FTC delays enforcement of the Red Flags Rules until August 1, 2009

 

The Federal Trade Commission (“FTC”) has delayed the enforcement date of the Red Flags Rules until August 1, 2009.

Last summer, the FTC announced that it would consider health care providers to be creditors when they accept insurance and bill patients after services are provided for any amounts that insurance does not pay; or if the health care providers regularly allow patients to set up payment plans after services have been performed. The FTC originally planned to begin enforcement of the Red Flag Rules on November 1, 2008, but due to concerns expressed by MGMA and others in the health care industry, the enforcement date was postponed until May 1, 2009.

As a result of continued advocacy efforts, the FTC announced on April 30, 2009, it will further delay enforcement until August 1, 2009 in order to give creditors and financial institutions additional time to develop and implement written identity theft prevention programs. The FTC also announced that it will soon release a template to assist entities with a low risk of identity theft in complying with the Red Flag Rules.

 

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

How to Identify Red Flags

 

A healthcare provider’s Identity Theft Prevention Program should identify red flags in four main categories: (1) suspicious documents; (2) suspicious personally identifying information; (3) suspicious activities; and (4) notices from victims of identity theft, law enforcement authorities, insurers, or others suggesting possible identity theft. 

 

All employees who interact with patients must be aware of things to look for in the following areas:

 

Suspicious documents

 

• Has a new patient provided identification documents that look altered or forged? 
• Is the photograph or physical description on the ID inconsistent with what the patient looks like? 
• Did the patient provide other documentation inconsistent with what he or she has told an employee – for example, an inconsistent date of birth or a chronic medical condition not mentioned elsewhere?  

 

Suspicious personally identifying information

 

• If a patient provides information that does not match what an employee has learned from other sources, it may be a red flag of identity theft. 
• For instance, if the patient provides a home address, birth date, or Social Security number that does not match information on file or from the insurer, this may indicate fraud.

 

Suspicious activities

 

• Is mail returned repeatedly as undeliverable, even though the patient continues to show up for appointments? 
• Does a patient complain about receiving a bill for a service that he or she didn’t get? 
• Is there an inconsistency between a physical examination or medical history reported by the patient and the treatment records? 

 

Notices from victims of identity theft, law enforcement authorities, insurers, or others suggesting possible identity theft

 

• Has the provider or an employee received word about identity theft from another source? 
• All employees must heed warnings from others that identity theft may be ongoing.

 

Although the above list provides some examples of things to look for to identify red flags, it is not intended to be an exhaustive list.  Instead, employees must continuously be aware of any signs of identity theft relevant to the healthcare provider’s practice and share this information with others involved in the Identity Theft Prevention Program.

 

 

 © 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

 

CMS ANNOUNCES IT WILL DISCONTINUE PHASE II OF ELECTRONIC HEALTH RECORDS DEMONSTRATION

 

On April 7, 2009 CMS announced that, as a result of the incentive provisions for physicians to encourage the adoption of health information technology in the American Recovery and Reinvestment Act of 2009 (“ARRA”), CMS will change its plans for implementing the electronic health records (“HER”) Demonstration.  CMS will continue implementation of Phase I of the EHR Demonstration program on schedule.  CMS will continue working with Phase I community partners and practices, including local kick off meetings for more than 400 selected practices in May, 2009. The demonstration will begin as planned on June 1, 2009 and continue through May 21, 2014. However, CMS has decided to discontinue Phase II of the EHR demonstration, which originally was planned to begin operations in mid-2010.  

 

 

The EHR demonstration initiative aims to reward delivery of high-quality care supported by the adoption and use of electronic health records in physician practices. This initiative expands upon the foundation created by the Medicare Care Management Performance (“MCMP”) Demonstration. The goal of the demonstration is to foster the implementation and adoption of EHRs and health information technology (“HIT”) more broadly as effective vehicles to improve the quality of care provided and to transform the way medicine is practiced and delivered.    As part of the EHR demonstration, all participating primary care physician practices will be required to have a Certification Commission for Healthcare Information Technology (“CCHIT”)-certified EHR by the end of the second year. (CCHIT is the recognized certification authority for EHRs and their networks.)  Physician practices must, as part of the demonstration, utilize the EHR to perform specific minimum core functionalities that can positively impact patient care processes, (e.g., clinical documentation, ordering of lab tests, recording lab tests, and recording of prescriptions).  The core incentive payment is based on performance on the quality measures, with an enhanced bonus based on the degree of HIT functionality used to manage care.    On June 10, 2008 CMS announced its selection of 12 community partners in defined sites to help CMS implement the EHR demonstration. The approved community partners in each site represent diverse groups of organizations including varied HIT stakeholder collaborations, medical societies, primary care professional organizations and health departments. Phase I includes the following 4 sites: Louisiana, Southwest Pennsylvania, South Dakota (and some counties in bordering states), and Maryland and the District of Columbia. Recruitment of physician practices in the four Phase I sites was initiated on September 2, 2008, and the enrollment period closed on November 26, 2008. Over 800 eligible applications were received from interested practices in the four Phase I sites.      © 2009 Parsonage Vandenack Williams LLC   For more information, contact info@pvwlaw.com

CMS Updates Medicare Conditions for Coverage for ASCs

The long-awaited Final Rule updating Medicare Conditions for Coverage (CFCs) for Ambulatory Surgery Centers (ASCs) has finally been published by the Centers for Medicare and Medicaid Service (CMS).   The Final Rule represents the first major non-payment related update to the ASC CfCs since they were originally published in 1982.  The requirements of the Final Rule are effective for ASCs as of May 18, 2009.

The Final Rule generally focuses on patient rights and patient outcomes.  Among other things, it:

• Bolsters patient rights to disclosure of physician financial interest in the ASC
• Refines the obligations to assess patient pre-operative condition and post-operative condition
• Requires certain ASC governing body actions regarding quality assessment and performance improvement
• Imposes certain infection control requirements
• Requires preparation of a disaster preparedness plan coordinated with state and local authorities

In the Final Rule, CMS ended up backing away from some of the more controversial changes that it had placed in its Proposed Rule.  Among the proposals that drew the most criticism from the ASC community and that CMS either removed or modified in the Final Rule were the following:

• CMS backed away from its proposal to require the surgeon to conduct a “thorough assessment” of all bodily systems on each patient prior to discharge.   The Final Rule requires that a physician or other qualified practitioner, which includes a registered nurse with post-operative care experience, assess the patient in a manner appropriate the the procedure performed and the patient’s individual condition.
• CMS backed away from its proposed “safe transition to home” language, which seemed to burden the ASC with responsibility for ensuring each patient not only have adequate transportation home but actually make it home safely.  The Final Rule generally requires that patients be discharged in the company of a responsible adult. 
• CMS backed away from its proposal to require ASCs providing radiological services to meet the more burdensome coverage conditions applicable to suppliers of portable x-ray services.  The Final Rule requires that the less burdensome hospital conditions for radiology be met.
• CMS backed away from its proposal to redefine ASCs to exclude facilities that keep patients past 11:59 p.m.  Instead, the Final Rule excludes facilities where the expected duration of services exceeds 24 hours.   

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

WHY DO HEALTH CARE PROVIDERS NEED TO BE AWARE OF THE RED FLAG RULES?

 

Many health care providers have been unaware of the Red Flag Rules or have been uncertain of the applicability of these requirements.  Under the Red Flag Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft.  Providers in general should be aware of the Red Flag Rules, should revisit their existing privacy and security compliance programs to ensure that the requirements of the Red Flag Rules have been addressed, and should take other actions to bring themselves into compliance with applicable requirements prior to the May 1, 2009 enforcement date.

 

Applicability to Health Care Providers

 

Under the Red Flag Rules, creditors that are subject to FTC enforcement under the Fair Credit Reporting Act (FCRA) with “covered accounts” must implement programs that identify, detect and respond to practices that could indicate identity theft.  Although opinions differ, it is likely that health care providers—whether they are for-profit or nonprofit—are subject to the Red Flag Rules because they (1) are creditors, (2) are subject to enforcement by the FTC under the FCRA, and (3) have “covered accounts.”

(1) Creditors. First, the Red Flag Rules apply to creditors.  A “creditor” is defined as any person or entity that regularly extends, renews, or continues credit.  The term “credit” means the right granted by a creditor to a debtor to defer payment of debt or to purchase services and defer payment for such services.  For health care providers, credit would result when, for instance, a health care provider grants a patient the right to defer payment for medical services rendered. Thus, a health care provider could be deemed a creditor because it “regularly extends, renews, or continues credit,” in the form of deferred payment for medical services, to patients and to others who utilize the health care provider’s services.

(2) Subject to FCRA enforcement.  The second step is to determine whether a health care provider is a creditor that is subject to the administrative enforcement of the FCRA by the FTC. An FCRA violation is enforced as a violation of the FTC Act.  Those subject to FCRA enforcement include any person, including a corporation, that violates the FCRA “irrespective of whether that person is engaged in commerce or meets any other jurisdictional tests” of the FTC Act.  Thus, most “for profit” and “non-profit” health care providers are subject to FTC enforcement under the FCRA and, likewise, may be subject to the Red Flag Rules.

(3) Covered accounts.  Finally, the Red Flag Rules apply only to “covered accounts.” A covered account is defined broadly as (a) an “account … primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions”; or (b) “[a]ny other account … for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the … creditor from identity theft.”  Health care providers’ patient accounts appear to qualify as covered accounts under both prongs of the definition: (1) patient accounts serve “personal” and/or “family” purposes because such accounts relate to medical services for individuals and/or family members and often involve or permit multiple payments or transactions; and (2) health care provider accounts, including patient financial accounts, present possibilities for identity theft.

 

Requirements of a Red Flag Program

 

The Red Flag Rules mandate that a covered entity’s program should detect, prevent and mitigate identity theft in connection with covered accounts and should include reasonable policies and procedures to accomplish the following:

·         Identify red flags. To identify red flags, health care providers should consider the types of accounts offered and maintained, the methods used to open and provide access to such accounts, any previous experience with identity theft, and any suspicious activity related to patient accounts.  Health care providers should pay particular attention to actual or reasonably likely instances of medical identity theft, which is a growing problem.

·         Detect red flags. To detect red flags, a health care provider should have a process to authenticate patients, monitor transactions and verify the validity of change-of-address requests. Such a process might include requiring patients to produce identifying information to verify their identity at the inception of the account and when they present for service.

·         Respond to red flags. To respond to red flags, covered entities must make “appropriate responses” that prevent and mitigate identity theft.  For health care providers, appropriate responses might include responding to identity theft alerts from law enforcement or others, monitoring patients’ covered accounts, contacting patients when questions or concerns arise, changing passwords or security codes, refraining from collecting on an account or selling it to a debt collector, or notifying law enforcement as appropriate.

·         Ensure the program is updated. Covered entities should ensure the program is updated to reflect changing risks to patients or the safety of the provider from identity theft and medical identity theft. Health care providers should update their program to adequately respond to alerts from law enforcement and others, changes in the methods of identity theft, changes in the methods to detect and prevent identity theft, and changes to the health care provider’s business infrastructure.

·         Obtain board approval. The covered entity’s board of directors (or an appropriate board committee) must approve the identity theft prevention program and, thereafter, be involved directly, or through a designated senior management employee, in the oversight, development, implementation and administration of the program. Additionally, covered health care providers must assign specific responsibility for implementation, train staff, audit compliance, generate annual reports, and oversee anyone granted access to covered accounts.

 Much like the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Red Flag Rules give covered health care providers some flexibility in implementing their identity theft programs, taking into account the size and complexity of a health care provider’s business. A program developed in compliance with the Red Flag Rules may be part of a provider’s HIPAA compliance efforts. There is certainly overlap between the requirements of HIPAA and the Red Flag Rules, and many of these actions may already have been included in an organization’s HIPAA compliance efforts.

  © 2009 Parsonage Vandenack Williams LLC 

For more information, contact info@pvwlaw.com

A Quick Overview of Covenants Not to Compete

 

In recent years, states have been split on the treatment of covenants not to compete in physician employment agreements. The vast majority of jurisdictions continue to apply a general “reasonableness’ standard often applied in other commercial contexts. Under a “reasonableness analysis, courts primarily look at two components of the restriction: (1) the time duration of the restriction; and (2) the geographic scope of the limitation. The greater the area covered and the time duration of the restriction on a physician’s ability to practice medicine, the greater the likelihood the entire covenant not to compete will be declared invalid. However, a growing minority of states have put further constraints on the enforceability of restrictive covenants in physician employment contracts. Three states, Colorado, Delaware and Massachusetts, have passed legislation that invalidates contractual provisions restricting a physician’s right to practice medicine after termination. 

 

Some states have also judicially tightened the restrictions on covenants not to compete in physician employment contracts. For example, the Supreme Court of Tennessee recently invalidated most restrictive covenants regarding physician employment contracts. The court noted that in Tennessee restrictive covenants are not allowed for attorneys because attorneys have an ethical duty to provide their services to the public, and to restrict to whom an attorney can provide services would be injurious to the public. The court then examined the doctor-patient relationship and noted that covenants not to compete were equally injurious in physician employment contracts. The court reasoned that covenants not to compete restrict a patient’s freedom of choice, restrict the patient’s right to maintain an ongoing relationship with a trusted physician, and result in the lost public benefit of having an increased number of available physicians practicing in the community. The court reasoned that an increased number of available physicians results in greater competition and a higher quality of care.

 

The harmful effects covenants not to compete can potentially create for patients have also been examined by the American Medical Association. The AMA has taken the view that “restrictive covenants are unethical if they are excessive in geographic scope or duration in the circumstances presented, or if they fail to make reasonable accommodation to a patient’s choice of physician.”

 

When drafting a covenant not to compete, or similar restrictions in an employment agreement for a physcian, the scope of the restrictions must be carefully considered as to prevent the terms of the agreement from being invalidated judicially. Attempt to provide too much protection to the remaining physicians and you may be left with no protection at all.

 

 

© 2009 Parsonage Vandenack Williams LLC 

 For more information, contact info@pvwlaw.com

Ten Key Principles for Physicians Contracting with Third-Party Payors

  1.  Not signing an agreement can be okay.  Many practices and related endoscopy centers have gone bankrupt by signing contracts due to worrying that if they don’t sign, they will be left out of the network.  Physicians must understand the overall value of the contract.  When the reimbursement rates are below the cost, it is usually better not to sign and refrain from providing services to payors that are not profitable.© 2009 Parsonage Vandenack Williams LLC 

  2.  Do not sign agreements that are at a low rate just because it represents a small percentage of your business.  It is becoming more common for payors to rent their networks to other payors.  Practices may sign an unfavorable agreement without pause because it represents a small percentage of business, assuming it is not an important payor and trying to hastily get an agreement signed.  However, practices can later find out that they signed up for a contract that lowers their rate of reimbursement with other payors that are renting their network and, suddenly, the volume of business flowing through the rental network payor is much greater than expected at lower reimbursement rates.  Therefore, instead of just signing the agreement, it is better to not sign at all if it does not provide sufficient reimbursement.

 3.  Practices must understand which procedures drive 80% to 90% of their revenues.  In most practices, a small number of procedures and services generate the greatest percentage of revenues.  When negotiating agreements, efforts should be focused on these high-revenue-generating procedures and codes.  Do not get stuck on codes that represent low volume and may not be at desired rates of reimbursement if they can be used as leverage to negotiate high rates on the codes that represent the most volume.  Basically, you can give a lot on other codes if you focus mainly on these key codes that will increase the overall value of the agreement, resulting in increased levels of productivity.

 4.  Understand your revenues.  Each practice should understand what they are currently receiving in terms of revenues for each procedure.  Useful information systems and the ability to understand the current reimbursement per procedure is important for benchmarking expected reimbursement per procedure when entering into a new agreement.  If the overall net revenue per procedure turns out to be below the total cost per procedure, you may not want to sign the agreement.

 5.  Long-term vs. short-term agreement.  When an agreement provides for sufficient reimbursement, the practice should be better positioned to negotiate for long term agreements with escalators, such as two years, three years, five years, or more.  On the other hand, where reimbursement is not sufficient, the practice should look into entering a shorter terms agreement or no agreement whatsoever.

 6.  Understand what percentage of reimbursement will be paid by the payor versus the patient.  More often, payors are able to shift significant amounts of the payment rates to the patients.  Thus, increases in reimbursement increase the amount due from the patient.  Although on paper the agreement may look great, it may also require a lot more effort to make certain you are collecting from patients to insure that you actually see the increase that has been promised.

 7.  Withholds and quality bonuses can be toxic.  There has been talk of increased bonus opportunities based on quality.  But over the last 10 to 15 years, the experience of physicians was most universally bad with withholds and bonuses from payors.  Basically, payors did not pay must on withhold amounts, and bonuses were rarely if ever seen.

 8.  Cost control and understanding your costs is important.  It is very important that practices manage their own businesses extremely efficiently as reimbursement becomes tighter from payors and employers try to reduce provider costs.  Finding ways to reduce your costs and manage your own costs allows you to retain a greater percentage of the revenues and reimbursement.

 9.  Merging practices can solve problems reaching agreement.  Oftentimes, practices view merger situations as a way to allow themselves and another practice to operate together and thus take advantage of better managed care rates in one practice or the other.  Before agreeing to merge, practices need to really have a strong idea of whether or not this is likely to be successful.  For instance, is the payor likely to extend the rates from one practice to the other?  Lots of times, payors are no longer willing to just allow the second practice to tie into the payment rates of the first practice of the merged or surviving practice.

 10.  Utilizing your attorney.  Attorneys can help you handle your managed care contracts.  Some attorneys have great experience in this area and a very strong understanding of where a payor can move towards in terms of reimbursement for a practice.  It often makes sense to use an attorney when negotiating your managed care contracts.  The impact economically can be very substantial.

  

 © 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

 

Obama creates Office of Health Reform

On April 8, 2009, the White House Office of Health Reform commenced its existence by virtue of an Executive Order.  The task of the new office is to expand and improve health care coverage in the U.S.

 

 

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

 

CMS “ANTI-MARKUP” RULE AFFECTS DIAGNOSTIC TESTS

 

 

On January 1, 2009, the Centers for Medicare & Medicaid Services (“CMS”) enacted a new rule, called the anti-markup rule, that applies to certain diagnostic tests ordered and billed by physicians or their group practices.  Any physician group that orders and bills for diagnostic tests must comply with the new anti-markup rule.  CMS published the Final Medicare Physician Fee Schedule for 2009 in the Federal register on November 19, 2009. Among other things addressed in the Fee Schedule regulations are clarifications of the diagnostic testing anti-markup rule.

 

Prior to the 2009 Fee Schedule changes, the anti-markup rule provided that if a physician or other supplier bills for the technical component (“TC”) or professional component (“PC”) of a diagnostic test that was ordered by the physician or other supplier and the diagnostic test was either purchased from an outside supplier or performed at a site other than the office of the billing physician or other supplier, the payment to the billing physician or other supplier (less the applicable deductibles and coinsurance paid by the beneficiary or on behalf of the beneficiary) for the TC or PC of the diagnostic test may not exceed the lowest of the following amounts:

 

• The performing supplier’s net charge to the billing physician or other supplier;
• The billing physician or other supplier’s actual charge; or
• The fee schedule amount for the test that would be allowed if the performing supplier billed directly.

 

In the 2009 Fee Schedule, CMS has now clarified that the anti-markup provisions will not apply to the TC or PC of a diagnostic test where the performing physician shares a practice with the billing physician or other supplier. With respect to a TC or PC of a diagnostic testing service, the performing physician is considered to share a practice with the billing physician or other supplier if either of the following is met:

 

• Alternative 1: He or she furnishes substantially all (at least 75 percent) of his or her professional services through the billing physician or other supplier; or
• Alternative 2: The TC is conducted and supervised, or the PC is performed, in the office of the billing physician or other supplier. For purposes of this alternative, the “office of the billing physician or other supplier” is defined as the same building where the ordering physician performs substantially the full range of patient care services that the ordering physician generally provides.

 

 © 2009 Parsonage Vandenack Williams LLC 

 

For more information, contact info@pvwlaw.com