Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
TRICARE Claims Processing Suspension
/in TRICAREby Ellen Bonner, Callaway Bonner Law LLC (Guest Author)
Warning: TRICARE Claims Processing Suspension May Occur During Health Care Fraud Investigations for Compounding Pharmacy Prescriptions
Yesterday, the Wall Street Journal (WSJ) reported on a significant federal investigation regarding compounding pharmacies and compound pharmaceutical prescriptions for TRICARE beneficiaries in at least four states. TRICARE, the federal health benefit program under the Defense Health Agency, provides health care benefits for more than 9.5 million current and retired members of the uniformed services and their families. TRICARE health care fraud allegations can result not only in civil and criminal sanctions, but also in TRICARE claims processing temporary suspensions, as well as provider exclusion and termination from TRICARE and other federal healthcare programs.
Health Care Fraud: Civil and Criminal Action
According to the WSJ there were four civil fraud settlements by Florida pharmacies last month that will soon be reported. These settlements – amounting to $12.8 million – are based upon allegations of falsely billing TRICARE for expensive pharmaceutical creams and gels to treat pain, scars, and other ailments. The WSJ reported that federal prosecutors are pursuing “numerous criminal investigations,” and the U.S. Attorney for the Middle District of Florida anticipates filing criminal charges in early 2016 against pharmacies, drug marketers, and physicians cited in the settlements. Separate Justice Department investigations on compounding pharmacies are ongoing in California, Mississippi, and Texas. Read more
Responding to HIPAA Breaches
/in HIPAAby Kim C. Stanger, Holland & Hart LLP
HIPAA privacy and security breaches can result in fines of $100 to $50,000 to covered entities (including healthcare providers and health plans) and their business associates. (45 CFR 160.404). If the violation resulted from “willful neglect”, the Office for Civil Rights (“OCR”) must impose a mandatory fine of $10,000 to $50,000. (45 CFR 160.404). To make matters worse, covered entities and their business associates must self-report breaches of unsecured protected health information (“PHI”) to the affected individual and to HHS (45 CFR 164.400); failure to do so may constitute “willful neglect” resulting in additional fines. The good news is that the OCR may not impose a fine so long as the covered entity or business associate did not act with “willful neglect” and corrected the problem within 30 days. (45 CFR 160.410(b)).
Responding to Possible Breaches. Given the potential consequences, it is critical that covered entities and business associates respond appropriately to potential HIPAA breaches to avoid or minimize their liability. Below are steps that you may follow to help you identify and timely respond to HIPAA breaches. Read more
Complying With HIPAA: A Checklist for Business Associates
/in HIPAAby Kim C. Stanger, Holland & Hart LLP
The HIPAA Privacy, Security, and Breach Notification Rules now apply to both covered entities (e.g., healthcare providers and health plans) and their business associates. A “business associate” is generally a person or entity who “creates, receives, maintains, or transmits” protected health information (PHI) in the course of performing services on behalf of the covered entity (e.g., consultants; management, billing, coding, transcription or marketing companies; information technology contractors; data storage or document destruction companies; data transmission companies or vendors who routinely access PHI; third party administrators; personal health record vendors; lawyers; accountants; and malpractice insurers).1 With very limited exceptions, a subcontractor or other entity that creates, receives, maintains, or transmits PHI on behalf of a business associate is also a business associate.2 To determine if you are a business associate, see the attached Business Associate Decision Tree.
Business associates must comply with HIPAA for the following reasons: Read more
Nevada Supreme Court Upholds $350,000 Medical Malpractice Cap
/in Hospitals & Health Systemsby Brian Anderson, Holland & Hart LLP
In a unanimous decision on Friday, October 1, 2015, the Nevada Supreme Court (the Court) upheld as constitutional the state’s $350,000 statutory limitations on plaintiffs’ recovery of noneconomic damages in a medical malpractice or professional negligence suit.
In Tam v. Eighth Jud. Dist. Ct., 131 Nev. Adv. Op. 80 (Nev. Oct. 1, 2015), after the death of Charles Thomas Cornell, Sherry Cornell (individually, and as administrator of Mr. Cornell’s estate) filed a complaint against numerous defendants, including petitioner Stephen Tam, M.D., alleging medical malpractice. Dr. Tam filed a motion requesting in part that the Eighth Judicial District Court (district court) confirm that the Plaintiff’s noneconomic damages be capped pursuant to NRS 41A.035, which limits to $350,000 the recovery of a plaintiff’s noneconomic damages in a healthcare provider’s professional negligence action. The district court denied the motion, concluding that: (1) NRS 41A.035 is unconstitutional, as it violates a plaintiff’s constitutional right to trial by jury;(2) the statutory cap does not apply to the case as a whole, but a separate cap applies to each plaintiff for each of the defendants; and (3) the statutory cap does not apply to medical malpractice claims. Dr. Tam challenged the district court’s order, filing a petition for a writ of mandamus to compel the district court to vacate its order. The Court granted the petition in its entirety, holding that the district court erred in: (1) finding the statute unconstitutional; (2) finding the statutory cap applies per plaintiff and per defendant; and (3) finding the statute only applies to professional negligence and not to medical malpractice. Read more
HIPAA and Records of Deceased Persons
/in HIPAAby Kim C. Stanger, Holland & Hart LLP
The HIPAA privacy and security rules generally apply to protected health information of deceased persons as well as the living. Providers may generally use or disclose such information as follows:
1. Treatment, Payment, or Operations. As with living persons, HIPAA allows providers to use or disclose protected health information of deceased persons for purposes of treatment, payment, or the provider’s healthcare operations, unless the provider has agreed otherwise. (See 45 CFR 164.506 and 164.522(a)). This may include treatment of other living relatives. As the Office for Civil Rights (OCR) explained, “disclosures of protected health information for treatment purposes—even the treatment of another individual—do not require an authorization; thus, a covered entity may disclose a decedent’s protected health information, without authorization, to the health care provider who is treating the surviving relative.” (OCR FAQ, available here). Read more