Post-Acute Care – Duane Morris Health Law

On January 13, 2017, the Centers for Medicare and Medicaid Services (“CMS”) sent a Memorandum (“Memo”) to State survey agency directors encouraging long-term care providers to “consider cybersecurity when developing or reviewing their emergency preparedness plans.” The Memo was a follow-up to the CMS long-term care emergency preparedness rule published in the Federal Register on September 16, 2016: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Under that final rule, long-term care facilities were held to additional standards, including requirements to have emergency and standby power systems in place. Nursing homes were also required to create plans regarding missing residents that could be activated regardless of whether the facility has activated its full-scale emergency plan. The rule was spurred on by recent flooding in Baton Rouge, Louisiana, and other emergency disasters, such as Hurricane Sandy and the 2009 H1N1 pandemic, according to CMS.

Whether State surveyors will actually enforce lack of cybersecurity plans for emergency preparedness as violations remains to be seen from this Memo. But certainly, a State survey agency could impose deficiencies for failure to have a proper cybersecurity plan and/or a proper cybersecurity back‑up plan as part of a facility’s emergency preparedness going forward. It is not clear why CMS decided to send this encouragement Memo three months after the Final Rule on emergency preparedness, but it likely has something to do with the fact that 2016 was a banner year for HIPAA privacy infractions and HIPAA enforcement by the Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance. In 2016, payouts for HIPAA violations skyrocketed to record heights of $23.51 million from OCR enforcers against health care providers. That number was triple the previous record of almost $7.94 million in payouts in 2014, followed by $6.19 million in payouts in 2015.

Continue reading “Cybersecurity and Emergency Preparedness for Long-Term Care”

Recently, the American Hospital Association published in its newletter Trendwatch a detailed 16 page article entitled “The Role of Post-Acute Care in New Care Delivery Models,” December 2015. The article discusses what we have been trying to tell our post-acute care, especially nursing home clients, for years: become a valued partner of an Accountable Care Organization (“ACO”) and be ready to show your value to those ACOs, or continue to operate as you historically have at your own peril.

When ACOs first started, there was virtually no room or focus on long-term care providers being involved in an ACO. Some hospitals talked initially about home health care, but very little discussion was geared towards long-term care providers being in an ACO network because hospitals did not understand the long-term care environment. Continue reading “ACOs Waking Up to the Value of Post-Acute Care Providers”