There are several measures OCR/HHS has taken to lessen the regulatory burden of HIPAA for health care providers amidst COVID-19. Here is the latest breakdown of important pronouncements and guidance set forth by OCR/HHS to help providers deal with COVID-19 and HIPAA compliance:
While it is good for a skilled nursing facility to be on the ACO’s “A List” of skilled nursing home providers, skilled nursing facilities need to carefully review their contracts with ACOs to make sure they are not taken advantage of or subject to increased liability. For example, recently one skilled nursing facility relationship with its ACO was so strained that it fired its ACO due to problems with patient care. See Alex Spanko, “How One Skilled Nursing Operator Navigates The Occasional Single ‘Dictatorship’ of ACOs,” Skilled Nursing News, October 16, 2019. In some cases, there were reports that ACOs are placing too much pressure on skilled nursing facilities to discharge residents earlier than indicated, or forcing facilities to provide less care in order to reduce ACO costs, often times to the detriment of residents. Continue reading “Skilled Nursing Facilities, Beware of ACOs”
Neville M. Bilimoria
The suggestion of the need for federal regulation of assisted living came from GAO’s finding that more than $10 billion a year is spent from federal and state funds for assisted living services for more than 330,000 Medicaid beneficiaries. With demand for additional Medicaid assisted living funding, and the potential increase in demands of the senior population in the next 5 years, these numbers will continue to rise significantly as noted by the GAO: “Medicaid spending on long-term care is significant, representing about one quarter of Medicaid spending annually and is expected to grow with an aging population.” Continue reading “GAO Report: Assisted Living Providers & Federal Regulation”
In January 2018, The Office of the Auditor General for the State of Illinois published its Performance Audit (“Audit Report”) of Medicaid Managed Care Organizations (“Medicaid MCOs”) for Fiscal Year 2016. What was unleashed was a startling review of the Medicaid MCOs’ performance over FY 2016 in administering the Medicaid Program for what was then called the Integrated Care Program (“ICP”) or Medicare/Medicaid Alignment Initiative (“MMAI”) Programs. You may recall these ICP and MMAI Medicaid MCO programs in Illinois involved almost a dozen Medicaid MCOs that covered about 70% of the State of Illinois Medicaid recipients.
The Audit Report played into health care providers’ deepest fears in Illinois: showing that Medicaid Managed Care may not be working as it was intended; namely, to reduce costs and improve quality of care in the Medicaid Program in Illinois. For example, long term care providers in Illinois had to fight tooth and nail with Medicaid MCOs under the ICP and MMAI programs, experiencing cumbersome Medicaid contracts, denied claims, delayed claims, and worse yet, a prior authorization administration problem (administrative MCO delay) which in some instances prevented residents from receiving care timely. Most, but not all, of those issues are still being resolved, but providers had hoped that there was a good reason for this madness involving Medicaid MCOs: better and lower cost care for Medicaid beneficiaries. Continue reading “Illinois Posts Medicaid Managed Care Performance Report”
Neville M. Bilimoria
With all the regulatory changes facing nursing homes these days, it is no wonder most are behind in the world of compliance. It seems nursing homes are constantly berated with new regulations and more issues to deal with on a daily basis. The recent article in the May 22, 2017 edition of Modern Healthcare was, therefore, not a surprise: “Regulation: Nursing homes and hospice providers face looming emergency preparedness deadline.”
The article discusses the real November 15, 2017 deadline for nursing homes to comply with the emergency preparedness regulations promulgated by the Centers for Medicare & Medicaid Services (“CMS”) in September 2016. The article further discusses how most facilities are not close to complying by the November 15, 2017 deadline. The problem is that while nursing homes have historically had some emergency preparedness policies and procedures, the new CMS rules impose more robust policies, procedures, and mechanisms to be in place prior to November 15, 2017. That would require nursing homes to partner with local hospitals, police and fire departments to make sure their preparedness plans are up to date, robust, and systematically applied. The rules mandate, among other things, back-up generator contingencies, cybersecurity attack back up plans, and widespread training on a myriad of emergency preparedness policies and procedures that need to be developed by nursing homes. The rules even require disaster drills to be conducted by the nursing home in conjunction with local emergency response agencies.
On January 13, 2017, the Centers for Medicare and Medicaid Services (“CMS”) sent a Memorandum (“Memo”) to State survey agency directors encouraging long-term care providers to “consider cybersecurity when developing or reviewing their emergency preparedness plans.” The Memo was a follow-up to the CMS long-term care emergency preparedness rule published in the Federal Register on September 16, 2016: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Under that final rule, long-term care facilities were held to additional standards, including requirements to have emergency and standby power systems in place. Nursing homes were also required to create plans regarding missing residents that could be activated regardless of whether the facility has activated its full-scale emergency plan. The rule was spurred on by recent flooding in Baton Rouge, Louisiana, and other emergency disasters, such as Hurricane Sandy and the 2009 H1N1 pandemic, according to CMS.
Whether State surveyors will actually enforce lack of cybersecurity plans for emergency preparedness as violations remains to be seen from this Memo. But certainly, a State survey agency could impose deficiencies for failure to have a proper cybersecurity plan and/or a proper cybersecurity back‑up plan as part of a facility’s emergency preparedness going forward. It is not clear why CMS decided to send this encouragement Memo three months after the Final Rule on emergency preparedness, but it likely has something to do with the fact that 2016 was a banner year for HIPAA privacy infractions and HIPAA enforcement by the Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance. In 2016, payouts for HIPAA violations skyrocketed to record heights of $23.51 million from OCR enforcers against health care providers. That number was triple the previous record of almost $7.94 million in payouts in 2014, followed by $6.19 million in payouts in 2015.
On August 5, 2016, the Centers for Medicare and Medicaid Services (CMS) published a Survey and Certification Memorandum (Notice) urging State health departments to enforce violations by nursing homes in posting patient images on social media. This development was interesting given that the Office for Civil Rights (OCR), the enforcer of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, presumably should already be cracking down on any such violations of resident rights as a violation of HIPAA. According to Modern Healthcare, increased instances of nursing home staff inappropriately posting resident pictures on social media may have sparked this pronouncement by CMS.
Specifically, CMS will more strictly enforce, through State agencies, corrective actions to ensure that employee postings of residents in a degrading manner do not occur in the nursing home setting. Interestingly, the Notice does not discuss nursing homes reporting such employee conduct to OCR, but does indicate that employees should report such postings on social media of residents as abuse “to at least one law enforcement agency.” Continue reading “Government Cracks Down On Nursing Home Use of Social Media”
Recently, the American Hospital Association published in its newletter Trendwatch a detailed 16 page article entitled “The Role of Post-Acute Care in New Care Delivery Models,” December 2015. The article discusses what we have been trying to tell our post-acute care, especially nursing home clients, for years: become a valued partner of an Accountable Care Organization (“ACO”) and be ready to show your value to those ACOs, or continue to operate as you historically have at your own peril.
When ACOs first started, there was virtually no room or focus on long-term care providers being involved in an ACO. Some hospitals talked initially about home health care, but very little discussion was geared towards long-term care providers being in an ACO network because hospitals did not understand the long-term care environment. Continue reading “ACOs Waking Up to the Value of Post-Acute Care Providers”
Recently, the United States Department of Health and Human Services Office of Inspector General (“OIG”) published its Work Plan for fiscal year 2012 (“Work Plan”) and delineated focus points for nursing facilities and new enforcement in 2012. The Work Plan is not much different than previous work plans with the exception of increased areas of enforcement, as well as a few new areas to be looked at by OIG.
Expansion of CMS Never Events: They’re Not Just For Medicare Or Just For Hospitals Anymore
In 2005 when “Never Events” were proposed for hospitals through the Deficit Reduction Act, no one knew what the overall effect would be on hospitals or patient care. CMS later developed these and implemented these Never Events under the authority of the DRA to prevent Medicare payment to hospitals for certain “never events” or hospital acquired conditions (HACs) which were conditions that were high volume, involved higher payment, and which could be easily preventable. Now, hospitals and other health care providers have to worry about Never Events in the Medicaid space.