We are very pleased to announce the addition of three attorneys to Ogden Murphy Wallace, PLLC’s dynamic healthcare practice group. Greg Montgomery, Dana Kenny and Casey Moriarty, all formerly of Miller Nash, LLP in Seattle, have joined OMW effective as of January 1, 2013. Greg, Dana and Casey bring a combined 50+ years of experience to OMW’s team. We are excited to have them on board and look forward to leveraging the depth and breadth of our collective experience for the benefit of all of our clients.
HHS has announced its first HIPAA breach settlement involving less than 500 patients. The announcement came on January 2, 2013 following a disclosure by the provider, Hospice of North Idaho. The facts involved the theft of an unencrypted stolen laptop that contained ePHI for 441 individuals. HHS found that the provider did not do a sufficient analysis of the risk to confidentiality of ePHI after the new rule went into effect and did not have in place appropriate policies or security measures to ensure the confidentiality of ePHI. To settle the matter, the provider agreed to pay HHS $50,000 and enter into a corrective action plan. More information about the settlement, including the settlement agreement can be found at this link on the HHS website.
This settlement shows that HHS takes breach notifications seriously. At the same time, it appears that HHS will be open to entering reasonable settlement agreements to resolve this type of breach. Mostly this demonstrates what we all know: don’t put ePHI on unencrypted laptops or other mobile devices. For more information, contact Dave Schoolcraft, Lee Kuo or Casey Moriarty.
A reminder to all licensed hospitals operating “provider-based clinics,” “off campus,”: the Washington State legislature during its 2012 session enacted HB 2582 requiring provider-based clinics to comply with certain new and additional requirements. This bill goes into effect January 1, 2013. This bill was intended to ensure that patients were informed about the cost of receiving services in a provider-based setting. Among other things, the bill contains new signage requirements, patient notification requirements (including on the provider’s website) and reporting requirements. Note, not all Medicare provider-based departments meet the definition of a “provider-based clinic” under this law. A copy of the bill can be located here.
Fall must be here because the FY 2013 OIG Work Plan is out. Providers of all shapes and sizes should at least browse the table of contents to see whether any of the OIG’s topics for FY 2013 touch important aspects of their businesses and practices. Among the many topics, some highlights include:
- Analyze the “savings” of expanding the hospital three day payment window to 14 days;
- Review Medicare payments for hospital discharges that should have been billed as transfers;
- Review payment for canceled hospital surgical procedures;
- Review effect on costs of hospital acquisition of ASCs;
- Review payments for outpatient physical therapy services provided by independent therapists;
- Review appropriateness of payments for sleep study services and the high utilization of sleep testing procedures;
- Review coding of anesthesia services (personally performed versus medical direction of up to four concurrent procedures);
- Review the payment for practice expenses of imaging services;
- Review the medical necessity of high cost diagnostic imaging tests;
- Review physician billing for “incident-to” services; and
- Review physician coding of place of service.
Also of note, OIG states that it expects to publish a revised Provider Self-Disclosure Protocol some time in FY 2013.
If you have questions about any of these topics or the OIG Work Plan in general please contact Don Black.