"Meaningful" Errors Require Hospital System to Refund $31M


In what is reported to be the largest repayment to date involving "meaningful use" incentive payments, Naples, Florida-based Health Management Associates, Inc. ("HMA"), with 71 inpatient facilities in 15 states, including Florida, recently voluntarily notified the Centers for Medicare and Medicaid Services ("CMS") that it erroneously certified its electronic health record ("EHR") technology in the amount of $31 million dollars. Upon promptly reporting the error, HMA repaid the overpayment to CMS, and it is still in the process of repaying appropriate state agencies.

According to a recent SEC filing, after an internal review, HMA determined that it "had made an error in applying the requirements for certifying its EHR technology" and, as a result, 11 of its hospitals did not, in fact, meet the criteria to qualify for the incentive payments they received between July 2011 and June 2013. Additionally, on October 30, 2013, HMA withdrew the 11 hospitals from the incentive program, although it plans to re-enroll them later and perhaps recoup some of the $31 million.

Because of this payment to CMS, HMA concluded that its financial results for the fiscal year ended December 31, 2012 as well as the fiscal quarters ended March 31, 2013 and June 30, 2013, and reports generated during this period by HMA's independent registered accounting firm should not be relied upon.

The Office of Inspector General for the Department of Health and Human Services previously announced plans to audit providers who received incentive payments to adopt EHR technology. Providers that participate in these programs have reported receiving audit notices requesting, among other things, screen shots taken at the time of the provider’s attestation of compliance. Providers who fail to provide the requested documentation run the risk of receiving a demand that all monies be immediately repaid. Given the increased government scrutiny, recipients of EHR incentive payments should conduct their own internal audits, as HMA did.

While HMA's discovery of its erroneous certifications may amount to the largest identified overpayment of "meaningful use" funds since the inception of the program, it surely will not be the last. A provider that discovers that it may have received "meaningful use" funds based on erroneous certifications should immediately seek guidance from counsel experienced in the program to discuss the appropriate course of action.

Health Flexible Spending Accounts – Modification of "Use It or Lose It" Rule


Many employers offer health flexible spending account arrangements ("Health FSAs") through cafeteria plans to their employees.  Historically, Health FSAs have been subject to a "use it or lose it" requirement, meaning that any unused amounts in a Health FSA at the conclusion of a plan year or at the conclusion of a grace period (if any) must be forfeited by the employee.

The "use it or lose it" rule remains in force, but has been modified by guidance issued by the Internal Revenue Service ("IRS") on October 31, 2013.   Through IRS Notice 2013-71, the IRS permits plan sponsors to allow up to $500 of unused participant account balances to be carried forward to reimburse the participant for the next following plan year's eligible medical expenses. Internal Revenue Code Section 125 cafeteria plans can offer this new feature as early as the 2013 plan year.

In general, this Notice is viewed within the employee benefits community as a positive development.  After all, employees routinely cite the "use it or lose it" forfeiture threat as one of the largest barriers to Health FSA participation.  Any relaxation of that rule would seemingly be well received by employer and employee populations, and could increase the number of employees receiving the tax advantages afforded by Health FSAs. 

That said, there are a few obvious traps for the unwary, and careful planning by employers is necessary prior to embracing this carryover feature:

  • Amendments Required.  Cafeteria plan documents must be amended to permit this change.  In general, the amendment must be adopted by the last day of the plan year from which amounts can be carried over.  For example, a calendar-year employer wishing to allow its Health FSA participants to carry forward $500 of any remaining 2014 Health FSA balances into 2015 must amend its cafeteria plan by December 31, 2014.

  •  Impossible to Offer with Grace Period.  Prior IRS guidance had permitted Health FSAs to elect to provide for a 2 ½ month "grace period" after the end of the plan year, during which additional eligible expenses could be reimbursed from the previous year's contributions.  A Health FSA  may now have EITHER a grace period OR a carryover feature, but not both.

  • Interaction with Consumer-Driven Health Care. Special care must be exercised by employers separately offering high deductible health plans with health savings accounts (HSAs).  While not addressed in the recent IRS Notice, it is expected that existing IRS rules regarding HSA contributions will apply to this new carryover feature.  Under these rules, individuals could find themselves ineligible to make HSA contributions simply by being eligible to access Health FSA carryover funds from the previous year.



PODs Continue to Attract Scrutiny from OIG and Congress


In the wake of a recent U.S. Department of Health and Human Services Office of Inspector General ("OIG") investigation, physicians with ownership interests in medical device distributorships and hospitals should prepare for an uptick in the scrutiny of physician-owned distributorships ("PODs"). The OIG investigation generated a report, Physician-Owned Distributors of Spinal Devices: Overview of Prevalence and Utilization and follows the Special Fraud Alert on Physician-Owned Entities that OIG issued in March 2013.

For some time, OIG and Congress have expressed concern that PODs not only present a substantial fraud and abuse risk, but they also pose dangers to patient safety. The recent report found that:

  • Devices supplied by PODs were used in 19% of the spinal fusion surgeries billed to Medicare in fiscal year 2011.
  • In spinal fusion surgeries that used POD devices, surgeons implanted fewer devices, but the surgeries did not have lower per-device costs than surgeries using non-POD devices.
  • Over 1/3 of hospitals participating in the report sample purchased spinal devices from PODs.
  • When hospitals began buying devices from PODs, their rates of spinal surgery grew faster than the rate for hospitals overall. The report did not review whether the surgeries were medically necessary.
  • Few hospitals in the sample required physicians to disclose their ownership in device companies, such as PODs, to their patients. Some did not even require physicians to disclose their ownership to the hospital.

OIG said its findings "raise questions about PODs' claims that their devices cost less than those of other suppliers." According to OIG, hospitals' inconsistent requirements regarding physician disclosure of ownership in PODs reduces the ability of hospitals to identify potential conflicts of interest among providers. OIG noted that the Physician Payments Sunshine Act may improve the ability of hospitals and patients to identify physicians' investments in device companies, because the Act will require most PODs to report to CMS all physician ownership and investment interests, and those organizations and payments to physicians will be listed on a publicly available Web site.

Following release of the report, a group of senators issued a press release in which they questioned whether patients are undergoing surgeries based on medical need or because of the financial incentives for physicians. The senators suggested that "as a start" hospitals examine "whether their physicians are participating in and benefitting from these arrangements and what that means for patients."

Hospitals should heed the senators' "suggestion," and physicians should be prepared for greater transparency regarding their investments in PODs. Additionally, in anticipation of future scrutiny, hospitals and physicians should review their documentation procedures to ensure that all elements of medical necessity for spinal fusion procedures are routinely and timely charted. While much is changing in healthcare, the focus on PODs will continue.

Tags: , , ,

Hospitals & Medical Staff Take Notice: HCQIA Immunity is Not Given, it's Earned.


The Healthcare Quality Improvement Act of 1986 ("HCQIA") is a federal law enacted to establish a national tracking system of healthcare practitioners with a history of medical malpractice payments or adverse actions. A significant provision of the law provides immunity from civil money damages for those who participate in hospital peer review process, including members of the medical staff.  In June 2013, the Louisiana Supreme Court, determined that a hospital was not eligible for HCQIA immunity, and therefore subject to damages, because it failed to provide adequate due process during a peer review activity and failed to follow its medical staff bylaws.

The situation is a familiar one: a surgeon, an adverse event, a heated exchange of blame between the surgeon and the nursing staff, and a hospital too eager to see the surgeon go.

The essential facts are equally familiar: a patient was injured, the treating surgeon was temporarily suspended (without fair notice or fair hearing) and ordered to attend anger management courses.  When the surgeon did not attend the courses, his medical staff privileges were terminated and he was not afforded a post-suspension/termination hearing (as provided for in the medical staff bylaws).

The case, Granger v. CHRISTUS Health Central Louisiana d/b/a CHRISTUS St. Francis Cabrini has national significance for two reasons.

First, the case comprehensively examines the federal HCQIA immunity provisions and essentially determines that any adverse credentialing result qualifies as a Professional Review Action versus a mere Professional Review Activity. The distinction is important because Professional Review Actions must meet federal requirements to qualify for HCQIA immunity

Second, Granger further shifts the balance of case law in favor of the proposition that medical staff bylaws are a contract; the position embraced by Florida courts for more than thirty years.

Accordingly, all hospitals and their medical staffs are on notice that failure to: (1) provide adequate due process; and (2) comply with the hospital's medical staff bylaws during the peer review process, can limit HCQIA immunity and expose the hospital to a significant adverse judgment.

Tags: , ,

Can Employer Who Has Granted Employee's FMLA Request Dispute Employee's FMLA Eligibility?


An employee sends an email to her manager requesting FMLA leave to care for her father "while he deals with issues surrounding his terminally ill brother."  The supervisor writes back, "Approved," and the employee takes leave.  Neither the FMLA nor the employer's FMLA policy allows leave to care for a terminally ill uncle.  Based on the employee's absence, the employer rescinds a temporary promotion the employee had received.  The employee sues the employer for FMLA retaliation.  Can the employer argue in defense that the employee was ineligible for FMLA leave?  That was the issue presented in a recent case decided by the Eleventh Circuit Court of Appeals, Dawkins v. Fulton County Government, Case No. 12-11951 (11th Cir., September 30, 2013).  

Equitable estoppel is a doctrine that prevents a party in litigation from asserting a claim or fact that is inconsistent with a position that the party has previously taken, if the other party has reasonably relied on that position.  In Dawkins, the employee argued that in light of her supervisor’s approval of her FMLA leave request, her employer should have been prevented from disputing her FMLA eligibility.  That argument raised two questions:  Does the Eleventh Circuit recognize equitable estoppel to extend FMLA coverage?  And assuming it does, did the employee’s equitable estoppel argument have merit?

Unfortunately, the court decided the second question only.  The court held that the employee did not reasonably rely on her supervisor’s approval of her FMLA request.  The court noted that the employee had previously taken FMLA leave and knew that completing FMLA paperwork was required for the employer to determine FMLA eligibility.  So, any reliance on the supervisor’s email approval was not reasonable. Additionally, before receiving the supervisor’s approval, the employee asked for her FMLA paperwork to be sent to her uncle’s address in Florida. This showed that the employee was intent on taking leave regardless of her FMLA eligibility and that she did not actually rely on her supervisor’s approval.

The court declined to decide whether equitable estoppel can ever be used to extend FMLA coverage. The court stated: "The relief Dawkins requests would require this court to create a new federal common law equitable estoppel applicable to the FMLA.  The times when we should create new federal common law are few and restricted."  But in a dissenting opinion, Judge Wilson noted that every other circuit to have considered the issue has decided that equitable estoppel can apply in FMLA cases. So it remains to be seen how the Eleventh Circuit will resolve this issue.

For employers, the Dawkins case should serve as a reminder about the importance of carefully considering FMLA leave requests.  While employers should not deny legitimate FMLA requests made by eligible employees, employers should be hesitant to grant FMLA leave requests made by ineligible employees. Under the right set of facts, an ineligible employee might be able to persuade a court that the employer's actions prevent the employer from disputing his FMLA eligibility – even if his leave was to care for his sick uncle.


Healthcare: It's Complicated


A popular 2009 movie, called "It's Complicated," was about relationships. The title of that movie also applies to solving the problem of providing affordable healthcare in the United States. It's complicated.

A recent article in The Wall Street Journal criticized the Affordable Care Act (a/k/a ObamaCare) as being too complicated. According to the WSJ, "the fundamental flaw is the law's mind-numbing complexity… ObamaCare is a highly complicated approach to addressing problems in health care that have simpler solutions."

There is no doubt the Affordable Care Act is an enormously complex piece of legislation. On October 1, 2013, when the public was first able to access the much-anticipated insurance exchanges to search for affordable health insurance, the software glitches which made it difficult, if not impossible, to compare policies and shop for insurance were almost certainly consequences of a highly complex system. A universe with hundreds, if not thousands of different insurors, health plans, and payment schemes, regulated by a patchwork of state insurance agencies, is unavoidably and extraordinarily complex. There is a great deal of truth to the WSJ's criticism, and its call for a "simpler approach."

On the other hand, solutions that appear to be simple are often not so simple after all. How about a single payor, to replace the mosaic of insurance companies and plans? Such an arrangement is simply not a politically realistic alternative. How about controlling health care costs by rationing care? The predicted response: perhaps in some totalitarian state, but never in the U.S. How about requiring doctors and hospitals to post the prices of all health care services and letting the market control costs (as suggested in the WSJ article)? A good start, but surely not a comprehensive answer to controlling costs and providing broader access to healthcare. Unfortunately, the solutions to complex problems are themselves often complex.

The Affordable Care Act has its defenders and its critics, and we will not know for some time whether it "works" or not, and who will be the winners and the losers. Yes, it is a complicated statute, but it is too early to tell whether such complexity is an avoidable problem with the current law, or whether it is a necessary response to a complex problem.


Audit Log Discovery as a Feature of the Electronic Medical Record


The increased use of electronic medical records ("EMR") is changing not only the way physicians practice medicine but also the way discovery is conducted in medical malpractice lawsuits.  Plaintiffs' attorneys seek to discover not only the contents of the medical records created by defendant healthcare providers, but also seek audit logs and access reports which are related to the EMR. 

I. Plaintiff attorneys have the capability to manipulate, organize and sort the raw data to generate chronologies supportive of their theory of the case

Persons responding to discovery requests should understand the objectives of the plaintiff attorneys who make such requests.  Plaintiff attorneys see the Audit Log as a supplement to the printed medical record which may contain vital clues to support their theories.  Plaintiff attorneys have become knowledgeable about how various EMR systems operate and use that information to study records produced in discovery and to prepare for depositions. Plaintiff attorneys seek to obtain raw data in a format that can be manipulated to support theories of  provider negligence. 

II. What does the Audit Log data prove

EMRs are required by federal regulations to contain an audit log.  The audit log must track information about who accessed the record, when the record was accessed, and some basic indications about what was done.  Different vendors have different reporting features.  The data is primarily used for HIPAA security compliance, but could be discoverable in litigation.  Use of the Audit Log and Access Report data includes the capability of detecting who accessed the EMR for any length of time, regardless of whether a corresponding entry was made in the record.  A physician who viewed a medical record may now be identified, and even become subject to deposition, when no record was created by the physician.

Additionally, Audit Log information is used to track when a physician viewed certain test results, such as lab reports or radiology studies.  Plaintiff attorneys seek to determine if there was appropriate follow-up action after the provider obtained certain clinical information.  If, for example, plaintiff contends there was a failure to timely follow-up on a worrisome lab result, the underlying data generated by the EMR can be used to support such a claim.

III. Audit Log: privacy versus litigation uses   

Defense attorneys involved in discovery disputes in malpractice cases will argue that Audit Logs are required by law in order to monitor privacy violations, and not for use as a forensic weapon in litigation.  Most judges are not familiar with the inner workings of various EMR systems, as the technology is still evolving.  Providing the courts with memoranda of law pointing out the essential statutory requirements of Audit Logs, such as (1) who accessed a patient's record, (2) when the user accessed the record, and (3) some basic information about what was done, can be helpful in the attempt to keep the Audit Log discovery within reasonable bounds.  (See, 42 C.F.R., §495.6(d)(15)(i) (2010); 45 C.F.R. §164.308(a)(1) (2012); 45 C.F.R. §170.210(b), as adopted in 2010.) 
IV. Providers should anticipate Audit Log discovery requests early on, even before litigation   

The use of "preservation letters" (a letter requiring maintenance of all the EMR data) is becoming more prevalent in malpractice cases.  Such a letter may be the provider's first notification that a lawsuit is being contemplated.  As soon as a provider receives any notification that the provider may be the object of a malpractice suit, it should immediately notify its insurance carrier, and upon designation of defense counsel, the provider should comply with counsel's instructions regarding preservation of records, limiting further access to the records, and running an Audit Log report showing access to date.

The increased use of electronic medical records will make the discovery process more complex for all parties involved.

Protests of the Medicaid Managed Assistance ITN Recommended Awards


Pursuant to Section 409.966, Florida Statutes, traditional Medicaid services are to be provided to Florida recipients through a limited number of Managed Care Organizations ("MCOs") in the 11 Regions of the state.  The Agency released Invitations to Negotiate ("ITNs)" for each of the Regions inviting MCOs to submit proposals to provide coverage to Medicaid recipients in that Region.  The proposals were submitted and evaluated, and on September 27, the Florida Agency for Health Care Administration ("AHCA") released the list of recommended awards to MCOs in the 11 Regions.

Section 409.966 limits the number of MCOs that can operate in each Region, and therefore many MCOs were not awarded Regions for which they had submitted proposals.  MCOs had to submit notice of intent to challenge within 72 hours of the award; with their formal protest filed by close of business October 7  However, several of the MCOs that submitted notices of intent to protest did not submit formal protests.  The following MCOs met the filing deadline and have filed formal protests for the regions indicated:

•    Molina Healthcare of Florida, Inc.
     [Regions  1,4,5,6,7, 9,10,11]

•    First Coast Advantage, LLC – PSN.
     [Region 3]

•    Wellcare of Florida, Inc. d/b/a /Staywell Health Plan of Florida.
      [Regions 4, 9, 10]

•    South Florida Community Care Network– PSN.
     [Region 10]

•    Care Access PSN, LLC – PSN.
     [Region 11]

•    Integral Health Plan, Inc. d/b/a Integral Quality Care – PSN.
     [Region 1]

•    Prestige Health Choice, LLC – PSN.
     [Region 8]

•    Simply Healthcare Plans, Inc.
     [Regions 5, 11]

•    Coventry Health Care of Florida, Inc.
     [Regions 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]

AHCA is currently evaluating the protests filed for legal sufficiency and appropriate further action.  The MCOs whose protests are deemed legally sufficient will have an opportunity in the next seven days to meet with the Agency and resolve the protest(s) by mutual agreement (we believe, but have not been able to confirm, that some MCOs have already begun meeting with AHCA).  If unresolvable, the Agency will refer the protest(s) to the Division of Administrative Hearings for an administrative hearing before an administrative law judge. 

Akerman is pleased to be able to offer this timely update and stands willing to discuss the matter further should you need additional information.

Florida's New Med-Mal Law is Pre-empted by HIPAA and is Voided by Federal Judge


A new part of Florida's medical malpractice law has been voided by a federal judge on the grounds that it is pre-empted by HIPAA.

The law, passed during the 2013 legislative session and effective only on July 1 2013, requires, as a pre-condition to filing a malpractice claim, an aggrieved patient to sign an authorization that allows the potential defendant physician, the defendant's counsel, and the defendant's insurer to speak with the patient's treating physicians without notice or the presence of the patient or patient's counsel. Judge Robert L. Hinkle (Northern District of Florida) noted that HIPAA requires such third party interviews or information to be obtained only with the patient's proper authorization, or a court or administrative order issued after an opportunity to be heard on the propriety of the disclosures. The authorization obtained under Florida's law to allow such ex parte interviews is not a proper authorization as contemplated by HIPAA, but, rather, only "mandated compliance with state law," according to Judge Hinkle. "The authorization is a charade; the only entity granting authority, in any meaningful sense, is the state itself, not the patient," according to Judge Hinkle's ruling.

The Judge further commented that, although proponents of the law may be correct in their position that the law provides important benefits, it was not his job to evaluate the competing policy arguments. His task was simply to follow the federal rules. In this case, federal law trumped Florida' statute because Florida's law weakened protections provided under HIPAA. 

Plaintiff's attorneys were not surprised by the ruling as they claimed "there was no way to reconcile the Florida statute with HIPAA's very straightforward requirements that put control over private health information in the hands of the patient absent a court order where there was an opportunity to object." The Florida Medical Association, which lobbied in favor of adoption of the Florida statute, vowed to appeal the decision. The defendant, Dr. Adolfo C. Dulay did just that on Monday, September 30th when an appeal was filed with the Eleventh Circuit Court of Appeals.

Tags: , ,

Minimum Wage and Overtime Pay Extended to Certain Direct Home Care Workers


Home health care workers and companions employed by agencies will no longer be exempt under federal overtime laws beginning in January 2015. As a result of the Department of Labor's adoption on September 17, 2013 of a Final Rule revising its regulations to eliminate the Fair Labor Standards Act (FLSA) exemption for agency-employed direct care workers, home health agencies will be exposed to significant new wage and hour liability.

On September 17, 2013, the U.S. Department of Labor's Wage and Hour Division announced a final rule extending the FLSA's minimum wage and overtime protections to cover certain direct care workers such as certified nursing assistants, home health aides, personal care aides, caregivers and other companions who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities. The new rule will take effect January 1, 2015.

Since 1974, the FLSA has covered workers who perform a "domestic service" – i.e., services of a household nature performed by a worker in or about a private home, whether permanent or temporary. This term includes services performed by companions, babysitters, cooks, waiters, maids, housekeepers, nannies, nurses, janitors, caretakers, handymen, gardeners, home health aides, personal care aides, and family chauffeurs, among others. However, the FLSA also provides for a Companionship Services Exemption, exempting certain domestic service workers from minimum wage and overtime protection including, but not limited to, casual babysitters and domestic service workers employed to provide "companionship services" for an elderly person or a person with an illness, injury, or disability if they meet certain regulatory requirements described below.

The amended regulations narrow the Companionship Services Exemption in two ways. First, they narrow the definition of "companionship services". Second, they provide that the exemption may only be claimed by the individual, family, or household using the services.

Under the revised regulations, the term "companionship services" means the provision of "fellowship" and "protection" for an elderly person or a person with an illness, injury, or disability who requires assistance in caring for himself or herself. "Companionship services" also include the provision of care, such as assisting a person with activities of daily living, provided that that such care requires no more than 20 percent of the employee's time worked for the person during the workweek. "Companionship services" do not include the performance of medically related services or household work not performed primarily for the elderly person or person with an illness, injury or disability who requires assistance, or household services. Also, under the revised regulations, the Companionship Services Exemption is only available to the individual, family, or household solely or jointly employing the worker, and only if the companionship services duties test is met. Third party employers of direct care workers, such as home care staffing agencies, are not permitted to claim this exemption, even when the employee performs companionship services and is jointly employed by the third party employer and the individual, family, or household using the services. As such, third party employers must pay their workers the Federal minimum wage for all hours worked and overtime pay at time and one-half of the regular rate of pay for all hours worked over 40 in a workweek.



Failure to Comply with Physician Supervision Requirements Can Be Costly


The Department of Justice recently announced two large settlement agreements with provider organizations and individual physicians based on failure to provide proper physician  supervision for diagnostic imaging and radiation therapy procedures.

In the first settlement, announced on August 27, 2013, Imagimed, LLC, a New York based diagnostic testing company, and certain individuals formerly associated with the company agreed to pay the government $3.57 million to settle charges that, between 2001 and 2008, the company submitted false claims for MRI scans to Medicare, Medicaid and Tricare. 

Federal regulations require that MRI procedures involving contrast injections must be directly supervised by a qualified physician, so that care is immediately available in the event the patient experiences anaphylactic shock or other adverse side effects.  Imagimed failed to provide the appropriate physician supervision for MRI scans with contrast.

Less than three weeks later, on September 13, 2013, the Justice Department announced a similar settlement with a number of northwest Florida providers and physicians -- Gulf Region Radiation Oncology Centers, Inc., Gulf Region Radiation Oncology MSO, LLC, Sacred Heart Health System, Inc., West Florida Medical Center Clinic, P.A., Emerald Coast Radiation Oncology Center LLC, and two individual physicians.  The parties agreed to pay $3.5 million to the federal government and the state of Florida to settle charges that they billed for radiation oncology services that were not properly supervised by a physician.  The government had strong evidence to support its case:  records indicated that between 2007 and 2011, when the improper billing occurred, the physicians were often away on vacation or were working at another facility at times they were supposed to be on-site supervising radiation oncology services.

These two settlements are examples of how important it is to comply with applicable federal requirements governing supervision of diagnostic imaging, radiation oncology, and other procedures, and how costly failure to comply with such requirements can be.

These settlements provide a sharp contrast to a court decision issued earlier this year, in which a federal appeals court reversed an $11.1 million verdict obtained by the Department of Justice against a provider of imaging services based on failure to provide proper physician supervision.  See, U.S. ex rel Hobbs v. Medquest Associates, Inc. (6th Dist., April 1, 2013).  The court held that the supervision regulations which Medquest violated were conditions of participation in the Medicare program, not conditions of payment, and thus did not warrant the remedy of recoupment under the False Claims Act, but, rather, were addressable by administrative sanctions, including expulsion from the Medicare program.  (This case was discussed in a Health Law Rx Blog posted April 9, 2013).


FDA Launches Medical Device ID Requirement


On September 24, 2013, the Food and Drug Administration (FDA) finalized a new rule requiring medical devices to bear special ID numbers. The numbers, called Unique Device Identifiers or UDIs, will identify the manufacturer, the specific model of a device, and other information such as batch or lot codes, serial numbers, and expiration dates. The UDIs are intended to improve accuracy of adverse event reports, reduce medical errors by more precisely identifying devices, and make product recalls more effective. The FDA will also use the UDIs to create a centralized database in which consumers can look up information about specific devices.

For medical device manufacturers, this means new labeling requirements. Manufacturers have differing deadlines to comply depending on the type of device they market.  Manufacturers of class III (high risk) devices must apply UDIs to their product labels within 1 year of the new rule (by September 24, 2014). Class II medical devices must comply within 3 years (by September 24, 2016), and Class I devices must comply within 5 years (by September 24, 2018).  

However, many products are exempt from the UDI requirement, including:

  • Devices already manufactured and labeled on the compliance date for that class of device;
  • Individual, single-use, non-implantable devices not intended for individual sale;
  • Devices solely for research or teaching;
  • Investigational devices;
  • Veterinary devices; and
  • Devices intended for export from the U.S.

In addition to marking the labels of products, devices that are intended for multiple use and are reprocessed between uses must bear the UDI as a permanent marking on the device itself, although different deadlines apply than those for marking labels. See the chart here for reference. Manufacturers should read the new rule, determine their deadline for compliance, and formulate a plan to ensure their products comply.

Tags: , ,

Meaningful Use Attestation Deadline Approaching: What You Need To Know


As the end of the federal fiscal year rapidly approaches, so does the attestation deadline for hospitals participating in the Medicare Electronic Health Record (EHR) Incentive Program.

Each year, hospitals are required to show that they are “meaningfully using” their EHRs in order to receive their incentive payment and avoid any adjustment. They demonstrate such meaningful use by meeting certain objectives established by CMS. The attestation deadline for hospitals participating in the Medicare EHR incentive program is November 30, 2013.

For hospitals reporting on their first year of participation, the performance period is 90 days, while hospitals in their second or third year of participation are required to report using a full fiscal year of data. In order to benefit fully from the EHR incentive program, hospitals paid under the inpatient prospective payment system must attest to meaningful use by fiscal year 2013.

Participants in Medicare and Medicaid’s EHR incentive programs have been under increasing scrutiny as auditors are now seeking documentation to substantiate compliance with program requirements at the time of attestation. As previously reported, some providers that have been unable to produce screen shots to document their compliance have been asked to return incentive payments.

In today’s heighted enforcement environment, all providers, including hospitals and physicians, should maintain detailed records relating to their implementation and meaningful use of EHR technology. These records should include screen shots on the date of attestation that demonstrate compliance, so that this information is readily available in the event of a future audit. Hospitals that are not able to document compliance risk losing all or a portion of their EHR incentive payments.

Tags: ,

HHS Makes Good on Its Promise: Releases HIPAA Guidance for Refill Reminder Programs


As previously reported, HHS announced earlier this month that it would be providing clarification on the HIPAA Privacy Rule as it relates to marketing and prescription refill reminder programs.  On September 19, 2013, HHS made good on that promise when the Office for Civil Rights announced guidance on when refill reminders and other communications about drugs currently being prescribed for an individual do not constitute "marketing" and thus do not require prior patient authorization.  

The announcement provides a test for when refill reminders will not be considered marketing (“refill reminder exception”).  The test focuses on two questions:   First, is the communication about a currently prescribed drug or biologic?  Second, if there is remuneration for the communication, is it reasonable?   

The announcement also contains the following guidance for applying the test and a number of FAQs dealing with specific situations:  

1. Is the Communication about a Currently Prescribed Drug or Biologic?


Communications that are:

  • Refill reminders;
  • About a recently lapsed prescription (one that has lapsed within the last 90 calendar days);
  • About generic equivalents of a drug being prescribed;
  • Adherence communications encouraging individuals to take prescribed medicines as directed; or
  • About all aspects of the drug delivery system for a prescribed a self-administered drug.



  • About specific new formulations of a currently prescribed medicine;
  • About specific adjunctive drugs related to the currently prescribed medicine; or
  • Encouraging an individual to switch from a prescribed medicine to an alternative medicine.

2.  Does the Communication Involve Financial Remuneration, and If So, Is It Reasonable?



  • That do not involve remuneration;
  • Involving only non-financial or in-kind remuneration, such as supplies, computers, or other materials;
  • Involving only payment from a party other than the third party (or other than on behalf of the third party) whose product or service is being described in the communication, such as payment from a health plan.


  • Involving payments to the covered entity by a pharmaceutical manufacturer or other third party whose product is being described that cover the reasonable direct and indirect costs related to the refill reminder or medication adherence program, or other excepted communications, including labor, materials, and supplies, as well as capital and overhead costs; or  
  • Involving payments to a business associate assisting a covered entity in carrying out a refill reminder or medication adherence program, or to make other excepted communications, up to the fair market value of the business associate’s services.  The payments may be made by a third party whose product is being described directly to the business associate or through the covered entity to the business associate.


  • Communication involves financial remuneration other than as described above.

As reported in the earlier post, HHS will not enforce the restrictions on remunerated refill reminders and other communications until November 7, 2013.

Tags: ,

It's Never too Late to Give Guidance: OCR Starts Releasing HIPAA Omnibus Rule Guidance in Anticipation of September 23 Compliance Deadline


This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR).  It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the "Final Rule") in advance of the September 23, 2013 compliance date.  The guidance includes:

1. Model Notices of Privacy Practices

A significant provision of the Final Rule requires covered entities to update their Notices of Privacy Practices ("NPP") to conform with new requirements under HITECH.  On September 16, 2013 , OCR released a set of model NPPs (the "Forms") for both health care providers and health plans both in editable .pdf and text formats.

The Forms include key revisions to the NPP required by the Final Rule including:

  1. the patient's right to restrict disclosures to a health plan when a procedure is paid for out of pocket and to receive notice if there has been a breach of the patient's protected health information ("PHI"); 

  2. a description of the types of uses and disclosures that require  authorization,  including uses and disclosures for certain marketing activities and for the sale of PHI by a covered entity; 

  3. the individual’s right to opt out of certain fundraising disclosures; 

  4. the health plan's inability to use or disclose a person's genetic information for underwriting purposes; and

  5. if there is a material change to the NPP, the health plan's obligation to post the revised NPP on the plan's website or provide a notice of revision to plan participants within sixty (60) days.

While the Forms can serve as the baseline for covered entities to come into compliance with the new requirements by September 23, 2013, health care providers and health plans should also consider applicable state law and their particular operations.

2. Delay in Enforcement of NPP Requirement for Certain CLIA and CLIA-Exempt Labs

On September 19, 2013, HHS announced that it was delaying enforcement of the requirement that labs that are subject to the Clinical Laboratory Improvement Amendments of 1988 ("CLIA") or exempt from CLIA and that are not required to provide an individual with access to his or her laboratory results under the HIPAA Privacy Rule.  HHS  issued the enforcement delay because it anticipates publishing an amendment to the HIPAA Privacy Rule and the CLIA regulations regarding the right of individuals to receive their test results directly from CLIA and CLIA-exempt labs.  The enforcement delay will relieve CLIA and CLIA-exempt labs from potentially having to revise their NPPs twice within a relatively short time and the associated burdens that would impose.

3. Guidance on Decedents and Student Immunizations

On September 19, 2013, OCR released guidance on uses and disclosures of PHI of decedents and disclosures of student immunization records.  In addition to the guidance, OCR published FAQs addressing both topics.

Under the Omnibus Rule, PHI of decedents is protected for 50 years following the date of death of the individual.  After that, the information is no longer subject to HIPAA protections.  During the 50-year period of protection, the personal representative of the decedent, can exercise the rights under the Privacy Rule to protect the health information of the decedent.  Covered entities may also release to family members and others involved in the person's healthcare PHI that is relevant to that involvement.  The guidance and FAQs address issues that may arise in implementing this new requirement.

The Omnibus Rule also explicitly permits covered entities to disclose student immunization information directly to a school that is required by state or other law to have proof of required immunizations before admitting the student.  The covered entity needs only agreement (and not written authorization) from a parent, guardian, or the emancipated minor to make the disclosure.  While the agreement does not need to be in writing, the health care provider must document the agreement to disclosure.  The new guidance and FAQs address what is suitable documentation and other issues that may arise.

4. What's next?

OCR has also released clarification on prescription drug refill reminder programs (to be addressed in a separate Akerman Health Law Rx Blog).  More guidance is sure to follow so….stay tuned!


Useful Resources