New SAMHSA Rule Allows Disclosure of Patient Substance Use for Payment, Healthcare Operations

By Lisa W. Clark and Erin M. Duffy

On January 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) finalized revisions to the Confidentiality of Substance Use Disorder Patient Records regulations, found in 42 CFR Part 2. The new final rule implements the changes proposed a year ago by SAMHSA in its supplemental notice of proposed rulemaking (SNPRM), which was issued alongside the first major changes to the federal regulations governing Part 2 covered data since 1987. After receiving public comment on the SNPRM, SAMHSA has finalized provisions relating to the disclosure of patient-identifying substance use information for payment and healthcare-related purposes and the disclosure of patient-identifying substance use information for the purposes of carrying out a Medicaid, Medicare or Children’s Health Insurance Program (CHIP) audit or evaluation. The new final rule also permits lawful holders to issue an abbreviated notice of the prohibition on redisclosure to accommodate electronic health record systems with standard character limitations on free text fields.

Read the full story on the Duane Morris LLP website.

Nursing Homes Ready For Emergency Preparedness Rules?

Neville M. Bilimoria
Neville M. Bilimoria

With all the regulatory changes facing nursing homes these days, it is no wonder most are behind in the world of compliance. It seems nursing homes are constantly berated with new regulations and more issues to deal with on a daily basis. The recent article in the May 22, 2017 edition of Modern Healthcare was, therefore, not a surprise: “Regulation: Nursing homes and hospice providers face looming emergency preparedness deadline.”

The article discusses the real November 15, 2017 deadline for nursing homes to comply with the emergency preparedness regulations promulgated by the Centers for Medicare & Medicaid Services (“CMS”) in September 2016. The article further discusses how most facilities are not close to complying by the November 15, 2017 deadline. The problem is that while nursing homes have historically had some emergency preparedness policies and procedures, the new CMS rules impose more robust policies, procedures, and mechanisms to be in place prior to November 15, 2017. That would require nursing homes to partner with local hospitals, police and fire departments to make sure their preparedness plans are up to date, robust, and systematically applied. The rules mandate, among other things, back-up generator contingencies, cybersecurity attack back up plans, and widespread training on a myriad of emergency preparedness policies and procedures that need to be developed by nursing homes. The rules even require disaster drills to be conducted by the nursing home in conjunction with local emergency response agencies.

Continue reading “Nursing Homes Ready For Emergency Preparedness Rules?”

FTC to Keep Healthcare and Pharmaceutical Sectors in Antitrust Crosshairs

While the Trump Administration’s antitrust policy is still developing, and most believe it will provide for less enforcement than antitrust policy under the Obama Administration, the Federal Trade Commission announced on Friday, March 31, that it has no intention of letting up on the healthcare and pharmaceutical sectors, where the FTC has been increasingly active over the past few years.  In 2016, the FTC challenged the mergers of hospitals/health systems in Illinois and Pennsylvania, and initiated actions to protect pharmaceutical price competition; early 2017 has been no different.

Thus, while the Trump Administration’s antitrust policy unfolds, and it may be less strict than the antitrust policy of the prior administration, healthcare and pharmaceutical industry participants should stay vigilant about antitrust compliance because the FTC intends to remain focused on competition in those sectors.

 

 

 

Cybersecurity and Emergency Preparedness for Long-Term Care

On January 13, 2017, the Centers for Medicare and Medicaid Services (“CMS”) sent a Memorandum (“Memo”) to State survey agency directors encouraging long-term care providers to “consider cybersecurity when developing or reviewing their emergency preparedness plans.” The Memo was a follow-up to the CMS long-term care emergency preparedness rule published in the Federal Register on September 16, 2016: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Under that final rule, long-term care facilities were held to additional standards, including requirements to have emergency and standby power systems in place. Nursing homes were also required to create plans regarding missing residents that could be activated regardless of whether the facility has activated its full-scale emergency plan. The rule was spurred on by recent flooding in Baton Rouge, Louisiana, and other emergency disasters, such as Hurricane Sandy and the 2009 H1N1 pandemic, according to CMS.

Whether State surveyors will actually enforce lack of cybersecurity plans for emergency preparedness as violations remains to be seen from this Memo. But certainly, a State survey agency could impose deficiencies for failure to have a proper cybersecurity plan and/or a proper cybersecurity back‑up plan as part of a facility’s emergency preparedness going forward. It is not clear why CMS decided to send this encouragement Memo three months after the Final Rule on emergency preparedness, but it likely has something to do with the fact that 2016 was a banner year for HIPAA privacy infractions and HIPAA enforcement by the Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance. In 2016, payouts for HIPAA violations skyrocketed to record heights of $23.51 million from OCR enforcers against health care providers. That number was triple the previous record of almost $7.94 million in payouts in 2014, followed by $6.19 million in payouts in 2015.

Continue reading “Cybersecurity and Emergency Preparedness for Long-Term Care”

Government Cracks Down On Nursing Home Use of Social Media

On August 5, 2016, the Centers for Medicare and Medicaid Services (CMS) published a Survey and Certification Memorandum (Notice) urging State health departments to enforce violations by nursing homes in posting patient images on social media. This development was interesting given that the Office for Civil Rights (OCR), the enforcer of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, presumably should already be cracking down on any such violations of resident rights as a violation of HIPAA. According to Modern Healthcare, increased instances of nursing home staff inappropriately posting resident pictures on social media may have sparked this pronouncement by CMS.

Specifically, CMS will more strictly enforce, through State agencies, corrective actions to ensure that employee postings of residents in a degrading manner do not occur in the nursing home setting. Interestingly, the Notice does not discuss nursing homes reporting such employee conduct to OCR, but does indicate that employees should report such postings on social media of residents as abuse “to at least one law enforcement agency.” Continue reading “Government Cracks Down On Nursing Home Use of Social Media”

Duane Morris Partner Patricia S. Hofstra to Speak on “Retail Clinics in Healthcare: Overcoming Complex Legal Challenges”

Duane Morris partner Patricia S. Hofstra will be speaking at the Strafford Live Webinar on “Retail Clinics in Healthcare: Overcoming Complex Legal Challenges” to be held on Thursday, March 10, 2016 from 1:00 p.m. to 2:30 p.m. (Eastern time).  The webinar  will address “Complying with Corporate Practice of Medicine, Licensure, and Scope of Practice Laws; Navigating Emerging Relationships with Physicians, Hospitals and Payers.”

For more information, please see the event page on the Duane Morris website.

Recent Trends In FCA Litigation Against Hospice Care Providers

The Office of Inspector General identified “reducing waste in . . . hospice care” as one of the “top management challenges” for the 2015 fiscal year.   The federal government’s efforts to respond to that challenge are illustrated by several recent developments in False Claims Act (“FCA“) cases brought against hospice care providers.  For example, the Robinson-Hill, Betts, and Gooch cases discussed herein underscore the attention given to hospice care providers and their alleged billing and personnel-related practices, and the high monetary settlements that can result from such attention.

Continue reading “Recent Trends In FCA Litigation Against Hospice Care Providers”

Duane Morris Partner Lisa Clark Featured in The Wharton Healthcare Quarterly

In the Spring 2015 edition of The Wharton Healthcare Quarterly, Duane Morris partner Lisa Clark’s article, “Affidavit: Healthcare and the Law – Healthcare Reform Update: What’s in a Name?,” discussed the innovations under the Affordable Care Act (ACA). One of the innovations was the Accountable Care Organization (ACO), where a new healthcare reimbursement system was introduced as an alternative to the tradition fee-for-service model. Over the years, the Accountable Care Organizations and other value-based models will be tested and hopefully, there will be buzz around this new model in the next year.

Consultants’ Communications Privileged from Discovery

In healthcare, companies often hire consultants to review billing and coding, privacy and security and a host of other technical issues that regular staff does not have the time or expertise to pursue.  A recent discovery ruling in federal court in the Eastern District of Pennsylvania holds that communications with such outside consultants are privileged from discovery if they are made for the purpose of assisting the company in securing legal advice or making legal decisions.

In Smith v. Unilife Corporation, a whistleblower brought an action under Sarbanes-Oxley and Dodd-Frank alleging shareholder fraud and failure to comply with certain FDA requirements.  The plaintiff sought discovery of two non-lawyer consultants regarding drafts of the company’s SEC Form 10-K filing.  The Court’s decision to deny the plaintiff’s motion to compel was based on the “functional equivalent” doctrine, a principle already adopted in the 8th, 9th and D.C. Circuits, but not yet in the 3rd Circuit.

Continue reading “Consultants’ Communications Privileged from Discovery”

Mayo Lawsuit Against Former Exec Raises Numerous Health Care and Business Litigation Issues

A recent settlement between Mayo Collaborative Services d/b/a Mayo Medical Laboratories (“MML”) and Mayo Clinic (together with MML,  “Mayo”) and a former Mayo executive, Dr. Franklin Cockerill, reveals the potential legal issues that may arise when health care executives seek new employment and the high stakes litigation that may ensue-regardless of which party may or may not be at fault.

As set forth in Mayo’s complaint, Dr. Cockerill was a former senior officer and director of MML and Chair of the Mayo Clinic Department of Laboratory Medicine and Pathology, where he managed several thousand medical professionals handling laboratory testing and intellectual property development for Mayo and MML.  According to Mayo’s complaint, as a result of Dr. Cockerill’s various positions he had first-hand knowledge of confidential strategic, business, marketing, sales, pricing, and data management information from MML and Mayo.  Eventually, Dr. Cockerill retired and obtained employment with a Mayo competitor.

Continue reading “Mayo Lawsuit Against Former Exec Raises Numerous Health Care and Business Litigation Issues”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress