Not a week goes by without some mention of the opioid crisis and opioid litigation, including the recent settlement proposal by Purdue Pharma to pay $270 million to resolve a case pending with the State of Oklahoma. Purdue Pharma, the maker of OxyContin®, has had over 1,000 lawsuits filed against it by State and local governments alleging that it caused the opioid crisis. On April 5, 2019, the Illinois Attorney General filed a lawsuit against Purdue Pharma LP and Purdue Pharma Inc. over their alleged roles in the opioid crisis. According to the lawsuit, more than 2,000 Illinois residents died in 2017 alone due to opioid overdoses.
Drug Enforcement Administration (“DEA”) representatives recently advised State regulators that it is turning up the heat to aggressively crack down on a common practice among physicians or practitioners, nurses, and pharmacists who provide Schedule II controlled substances to residents of long-term care facilities (“LTCFs”). The practice involves the admission of a resident to a LTCF after hours and the administration of a Schedule II controlled substance without a valid prescription.
Often, due to the after-hours admission and without a valid prescription, the nurse removes the Schedule II controlled substance from the facility’s emergency box or narcotics box and administers it to the resident. Although convenient for the nurse administering the drug, this practice violates federal law and State law, and can result in any number of legal actions against the physician or practitioner, nurse, administrator, facility, or pharmacist by the DEA, Department of Justice, federal Office of Inspector General, State Department of Professional Regulation, State Medicaid department, and State Department of Public Health, among other federal and State agencies. All health care providers and practitioners should ensure that they are following the law when prescribing, dispensing, or administering controlled substances.
Recently, the Illinois Supreme Court considered the consequences of violating the Biometric Information Privacy Act (“Act”). The Act has been on the books for ten years, and during that time, the use of biometric data, such as finger prints, voice prints, or facial recognition, has grown by leaps and bounds. It is possible to unlock an iPhone merely by looking at it—using facial geometry.
As health care facilities move to biometric methods of identifying staff or clients, they will need to consider the ramifications of doing so. The Act requires entities that collect biometric data to first obtain informed consent, in writing, by the individual or their representative. In addition, the entity must have a policy and procedure for destroying the biometric data in accordance with the Act.
According to the Supreme Court, failure to abide by these procedures causes damage to the person whose biometric data was gathered. As a result, the entity can face liability in the amount of $1,000 to $5,000 per violation, or actual damages, plus attorneys’ fees. Considering the real risk of identity theft in this digital age, actual damages could easily exceed the statutory amounts.
The federal government cannot agree on whether to increase or decrease regulatory burdens on nursing facilities. Yesterday, the United States House Committee on Ways and Means and the Subcommittee on Health wrote to the Centers for Medicare and Medicaid Services urging further reduction of regulatory burdens on health systems, hospitals, and nursing homes. Tomorrow, the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations will hold a hearing examining federal efforts to ensure quality of care and resident safety in nursing homes.
The Ways and Means Committee’s letter noted that providers with post-acute care beds devote 8.1 full-time employees to compliance with regulatory requirements. Over half of those employees are clinical staff who could otherwise be caring for residents. The letter applauded recent efforts to reduce the regulatory burden and urged further reductions.
In contrast, the Committee on Energy and Commerce suggests that CMS isn’t doing enough to ensure quality care in the nation’s nursing homes. The Committee’s background report recites a number of news reports in which seniors died or were abused in nursing homes. Three witnesses have been invited to testify: Kate Goodrich, M.D., Chief Medical Officer of CMS; Ruth Ann Dorrill, Regional Inspector General, HHS OIG; and John Dicken, Director, Health Care GAO. Topics to be addressed include efforts made to ensure that nursing homes are meeting the federal regulatory standards and CMS’ oversight of state agencies that work with CMS to inspect nursing homes. The undertone of the Committee’s background report is that CMS needs to increase enforcement, including higher civil money penalties and exclusion from participation in federal health care programs.
It is hard to see how higher monetary penalties will improve quality care as it further reduces the resources available to care for residents.
On February 5, 2018, the Government Accountability Office, a nonpartisan investigative arm of Congress, found that there are huge gaps in regulation of assisted living facilities. The report, entitled “Medicaid Assisted Living Services: Improved Federal Oversight of Beneficiary Health and Welfare is Needed,” comes on the heels of years of discussion as to whether assisted living facilities are sufficiently regulated by individual states, or whether further federal oversight is warranted.
The suggestion of the need for federal regulation of assisted living came from GAO’s finding that more than $10 billion a year is spent from federal and state funds for assisted living services for more than 330,000 Medicaid beneficiaries. With demand for additional Medicaid assisted living funding, and the potential increase in demands of the senior population in the next 5 years, these numbers will continue to rise significantly as noted by the GAO: “Medicaid spending on long-term care is significant, representing about one quarter of Medicaid spending annually and is expected to grow with an aging population.” Continue reading GAO Report: Assisted Living Providers & Federal Regulation
In January 2018, The Office of the Auditor General for the State of Illinois published its Performance Audit (“Audit Report”) of Medicaid Managed Care Organizations (“Medicaid MCOs”) for Fiscal Year 2016. What was unleashed was a startling review of the Medicaid MCOs’ performance over FY 2016 in administering the Medicaid Program for what was then called the Integrated Care Program (“ICP”) or Medicare/Medicaid Alignment Initiative (“MMAI”) Programs. You may recall these ICP and MMAI Medicaid MCO programs in Illinois involved almost a dozen Medicaid MCOs that covered about 70% of the State of Illinois Medicaid recipients.
The Audit Report played into health care providers’ deepest fears in Illinois: showing that Medicaid Managed Care may not be working as it was intended; namely, to reduce costs and improve quality of care in the Medicaid Program in Illinois. For example, long term care providers in Illinois had to fight tooth and nail with Medicaid MCOs under the ICP and MMAI programs, experiencing cumbersome Medicaid contracts, denied claims, delayed claims, and worse yet, a prior authorization administration problem (administrative MCO delay) which in some instances prevented residents from receiving care timely. Most, but not all, of those issues are still being resolved, but providers had hoped that there was a good reason for this madness involving Medicaid MCOs: better and lower cost care for Medicaid beneficiaries. Continue reading Illinois Posts Medicaid Managed Care Performance Report
Neville M. Bilimoria
With all the regulatory changes facing nursing homes these days, it is no wonder most are behind in the world of compliance. It seems nursing homes are constantly berated with new regulations and more issues to deal with on a daily basis. The recent article in the May 22, 2017 edition of Modern Healthcare was, therefore, not a surprise: “Regulation: Nursing homes and hospice providers face looming emergency preparedness deadline.”
The article discusses the real November 15, 2017 deadline for nursing homes to comply with the emergency preparedness regulations promulgated by the Centers for Medicare & Medicaid Services (“CMS”) in September 2016. The article further discusses how most facilities are not close to complying by the November 15, 2017 deadline. The problem is that while nursing homes have historically had some emergency preparedness policies and procedures, the new CMS rules impose more robust policies, procedures, and mechanisms to be in place prior to November 15, 2017. That would require nursing homes to partner with local hospitals, police and fire departments to make sure their preparedness plans are up to date, robust, and systematically applied. The rules mandate, among other things, back-up generator contingencies, cybersecurity attack back up plans, and widespread training on a myriad of emergency preparedness policies and procedures that need to be developed by nursing homes. The rules even require disaster drills to be conducted by the nursing home in conjunction with local emergency response agencies.
Continue reading Nursing Homes Ready For Emergency Preparedness Rules?
On January 13, 2017, the Centers for Medicare and Medicaid Services (“CMS”) sent a Memorandum (“Memo”) to State survey agency directors encouraging long-term care providers to “consider cybersecurity when developing or reviewing their emergency preparedness plans.” The Memo was a follow-up to the CMS long-term care emergency preparedness rule published in the Federal Register on September 16, 2016: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Under that final rule, long-term care facilities were held to additional standards, including requirements to have emergency and standby power systems in place. Nursing homes were also required to create plans regarding missing residents that could be activated regardless of whether the facility has activated its full-scale emergency plan. The rule was spurred on by recent flooding in Baton Rouge, Louisiana, and other emergency disasters, such as Hurricane Sandy and the 2009 H1N1 pandemic, according to CMS.
Whether State surveyors will actually enforce lack of cybersecurity plans for emergency preparedness as violations remains to be seen from this Memo. But certainly, a State survey agency could impose deficiencies for failure to have a proper cybersecurity plan and/or a proper cybersecurity back‑up plan as part of a facility’s emergency preparedness going forward. It is not clear why CMS decided to send this encouragement Memo three months after the Final Rule on emergency preparedness, but it likely has something to do with the fact that 2016 was a banner year for HIPAA privacy infractions and HIPAA enforcement by the Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance. In 2016, payouts for HIPAA violations skyrocketed to record heights of $23.51 million from OCR enforcers against health care providers. That number was triple the previous record of almost $7.94 million in payouts in 2014, followed by $6.19 million in payouts in 2015.
Continue reading Cybersecurity and Emergency Preparedness for Long-Term Care
On August 5, 2016, the Centers for Medicare and Medicaid Services (CMS) published a Survey and Certification Memorandum (Notice) urging State health departments to enforce violations by nursing homes in posting patient images on social media. This development was interesting given that the Office for Civil Rights (OCR), the enforcer of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, presumably should already be cracking down on any such violations of resident rights as a violation of HIPAA. According to Modern Healthcare, increased instances of nursing home staff inappropriately posting resident pictures on social media may have sparked this pronouncement by CMS.
Specifically, CMS will more strictly enforce, through State agencies, corrective actions to ensure that employee postings of residents in a degrading manner do not occur in the nursing home setting. Interestingly, the Notice does not discuss nursing homes reporting such employee conduct to OCR, but does indicate that employees should report such postings on social media of residents as abuse “to at least one law enforcement agency.” Continue reading Government Cracks Down On Nursing Home Use of Social Media
Recently, the American Hospital Association published in its newletter Trendwatch a detailed 16 page article entitled “The Role of Post-Acute Care in New Care Delivery Models,” December 2015. The article discusses what we have been trying to tell our post-acute care, especially nursing home clients, for years: become a valued partner of an Accountable Care Organization (“ACO”) and be ready to show your value to those ACOs, or continue to operate as you historically have at your own peril.
When ACOs first started, there was virtually no room or focus on long-term care providers being involved in an ACO. Some hospitals talked initially about home health care, but very little discussion was geared towards long-term care providers being in an ACO network because hospitals did not understand the long-term care environment. Continue reading ACOs Waking Up to the Value of Post-Acute Care Providers
In a settlement with the US DOJ in U.S. ex rel. Halpin and Fahey v. Kindred Healthcare Inc. et al., 1:11-cv-12139, Kindred Healthcare, Inc., a skilled nursing and long-term care company, has agreed to pay the federal government more than $125 million for alleged False Claims Act violations by a therapy services company, RehabCare Group, Inc., acquired by Kindred in June, 2011.
RehabCare contracts with more than 1,000 skilled nursing facilities across the country, and, along with Kindred, is alleged to have caused those facilities to submit Medicare claims for services at the highest reimbursement levels that were not actually provided, or not necessary. Two whistleblowers stand to receive almost $24 million from the settlement.
While all providers need to have strong compliance, this is a reminder that larger providers, whose operations span multiple offices, cities and states, need to be especially vigilant and install strong company-wide compliance programs.