PhRMA Makes Additional Drug and Patient Safety Information Available on Its Web Site

painkillers_0In an effort to better inform the public about drug and patient safety information, PhRMA has launched new web site pages.   In its press release about the new web pages, PhRMA states as follows:

  • Patient safety is our highest priority. We need a strong and effective FDA with the resources and personnel necessary to ensure the safety of the U.S. drug supply and continued access to innovative medicines.
  • Patient welfare should be at the center of any effort to enhance drug safety and ensure that benefit and risk are balanced.
  • Drug safety and effectiveness monitoring must be comprehensive and continuous. PhRMA supports efforts that seek to continually improve these activities.
  • Patients and health care providers must have accurate, timely, and useful information on which to base their decisions.

However if your looking for all natural supplements in order avoid the costly side effects, you search out other alternatives. If your having problems your thyroid, you can search for thyax reviews online to see how this supplement performs. And if its something you can use.

Read more

State by State Prescription Drug Legislation

prescription+medicineAs many of my readers know, particularly including those who are lawyers, tracking pending legislation affecting the pharmaceutical and medical device industries on both a state by state and federal basis can be an especially daunting task.  Obviously, these industries are highly regulated, and as each new issue presents itself, the federal and state legislatures do what they do best:  legislate some more!  The result is a highly complex, almost rainbow-like color scheme of regulations that are often inconsistent, contradictory and sometimes, well, nonsensical (my apologies in advance to the decision makers).

With the help of Matthew Samsa, a summer associate at Benesch, I have located a fabulous tracking source that I can’t help but share.  I’d suggest that you check out the 2007 Prescription Drug State Legislation tracker, hosted by the National Conference of State Legislatures, which is the “Forum of America’s Ideas.”  So, for example, what does Colorado have to say about pedigree legislation?  According to the site, legislation was just passed that “[w]ould regulate prescription drug wholesalers; including requiring criminal history background checks of applicant representatives, updating requirement for maintaining and retaining “pedigree” records to prevent or diversion to unauthorized buyers.” The site further mentions the following status information:  “Filed 3/6/07; passed Senate 4/2/07; passed House 4/12/07; amended and sent to governor 5/15/07.”

Of course, I can’t make any representations or warranties about the accuracy of the content and how often the site is updated (if only I could write without including a disclaimer).  I can say, however, that this site may make tracking state legislation affecting the pharmaceutical industry a far more manageable task.  If you’re at all like me, you probably want to look into natural alternatives, like listol natural adhd supplement for your children, that doesnt have dangerous side effects.

Read more

On Site Drug Testing Are You In Compliance?

health care complianceDoes your organization have a culture of compliance? What are your compliance standards, policies, and procedures?  Who oversees your compliance program? How is compliance education and training conducted?  How do you monitor for compliance irregularities and how often do you conduct audits?  How does an employee report a compliance issue and how is the investigation handled?  What is your response to a compliance issue.  How do you prevent it from happening again?

Say for instant, you want to know about onsite drug testing, because believe me, there are potential employees, who search for how long does methadone stay in your system for a drug test. You want to make sure your company is in compliance.

Drug and Alcohol testing has become a mainstay in Corporate America. This is due in part to the effect that drugs and alcohol have on an employee’s safety, productivity, and quality of work. Let us bring the test site to your door so you no longer have to worry about delays in the workforce.

offers drug and alcohol on-site testing services to corporations, small businesses, education facilities, law enforcement, and everyday individuals. We offer pre-employment, post accident, return to work and follow-ups, reasonable suspicion, random drug and alcohol testing and hair analysis services.

So check with your local and state rep, to make sure your in compliance.

Read more

Medical Residents Considered Employees, Not Students, Under Federal Tax Law

Medical Residents Considered Employees, Not Students, Under Federal Tax LawOn January 11, 2011, the United States Supreme Court, in an unanimous opinion authored by Chief Justice Roberts, upheld a Treasury Department rule that established that medical residents are full-time employees, not students, for purposes of federal income taxation and Social Security coverage.

The case considered a federal law, namely the Federal Insurance Contributions Act (FICA), which exempts students from paying Social Security taxes. In 2004, the Treasury Department issued a rule that essentially stated medical residents were not students and therefore that their wages were taxable under FICA.

Petitioner Mayo Foundation for Medical Education and Research argued that this was an improper rule, and that medical residents should be treated as students under the plain language of the statute. In announcing the decision, the Court focused on the question of whether residents were “workers who study or students who work.”

The Court held that the Department’s regulation was a permissible interpretation of an ambiguous statute, and therefore that medical residents would be treated as employees for purposes of federal taxation and Social Security coverage under FICA. Chief Justice Roberts wrote, “The department certainly did not act irrationally in concluding that these doctors… are the kind of workers that Congress intended to both contribute to and benefit from the Social Security system.”…

Read more

Michigan Court of Appeals Rules State Law on Patient Privacy Trumps HIPAA In Certain Circumstances

HIPAA CompliantA new published health law opinion from the Michigan Court of Appeals could have some far reaching effects on HIPAA litigation.

In the case of Isidore Steiner, DPM, PC v Marc Bonanni, Dr. Bonanni was employed by Isadore Steiner, DPM, PC and his contract included a non-competition and non-solicitation provision. After Dr. Bonanni left his employment with them, Isidore Steiner, DPM, PC sued him for allegedly violating the non-solicitation provision of the contract and stealing their patients. In order to prove their allegations, Isidore Steiner, DPM, PC sought Dr. Bonanni’s patient list during the discovery portion of the case.

The Michigan Court of Appeals found that the patient list was not discoverable as it was privileged under Michigan law. The Michigan Court of Appeals held on April 7, 2011 that Michigan law protects the very fact of the physician-patient relationship from disclosure, absent patient consent; this means that the name, address, and contact information is protected from disclosure in litigation. The Court found that HIPAA (which would have allowed for disclosure) does not preempt state law on this matter because state law is more stringent.

Generally, HIPAA requires patient consent for the disclosure of protected health information, just as Michigan state law does. In litigation, however, HIPAA has special provisions that allow for the disclosure of protected health information in response to a subpoena or court order if the provider receives adequate assurances that notice was provided to the patient or that reasonable efforts were made to secure a QPO. However, Michigan law does not have such an exception and requires the patient’s consent to reveal private patient information. Thus, it would seem that non-solicitation provisions in employment contracts may potentially lose some of their weight unless a violation can be proven without reference to patient information. If an ex-employee violates this contractual provision, the employer does not have access to the ex-employee’s patient list to prove its allegations of violation of the employment contract under this latest Michigan Court of Appeals ruling.…

Read more

HHS Publishes HITCH Breach Notification Interim Final Rule

HHSOn August 24th, 2009 we finally saw the publication of interim final regulations implementing the security breach notification provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH”).

While the regulations appear to parallel the statutory provisions of HITECH, the process covered entities must follow before notifying a patient of certain breaches of their protected health information (PHI) is not as strict as initially feared.

For instance, under the new regulations, covered entities will still engage in a very subjective and fact specific risk assessment before determining when to notify a patient of a breach. The regulations also provide guidance to covered entities and their business associates (BAs) relative to their mutual obligations under the new rules.

Summarized below are some key points and issues we perceive to be relevant to covered entities and business associates under the new regulations.

The Breach Rules Only Apply To “Unsecured” PHI.

Unsecured PHI is defined as PHI that has not been secured through the use of a technology or methodology specified by HHS. According to HHS guidance released in April 2009, encryption and destruction are the only two ways to secure PHI and avoid breach notification under the Act.

Click here for a link to HHS’ April 2009 “Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements”.

Fact Specific Risk Assessment.

The Regulations define a “breach” as the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule that “compromises the security or privacy” of the PHI.” A use or disclosure compromises privacy or security only if it creates “a significant risk harm to the individual as a result of the impermissible use or disclosure.” The regulations identify a number of factors covered entities or business associates may consider during this assessment, including:

who impermissibly used or to whom the information was impermissibly disclosed;
steps taken to mitigate an impermissible use or disclosure (i.e. lost or stolen laptop is returned and forensic analysis reveals that its information was not opened, altered, transferred or otherwise compromised);
The Type And Amount Of PHI Involved.

In the event a notification is deemed necessary based on the facts all notification to individuals and HHS and must be given without “unreasonable delay,” but no later than 60 days after discovery.”

Exceptions to Breach Rule.

There are also key exceptions relative to the breach rule in situations where there is:

an unintentional acquisition, access or use of PHI;
inadvertent disclosure; or
disclosure of PHI to person not reasonably able to retain such information.

Business Associates.

Under the new regulations, BAs must comply with the privacy and security regulations, just like covered entities. BAs must have policies and procedures documenting compliance with the privacy rule’s use and disclosure provisions and the security rule’s administrative, physical and technical safeguards requirements.

An interesting issue is raised relative to when BAs acting as “agents” of a covered entity versus BAs acting as “independent contractors” and the breach notification time frames requirements under both scenarios. If a business associate is acting as an agent of a covered entity then the business associate’s discovery of the breach will be imputed to the covered entity. Accordingly, the covered entity will have to provide notifications to the patient and HHS based on the time the business associate discovers the breach, not from the time the business associate notifies the covered entity. Conversely, if the business associate is an independent contractor of the covered entity (i.e., not an agent), then the covered entity must provide notification based on the time the business associate notifies the covered entity of the breach.

Among Other Issues, BA Agreements May Need To Be Amended To:

clearly address the agent versus independent contractor status of the BA; and
the timing of BA notification to a covered entity following a breach.

Grace Period, Enforcement And Penalties.

Finally, the regulations account for a grace period allowance before HHS expects to begin enforcement. The regulations took effect on September 23, 2009, but HHS has delayed seeking sanctions until February 22, 2010.

The caveat to this allowance period, however, is that the regulations significantly broaden the enforcement and penalties associated with a violation. Under the new system, HHS will employ a tiered penalty system based on the mental state of the offender.

Additionally, HHS has also delegated some of the enforcement mechanisms to state Attorney General offices. Effective February 18, 2009, the Michigan Attorney General can bring actions under HIPAA independently of HHS. Finally, the regulations allow for penalties to be shared with those harmed by the disclosure (though, we have not seen regulations or guidance from HHS on the definition of the “harm” necessary to share in penalties).…

Read more

Health Care Employers feel the Pain of H1N1 Vaccination Policies

H1N1 Vaccination PoliciesMany Hospitals and other employers in the health care industry are discussing the benefit of H1N1 vaccinations for their employees. Some are even considering mandating that employees receive the vaccination. After all, if your employees are “at will,” then you can impose new conditions of employment on them at any time.

On many levels, mandating the vaccine for health care workers makes sense. After all, OSHA mandates that employers provide their employees with a safe place to work. Doesn’t a mandatory vaccination ensure a safer place for employees to work? A healthy workforce also means less absenteeism. And, the idea of mandatory vaccinations isn’t totally foreign to health care: think TB vaccinations. I also compare a mandated vaccination to drug testing: somewhat invasive, but for the common good.

On the other hand, mandatory vaccinations raise many legal issues. For instance, if your workforce is unionized, then this would require negotiations with the union before implementation, as it affects the terms and conditions of employment. If you are non-unionized and have many employees opposed to the mandatory vaccination, a mandate may be what pushes employees to organize. Another consideration is that some have asserted that the vaccination is untested and potentially dangerous. If an employee is vaccinated over his/her objection, that may create liability for the employer if the employee experiences an injury or serious side effects from the vaccine.

While there are many good reasons to mandate the H1N1 vaccine, an employer who moves in this direction is definitely treading onto unsettled legal grounds.…

Read more

OIG Work Plan – FY 2009

health care lawLast week, the Office of Inspector General (OIG) published its “Work Plan” for federal fiscal year 2009. Many health care providers use the annual OIG Work Plan as a road map to guide their annual compliance efforts and this has always been a strategy that I have supported.

Although I usually suggest that compliance officers and the health care providers they represent look not just at the current year’s Work Plan but the past two or three years Work Plans, collectively, I think it is very important for health care providers to be aware of what the OIG thinks it should pay attention to, in any particular year. Its also noteworthy to understand how the OIG’s focus changes from year to year and over time.

Of particular note in this year’s Work Plan is the continuation of some significant reviews and the initiation of others that are in areas where health care providers often struggle.

They include OIG’s review of:

Provider-Based Status for Inpatient and Outpatient Facilities
Hospital Owned Physician Practices Billed as Outpatient Services
Provider Bad Debt Allocations
Medicare Secondary Payer Compliance
Diagnostic X-rays Performed in Hospital Emergency Departments
EMTALA Compliance
Never Events
Physician Services Performed by Non-Physicians
Medicare Payments for Sleep Services
Services Performed by Clinical Social Workers
Outpatient Physical Therapy Provided by Independent Therapists
Payments for Colonoscopy Services

Given some of the questions that I have received from clients in the past six months, I see EMTALA Compliance and Medicare Payments for Sleep Studies as particularly interesting and suggestive of the fact that OIG and CMS think that providers are not doing things correctly in these areas.

Your compliance committee should take the time to review the new OIG Work Plan and modify its compliance focus accordingly.…

Read more

FTC Red Flag Rules – Regulation From A New Direction

healthcare law infoIt never ceases to amaze me the number of varying directions from which hospitals and health care providers get regulated!

The most recent federal agency to jump on the health care regulation bandwagon appears to be the Federal Trade Commission (FTC). On November 9, 2007, the FTC, in conjunction with federal bank regulators, issued a set of regulations intended to combat identity theft. These regulations are commonly referred to as the “Red Flag Rules.” The Red Flag Rules require financial institutions and other “creditors” to implement a program designed to detect, prevent and mitigate identity theft in connection with the creation and maintenance of “covered accounts.”

Many hospitals and health care providers began to pay attention to these regulations a few months ago when word started to “eek out” that the Red Flag Rules might apply to hospitals and other health care providers. While the application of these rules to any specific transaction will depend upon the specifics of the transaction at issue, what does seem pretty clear at this point is that if you are affiliated with a health care provider that periodically allows patients to pay for their medical services through a series of payments, over time, that health care provider is likely a “creditor” and needs to comply with the Red Flag Rules. Health care providers should, with very limited exception, expect to comply with the Red Flag Rules as of November 1, 2008.

Compliance with the Red Flag Rules is, in many ways, tied to your HIPAA compliance program and the policies and procedures health care providers already have in place. Similar to the HIPAA Security and Privacy Regulations, the Red Flag Rules deal with access to information in patient medical records and billing account records and the extent to which those records may be accessed and used to commit identity fraud.

To begin your compliance efforts, look to identify points of access or entry into patient records or accounts that might lend itself to identify theft. Form a committee or task force made up of representatives from: HIM, HIPAA privacy and security, patient accounts, patient registration, pharmacy and the emergency department. Ask this group to brainstorm the points of access to relevant patient information and to analyze specific examples and experiences with patient identity theft to begin to develop a sense of where your identify theft risk lies.

Next, look at your existing privacy and security policies developed as part of your HIPAA compliance efforts and then evaluate what changes or additions need to be made to those policies in order to minimize your identity theft risk. In addition, you may need to revise policies or add new policies that will alert you to identity theft when it occurs and guide your response to patient identity theft.

Other things you will need to do over time as you build your Red Flag Rules compliance program will include demonstrating Board approval and oversight of your program and amending your existing business associate agreements so that your business associates are contractually obligated to be your partners in this effort.

In addition to resources being developed by the American Health Lawyers Association, the AHA and other organizations, your compliance counsel should be available to assist with the development of a Red Flag Rules compliance program.…

Read more

New Michigan Law Related to Billing Sexual Assault Survivors for Costs of Forensic Exam

Billing Sexual Assault Survivors for Costs of Forensic ExamHealth care providers may no longer seek payment directly from sexual assault survivors for any portion of the costs of a sexual assault medical forensic examination, including any insurance deductible, co-pay, denial of claim or other out-of-pocket expenses, if the survivors do not have insurance, or if they refuse to have the claim submitted to their insurance carrier. Instead, effective December 29, 2008, health care providers are eligible to seek reimbursement for these costs directly from the state Crime Victims Services Commission (formerly the Crime Victims Compensation Board).

Prior to seeking reimbursement from the Crime Victims Services Commission, health care providers must advise the patient, either orally or in writing, that a claim will not be submitted to their insurance carrier without their express written consent and that they may decline to consent if they believe that submitting the claim would substantially interfere with their personal privacy or safety. If the patient declines to have the claim submitted to his or her insurance carrier or if the patient is uninsured, the provider may then seek reimbursement from the Crime Victims Services Commission. The provider may not bill the patient directly.

If the patient consents to have the claim submitted to his or her insurance carrier, the health care provider must submit the claim to the patient’s insurance carrier, including Medicare or Medicaid. If reimbursement cannot be obtained from the patient’s insurance carrier, the health care provider may then submit the claim for reimbursement to the Crime Victims Services Commission. If reimbursed by the patient’s insurance carrier for any portion of the claim, the health care provider may not also seek reimbursement from the Crime Victims Services Commission or the patient for the balance of the claim.

In order to be eligible for reimbursement, the examination must include all of the following: collection of a medical history, a general medical examination, a detailed oral, anal, or genital examination, and administration of a sexual assault evidence kit and related medical procedures and laboratory and pharmacological services.

The Crime Victims Services Commission will not pay more than $600 for the cost of performing a sexual assault medical forensic examination. This includes payments up to $400 for the use of an emergency room, clinic, or examination room and the sexual assault medical forensic examination, up to $125 for laboratory services, and up to $75 for dispensing pharmaceutical items related to the sexual assault.…

Read more
1 2