Cybersecurity and Emergency Preparedness for Long-Term Care

On January 13, 2017, the Centers for Medicare and Medicaid Services (“CMS”) sent a Memorandum (“Memo”) to State survey agency directors encouraging long-term care providers to “consider cybersecurity when developing or reviewing their emergency preparedness plans.” The Memo was a follow-up to the CMS long-term care emergency preparedness rule published in the Federal Register on September 16, 2016: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Under that final rule, long-term care facilities were held to additional standards, including requirements to have emergency and standby power systems in place. Nursing homes were also required to create plans regarding missing residents that could be activated regardless of whether the facility has activated its full-scale emergency plan. The rule was spurred on by recent flooding in Baton Rouge, Louisiana, and other emergency disasters, such as Hurricane Sandy and the 2009 H1N1 pandemic, according to CMS.

Whether State surveyors will actually enforce lack of cybersecurity plans for emergency preparedness as violations remains to be seen from this Memo. But certainly, a State survey agency could impose deficiencies for failure to have a proper cybersecurity plan and/or a proper cybersecurity back‑up plan as part of a facility’s emergency preparedness going forward. It is not clear why CMS decided to send this encouragement Memo three months after the Final Rule on emergency preparedness, but it likely has something to do with the fact that 2016 was a banner year for HIPAA privacy infractions and HIPAA enforcement by the Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance. In 2016, payouts for HIPAA violations skyrocketed to record heights of $23.51 million from OCR enforcers against health care providers. That number was triple the previous record of almost $7.94 million in payouts in 2014, followed by $6.19 million in payouts in 2015.

Continue reading Cybersecurity and Emergency Preparedness for Long-Term Care

OIG Issues Investigative Advisory on Medicaid Fraud & Patient Harm Involving Personal Care Services (PCS)

Continuing the drumbeat of increased regulatory scrutiny on long-term care providers, the Office of Inspector General (OIG) of the Department of Health and Human Services in early October 2016 released an Investigative Advisory on Medicaid Fraud and Patient Harm Involving Personal Care Services: https://oig.hhs.gov/reports-and-publications/portfolio/mpcs.asp.

In the OIG’s words, the Investigative Advisory “highlights several of the most significant program vulnerabilities related to PCS that OIG continues to encounter during the course of Federal investigations,” and “summarizes fraud schemes in Federal investigations involving PCS from November 2012 through August 2016.”

Noting that it has already “issued numerous reports highlighting vulnerabilities in PCS that are believed to have contributed to high improper payments, questionable care quality, and high amounts of fraud,” the OIG stated its concern that “State PCS programs will remain susceptible to fraud unless CMS takes preventive, nationwide action to address systemic vulnerabilities.” It also referenced the previously stated goal of preventing fraud and patient harm before it occurs, instead of engaging in “pay and chase” activities and attempting to recover payments already made to providers, after the fraud or sub-standard care has taken place.

The PCS fraud schemes cited by the OIG include:

  • Multiple PCS attendants billing for visits to the same patient in Washington, in which caregivers persuaded the patient to sign blank time sheets and submitted claims for periods when the patient was out of the country.
  • A criminal prosecution of more than 40 individuals associated with a PCS agency in Alaska, where the owner authorized employees to submit false time sheets for services not provided and also billed Medicaid for services provided by employees who were not legally authorized to bill.
  • The submission of over $34,000 in claims by a PCS attendant in Illinois, who
    had been excluded from all Federal programs for allegedly diverting controlled substances from her employer, for services not provided (including services she claimed to have provided while she was on vacation in the Caribbean and Central America).
  • A case in which a Missouri PCS attendant submitted claims for providing care to four beneficiaries simultaneously while working a full-time job, over a 130-day period.
  • A Virginia PCS attendant billing Medicaid for care not provided, which included 20 hours per week of accompanying the beneficiary to doctors’ appointments over a 2-month period.

The Investigative Advisory also referenced several recent cases of patient harm: some involving abuse or neglect by PCS attendants that have resulted in deaths and hospitalizations, and other that involved provision of care while impaired. The OIG expressed the view that these cases demonstrate that “CMS and the States do not have sufficient controls for individuals entering beneficiary homes to provide Medicaid-funded services,” and that “CMS needs to take regulatory action to establish safeguards that will prevent fraudulent or abusive providers from enrolling or remaining as PCS attendants and better protect the PCS program from fraud and patient hmm and neglect.”

Key unimplemented OIG recommendations, which could be the subject of future regulations, include:

  • Establishing minimum Federal qualifications and screening standards for PCS workers, including background checks.
  • Requiring States to enroll or register all PCS attendants and assign them unique numbers.
  • Requiring that PCS claims identify the dates of service and the PCS attendant who provided the service.
  • Additional controls to ensure that PCS are allowed under program rules and are actually provided.

CMS Arbitration Rules

By Susan V. Kayser

CMS has released the final version of a broad-based proposed rule update that will take effect November 28, 2016.  One of the most notable provisions is a prohibition on including a mandatory arbitration provision in a nursing home admission agreement.  Long a bone of contention, with strong advocacy efforts on each side of the question of whether such mandatory clauses should be allowed, it remains to be seen whether the rule will be challenged in court.  Those against mandatory arbitration say it deprives individuals of their day in court; those in favor say there are benefits, including less expensive and quicker resolution of claims.

Only admissions agreements of future residents will be affected by the new rule.  Providers should note too that arbitration clauses are not banned altogether.  In a blog post on September 28, 2016, Acting CMS Administrator Andy Slavitt stated “[f]acilities and residents will still be able to use arbitration on a voluntary basis at the time a dispute arises.”  He went on to say that “[e]ven then, these agreements will need to be clearly explained to residents, including the understanding that these arbitration agreements are voluntary, and that these agreements should not prevent or discourage residents and families from talking to authorities about quality of care concerns.”

The new rule includes a number of other new or modified provisions, which according to CMS were designed to set higher standards for quality and safety in long-term care facilities and protect and empower residents, with a focus on preventing abuse and neglect in facilities.

Government Cracks Down On Nursing Home Use of Social Media

On August 5, 2016, the Centers for Medicare and Medicaid Services (CMS) published a Survey and Certification Memorandum (Notice) urging State health departments to enforce violations by nursing homes in posting patient images on social media. This development was interesting given that the Office for Civil Rights (OCR), the enforcer of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, presumably should already be cracking down on any such violations of resident rights as a violation of HIPAA. According to Modern Healthcare, increased instances of nursing home staff inappropriately posting resident pictures on social media may have sparked this pronouncement by CMS.

Specifically, CMS will more strictly enforce, through State agencies, corrective actions to ensure that employee postings of residents in a degrading manner do not occur in the nursing home setting. Interestingly, the Notice does not discuss nursing homes reporting such employee conduct to OCR, but does indicate that employees should report such postings on social media of residents as abuse “to at least one law enforcement agency.” Continue reading Government Cracks Down On Nursing Home Use of Social Media

Duane Morris’ Michael E. Clark to Present at ABA’s Third Medical Device & Healthcare Technology Compliance Institute

Duane Morris special counsel Michael E. Clark will serve as program chair and moderate the panel discussion, “Yates Memorandum: The New Normal?” during the American Bar Association’s (ABA) Third Medical Device & Healthcare Technology Compliance Institute, to be held on October 13–14, 2016, in Washington, D.C. Mr. Clark’s presentation will take place on Thursday, October 13, at 9:00 a.m.

The session will feature a discussion of the Department of Justice’s new policy to prosecute corporate executives with a focus on the ethical considerations of representing corporations and executives. There will be an emphasis on ethical considerations, including scope of representation, client identification and duties. CLE Ethics Credit is available.

For more information, please visit the event listing on the Duane Morris website.

Another Positive Development for the Medical Marijuana Industry

Just one week after the DEA and FDA reiterated the federal government’s willingness to allow broader research into the health benefits of cannabis, the Ninth Circuit Court of Appeals issued a decision barring the DOJ from using federal funds to prosecute individuals and businesses conducting activities in compliance with state medical cannabis laws and regulations.

In U.S. v. McIntosh, No. 15-10117, (9th Cir. 2016), the Court determined that a rider (§ 542) to the appropriations act that funded the government through September 30, 2015, which provided that funds made available under that act could not be used “to prevent [] States from implementing their own State laws that authorize the use, distribution, possession. of cultivation of medical marijuana,” was to be read as prohibiting the federal government from prosecuting individuals and businesses acting pursuant to those state laws and regulations because such prosecution would effectively prevent the states from implementing their cannabis laws and regulations.

As the Court explained, “DOJ, without taking any legal action against the Medical Marijuana States, prevents them from implementing their laws that authorize the use, distribution, possession, or cultivation of medical marijuana by prosecuting individuals for use, distribution, possession, or cultivation of medical marijuana that is authorized by such laws. By officially permitting certain conduct, state law provides for nonprosecution of individuals who engage in such conduct. If the federal government prosecutes such individuals, it has prevented the state from giving practical effect to its law.”

The Court was also careful to warn industry participants that cannabis-related conduct falling outside a state’s cannabis laws and regulations would not be protected from federal prosecution:  “We conclude that § 542 prohibits the federal government only from preventing the implementation of those specific rules of state law that authorize the use, distribution, possession, or cultivation of medical marijuana. DOJ does not prevent the implementation of rules authorizing conduct when it prosecutes individuals who engage in conduct unauthorized under state medical marijuana laws. Individuals who do not strictly comply with all state-law conditions regarding the use, distribution, possession, and cultivation of medical marijuana have engaged in conduct that is unauthorized, and prosecuting such individuals does not violate § 542.”

 

 

The Marijuana Business Takes Root in Pa.

Duane Morris’ Seth Goldberg was quoted in the Philadelphia Business Journal  on the opportunities and risk facing entrepreneurs in the development medical marijuana industry in Pennsylvania.

While the upfront costs to entrepreneurs wanting to enter the market are expected to run into the millions of dollars, the payoff could be substantial. The ArcView Group, a market research firm that studies the cannabis industry, estimates the Pennsylvania medical marijuana market will start out with annual sales at about $125 million and grow at a rate of about 180 percent per year in the program’s first few years.

“There will also be huge opportunities for entrepreneurs who want to create ancillary businesses that are integral to the core growing and dispensing businesses,” said Seth Goldberg, a Philadelphia attorney with Duane Morris who specializes in commercial and health care matters.

Continue reading The Marijuana Business Takes Root in Pa.

Mid-Year OIG Work Plan Update Provides Insight Into Long-Term Care Regulatory Hot Spots

The Office of Inspector General (OIG) of the Department of Health and Human Services recently released a Mid-Year Update to its 2016 Fiscal Year Work Planhttp://oig.hhs.gov/reports-and-publications/archives/workplan/2016/WorkPlan_April%202016_Final.pdf. The Mid-Year Update gives long-term care providers a preview of the OIG’s regulatory enforcement focus during the remainder of the current fiscal year.

Some highlights from the Mid-Year Update include:

Skilled Nursing Facility Prospective Payment System Requirements

The OIG will review compliance with the skilled nursing facility (SNF) prospective payment system requirement that a beneficiary must be an inpatient of a hospital for at least 3 consecutive days before being discharged from the hospital, in order to be eligible for SNF services. Prior OIG reviews found that Medicare payments for SNF services were not compliant with the 3-day hospital stay requirement.

Potentially Avoidable Hospitalizations of Medicare and Medicaid Eligible Nursing Home Residents for Urinary Tract Infections

The OIG will review nursing home records of residents hospitalized for urinary tract infections (UTIs), to determine whether the nursing homes provided services to prevent or detect UTIs in accordance with their care plans before the residents were hospitalized.

National Background Check Program for Long-Term-Care Employees

The OIG will review current State procedures for conducting background checks on prospective employees and providers who have direct access to patients, and determine the costs of conducting background checks. The goal is to determine the effectiveness of the States’ programs and determine whether the checks led to any unintended consequences.

State Agency Verification of Deficiency Corrections

The OIG intends to determine whether State survey agencies verified correction plans for deficiencies identified during nursing home recertification surveys, noting that a prior OIG review found that one State survey agency did not always verify that nursing homes corrected deficiencies identified during surveys, in accordance with Federal requirements.

Medicaid Beneficiary Transfers from Group Homes and Nursing Facilities to Hospital Emergency Rooms

The OIG will review the rate of and reasons for transfer from group homes or nursing facilities to hospital emergency departments, as high occurrences of emergency transfers could indicate poor quality of care.

Managed Long-Term-Care Reimbursements

States’ reimbursements to managed long-term-care (MLTC) plans will be examined to determine whether they complied with Federal and State requirements, including those relating to eligibility and enrollment of beneficiaries.

SCOTUS Strikes Down Texas Statute in Whole Woman’s Health v. Hellerstedt

In a 5-3 decision today, the Supreme Court of the United States in Whole Woman’s Health v. Hellerstedt, No. 15-275, slip op. (June 27, 2016) reversed a decision of the Fifth Circuit and overturned as unconstitutional a Texas law that (1) required abortion providers to have “active admitting privileges” at a hospital within 30 miles of the location at which they provide abortions and (2) required abortion facilities to meet standards adopted for ambulatory surgery centers. The Court wrote that each of the requirements “places a substantial obstacle in the path of women seeking a previability abortion, each constitutes an undue burden on abortion access, and each violates the Federal Constitution.”  A team of Duane Morris attorneys, including Philip H. Lebowitz, Erin M. Duffy, Katharyn I. Christian McGee, Alison Taylor Rosenblum, and Erica Fruiterman, filed an amicus curiae brief on behalf of medical staff professionals in support of petitioners Whole Woman’s Health et al.  In its decision, the Supreme Court cited Duane Morris’ amicus brief, noting, “Other amicus briefs filed here set forth without dispute other common prerequisites to obtaining admitting privileges that have nothing to do with ability to perform medical procedures.”  The brief was one of only a handful of amici curiae briefs cited in the decision out of a total of 41 such briefs filed on behalf of petitioners.

 

Pennsylvania Medical Marijuana Act: Key Components and Potential Risks

On April 17, 2016, Pennsylvania became the 24th state to legalize the use of marijuana for medicinal purposes when Pennsylvania Governor Tom Wolf signed into law Senate Bill 3, known as the “Medical Marijuana Act” (the “Act”).  While the Act will become effective on May 17, 2016, its implementation will not be fully realized until various reports and regulations contemplated in the Act are developed. The Act will be administered by the Pennsylvania Department of Health (the “Department”).

The Act limits the use of medical marijuana to patients suffering from one of the 17 “Serious Medical Conditions” identified in the Act, which are: cancer; HIV/AIDS; amyotrophic lateral sclerosis; Parkinson’s disease; multiple sclerosis; epilepsy; inflammatory bowel disease; damage to the nervous tissue of the spinal cord with objective neurological indication of intractable spasticity; neuropathies; Huntington’s disease; Crohn’s disease; post-traumatic stress disorder; intractable seizures; glaucoma; sickle cell anemia; severe chronic or intractable pain of neuropathic origin or severe or intractable pain in which conventional therapeutic intervention and opiate therapy is contraindicated or ineffective; and autism.

The Act also restricts the forms in which medical marijuana may be dispensed to patients and caregivers to pill, oil, topical cream/ointment, vaporization, nebulization, tincture or liquid, and it makes smoking and incorporating into edible form unlawful. Continue reading Pennsylvania Medical Marijuana Act: Key Components and Potential Risks