November 11, 2020

wRVU Compensation Formulas: Time to Review

Many hospitals, physician groups, or other providers compensate employed or contracted practitioners based on the work relative value units (“wRVUs”) they generate, e.g., a physician may be paid $x per wRVU performed. Depending on the contract terms, those wRVU values may soon be affected by the 2021 Medicare Physician Fee Schedule. If you have not already done so, you should review your wRVU compensation formula for the following issues:

1. Changes to RVU Values. The 2021 Medicare Physician Fee Schedule will increase the CMS-assigned wRVUs for several codes, including common E/M codes. (See https://www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/PhysicianFeeSched). If your wRVU compensation formula is based on the then-current CMS wRVU values or automatically incorporates the 2021 changes, you may soon owe your physicians more pay than you otherwise anticipated. You may want to adjust your contractual wRVU conversion factor to account for unanticipated and unwarranted increases in practitioner compensation. If your contract does not allow for unilateral adjustments, you may need to obtain the practitioner’s agreement to the change or, alternatively, invoke contract termination provisions. Going forward, you may want to tie the wRVUs to the CMS values that existed at the time the contract was executed rather than the operative CMS values, thereby avoiding the need to monitor or update CMS changes to wRVUs. Continue reading →

October 26, 2020

HIPAA Enforcement: Lessons from the OCR’s Recent Settlements

By Kim Stanger

The OCR has announced a surprising number of HIPAA settlements in the past few months with penalties ranging from $10,000 to $6.5 million. Here are some of the key takeaways for healthcare providers:

1. Protect against cyberattacks. Healthcare entities remain a prime target for healthcare entities with disastrous effects for victims, including providers and patients whose information is compromised or destroyed. The HIPAA security rule is intended to ensure that healthcare entities maintain the integrity, availability and confidentiality of electronic protected heath information; successful cyberattacks often expose security rule violations. Premera Blue Cross agreed to pay $6.85 million after a phishing scam deployed malware that affected the information of 10.4 million persons. Another entity agreed to pay $2.3 million after a hacker accessed records of 6.1 million persons. Per the OCR, “The health care industry is a known target for hackers and cyberthieves. The failure to implement the security protections required by HIPAA Rules …. is inexcusable.” https://www.hhs.gov/about/news/2020/09/23/hipaa-business-associate-pays-2.3-million-settle-breach.html. Cybersecurity is a major focus for HHS. In December 2018, the federal government published a guide to help healthcare providers of all sizes protect against cyberthreats, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, available at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx. In July 2020, HHS launched its Health Sector Cybersecurity Coordination Center (“HC3”) website, https://www.hhs.gov/about/agencies/asa/ocio/hc3/index.html, to offer additional support for healthcare providers. Cybersecurity is vital not only for regulatory compliance; it is essential to protect patients and ensure continued operation of the provider. Continue reading →

September 25, 2020

Paying Employees for Referring Healthcare Business

By Kim Stanger

Many healthcare employers may want to incentivize or compensate their employees for referring patients to or generating business for the employer, but they (appropriately) fear application of the federal Stark law or Anti-Kickback Statute. The “Paying for Referrals” White Paper analyzes these laws and relevant exceptions that may permit referral-based compensation structures under certain circumstances.

August 31, 2020

Telehealth in Idaho and Elsewhere

By Kim Stanger

Telehealth expanded dramatically in response to the COVID pandemic. Now that providers, patients, payers and public officials have seen the benefits, it is almost certain that telehealth will continue to play an increasingly important role in our healthcare delivery system. Providers wishing to practice telehealth in Idaho (and elsewhere) must beware the legal and practical requirements, including those set forth in statute or licensing board regulations. Continue reading →

August 26, 2020

Healthcare Providers: Beware New Information Blocking Rule

By Kim Stanger

Healthcare providers focusing on COVID-19 may have missed the final Interoperability and Information Blocking Rule that was published May 1, 2020 and takes effect November 3, 2020. (45 C.F.R. Part 171). The Rule implements the 21st Century Cures Act and furthers the government’s efforts to enable the exchange of electronic health information (“EHI”) to facilitate better outcomes, lower costs, and greater patient access to information. In general, the Rule prohibits covered actors from blocking the flow of EHI; violations may result in significant civil penalties as discussed below.

Application to Healthcare Providers. The Rule applies to healthcare providers, health IT developers of certified health IT,¹ health information exchanges, and health information networks (collectively referred to as “actors”). “Healthcare provider” is defined to include nearly any entity rendering healthcare, including physicians, practitioners, group practices, hospitals, long term care facilities, clinics, ambulatory surgery centers, and other entities determined appropriate by HHS.²

Prohibited Information Blocking. The Rule generally prohibits “information blocking,” i.e., a practice that the healthcare provider “knows³…. is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information”⁴ unless (i) the practice is required by law, or (ii) the practice fits within one of the exceptions listed below. (45 C.F.R. § 171.103(a)). Information blocking may occur, for example, when a healthcare provider refuses, ignores, delays, or imposes unreasonable conditions in response to requests to share EHI, including requests from patients, other providers, or payors. (See 85 FR 25811). It may occur when contracts, business associate agreements, license terms, or organizational policies unnecessarily restrict data sharing, or when technology is implemented, configured, or disabled so as to limit system interoperability. (85 FR 82511-12). The Rule generally prohibits any practices that increase the cost, complexity or burdens associated with accessing, exchanging or using EHI, or that limit the utility, efficacy or value of EHI such as diminishing the integrity, quality, completeness, or timeliness of the data. (85 FR 25809). Ultimately, “[a]ny analysis of whether an actor’s practices constitute information blocking will depend on the particular facts and circumstances of the case,” including whether the action rises to the level of an impermissible interference, whether the actor acted with the requisite intent, and whether the actor had control over the EHI or interoperability elements necessary to access, exchange or use the EHI in question. (85 FR 25811 and 25820).⁵ Continue reading →

August 25, 2020

Idaho COVID-Related Civil Liability Immunity – Special Session Legislation

By William Myers III

When Gov. Little called the Legislature into Special Session on August 24th, he did so with a proclamation that attached draft legislation establishing immunity from liability when a person or company makes “good faith efforts” to undertake activities safely during the coronavirus emergency.

The draft legislation must be introduced and passed in the House and Senate and that has not happened as of this writing. However, a review of the draft bill attached to the Governor’s proclamation gives an idea where the legislation may go. Continue reading →

June 8, 2020

Use of CARES Act Provider Relief Funds

By Kim Stanger

Healthcare providers who received or receive payments from the CARES Act Provider Relief Fund (“PRF”) may only use the payment for permissible purposes, must document and report the proper use, and return any excess funds to HHS. This alert summarizes the most recent guidance we have concerning these important issues.

Permissible Uses. The PRF includes both General Distributions (to all eligible providers) and Targeted Distributions (to specific provider segments, such as certain rural hospitals, hospitals in high impact areas, and skilled nursing facilities). Under the PRF Terms and Conditions applicable to each,¹ Recipients of the PRF Payments must certify “that the Payment will only be used to prevent, prepare for, and respond to coronavirus, and that the Payment shall reimburse the Recipient only for health care related expenses or lost revenues that are attributable to coronavirus.” (See, e.g., https://www.hhs.gov/sites/default/files/terms-and-conditions-provider-relief-20-b.pdf, emphasis added). Continue reading →

May 29, 2020

Medical Decision-Making for Incapacitated Adult Patients Under Utah Law

By Kristy M. Kimball and Lisa Carlson

Healthcare providers generally are required to have an adult patient’s consent before they can administer any type of medical care, which raises the question: Who has the authority under Utah state law to make medical decisions on behalf of an unconscious (or otherwise incapacitated) adult patient. In treating patients with COVID-19, this concern is particularly relevant, as an intubated patient will be sedated and unable to participate in their own medical decision-making. Therefore, it is critical that healthcare providers determine who holds such authority under the applicable state laws. Continue reading →

May 6, 2020

Rural Hospitals Receive Next Round of Provider Relief Funds

By Kim Stanger

This week, rural providers began receiving the next round of Provider Relief Funds as authorized by the CARES Act. Recipients include rural acute care general hospitals, critical access hospitals (“CAHs”), rural health clinics (“RHCs”), and community health centers located in rural areas. Rural hospitals and CAHs may receive a minimum of $1,000,000 plus additional amounts based on a percentage of their annual expenses. RHCs and CHCs will receive a minimum of $100,000 plus an additional amount based on their operating expenses. The funds are generally made by direct deposit. The disbursement is described here. Continue reading →

April 27, 2020

HHS Updates Recently Issued Provider Relief Fund Terms and Conditions

By Kim Stanger

HHS has updated the Terms and Conditions and websites for two key portions of its Provider Relief Fund programs.

1. Provider Relief Funds. Over the weekend, HHS updated the Terms and Conditions and posted FAQs concerning the Provider Relief Fund, available here: https://www.hhs.gov/coronavirus/cares-act-provider-relief-fund/index.html. The new Terms and Conditions apply to the $50 billion General Distribution funds that have gone out and will go out over the next few weeks, and reaffirm reporting requirements as well as potential fraud and abuse liability for failing to comply. See https://www.hhs.gov/coronavirus/cares-act-provider-relief-fund/terms-conditions/index.html. HHS also opened the portal for those entities entitled to apply for additional General Distribution funds. https://covid19.linkhealth.com/docusign/#/step/1. The FAQs provide detailed information concerning eligibility, requirements, and information necessary to apply for additional funds. https://www.hhs.gov/sites/default/files/20200425-general-distribution-portal-faqs.pdf. Significantly, those who received the a portion of the $20 billion disbursement last week must still provide information confirming their patient revenues as well as attest to the updated Terms and Conditions relevant to that program. Continue reading →