Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
Contacting Parents, Spouses or Others to Obtain Payment
/in UncategorizedBy Kim Stanger
Healthcare providers sometimes mistakenly assume that they cannot contact a patient’s spouse, parents, or other third parties to obtain payment without the patient’s consent. However, HIPAA generally allows healthcare providers to use or disclose protected health information for purposes of obtaining payment without the patient’s consent or authorization unless the provider has agreed otherwise with the patient. (45 CFR §§164.506(a), (c) and 164.524(a)). The Office for Civil Rights (“OCR”) published the following FAQ discussing this rule:
Does the HIPAA Privacy Rule permit a covered entity or its collection agency to communicate with parties other than the patient (e.g., spouses or guardians) regarding payment of a bill?
Read more
CMS Issues Final Rule for Hospitals & Home Health Agencies for Patient Discharge Planning
/in MedicareBy J. Malcolm (Jay) DeVoy and Lisa Carlson
On September 26, 2019, the Centers for Medicare and Medicaid Services and Department of Health and Human Services published commentary and its final rule affecting how hospitals, including critical access hospitals (“CAHs”), and home health agencies (“HHAs”) must plan and document the discharge of patients in order to avoid re-admissions.1 CMS published this new rule with commentary in the Federal Register on September 30, 2019.2
In order to “empower patients to make informed decisions about their care as they are discharged”3 from hospitals or transferred from HHAs to the post-acute care (“PAC”) setting, CMS adopted this final rule under the Improving Medicare Post-Acute Care Transformation Act (“IMPACT Act”) of 2014. CMS’s final rule is predicated on hospitals, CAHs and HHAs using the quality and resource use information CMS gathers from HHAs, skilled nursing facilities (“SNFs”), inpatient rehabilitation facilities (“IRFs”), and long-term care hospitals (“LTCHs”) under the IMPACT Act. Hospitals, CAHs, and HHAs must now provide this information to patients and their caregivers so that they may consider it when selecting the PAC provider or services they will utilize to continue their treatment. Read more
Federal and New Mexico Surprise Billing Protections
/in Healthcare Law, State Law UpdatesBy Little V. West and Kaitlyn Luck
Surprise billing protections are part of both state and national policy agendas this year in an effort to provide health-care transparency and consumer transparency. New Mexico’s new law now protects consumers by specifically prohibiting health care providers from balance billing, and President Trump also signed an Executive Order with the same goals. New Mexico health care providers need to be aware of federal and state level developments regarding surprise billing because of the significant changes that could result in civil penalties for noncompliance if the proposed federal regulations are adopted.
On the state level, effective January 1, 2020, New Mexico’s Surprise Billing Protection Act (SB 337) (the Act) will generally prohibit providers from submitting a surprise bill to an insured person, or a collection agency, and provides for rights for insureds to appeal a health insurance carrier’s decision regarding a surprise bill. Among other things, the Act aims to prevent insured’s receipt of “surprise bills” by: (1) requiring a health insurance carrier to pay nonparticipating providers for emergency care necessary to evaluate and stabilize a covered person if a prudent layperson would believe such treatment is necessary, without requiring a prior authorization for such services; (2) requiring health insurance carriers to pay, and relieving an insured from liability for payment for, non-emergency care by an out-of-network provider when (a) the insured received care at an in-network facility, but did not have the ability or opportunity to choose an in-network provider who is available to provide covered services, or (b) medically necessary care is unavailable within the health benefit plan’s network; and (3) in nonemergency circumstances, requiring an out-of-network provider, with advance knowledge that the out-of-network provider is out of network, to inform the insured of that fact and to advise the insured person to contact their health insurance carrier to discuss the insured’s options. Balance billing is permitted by out-of-network providers to an individual who knowingly choses to receive services from the out-of-network provider. By July 1, 2020, the Act will require licensed health care facilities to post information about consumers’ rights.
Read moreDiverting Ambulances and EMTALA
/in UncategorizedBy Kim Stanger
Hospitals—especially rural hospitals—may want to divert inbound ambulances to other facilities, especially when the patient requires services that the hospital may be unable to provide. However, improper diversions may violate the Emergency Medical Treatment and Active Labor Act (“EMTALA”), 42 USC § 1395dd. EMTALA violations may result in penalties of $53,484 to $106,965, depending on the number of beds at the hospital. (42 CFR § 1003.510 and 45 CFR § 102).
EMTALA generally applies to individuals who come to the hospital’s emergency department. In addition to those persons who actually arrive at the hospital, “comes to the emergency department” is defined to include an individual who:
(3) Is in a ground or air ambulance owned and operated by the hospital for purposes of examination and treatment for a medical condition at a hospital’s dedicated emergency department, even if the ambulance is not on hospital grounds1 … [or]
(4) Is in a ground or air nonhospital-owned ambulance on hospital property for presentation for examination and treatment for a medical condition at a hospital’s dedicated emergency department. However, an individual in a nonhospital-owned ambulance off hospital property is not considered to have come to the hospital’s emergency department, even if a member of the ambulance staff contacts the hospital by telephone or telemetry communications and informs the hospital that they want to transport the individual to the hospital for examination and treatment. The hospital may direct the ambulance to another facility if it is in “diversionary status,” that is, it does not have the staff or facilities to accept any additional emergency patients. If, however, the ambulance staff disregards the hospital’s diversion instructions and transports the individual onto hospital property, the individual is considered to have come to the emergency department.
Read more
Business Associates’ Use of Information for Their Own Purposes
/in Data Privacy, HIPAAby Kim Stanger
Business associates may want to use a covered entity’s protected health information (“PHI”) for the business associates’ own purposes, e.g., for their own product development, data aggregation, marketing, etc. However, with very limited exceptions, HIPAA prohibits business associates from doing so without the patient’s written authorization. Misusing PHI may expose the business associate to HIPAA fines, criminal penalties, breach of contract claims by the covered entity, and perhaps civil liability to individuals whose PHI was improperly used. (See, e.g., 42 U.S.C. § 1320d-6; 45 C.F.R. § 160.404).
Limits on Use or Disclosure of PHI.
The business associate’s authority to use or disclose PHI derives from the covered entity’s authority. The covered entity may only use the patient’s PHI for certain purposes without the patient’s authorization, e.g., for the covered entity’s own treatment, payment or healthcare operations. (45 C.F.R. § 164.502). HIPAA allows covered entities to share PHI with business associates to assist the covered entity in performing authorized activities for or on behalf of the covered entity, but with very limited exceptions, the same limits that apply to the covered entity also apply to the business associate, e.g., absent the patient’s written authorization, it may only use the information for purposes of the covered entity’s treatment, payment, healthcare operations or other permitted use. (Id.). The business associate agreement (“BAA”) between the covered entity and business associate must specify the permissible uses of PHI. 45 C.F.R. § 164.502(e) states:
Read more