in the federal register in March.  OSHA's standard would likely require health care employers to protect health care workers from SARS, tuberculosis, and influenza.  OSHA issued an enforcement directive on H1N1 in November.  You can download it here.  

Secretary Solis was asked during the Q&A if the OSHA standard would be modeled on the California standard.  Solis replied that the California standard "would certainly be one important piece of information that OSHA will consider in deciding whether to propose or issue a standard."  

Although during the Q&A the Secretary did not specifically commit to such a standard, the fact that they did state a request for information would be published in the Federal Register indicates they will move forward with this.  Responding to that request for information will be important.  This is the first opportunity the industry will have to share its thoughts (read objections) with the Department of Labor. 

Providers should keep a close eye on this and be prepared to respond to the DOL.  A national standard on protecting employees form airborne transmissible diseases is likely to be fairly burdensome to home care and hospice providers.  

Posted by Robert Markette on 01/11/2010 at 06:14 AM in Employment Law, Home Health and Hospice Regulations, Private Duty | | Comments (0) | TrackBack (0)