Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
Valid HIPAA Authorizations: A Checklist
/in HIPAAby Kim C. Stanger, Holland & Hart LLP
The HIPAA privacy rules generally prohibit healthcare providers and their business associates from using or disclosing protected health information (“PHI”) unless (1) they have a valid written HIPAA authorization signed by the patient or the patient’s personal representative, or (2) a specific regulatory exception applies.1 Many if not most authorizations received by providers are invalid. To be valid, a HIPAA authorization must satisfy the following2: Read more
Colorado DME
/in Uncategorizedby Chris Esseltine, Holland & Hart LLP
Colorado recently enacted a bill that will significantly affect Durable Medical Equipment (DME) suppliers in the state. The bill requires a DME supplier that currently bills or plans to bill the Medicare program for services or products to have a license with the Secretary of State. The licensee must be physically located within the state or within 50 miles of the state, have sufficient inventory and staff to do business, and be accredited by an organization recognized and accepted by the centers for Medicare and Medicaid services.
According to a representative at the Secretary of State’s office, the law will go into effect January 1, 2015. However the office is still working out details about how to procure the license, enforcement and penalties for non-compliance, and a possible grace period past the January 1 deadline.
For more information on this or any other legal issues relating to DME, please contact Chris Esseltine at Holland & Hart.
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
HIPAA Business Associate Agreements: Deadline Approaching
/in HIPAAby Kim C. Stanger, Holland & Hart LLP
If they have not already done so, the deadline for covered entities and business associates to update their HIPAA business associate agreements to comply with Omnibus Rule requirements is September 22, 2014.
BAA Requirements. HIPAA requires that covered entities and business associates execute contracts (called “business associate agreements” or “BAAs”) which require that business associates comply with certain portions of the HIPAA Privacy, Security and Breach Notification Rules. (45 CFR 164.314(a)), 164.502(e), and 164.504(e)). The HIPAA Omnibus Rule changed BAA requirements. Under the Omnibus Rule, covered entities and business associates must modify their BAAs to require business associates to:
(45 CFR 164.314(a) and 164.502(e)). For a checklist of all required BAA terms, click here. The Office for Civil Rights (“OCR”) has also published sample BAA provisions, although the OCR sample may not include additional terms that covered entities or business associates may want to include in their BAAs. Read more
May our medical group offer free screenings?
/in Fraud and AbuseAs with other free or discounted items or services, offering free screenings can violate (1) the federal Anti-Kickback Statute (“AKS”) if one purpose of the free screening is induce referrals for items or services payable by federal healthcare programs (42 USC § 1320a-7b), and/or (2) the federal Civil Monetary Penalties Law (“CMP”) if the physician knows or should know that the free screening is likely to induce a federal program beneficiary to purchase items or services covered by federal healthcare programs (42 USC § 1320a-7a). There are several potentially relevant CMP exceptions, most of which focus on whether the screening is tied to the provision of other services payable by federal healthcare programs. In Advisory Opinion 09-11, the OIG approved a hospital’s free blood pressure screening program where (1) the free screening was not conditioned on the use of any other goods or services from the hospital; (2) the patient receiving the screening was not directed to any particular provider; (3) the hospital did not offer the patient any special discounts on follow-up services; and (4) if the screening was abnormal, the patient as advised to see their own health care professional. Under these circumstances, the OIG concluded that the test was not improperly tied to the provision of other services by the hospital.
For more information, see the OIG’s Special Advisory Bulletin: Offering Gifts and Other Inducements to Beneficiaries (August 2002), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/SABGiftsandInducements.pdf.
Kim Stanger is the Chairman of Holland & Hart LLP’s Health Law Group. He can be reached at kcstanger@hollandhart.com or (208) 383-3913. To subscribe to Holland & Hart’s free e-newsletter or blog concerning health law issues, please e-mail Mr. Stanger.
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Beware Excluded Individuals and Entities
/in Fraud and Abuseby Kim C. Stanger, Holland & Hart LLP
Federal laws generally prohibit providers from billing for services ordered by, or contracting with, persons or entities that have been excluded from participating in Medicare, Medicaid, or other federal health care programs. Violations may result in significant penalties, including repayment of amounts improperly received. To avoid penalties, providers should check the OIG’s List of Excluded Individuals and Entities (“LEIE”) before hiring, contracting with, or granting privileges to employees, contractors, or practitioners, and should periodically re-check the LEIE thereafter.
Effect on Excluded Entities. Federal statutes such as the Civil Monetary Penalties (“CMP”) law allows HHS to exclude individuals and entities from participating in federal health care programs if they have been convicted of fraud or abuse or engaged in certain other misconduct. (See, e.g., 42 USC §§ 1320a-7 and 1320c-5). States are required to exclude from Medicaid any person or entity that has been excluded by HHS. (Id.). An excluded individual or entity generally may not do the following: Read more