Where HIPAA and FERPA Meet: Student Health Records and Disclosure Requirements

Posted on December 9, 2008 by Maria Saez

The Departments of Education and Health and Human Services have issued joint guidance on how the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) apply to student health records. The guidance also addresses certain disclosures that are allowed without consent or authorization under both laws, especially those related to health and safety emergency situations.

FERPA is a federal law that generally prohibits an institution from disclosing the education records or personally identifiable information from education records, without a parent or eligible student’s written consent. An eligible student is one who is over 18 years of age or who attends a post-secondary institution at any age. FERPA applies to institutions that receive funds pursuant to any program administered by the U.S. Department of Education, including medical and other professional schools. Please note that if an institution receives funds in this manner, FERPA applies to the recipient as a whole, including all its components, such as a department within a university.

“Education records” are broadly defined to include records that are directly related to a student and that are maintained by an educational institution or by a party acting for the institution. At the elementary and secondary levels, this can include student health records. In post-secondary institutions, medical and psychological treatment records of eligible students are excluded from the definition of “education records” if they are made, maintained, and used only in connection with treatment of the student and disclosed only to individuals providing the treatment. If the disclose is for purposes other than treatment, the records are then subject to FERPA’s requirements and can only be disclosed with the student’s written consent or under one of several enumerated exceptions to written consent.

HIPAA requires covered entities (health plans, health care clearinghouses and health care providers) to implement appropriate safeguards to protect the privacy of patients’ identifiable health information and to set limits and conditions on the uses and disclosures that may be made of such information without patient authorization. HIPAA also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

Continue Reading...
Tags: , , , , , , , ,

Medical Marihuana in Michigan - What Health Care Providers Should Know

Posted on November 17, 2008 by Maria Saez

Since November 4, 2008, when voters in Michigan approved the new Michigan Medical Marihuana Act (the "MMMA"), many of our clients have been wondering what the implications of the MMMA are for them.  What follows is a summary for health care providers of what they should understand about the MMMA. 

Quick facts for health care providers about the MMMA:

1.  Qualified patients are allowed to use up to 2.5 grams of medical marihuana to treat certain debilitating and chronic diseases, including but not limited to cancer, glaucoma, HIV, AIDS, hepatitis C, and Crohn’s disease, without risk of prosecution. Patients are also allowed to cultivate up to 12 marihuana plants for their use.

2.  To obtain a registry identification card, patients and their caregivers (if the patient requires assistance with using medical marihuana) must provide the Michigan Department of Community Health with a signed written certification from a physician identifying the patient’s debilitating condition and stating that, in the physician’s professional opinion, the patient is likely to receive therapeutic or palliative benefit from the medical use of marihuana.

Continue Reading...
Tags: , , ,

CMS 2009 Physician Fee Schedule - The Revised Anti-Markup Rules are Here

Posted on November 10, 2008 by Veronica Marsich

CMS has submitted its 2009 Physician Fee Schedule Final Rule to the Officer of the Federal Register for publication and the document should be published some time in November.  As is usually the case, CMS has loaded the Physician Fee Schedule Final Rule with lots of interesting information.  In addition to an updated list of the CPT codes that constitute "designated health services" under the Stark Law, and a re-opening of the comment period for the proposed Stark exceptions on gain sharing arrangements, this Final Rule contains a set of newly revised Anti-Markup Rules relative to the reassignment of billing for diagnostic testing services.

Originally, 42 CFR 414.50 contained a rule that prohibited a physician, who intended to bill for the technical component (TC) of a diagnostic test that was performed by someone other than the physician,  from "marking up" the charge for the TC component of the diagnostic test above the actual cost of the test.  In other words, if a physician wanted to purchase certain TCs of diagnostic tests from a hospital and then bill globally for the test (billing the hospital's TC and his own professional interpretation (PC) of the same test) the physician was prohibited from billing more for the TC of the test than what the hospital charged the physician to perform the test.  This rule was generally known as the "Anti-Markup Rule."

In 2008, CMS revised the Anti-Markup Rule so that if a physician or other supplier bills for the TC or PC of a diagnostic test that was ordered by the physician or other supplier (or ordered by someone related to that physician or supplier through common ownership or control) and if the diagnostic test is either purchased from an outside supplier (such as a hospital) or performed at a site other than the office of the billing physician or supplier, the payment to the billing physician or supplier for the TC or PC of that diagnostic test cannot exceed the lowest of : 

  1. the performing supplier's net charge to the physician;
  2. the billing physician or supplier's actual charge; or 
  3. the fee schedule amount for the test that would be allowed if billed by the performing supplier directly.
Continue Reading...
Tags: , , , , , ,

FTC Red Flag Rules - Regulation From A New Direction

Posted on October 19, 2008 by Veronica Marsich

It never ceases to amaze me the number of varying directions from which hospitals and health care providers get regulated! 

The most recent federal agency to jump on the health care regulation bandwagon appears to be the Federal Trade Commission (FTC).  On November 9, 2007, the FTC, in conjunction with federal bank regulators, issued a set of regulations intended to combat identity theft.  These regulations are commonly referred to as the "Red Flag Rules."  The Red Flag Rules require financial institutions and other "creditors" to implement a program designed to detect, prevent and mitigate identity theft in connection with the creation and maintenance of "covered accounts."

Many hospitals and health care providers began to pay attention to these regulations a few months ago when word started to "eek out" that the Red Flag Rules might apply to hospitals and other health care providers. While the application of these rules to any specific transaction will depend upon the specifics of the transaction at issue, what does seem pretty clear at this point is that if you are affiliated with a health care provider that periodically allows patients to pay for their medical services through a series of payments, over time, that health care provider is likely a "creditor" and needs to comply with the Red Flag Rules.  Health care providers should, with very limited exception, expect to comply with the Red Flag Rules as of November 1, 2008.

Compliance with the Red Flag Rules is, in many ways, tied to your HIPAA compliance program and the policies and procedures health care providers already have in place.  Similar to the HIPAA Security and Privacy  Regulations, the Red Flag Rules deal with access to information in patient medical records and billing account records and the extent to which those records may be accessed and used to commit identity fraud.

Continue Reading...
Tags: , , , ,

OIG Work Plan - FY 2009

Posted on October 7, 2008 by Veronica Marsich

Last week, the Office of Inspector General (OIG) published its "Work Plan" for federal fiscal year 2009.   Many health care providers use the annual OIG Work Plan as a road map to guide their annual compliance efforts and this has always been a strategy that I have supported.  Although I usually suggest that compliance officers and the health care providers they represent look not just at the current year's Work Plan but the past two or three years Work Plans, collectively,  I think it is very important for health care providers to be aware of what the OIG thinks it should pay attention to, in any particular year.  Its also noteworthy to understand how the OIG's focus changes from year to year and over time. 

Of particular note in this year's Work Plan is the continuation of some significant reviews and the initiation of others that are in areas where health care providers often struggle.  They include OIG's review of:

  • Provider-Based Status for Inpatient and Outpatient Facilities
  • Hospital Owned Physician Practices Billed as Outpatient Services
  • Provider Bad Debt Allocations
  • Medicare Secondary Payer Compliance
  • Diagnostic X-rays Performed in Hospital Emergency Departments
  • EMTALA Compliance
  • Never Events
  • Physician Services Performed by Non-Physicians
  • Medicare Payments for Sleep Services
  • Services Performed by Clinical Social Workers
  • Outpatient Physical Therapy Provided by Independent Therapists
  • Payments for Colonoscopy Services

Given some of the questions that I have received from clients in the past six months, I see EMTALA Compliance and Medicare Payments for Sleep Studies as particularly interesting and suggestive of the fact that OIG and CMS think that providers are not doing things correctly in these areas. 

Your compliance committee should take the time to review the new OIG Work Plan and modify its compliance focus accordingly.

Tags: , , , , , , , , ,

FY 2009 Stark Law Amendments

Posted on September 22, 2008 by Veronica Marsich

 

DHS entities need to move quickly to take inventory of their existing financial arrangements to determine or confirm that all appropriate financial arrangements are in writing and fully executed by the parties. They must then evaluate the nature of the compensation under any space or equipment leases which may involve referring physicians, to ensure that the compensation is not on a percentage or per click basis. If those agreements do determine compensation in that manner, then they must be renegotiated as quickly as possible. Finally, DHS entities need to begin to budget and allocate appropriate resources in the event that they are one of the 500 institutions to receive a DFRR request. DHS entities will have only 60 days to respond to a DFRR request if received.

 

On August 1, 2008, the Center for Medicare and Medicaid Services ("CMS") issued its most recent revisions to the Stark law regulations. Changes were published in the Federal Register on August 19th as part of the FY 2009 Inpatient Prospective Payment System. Many of the changes made by CMS were previewed in language proposed in CMS’s proposed physician fee schedule for 2008 published last fall. Those not previewed at that time were previewed this year in the FY 2009 Proposed IPPS Rule.

There are several topics of particular interest for physicians and DHS entities in these revised regulations. They include:

    • Clarifications and limitations regarding the ability of physicians and DHS entities to carry out their perspective obligations under a negotiated financial arrangement in the absence of a fully executed written agreement, where the execution of a written agreement is a required element of the relied upon Stark exception;
       
    • The elimination of percentage based compensation in all lease agreements for space and/or equipment;
       
    • The elimination of the per click compensation methodology in all lease agreements for either space or equipment; 
       
    • Expand the definition of DHS entity to include those who perform DHS; 
       
    • A decision by CMS to move forward with its DFRR financial transaction reporting program.
Tags: , , , ,

Signature Stamps - Probably Best to Toss Them!

Posted on September 17, 2008 by Veronica Marsich

Hospitals periodically develop anxiety over the use of signature stamps by medical staff members.  Many institutions have gone so far as to say "no" to any and all signature stamps.  Others have limited use of signature stamps so that only the physician him or herself can use the stamp and, frankly, if the physician is the only one who can use the stamp ... "What is the point?"

Well, based upon CMS Transmittal 248, issued early in the spring, it would appear that there is no point in having signature stamps for physicians because they are not acceptable and will not be given any credit if CMS audits for signed orders or other medical record documentation where a physician signature is required.

What is perhaps even more troubling about the language in this Transmittal is not that CMS appears to be putting an end to the usefulness of the signature stamp,  but that CMS has cleared the way for auditors to deny claims based solely on the type or lack of physician signature.  This is true even if all other aspects of the documentation support the medical necessity and appropriate delivery of the service. 

So, at this point, hospitals should be sending out alerts to their medical staff members, advising them that signature stamps are not allowed for use anywhere in the medical record.  Outpatient diagnostic departments such as lab and radiology should be advised that orders for services that come with a stamped signature as the authorization for the service cannot be accepted.  Failure to take this approach could result in overpayment problems during an audit. 

Tags: , , , , ,

Block Leases Between Physician Groups May Be a Problem

Posted on September 15, 2008 by Veronica Marsich

On August 26, 2008 the OIG issued Advisory Opinion No. 08-10, expressing significant concern for a proposed block lease arrangement between a physician group that operates a free-standing facility providing certain cancer treatment services, including intensity-modulated radiation therapy (IMRT) and a urology group that often treats patients who might benefit from receiving IMRT.

The proposed arrangement involved the urology group entering into a series of contracts that would create a "block lease" of the other physician group's IMRT facilities, including space, equipment, administrative and clinical personnel, and radiologist services to supervise the IMRT procedures.  In evaluating the arrangement under the federal anti-kickback statute, the OIG noted that the urology group would not actually participate in performing any component of the IMRT service and would contract out substantially all of the services, including all of the professional services. 

The OIG concluded that the proposed arrangement was designed to allow the group owning the IMRT facility to do, indirectly, what the anti-kickback statute is intended to prohibit it from doing directly ... "pay the urology group a share of the profits for their IMRT referrals."  The OIG concluded that by agreeing to a deal that gave the urology group the opportunity to retain the difference in reimbursement between what was paid for IMRT services provided to the urology group's patients and the rents and fees it would pay to purchase the services, the urology group would be receiving improper remuneration for referrals for IMRT services. 

For physician groups currently engaged in block lease arrangements, this Advisory Opinion should be reviewed carefully.  Counsel to such group may need to advise their clients that a renegotiation of existing arrangements is required in order to bring such financial arrangements squarely into compliance with the federal anti-kickback statute and avoid the risk of civil and criminal sanctions.

A copy of Advisory Opinion 08-10 can be found here

Tags: , , , , ,

Hospital Disclosures of Financial Relationships with Physicians

Posted on August 29, 2008 by Veronica Marsich

When the physician self-referral statute (the Stark Law) was first enacted in 1989, it contained a financial relationship reporting requirement.  Although the initial regulations issued in 1991 contained information and details on that reporting requirement (42 CFR 411.361), CMS never initiated or implemented the requirement .... until now.

CMS first began to hint at its intention to begin to ask for disclosure of information on hospital/physician financial relationships in 2007 and, in its FY 2009 IPPS proposed rule suggested that it planned to send a formal information collection instrument known as the "Disclosure of Financial Relationships Report" (DFRR) to 500 hospitals (both acute care and specialty hospitals).   CMS suggests that the purpose for collecting this information is to: (1) identify arrangements that potentially may not be in compliance with the Stark Law; and (2) identify practices that may assist CMS in future rule making regarding the Stark Law.

Although CMS originally estimated that the effort associated with providing it with the information required on the DFRR would be minimal, it now acknowledges that hospitals may need to work with accounting and legal advisers in order to complete the DFRR.  Still CMS has indicated in the final IPPS rule for FY 2009 that each hospital who receives a DFRR will have only 60 days to complete the Report.  In implementing this reporting requirement, CMS believes that the information it is requesting is that which a hospital should be keeping in the normal course of its business activities.  CMS also hopes that hospitals who receive the DFRR will elect to submit their responsive information electronically, but hospitals will be able to submit information, including supporting documentation in a paper copy.

Fortunately, at least for now, CMS has determined that the DFRR will be used only in a one-time collection effort ... at least for now.  A final PRA notices will be published in the Federal Register in the near future that will include a revised DFRR, including revised instructions for completion.  Following a 30 day comment period, CMS will then be in a position to begin formal distribution of the DFRR to a randomly selected group of 500 hospitals across the country. 

Tags: , , , , ,

EMTALA - Covering Emergency Call Through Community Plans

Posted on August 19, 2008 by Veronica Marsich

On July 31, 2008, the Centers for Medicare and Medicaid Services (CMS) released its FY 2009 final rule for the Inpatient Prospective Payment System.   Included with in the manyy regulatory changes contained in this final rule are new provisions regarding the requirements of the Emergency Medical Treatment and Active Labor Act (EMTALA).  Among these are new rules for hospitals to develop "community on-call plans" as a means of meeting their on-call services obligations under EMTALA. 

The new rules allow for two or more hospitals to collaberate to develop a community on-call coverage plan that applies within a specific geographic area and divides the coverage of certain types of services between the participating hospitals at designated times.  Specifically, a formal community on-call plan among a group of hospitals needs to include:

  1. A clear delineation of on-call responsibilities for each hospital participatingin the plan;
  2. A description of the geographic area covered by the plan;
  3. the signature of an appropriate representative ofeach participating hospital;
  4. Assurances that local and/or regional EMS protocols include information on any such community on-call arrangements;
  5. A statement  from each hospital participating in the plan affirming their respective obligations under EMTALA to perform medical screening and stabilizing treatment within its capacity, and to comply with EMTALA transfer and acceptance of transfer requirements; and
  6. An annual assessment by the participating hospitals of the efficacy of the plan.

Hospitals subject to EMTALA who struggle to maintain adequate ER coverage of key specialty areas including orthopedic surgery, cardiology and neurology should review these new rules and evaluate the potential to work with neighboring health care institutions to take advantage of this new opportunity as a way to better serve their communities and ease the often unweilding burden on specialty staffing caused by the EMTALA requirements.

Tags: , , , ,