August 8, 2018

Sports and Student Physicals: Legal Issues

By Kim Stanger

It’s that time of year when many healthcare providers offer free or discounted sports or student physicals as a community service or marketing ploy. If you participate in such programs, make sure you consider the legal issues, including the following:

  • Confirm that your malpractice insurance covers such services. Some states have statutes that protect practitioners when providing free medical services at such community events. (See, e.g., Idaho Code § 39-7701 et seq.). If you are relying on such a statute, make sure that you comply with the conditions associated with—and beware the limits to—such protection. For example, these statutes usually do not protect the provider against intentional or grossly negligent conduct. Make sure your malpractice insurance covers any gap.
  • If the student is an unemancipated minor, you likely need effective parental consent for the exam or treatment. Effective consent requires that you provide sufficient information concerning the risks, benefits, and scope of services to ensure the consent is truly informed.
  • Ensure that the student and/or their personal representative understand the limited scope of your services. You may want to have them acknowledge in writing that you are only providing the limited services associated with the program, and that you are not undertaking to provide ongoing or follow-up care unless you expressly agree otherwise.

Continue reading

July 9, 2018

Paying Hospital-Employed Physicians for Services Performed by Others

By Kim Stanger

The Ethics in Patient Referrals Act (“Stark”) prevents hospitals from paying employed or contracted physicians in the same way that physicians are or were paid by independent physician groups.  Specifically, physician groups may generally pay physicians a share of the profits from services performed by others, but hospitals may not pay physicians in a way that varies with the volume or value of referrals for certain services payable by Medicare or Medicaid, which usually precludes paying physicians a share of profits or a percentage of fees for services referred or ordered by the physician but performed by others.

Stark Requirements.  Per Stark, if a physician (or a member of the physician’s family) has a financial relationship with an entity, the physician may not refer patients to that entity for certain designated health services1 payable by Medicare or Medicaid unless the financial arrangement is structured to fit within a regulatory safe harbor.  (42 USC § 1395dd; 42 CFR § 411.353).  Under Stark’s “group practice” safe harbors, physician groups that qualify as a “group practice” may pay physician group members based on services the physician personally performs, services billed “incident to” the physician’s personally performed services, or, subject to certain limits, a portion of the overall profits of the group, including profits from services derived from services performed by others.  (See 42 CFR §§ 411.353 and 411.355(a)-(b)).  These “group practice” safe harbors are not available to physicians who are employed by the hospital. Continue reading

May 29, 2018

Utah Care-Review Privilege

by Cory Talbot

Utah adopted a care-review privilege “to improve medical care by allowing health-care personnel to reduce morbidity or mortality and to provide information to evaluate and improve hospital and health care.”1 In January, the Utah Court of Appeals gave some helpful guidance about the application of this privilege in Vered v. Tooele Hospital Corporation.2

The Care-Review Privilege Generally

Before discussing the Vered case, we will go over a number of general background issues regarding the scope and application of the care-review privilege. Continue reading

May 23, 2018

Want to Hire an Employee Subject to a Noncompete Agreement?

by Nicole Snyder

Republished with permission from Idaho Medical Group Management Association (MGMA). Original article appeared in Idaho MGMA’s May 2018 e-newsletter.

As the healthcare industry grows, and at a time when unemployment is low, it can be very frustrating to find potential employee candidates who are bound by noncompete agreements with current or former employers.

Medical practices shouldn’t be too quick to throw in the towel before rejecting candidates on the basis of having a noncompete agreement.  Here are some pointers to help with the hiring process in these situations: Continue reading

April 10, 2018

IMGMA Q/A: Service Animals

by Rob Low

Republished with permission from Idaho Medical Group Management Association (MGMA). Original article appeared in Idaho MGMA’s April 2018 e-newsletter.

Question: What are “Service Animals”, and to what extent (i) must they be allowed on health care facility premises, and (ii) can they be refused or removed from premises?

Answer:  Under the Americans with Disabilities Act (ADA), “Service Animals” are defined as dogs that are individually trained to do work or perform tasks for people with disabilities. This means the dog must be trained to take a specific action when needed to assist the person with a disability (e.g., a dog which is trained to guide a blind person, alert a deaf person, pull a wheelchair, alert a person with diabetes that his or her blood sugar is too high or too low).  The ADA also recognizes that, in some instances, a person with a disability may use a miniature horse that has been trained to do work or perform tasks for people with disabilities as a service animal. Under the ADA, service animals must be harnessed, leashed, or tethered, unless these devices interfere with the service animal’s work or the individual’s disability prevents using these devices. However, the ADA does not require service animals to wear a vest, ID tag, or specific harness. Continue reading

March 9, 2018

Minimizing Liability For Business Associate Misconduct

By Kim Stanger

Republished with permission from AHLA’s Physicians and Hospitals Law Institute. Original article appeared Feb. 5, 2018. 

Healthcare providers, health plans and healthcare clearinghouses (“covered entities”) and business associates are subject to significant penalties for violations of the HIPAA Privacy, Security and Breach Notification Rules. To make matters worse, covered entities may be liable for their business associates’ misconduct, and business associates may be liable for their subcontractors’ violations. Covered entities and business associates must take appropriate steps to minimize exposure for their business associates’ or subcontractors’ violations. Continue reading

February 22, 2018

Mandatory Flu Vaccines Land Healthcare Facility In Court

By Bradley Cave

After rescinding a job offer to an applicant, a Michigan healthcare provider finds itself in federal court defending a religious accommodation claim. If your organization requires employees to get flu vaccines, your policy should address how to handle religious objections. Here are details from the complaint that resulted in this recent discrimination lawsuit and steps you should take when facing similar circumstances.

Prospective Employee Suggests Reasonable Accommodation to Flu Shot

According to the complaint filed by the Equal Employment Opportunity Commission (EEOC), Yvonne Bair applied for a medical transcriptionist position in early 2016 with Memorial Healthcare, a non-profit corporation located in Owosso, Michigan. The transcription position would involve working from home, but also required two months of training at Memorial Healthcare’s hospital in Owosso at the start of employment. Continue reading

February 20, 2018

Producing Patient Records: The “Designated Record Set,” the “Legal Health Record,” and Records Created by Other Providers

Healthcare providers often misunderstand their obligation to provide patient records in response to a request from a patient or third party.

1. Patient Requests and the “Designated Record Set.” With very limited exceptions,[1] patients and their personal representatives generally have a right to access and/or require the disclosure of protected health information in the patient’s designated record set. (45 CFR § 164.524(a)). HIPAA defines “designated record set” as:

A group of records maintained by or for a covered entity that is:
(i) The medical records and billing records about individuals maintained by or for a covered health care provider; [or]
(iii) Used, in whole or in part, by or for the covered entity to make decisions about individuals.

(45 CFR § 164.501). As the OCR recently summarized:

The Privacy Rule generally requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more “designated record sets” maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice. Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the covered entity, another provider, the patient, etc.).

Continue reading

February 6, 2018

IMGMA Q/A: Producing Records

By Kim Stanger

Ed. note: This article also appears in an issue of the Idaho MGMA monthly newsletter.

Question:  What is the difference between a “designated record set” and “legal health record,” and what must we provide when we receive a request for “records”?

Answer:  HIPAA defines “designated record set” as:

A group of records maintained by or for a covered entity that is:

(i)        The medical records and billing records about individuals maintained by or for a covered health care provider; [or]

(iii)      Used, in whole or in part, by or for the covered entity to make decisions about individuals.

(45 CFR 164.501).  With very limited exceptions, patients and their personal representatives generally have a right to access protected health information in their designated record set.  (45 CFR 164.524).  As the OCR recently summarized: Continue reading

January 9, 2018

Reporting HIPAA Breaches: Annual Deadline Approaches

By Kim Stanger

The HIPAA breach notification rule requires covered entities to report breaches of unsecured protected health information (“PHI”) to affected individuals, HHS and, in some cases, local media. (45 CFR § 164.400 et seq.). The notice must be sent to individuals as soon as reasonably possible but no later than 60 days after it was discovered. (45 CFR § 164.404). The timing of notice to HHS depends on the number of persons affected by the breach: if the breach involves 500 or more persons, the covered entity must notify HHS at the same time it notifies the individual; if the breach involves less than 500 persons, the covered entity must report the breach to HHS until no later than 60 days after the end of the calendar year, i.e., by March 1. (45 CFR § 164.408(b)-(c)).

Is Your HIPAA Breach Reportable? Under the breach notification rule, covered entities are only required to self-report if there is a “breach” of “unsecured” PHI. (45 CFR § 164.400 et seq.). Continue reading