Michigan Health Law Link

New Rule Allows for Electronic Transmission of Controlled Substance Prescriptions

Adil Daudi — Tue, 29 Jun 2010 14:33:02 -0500

A new Drug Enforcement Agency (DEA) rule could substantially impact the way prescriptions for controlled substances can be transmitted from a physician to a pharmacy. As physicians and pharmacies seek to cut costs and maximize efficiency, electronic record keeping and prescription filing has become more commonplace. In response, the DEA has relaxed previous restrictions on electronically filing controlled substance prescriptions. However, recognizing the high risks posed by abusing or forging controlled substance prescriptions, the DEA has created a system of requirements which must be met before a physician is able to take advantage of the new rule.

The DEA defines controlled substances as drugs and other substances that have a potential for abuse and psychological and physical dependence; these include opioids, stimulants, depressants, hallucinogens, anabolic steroids, and drugs that are immediate precursors of these classes of substances. Once classified as a controlled substance, drugs are then broken down into one of five categories depending on the potential for abuse and risk of dependance. Today, controlled substances account for between 11% and 12% of prescriptions written in the United States.

Under the previous rule, physicians were prohibited from electronically sending prescriptions for schedule II-V controlled substances to pharmacies. However, under the current rule, which was published March 31, 2010 in the Federal Register, physicians who meet certain requirements will be permitted to e-file those prescriptions beginning June 1, 2010. To be eligible to e-file controlled substance prescriptions, physicians must meet two of three factors. The “two-factor authentication protocol,” which seek to guard against fraudulent prescription filings by confirming the prescribers true identity includes:

A password or PIN number,
biometric data- either a fingerprint or iris scan, or
a “hard token”- a secured device separate from a computer that can provide a password to a physician at the time of e-filing.

To be eligible to e-file controlled substance prescriptions, physicians must validate their identity with a designated agency. When applying for the proper credentials to utilize e-filing programs, physicians must supply verifiable information such as government issued identification or financial account information.

Currently, Michigan laws vaguely address the current state of e-filing prescriptions for controlled substances. MCL 333.7333(7) states that physicians may electronically transmit prescriptions as long as they do not conflict with federal law. The law does not differentiate between controlled substance and non-controlled substance prescriptions. As a result, we may see future clarification from the Michigan legislature or the Board of Pharmacy regarding this issue. Importantly, physicians and pharmacies that currently possess the technology to e-file prescriptions must ensure that their systems comply with the new DEA “two-factor authentication protocol” requirements for controlled substances. Licensed physicians who cannot afford to implement the required technology or simply wish to opt out of the program are still able to produce physical prescriptions which can be presented at a pharmacy.

Smith Haughey Rice & Roegge will continue to monitor developments in this area and distribute updated information as it becomes available.

Summer clerk Brian Shekell contributed to this post.

MMSEA Section 111 Alert Regarding Risk Management Write-Offs by Health Care Providers

Adil Daudi — Wed, 16 Jun 2010 13:00:50 -0500

On May 26, 2010, CMS officials finally clarified one of the outstanding issues for insured health care providers relative to the mandatory reporting requirements contained in Section 111 of the Medicare, Medicaid, and SCHIP Extension Act of 2007. Section 111 imposes an affirmative duty on certain “reporting entities” to make reports to the Centers for Medicare & Medicaid Services (CMS) of personal injury claims settled with Medicare beneficiaries.

For some time now, insured health care providers have been in a holding pattern as they wait for promised guidance from CMS as to whether a common practice by some health care providers to offer something of value to a patient as a risk management tool triggers a Section 111 reporting obligation. Typically, in these instances, a Medicare beneficiary does not retain legal counsel, does not come in making a demand for anything per se, but will have a complaint. And occasionally a provider will attempt to resolve the complaint with the Medicare beneficiary by, for instance, giving him/her a gift certificate for the hospital cafeteria.

CMS had previously indicated that it considers at least some write-offs of charges and other offers of items of value to Medicare beneficiaries to be a form of “self-insurance” that may trigger Section 111 reporting obligations. CMS' recent Alert, which addresses risk management write-offs, clarifies that reductions in the amount due on a medical bill and other efforts at offering something of value, constitutes self-insurance for the purpose of the Medicare Secondary Payer provisions. CMS notes, however, that the specific factual scenario will determine whether reporting under Section 111 is required. According to the Alert:

• No Report Required. In instances where the entity is a physician, provider or supplier and has reduced its charges or written-off a portion of the charge to a Medicare beneficiary as a risk management tool, the provider, physician or other supplier is expected to submit a claim to CMS reflecting the unreduced permissible (e.g., limiting charge) charges and showing the amount of the reduction provided or write-off as a payment from liability insurance (including self-insurance). CMS indicates that its interests are protected through this billing procedure and no Section 111 reporting is required.

• Reporting Required. In instances where a provider, physician, or other supplier has provided property of value to a Medicare beneficiary as a risk management tool when there is evidence, or a reasonable expectation, that the individual has sought or may seek medical treatment as a consequence of the underlying incident giving rise to the risk, the entity shall report the write-off or value of the property provided as a TPOC from liability insurance (including self-insurance). Significantly, CMS states in the Alert that if the value of the property provided is less than the TPOC reporting threshold, it need not be reported under Section 111.

With respect to the first instance, providers, physicians and other suppliers should assess internal practices to determine whether claims submitted to CMS reflect the unreduced permissible charge and also show the amount of the reduction provided or write-off. Per CMS’ Alert, deductions or discounted services must be reflected in the provider's original billing and are therefore not subject to reporting.

In instances where a provider, physician or other supplier provides property of value to a beneficiary, the critical inquiry in evaluating whether a report will be required concerns whether there is a “reasonable expectation the individual has sought or may seek medical treatment as a consequence of the underlying incident giving rise to the risk.” Providers should take to care to develop plans to internally document the basis for this conclusion.

Finally, CMS officials also disclosed that they plan to issue an updated Version 4.0 of the User Guide in July 2010.

CMS Updates Signature Guidelines

Adil Daudi — Fri, 11 Jun 2010 09:42:15 -0500

On May 16, 2010, the Centers for Medicare and Medicaid Services (CMS) issued Transmittal 327 which revises the signature requirements for medical review activities of Medicare claim review contractors. Transmittal 327 has an effective date of March 1, 2010 and an implementation date of April 16, 2010, but the changes are effective retroactively to the November 2010 report period for comprehensive error testing. The transmittal updates Chapter 3, Section 3.4.1.1 of the Medicare Program Integrity Manual to require that services provided or ordered for medical review purposes are authenticated by the author. The previous version of this section only required authentication by a legible identifier. Specifically, Transmittal 327 amends Section 3.4.1.1 to:

Expressly state that stamp signatures are not acceptable. The transmittal clarifies that the method of authentication for services provided or ordered for medical review purposes must be by handwritten or electronic signature.
Add a new exception for clinical diagnostic tests when a treating physician, who authenticates medical documentation by handwritten or electronic signature, indicates that he or she intended the clinical diagnostic test be performed. The amended section suggests that such medical documentation could be in the form of a progress note.
Provide that if handwritten signatures are illegible, reviewers should consider evidence in a signature log or attestation statement to determine the identity of the author.
Finally, when providers fail to meet handwritten signature requirements of Section 3.4.1.1, reviewers should contact providers to inquire as to whether they want to submit an attestation statement or signature log within 20 calendar days.

Interestingly, Transmittal 327 appears to reconcile with similar regulations concerning signatures and authentication of orders, which are contained in the Medicare Conditions of Participation at 42 CFR 482.24(c)(1), by expressly indicating that other regulations and CMS instructions take precedence over signature guidelines set forth in Section 3.4.1.1. Thus, only when the relevant regulations, national or local coverage determinations, and CMS manuals lack specific signature requirements and/or guidelines to determine legibility or presence of signatures for medical review purposes, should Section 3.4.1.1 requirements be followed.

Therefore, based on the new information from CMS in Transmittal 327, acceptable methods for handwritten signatures are:

a legible full signature;
a legible first initial and last name
an illegible signature accompanied by signature log or attestation statement;
initials over a printed or typed name; and
initials accompanied by a signature log or attestation statement.

On the other hand, unacceptable signature methods are as follows:

Rubber stamp signatures, except for clinical diagnostic tests when a treating physician who authenticates medical documentation by handwritten or electronic signature, indicates that he or she intended the clinical diagnostic test be performed;
illegible signatures with no additional documentation to identify the signature;
initials with no additional documentation identifying them;
an unsigned note; and
a note with the statement “signature on file.”

Smith Haughey Rice & Roegge will continue to monitor developments in this area and distribute updated information as it becomes available.

Summer clerk Charissa Huang contributed to this post.

New Compliance Rules Stemming from the Medicare, Medicaid, SCHIP Extension Act Delayed, But Compliance Efforts Continue...

Adil Daudi — Wed, 10 Mar 2010 10:29:07 -0500

For over a year now, the health care team at Smith Haughey Rice & Roegge has been busy assisting insurers and third-party administrators as they develop plans and procedures to comply with Section 111 of the Medicare, Medicaid, SCHIP Extension Act (MMSEA). On February 25, 2010 CMS posted new information on its Web site informing liability insurers, workers’ compensation insurers and self-insured entities (defined as “NGHPs”) that reporting of live claim input files is moved from the original deadline of April 1, 2010 to January 1, 2011. The immediate impact of this change is that entities subject to the reporting requirements now have additional time to register and test their processes for reporting claims to CMS. Additionally, CMS indicates that in February they will publish the next version of the “NGHP Section 111 User Guide” and alerts related to particular policy issues.

By way of background, Section 111 of the MMSEA amended the Medicare Secondary Payer Statute to impose mandatory data reporting requirements on liability insurers, no-fault insurers and workers’ compensation insurers. MMSEA Section 111 now places an affirmative obligation on insurers to: (a) determine if a claimant is entitled to Medicare; and (b) notify CMS of said entitlement and report specific information regarding the claim directly to CMS.

MMSEA builds off of a separate federal statute called the Medicare Secondary Payer (MSP) Statute. Under the MSP Statute, Medicare is designated as the secondary payer for Medicare beneficiaries who also have group health plan (GHP) coverage, as well as for Medicare beneficiaries who receive settlements, judgments, awards or other payment from liability insurance (including self-insurance), no-fault insurance, or workers’ compensation (non-group health plans or NGHPs). The purpose of the Section 111 mandatory reporting requirement is to notify CMS of instances when Medicare beneficiaries receive payments that relieve CMS of its obligation to cover medical costs.

Notwithstanding the recent delay in the reporting schedule, we have begun to see the first stages of action by some responsible reporting entities (RREs), which is the term used under Section 111 to identify those GHP and NGHPs that will be making reports. These entities are beginning to gather the information necessary to generate the necessary reports. Specifically, a NGHP RRE is now required to report to CMS:

any claim that is addressed or resolved, fully or partially, through a settlement, judgment, award or other payment;
on or after October 1, 2010;
with a Medicare beneficiary (broadly defined to include all persons age 65 years of age or older or certain people under 65 years of age with qualifying disabilities);
where medicals are claimed or paid;
regardless of whether there is a determination or admission of liability.

The registration period for NGHPs on the Coordination of Benefits Secure Web site (COBSW) began on May 1, 2009 and by now most RRE’s are registered and ready to begin the Claim File Testing process. Significantly, in light of CMS’ recent delay in the reporting schedule, the targeted claims subject to reporting are claims made on or after October 1, 2010. CMS has indicated that RREs may choose, from a process perspective, to report claims prior to October 1, 2010. However, pursuant to the new information, the only claims subject to reporting are those occurring after October 1, 2010.

Additionally, some lingering questions remain in the insurance industry about whether the Section 111 rules have now added a requirement that Medicare Set Aside (MSA) arrangements be implemented in liability settlements involving a Medicare beneficiary. From the start of the Section 111 “rule-making” process, CMS has made it clear that MMSEA Section 111 does not change or alter any legal obligation/requirements under the Medicare Secondary payer statute. Therefore, insurers are still responsible for protecting Medicare’s interest and Medicare still needs to be considered for both past (conditional payments/liens) and future payments. Satisfying Medicare’s interest for future injury-related care in liability settlements has a host of issues that do not exist in the workers’ compensation context, were MSAs are regularly employed.

As a general principle, the standard relative to evaluating whether an MSA should be considered in a liability settlement is based on the concept of whether the parties have “properly considered Medicare’s interest” in negotiating the liability settlement. Some factors to consider in this regard include: (1) whether the parties have addressed Medicare’s past “conditional payments” (e.g. issuing third-party checks listing Medicare as payee) and (2) whether future injury related care is expected (if not, is there physician written certification of this fact). All this being said, in some cases, the sheer size of some liability settlements, for instance in catastrophic injury cases, may suggest that there will necessarily be some future costs of care that Medicare will likely be paying for. These instances should be evaluated on a case-by-case basis to determine whether a MSA Arrangement may be appropriate.

Importantly, on February 25, 2010, CMS also published an Alert outlining information for RREs regarding how to remain in compliance with the reporting requirements. According to CMS, RREs seeking to test their compliance with the Section 111 requirements should consider three factors: (1) has the RRE completed the registration process; (2) has the RRE engaged in file data sharing testing; (3) has the RRE begun and continued to engage in ordinary live data exchanges. Moreover, on its most recent conference, CMS stressed, once again, that the goal of the program is to generate quality data and RREs demonstrating a good faith effort to report accurate information to CMS will not likely be subject to penalties.

CMS is continuing to hold policy and technical related conference calls to resolve some still outstanding issues in this area. Additionally, an interesting future concern relates to how CMS plans on using the information generated in reports to initiate recovery action against, for instance, insurers.

Smith Haughey Rice & Roegge will continue to monitor developments in this area and distribute updated information as it becomes available.

Health Care Employers feel the Pain of H1N1 Vaccination Policies

Rachel Brochert Roe — Fri, 13 Nov 2009 08:32:44 -0500

Many Hospitals and other employers in the health care industry are discussing the benefit of H1N1 vaccinations for their employees. Some are even considering mandating that employees receive the vaccination. After all, if your employees are “at will,” then you can impose new conditions of employment on them at any time.

On many levels, mandating the vaccine for health care workers makes sense. After all, OSHA mandates that employers provide their employees with a safe place to work. Doesn’t a mandatory vaccination ensure a safer place for employees to work? A healthy workforce also means less absenteeism. And, the idea of mandatory vaccinations isn’t totally foreign to health care: think TB vaccinations. I also compare a mandated vaccination to drug testing: somewhat invasive, but for the common good.

On the other hand, mandatory vaccinations raise many legal issues. For instance, if your workforce is unionized, then this would require negotiations with the union before implementation, as it affects the terms and conditions of employment. If you are non-unionized and have many employees opposed to the mandatory vaccination, a mandate may be what pushes employees to organize. Another consideration is that some have asserted that the vaccination is untested and potentially dangerous. If an employee is vaccinated over his/her objection, that may create liability for the employer if the employee experiences an injury or serious side effects from the vaccine.

While there are many good reasons to mandate the H1N1 vaccine, an employer who moves in this direction is definitely treading onto unsettled legal grounds.

HHS Publishes HITCH Breach Notification Interim Final Rule

Adil Daudi — Fri, 09 Oct 2009 14:49:33 -0500

On August 24th, 2009 we finally saw the publication of interim final regulations implementing the security breach notification provisions of the Health Information Technology for Economic and Clinical Health Act ("HITECH").

While the regulations appear to parallel the statutory provisions of HITECH, the process covered entities must follow before notifying a patient of certain breaches of their protected health information (PHI) is not as strict as initially feared. For instance, under the new regulations, covered entities will still engage in a very subjective and fact specific risk assessment before determining when to notify a patient of a breach. The regulations also provide guidance to covered entities and their business associates (BAs) relative to their mutual obligations under the new rules.

Summarized below are some key points and issues we perceive to be relevant to covered entities and business associates under the new regulations.

The breach rules only apply to “unsecured” PHI.

Unsecured PHI is defined as PHI that has not been secured through the use of a technology or methodology specified by HHS. According to HHS guidance released in April 2009, encryption and destruction are the only two ways to secure PHI and avoid breach notification under the Act.

Click here for a link to HHS’ April 2009 “Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements”.

Fact specific risk assessment.

The Regulations define a "breach" as the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule that "compromises the security or privacy" of the PHI." A use or disclosure compromises privacy or security only if it creates "a significant risk harm to the individual as a result of the impermissible use or disclosure." The regulations identify a number of factors covered entities or business associates may consider during this assessment, including:

who impermissibly used or to whom the information was impermissibly disclosed;
steps taken to mitigate an impermissible use or disclosure (i.e. lost or stolen laptop is returned and forensic analysis reveals that its information was not opened, altered, transferred or otherwise compromised);
the type and amount of PHI involved.

In the event a notification is deemed necessary based on the facts all notification to individuals and HHS and must be given without “unreasonable delay,” but no later than 60 days after discovery.”

Exceptions to Breach Rule.

There are also key exceptions relative to the breach rule in situations where there is:

an unintentional acquisition, access or use of PHI;
inadvertent disclosure; or
disclosure of PHI to person not reasonably able to retain such information.

Business Associates.

Under the new regulations, BAs must comply with the privacy and security regulations, just like covered entities. BAs must have policies and procedures documenting compliance with the privacy rule’s use and disclosure provisions and the security rule’s administrative, physical and technical safeguards requirements.

An interesting issue is raised relative to when BAs acting as “agents” of a covered entity versus BAs acting as “independent contractors” and the breach notification time frames requirements under both scenarios. If a business associate is acting as an agent of a covered entity then the business associate’s discovery of the breach will be imputed to the covered entity. Accordingly, the covered entity will have to provide notifications to the patient and HHS based on the time the business associate discovers the breach, not from the time the business associate notifies the covered entity. Conversely, if the business associate is an independent contractor of the covered entity (i.e., not an agent), then the covered entity must provide notification based on the time the business associate notifies the covered entity of the breach.

Among other issues, BA agreements may need to be amended to:

clearly address the agent versus independent contractor status of the BA; and
the timing of BA notification to a covered entity following a breach.

Grace Period, Enforcement and Penalties.

Finally, the regulations account for a grace period allowance before HHS expects to begin enforcement. The regulations took effect on September 23, 2009, but HHS has delayed seeking sanctions until February 22, 2010.

The caveat to this allowance period, however, is that the regulations significantly broaden the enforcement and penalties associated with a violation. Under the new system, HHS will employ a tiered penalty system based on the mental state of the offender. Additionally, HHS has also delegated some of the enforcement mechanisms to state Attorney General offices. Effective February 18, 2009, the Michigan Attorney General can bring actions under HIPAA independently of HHS. Finally, the regulations allow for penalties to be shared with those harmed by the disclosure (though, we have not seen regulations or guidance from HHS on the definition of the “harm” necessary to share in penalties).

RAC Audit Update

Veronica Marsich — Fri, 14 Aug 2009 17:37:10 -0500

We have been waiting all summer for something to happen with the RAC audits. Finally, as of August 4th, it looks like the action may beginning to break. Connolly Consulting, the Recovery Audit Contractor for Region C, has just released a list of seven issues that have been approved by CMS for its initial automated reviews. These seven "issues" are:

1. Blood Transfusions.
2. Untimed Codes.
3. IV Hydration Therapy.
4. Bronchoscopy Services.
5. Once in a lifetime procedures.
6. Pediatric codes exceeding age parameters.
7. J2505: Injection, Pegfilgrastim, 6 mg.

While is it not clear whether these issues are specific only to Connolly and Region C or whether the other RAC auditors will be using this same list to begin their automated reviews, health care providers would be wise to take this list and begin to run some internal data to assess accuracy in coding and billing as it relates to these topics. Problems should be corrected immediately and over-payments refunded.

For those located in Region B (including Michigan), it is probably a good idea to get in the habit of checking the CGI website on a regular basis going forward to make sure that you have as much advance notice as possible, in the event CGI posts its own list of approved issues for automated review.

Medicare Secondary Payer - No Qui Tam Action

Veronica Marsich — Sun, 09 Aug 2009 15:10:05 -0500

In the face of Section 111 and the industry's effort to comply with same, some good news for a change!

On July 29, 2009, the Second Circuit ruled that the Medicare Secondary Payer Statue does not permit a private individual to file a qui tam action on behalf of the federal government. In this case, the plaintiff tried to file suit against an insurance company alleging that the company had failed to meet its obligations to ensure that it, and not the Medicare program, paid for certain claims for medical care from its insureds or others it was obligated to cover. See Woods v. Empire Health Choice, Inc. No. 07-4208-cv (2d Cir. July 29, 2009).

While this is a great result for health care insurers and self-insured providers who have more than enough to worry about right now, it is also a good reminder of something to be mindful of as more and more individuals are becoming aware of the new lottery game that is the qui tam lawsuit. For those outside the jurisdiction of the Second Circuit, remember that this decision is something to hope for but not binding on your federal courts. Good faith efforts to comply with the MSP (and Section 111) reporting obligations is very important both in the context of your interaction with the Medicare program but also in your interaction with your employees and other individuals who may be watching and questioning your conduct and your commitment to do what is right.

MMSEA Section 111 - Medicare Secondary Payer Mandatory Reporting

Veronica Marsich — Wed, 27 May 2009 13:00:00 -0500

I have read Section 111 and all of the guidance put out by the Centers for Medicare and Medicaid Services ("CMS"), listened to most of the the teleconferences sponsored by CMS on the subject and had the opportunity to talk to different clients and stakeholders about the new requirements and what they are hearing from various consultants and legal advisers about the new reporting requirements. And, what I have concluded from all of this reading, listening and talking is the following:

There are lots of attorneys and consultants out there scaring and confusing hospitals and hospital insurers about Section 111 and what CMS is going to do with this new reporting system;
The Medicare Secondary Payer system and these new reporting requirements are a much greater burden for workers' comp and no fault carriers than other NGHP liability insurers (and I never appreciated that until recently);
CMS keeps saying that this new reporting system is, for them, at least for now ... about collecting data and NOT about trying to find liability insurers who they can make "pay twice" for a Medicare beneficiary's medical expenses;
As it relates to what goes on in health care, with respect to patient complaints and disputes and the settlement of those disputes, there is A LOT that CMS is still trying to understand and figure out so, there is A LOT we don't know yet about what does and does not have to be reported;
If you are a self-insured hospital ... if you are "first dollar" self-insured ... unless your excess carrier is telling you that they will act as your reporting agent, it is probably a good idea to register with CMS some time over the next month or two and test your system so that you can report if you have to;
CMS has said on numerous occasions that you don't have to register if you don't think you will have anything to report so, for now, if you are an insured hospital that doesn't expect to "settle" a dispute with a Medicare beneficiary outside of your insurance policy, for more than $5,000, you can relax a bit ... let's wait and see what CMS does;
If you are an insured hospital and you have a "deductible" your insurer can and probably will work with you to establish a system so that you don't have to report anything ... talk to them and if they say there is nothing they can do ... might be time to shop for insurance;
CMS is still learning and thinking about health care providers and the little patient related settlements you enter into from time to time with your patients when they are unhappy ... they understand that they don't need to know about all of those, despite the way the current guidance reads and there will likely be better guidance in the future to carve some of that out of the reporting requirements; and
CMS is not, in this particular instance, looking for the "gotcha" moments ... i.e. this is not about CMS looking for opportunities to slap $1,000 per day fines on insurers and self-insured providers. If you make a good faith effort to understand what you have to report and if you try to report correctly, you will get a chance to learn how to do it right.

Bottom line, if you are a liability insurer or a TPA for a self-insured health care provider, you have to register and you should get working on that right away ... developing the appropriate procedures and working through the IT issues will take time so don't delay. If you are a self-insured hospital or other health care provider, you have two options: (1) register and set up the internal systems to begin reporting, or (2) hire a Section 111 reporting agent (a new cottage industry ... part of the federal stimulus plan!!!). If you are an insured health care provider, take a breath and sit tight, there is more to come on what if anything you might have to report and since the registration deadline has been extended to September 1 and you don't have to report any settlements that occur before January 1, 2010, lets just wait and see what CMS does. CMS may clarify some of the confusion over the next few months and things might not be so bad after all.

Paying for On-Call Coverage - Here we go again!

Veronica Marsich — Mon, 25 May 2009 16:52:47 -0500

On Wednesday, May 21st, the OIG posted a new Advisory Opinion, 09-05 evaluating a poposed on-call compensation arrangement between a hospital and the specialists on its medical staff. The Hospital proposed an arrangements where members of its medical staff who agreed to provide on-call coverage to the Hospital's emergency department on a schedule established by the Hospital would be compensated on a per encounter basis for encounters with those patients who came to the Hospital ED who were otherwise indigent and uninsured.

What makes this Advisory Opinion interesting is not the Hospital's proposed methodof paying the on-call physicians although it is creative and will be something I will propose to clients who struggle with how to do this. Its not the fact the OIG felt that any on-call compensation arrangement would pass muster under an Anti-Kickback analysis, OIG has recognized that such arrangements can be necessary and appropriate in certain circumstances.

It is the fact that the OIG seems to have given up on the idea of trying requiring that such arrangements be limited to areas where there are physician/specialist shortages. OIG acknowledges that, "on-call coverage compensation potentially creates considerable risk that physicians may demand such compensatiion a s a condition of doing business at a hospital, even when neither the services provided nor any external market factor (e.g., a physician shortage) support such compensation." But, despite this acknowledgement, OIG required nothing in the proposed on-call compensation arrangement to ensure that this was not a situation where the physician specialists were merely holding the Hospital hostage.

As a result, we need to expect that more and more and more physician specialists will now demand that their hospitals pay them to take call coverage in the ED and will point to this Advisory Opinion as the basis for asserting that there are no compliance justifications or market force elements that might exist in the particular hospital's market to justify a hospital's refusal to make those payments. At a time when more and more hospitals are operating at a net loss and without any extra income to cover such expenses, hospitals will be increasingly asked by physicians to find the money somewhere.

Last Minute Reprieve from FTC Red Flag Rules Enforcement

Maria Saez — Fri, 01 May 2009 08:48:35 -0500

The Federal Trade Commission ("FTC") announced yesterday that it will delay enforcement of the Red Flag Rules until August 1, 2009 (enforcement was scheduled to begin today). The Red Flag Rules require creditors and financial institutions with covered accounts to implement programs to identify, detect and respond to patterns, practices, or specific activities that would indicate identity theft. The definition of "creditor" includes any entity that regularly extends or renews credit and all entities that regularly permit deferred payments for goods or services. This definition also includes professionals, such as physicians and lawyers, who provide services and bill later.

There is also some good news for entities that have a low risk of identity theft - the FTC will soon release a template to help them comply with the Red Flag Rules. This is in response to feedback from low risk entities that they were having difficulty determining how to tailor the Rules to fit their businesses.

Although this is the second time the FTC has delayed enforcement of the Red Flag Rules, the November 1, 2008 deadline by which creditors should have been in compliance has always remained the same.

Swine Flu Information for Michigan Health Care Providers

Maria Saez — Wed, 29 Apr 2009 13:56:40 -0500

Two probable cases of swine flu have now been identified in Michigan. The first suspected case was identified in Livingston County. The second is an Ottawa County resident who was released from a Kent County hospital last week.

More suspected cases in Michigan are likely. Both the Michigan Department of Community Health and the Centers for Disease Control and Prevention have set up informational websites to assist health care providers with identifying and treating suspected cases of swine flu and to disseminate the latest information on the disease in the U.S.

MDCH: www.michigan.gov/swineflu

CDC: www.cdc.gov/swineflu

Recent Court Decision on EMTALA is Problematic for Hospitals

Maria Saez — Thu, 16 Apr 2009 13:24:39 -0500

Do EMTALA’s requirements extend beyond the emergency department? Does a hospital’s obligations under EMTALA end when a patient presenting to the emergency department is admitted to the hospital as an inpatient? Until this week, most health law experts would have answered “yes” to both of these questions. But in the recent case of Moses v. Providence Hospital, the 6th Circuit Court of Appeals says “no” and, in doing so, adds quite a bit of ambiguity to EMTALA compliance efforts.

EMTALA’s (Emergency Medical Treatment and Active Labor Act) is a federal statute that imposes specific obligations on Medicare-participating hospitals that offer emergency services to provide a medical screening examination (MSE) when a request is made for examination or treatment for an emergency medical condition (EMC), including active labor, regardless of an individual’s ability to pay. Hospitals are then required to provide stabilizing treatment for patients with EMCs. If a hospital is unable to stabilize a patient within its capability, or if the patient requests a transfer, an appropriate transfer should be implemented.

In Moses, the plaintiff was the estate of Marie Moses Irons, whose husband was taken to the emergency department of Providence Hospital with various physical symptoms such as high blood pressure and severe headaches, as well as slurred speech, disorientation, hallucinations and delusions. He had also demonstrated threatening behavior towards his wife. The patient was evaluated by hospital staff and admitted as an inpatient for further testing and treatment. After approximately six days, the patient was deemed stable and discharged. Ten days later, the patient murdered his wife.

The first issue considered by the Court was whether a non-patient has standing to sue under EMTALA. The Court found that the plain language of the statute (namely that “any individual” who suffers harm due to a hospital’s violation of EMTALA may bring suit) clearly allowed for standing by a non-patient. This holding is troubling because it is contrary to the legislative history of the statute and the intent of the statute as a whole.

Also troubling is the Court’s decision that a hospital’s obligations under EMTALA does not end upon inpatient admission of the patient. The Court, by ignoring CMS guidance on this issue stating that admitting an individual as an inpatient satisfies the hospital’s EMTALA’s obligations, held that a hospital’s decision to admit a patient for further testing does not satisfy EMTALA’s requirement that the hospital treat the patient so as to stabilize him. The Court disregarded the CMS guidance as “contrary to EMTALA’s plain language” and as not having any retroactive effect on this case since the patient’s stay ended prior to the regulation’s creation. The Court held that EMTALA forbids a patient’s release unless his condition is stabilized to the point where no further deterioration of the condition is likely. Therefore, because EMTALA requires a hospital to treat the patient to stabilize the condition, simply admitting a patient is not enough. As the Court stated, EMTALA “requires more than the admission and further testing of a patient; it requires that actual care, or treatment, be provided as well.”

The lower court in Moses, like many courts in other circuits, found that EMTALA is not intended to be a federal malpractice statute and that under EMTALA, a court should only be concerned with whether the patient was diagnosed with an emergency medical condition and whether he was discharged when he was not stable. EMTALA does not guarantee that a hospital will correctly diagnose a patient’s condition. Interpreting EMTALA to require stabilization treatment after diagnosis of an EMC and during an inpatient admission raises questions not answered by Congress such as when the duty to treat terminates, for how long treatment must be provided and when a temporal delay in treatment constitutes a violation of the duty to provide stabilization treatment. To require this would make EMTALA a malpractice statute. The lower court believed that issues about how well a patient is treated are dealt with under state malpractice law, not EMTALA.

Given these prior EMTALA holdings, it is difficult to understand how the 6th Circuit could have gotten it so wrong. One explanation is that the Court’s decision is less “wrong” than it is poorly drafted. In reading the opinion, it seems that the Court had serious doubts as to whether the hospital and the physicians really discharged the patient because they thought he was stable or because his insurance had denied coverage for the care he might have required. Questions of fact on these issues would have justified denying the hospital’s motion for summary disposition. Unfortunately, instead of directly challenging the veracity of the hospital’s position, the Court published an opinion which leaves hospitals and future courts in this jurisdiction with a terribly confusing opinion and considerable risk when treating the next patient admitted through the emergency department who is determined stable for discharge. The Court could have reached such a conclusion without disregarding CMS regulations and without taking a position contrary to all other circuits.

Unless and until Moses is overturned or reconsidered, the lessons to be learned might come down to these:

Clearly document whether the patient is found to have an emergency medical condition.
Clearly document when the patient is found to be “stable” and what clinical observations led to that conclusion.
Where recommendations for treatment are made and ultimately not followed, document the reasons why the recommendations were not followed.
Where inconsistencies exist in a medical record regarding a patient’s stability for discharge or need for further inpatient services, resolve those inconsistencies BEFORE discharging the patient.
In the 6th Circuit… don’t take anything for granted!

Time is Almost Up for FTC Red Flag Rule Compliance

Maria Saez — Fri, 10 Apr 2009 11:30:39 -0500

The deadline by which health care providers must have their FTC Red Flag Rules compliance program in place is fast approaching. Although the deadline for compliance was November 1, 2008, the FTC postponed enforcement of the Red Flag Rules until May 1, 2009. Health care providers, along with financial institutions and other creditors, must be in compliance with the FTC’s Red Flag Rules by then. As we explained in a posting in October 2008, health care providers who periodically allow patients to pay for medical services over time through a series of payments should have written policies that identify the “red flags” or indicators of possible identity theft they may come across in the course of business, establish procedures to detect those red flags and to respond appropriately to mitigate and prevent harm, and develop procedures for training staff and keeping applicable policies current. Health care providers should also have procedures in place to ensure that their vendors are in compliance with the Red Flag Rules. This could mean amending existing business associate agreements or asking for copies of the vendors’ Red Flag policies.

For those health care providers who are still unsure about what the Red Flag Rules mean, the FTC has issued a “How-to Guide” that gives an easy-to-understand overview of the Rules.

In addition, a sample Red Flag Policy for health care providers developed by the American Hospital Association can be found here. Your compliance counsel should also be able to assist with developing a Red Flag Rules compliance program.

March Madness... Health Care Reimbursement is a Crazy Thing!

Veronica Marsich — Thu, 02 Apr 2009 12:00:00 -0500

I just spent three days at a national conference in Baltimore, MD where all things Medicare and Medicaid were discussed. There is no way to give sufficient detail in a blog post to all that we discussed and all that there is to think about and attend to following this conference but, let me share just a few of the highlights...

The Anti-Markup rule continues to be on the minds of attorneys advising health care providers. If you work with physicians who bill globally for diagnostic tests that they order, the time is now to make sure that those diagnostic services are being billed appropriately by the physician. Particularly as it relates to the professional interpretations of those services, the options for physicians are very limited. More importantly, what was okay last year may not be now so just because it was an arrangement previously blessed, doesn't me that it still is ... time to check. On the technical component side, remember that the technical component of a diagnostic test is performed where the patient is AND where the supervising physician is while the test is being done. And, remember that if you don't get this right, you can be left without the ability to bill anything.

Lots of people paying attention to "patient status"... i.e. inpatient, outpatient and observation status. The coordination of medical staff and hospital bylaws, hospital policies, and physician documentation to get the patient slotted into the correct status seems to have many health care institutions and their attorneys on edge. Certain the RACs don't help with the stress here. Pay attention to Condition Code 44 for a patient that you are moving from inpatient to outpatient status. Apparently, there are a lot of hospitals and providers that may not realize that this change needs to be made BEFORE the patient leaves the hospital if you are going to bill the maximum amount.

Since I mentioned them, on the subject of RACs, it appears that the "good news" may be that providers will likely see coding audits start before the medical necessity audits. In addition, it appears that health care providers will get some notice as the RACs expand their medical necessity scope. CMS has indicated that before RACs can expand the scope of their medical necessity audits to review new "issues", they must get approval from CMS and CMS intends to post those new issues on its Web site if the RACs are granted authority to audit those issues. On the less good news side of things, physicians should expect to get a fair amount of attention in this round of RAC audits. CMS has indicated that the RACs will be doing crossover audits of physicians when they find hospital admissions that seem to raise concern. Condition Code 44 came up in this discussion as well. Clearly there is a sense that hospitals have not been handling the use of this code correctly. Finally, CMS has indicated that RACs will have authority to review the use of "present on admission" codes as part of their coding reviews.

But, as usually, the most interesting discussions, at least for me, focused on Stark and the latest word on the DFRR. The conference began with the buzz about the OIG Open Letter indicating that the voluntary disclosure protocol is no longer available for the disclosure of violations that involve only the Stark law and not the Anti-Kickback statute. There was much debate about whether this new OIG position suggest that the OIG is overwhelmed by disclosures of potential Stark violations (suggesting that perhaps its too easy for a health care provider to find itself cross ways with Stark) or whether it suggests that OIG intends to more aggressively go after Stark violations and no longer wants providers to seek the safe haven of the voluntary disclosure protocol to take away their opportunity. I will admit that I tend to be more of a skeptic as to OIG's intentions the more that I think about the DFRR.

The latest word on the DFRR is still that no one knows for sure if or when hospitals that are going to get the DFRR questionnaire will get it. The expectation is that of the 400 that may go out, approximately 290 of those will go to all of the hospitals that got the original voluntary survey request in 2006 and failed to respond. That means that if you were not one of those hospitals, your chances are slim that you will get a questionnaire ... at least in this first round. Still, if you don't feel particularly lucky or just want to continue to move forward in getting a handle on some of your Stark compliance stuff, here are some good suggestions that came out of these discussions:

query your accounts payable, check ledgers, and accounts receivable department for a list of ALL financial arrangements involving a physician;
look for all leases for equipment and space that involve physicians;
get a complete handle on your non-monetary compensation tracking and your medical staff incidental benefits;
gather all of the documentation you can find for all of these;
check them all for compliance with at least one Stark exception;
for any possible non-compliance, determine whether you are in a "period of disallowance"; and
before you even think of responding to a DFRR request, if you get one, check with legal counsel. Because of the details of the questionnaire, how you respond is very important.

Obviously, this is just a small window into what was three solid days of all that is Medicare. There is certainly more to come on this topic, particularly given that the season of CMS proposed payment rule is just about to begin.

Employee Free Choice Act -- What's in a Name?

Robert Stone — Mon, 30 Mar 2009 08:00:00 -0500

Although union membership overall continues to be weak, particularly in the private sector, there may be some changes on the horizon. Recent press accounts state that the overall percentage of union membership has increased for the second year in a row. While still well below peak levels of approximately 35 percent in the 1950’s, the number of union members rose from 311,000 in 2007 to 428,000 in 2008. In addition, the change in the political landscape in Washington makes it more likely that legislation friendly to organized labor will pass and become law.

Most notable of these pro-labor legislative proposals is the ironically named “Employee Free Choice Act”. Throughout the history of the National Labor Relations Act, the heart of the unionization process has been the right of employees to decide if they wanted a union through a secret ballot election conducted by the National Labor Relations Board (NLRB). If passed, the Employee Free Choice Act will eliminate those elections.

Under current law, a union must provide evidence to the National Labor Relations Board that at least 30 percent of the employees want to be represented by a union. This “showing of interest” is usually accomplished by getting employees to sign an “authorization card” saying they want the union. The cards are then presented to the NLRB (the employer never sees them). If at least 30 percent of the employees have signed the cards, the NLRB schedules a secret ballot election. If a majority of the employees voting by secret ballot want unionization, then the union is certified as the representative of the employees.

The so-called “free choice” legislation eliminates the election portion of the process and requires that if a majority of employees sign a card, then the union is certified. No election is held. While these cards have been used for years for the “showing of interest”, they are considered to be notoriously unreliable as a true indicator of the employees’ wishes. The card signing process is not private and significant pressure can be brought to bear on employees to sign the cards. Under the proposed legislation, these cards will be the sole basis for certifying a union as the employees’ representative.

In addition to the “card check” portion of the proposed legislation, the bill will require employers to begin negotiations within 10 days of the first “written request for collective bargaining” by a newly certified union. If agreement on a contract is not reached after 90 days, then either party can request mediation. If there still is no contract after 30 days of mediation, the dispute will be referred to “an arbitration board”. This board will be able to impose a contract on the parties for a two year term. In other words, wages, benefits, terms and condition of employment for two years will be set by an outside arbitration panel.

The bill also calls for triple backpay to employees who are terminated in violation of the National Labor Relations Act while a union is attempting to organize the employer and during negotiations of the first agreement. The NLRB will also be able to seek an injunction forcing reinstatement of a terminated employee before there is a ruling on the appropriateness of the termination. In some cases, there can be $20,000 in civil penalties for each violation of the statute. Violations of the statute by unions do not increase penalties.

The Employee Free Choice Act has widespread support among Democratic members of Congress and President Obama has stated that he will sign the bill if it is passed. Business groups are strongly opposed to the bill and battle lines have been drawn. We will watch to see if it passes the Senate and becomes law.

Physician groups and Non-Compete Contracts

Brian Molde — Wed, 25 Mar 2009 09:48:09 -0500

The Michigan Court of Appeals handed down an unpublished decision yesterday involving a lawsuit filed in the Upper Penninsula between a gastroenterologist and his former professional employer. The gastroenterologist sued his former employer after the group indicated that it intended to enforce a non-compete clause which had been included in the two year contract. After the contract expired and the physician turned down an offer to continue working in the practice, the group's attorneys sent a letter to the physician stating that it intended to prevent the physician from working within 150 miles of the City of Marquette for two years.

The physician sued, seeking an injunction from the Court preventing enforcement of the contract clause on the basis that the contract had expired and therefore the contract could not be enforced. The trial court and the Court of Appeals agreed, holding that

We agree with the circuit court’s conclusion that plaintiff did not separate from his employment; rather, his employment ended when the contract’s term expired on December 31, 2005. This interpretation of the contractual language logically flows from the prefatory words of the covenant, which required plaintiff to perform his duties to benefit the interests of his employer while plaintiff worked for [the group]"

Since the physician's contract had expired naturally rather than by termination of one of the parties, the contract was unenforceable. Certainly something to keep in mind when drafting contracts or signing them.

"Stimulating" COBRA Requirements for Employers

Robert Stone — Tue, 17 Mar 2009 11:25:42 -0500

As all of the media commentators have pointed out, there are many pieces to the stimulus puzzle known as the American Recovery and Reinvestment Act of 2009, signed into law by President Obama on February 17, 2009. One of those pieces is a new requirement for employers under COBRA, the statute that requires employers to offer health insurance to employees who have experienced a “qualifying event” such as layoff, discharge or a significant reduction in hours. Also under COBRA, spouses and dependents can continue coverage after a covered employee’s death, divorce, legal separation or certain other events.

Prior to the new stimulus package, the full cost for the eligible employee’s health insurance continuation under COBRA was paid by the employee based on the employer’s premiums plus a small administrative fee. However, under the new law that “employee pay” formula has been modified in certain situations and the employee does not have to pay the entire premium for a portion of the COBRA continuation period. Instead, a qualifying employee only has to pay 35 percent of the premium and the employer must consider the premium paid in full. Although the employer absorbs the remainder of the premium cost temporarily, the employer can then obtain a reduction in its payroll taxes to cover the balance of the employee’s premium costs.

Several eligibility requirements for the reduced COBRA include:

Employees must have been involuntarily terminated (for other than gross misconduct) between September 1, 2008, and December 31, 2009. Employees terminated on or after September 1, 2008, who were eligible for COBRA but did not elect continuation coverage, have additional time to change their election decision.
The reduced premium period is limited to nine months beginning March 1, 2009. There is no retroactive coverage for premiums already paid.
The reduced premium is fully available without tax consequences only to employees with an adjusted gross income of $125,000 or less ($250,000 for joint returns). Employees with an adjusted gross income of between $125,000 ($250,000 for joint returns) and $145,000 ($290,000 for joint returns) will have the subsidy effectively phased out through a pro rata increase in their income tax liability up to the full amount of the subsidy. Employees at this higher income level can waive the subsidy to avoid the increased tax liability.

Congress did not provide employers the typical amount of lead time for such a significant change. The Act became effective on March 1, 2009, and employers must update COBRA election notices and other documents to reflect the new requirements for COBRA notices used on or after March 1, 2009. In addition, employers must provide information about the subsidy to employees who were involuntarily terminated on or after September 1, 2008, but did not elect continuation coverage, and give them another chance to elect COBRA coverage. This notice must be provided by April 30, 2009 (60 days from the effective date of the Act). Employers also need to establish procedures for paying their insurance carrier the 65 percent subsidy amount and obtaining reimbursement from the federal government for those payments.

While the stimulus package’s impact on the economy is yet to be seen, it is clear that the COBRA portion of the new law has stimulated a great deal of work for employers in a very short period of time.

Wyeth v. Levine: A Victory For the Doctrine of Preemption or Simply a Case of "Tragic Facts Making Bad Law"?

Adil Daudi — Tue, 17 Mar 2009 11:08:47 -0500

In Wyeth v. Levine, the Supreme Court recently ruled that state law tort suits are not preempted by the federal law governing drug labeling. The direct consequence of this decision is that drug manufacturers now clearly have the responsibility for the adequacy of their warning labels and, where state law allows, there will certainly be a rise in product liability suits aimed at drug companies.

The facts in Wyeth are important to understanding the Court’s opinion and should be reviewed by interested readers of this post. In brief, Ms. Levine brought a common law negligence claim against Wyeth on the theory that Wyeth’s warning label on a drug administered to her was not strong enough and that Wyeth could have revised its FDA-approved label to bar the specific use of the drug that caused her injury.

Wyeth’s argument to the Supreme Court centered on the theory that Ms. Levine’s common claims should have been preempted, because: “(1) Wyeth would have been unable to comply with both [State] common law duty to foreclose IV push injection and FDA’s directive, as evidenced by the drug’s approved label, to retain it; and (2) the claims would obstruct the full accomplishment of FDA’s risk-benefit objective to optimize use of Phenergan by imposition of a duty to foreclose IV push injection.”

Writing for the majority, Justice John Paul Stevens rejected Wyeth’s preemption argument, holding that “if Congress thought state-law suits posed an obstacle to its objectives, it surely would have enacted an express federal preemption provision at some point during the FDA’s 70-year history.” The court also declined to conclude that it was impossible for Wyeth to comply with federal and state requirements, absent clear evidence that the FDA would not have approved a change to the drug’s label.

Writing for the dissent, Justice Alito opened with the statement that "[t]his case illustrates that tragic facts make bad law.” Justice Alito’s central point being that the majority’s holding essentially approves of "drug labeling by jury verdict," which undermines the federal drug-labeling regime. In Justice Alito’s view, these types of cases present juries with tragic plaintiffs who were injured and lay juries are ill-equipped to deal with scientific and long-term public benefit issues involved in labeling drugs and federal regulators should be afforded deference in these cases.

Ultimately, the critical fact that influenced the Court was that Congress could have drafted the FDA statute to explicitly allow for federal preemption, but it did not do so (the majority opinion explicitly notes that an express preemption provision exists in the medical device context). Indeed, Justice Breyer in concurring opinion seemed to suggest that a future specific regulation by Congress or the FDA may have the preemptive effect sought by Wyeth. It will be interesting to see how Congress responds.

New Supervision Requirements for Hospital Outpatient Department Therapeutic Services

Veronica Marsich — Mon, 09 Mar 2009 08:04:33 -0500

On November 18, 2008, as part of the 2009 OPPS Final Rule, CMS provided a "clarification" of its position regarding what level of physician supervision is required for the provision of on-campus outpatient therapeutic services.

Prior to November 2008, the provider community understood that CMS' position was that the direct supervision requirements for services provided incident to a physicin's services in an on-campus outpatient department was properly presumed to be met because staff physicians are always around in a hospital. CMS has indicated that it is concerned that hospitals have taken its prior expression of presumptive compliance to mean that no supervision was actually required at all.

While the OPPS Final Rule does not go further to state specifically that a physician must be physically present in an outpatient department of a hospital at all times, this "clarification" does seem to at least open the door for hospitals to be questioned about how, specifically, they meet the direct supervision requirements applicable in their various outpatient departments, where therapeutic services are provided.

In support of the sense that CMS is moving in this direction, it is also worth noting that in December of 2008, CMS revised language in its Medicare Benefit Policy Manual regarding provider-based services to indicate that "direct supervision" means that a physician must be present and on the premises of the provider-based department and immediately available to furnish assistance and direction.

Hospitals would, in light of these developments, be advised to evaluate all outpatient department and provider-based locations to evaluate the extent to which the services provided at those locations require direct physician supervision and then make sure they have a plan in place to meet that requirement.