Category: Health Care Law

Countdown to HITECH Compliance: How to Redistribute Your Notice of Privacy Practices

Poyner SpruillSeptember 23, 2013 is the fast-approaching compliance deadline for the final omnibus HIPAA/HITECH rules.  Many provisions required revisions to Notices of Privacy Practices (NPPs) maintained and distributed by covered entities.  The U.S. Department of Health and Human Services (HHS) has made clear that these changes are material.  As a result, covered entities must redistribute their NPPs shortly in order to meet HITECH’s requirements.  This alert describes the manner of redistribution dictated by HIPAA.

General Requirements

When revising NPPs, keep in mind that whether paper or web-based, HHS requires them to be accessible to all individuals, including those with disabilities.  Covered providers required to comply with Section 504 of the Rehabilitation Act or the Americans with Disabilities Act must also take steps to ensure effective communication with individuals with disabilities, including making the revised NPP available in Braille, large print, or audio.  HIPAA also requires NPPs to be written in plain language.

Changes to the NPP may not be implemented prior to the NPP’s new effective date, unless otherwise required by law.  Typically, any change to the practices described within the revised NPP may only be applied to PHI created or received after the effective date of the change.  All previous versions of the NPP and any acknowledgments of its receipt must be maintained for six years from the last effective date.

If You Are a Health Care Provider

For existing patients, you must make the revised NPP available upon request on or after the effective date of the changes (for most, this date will be September 23, 2013).  If you have a physical service delivery site (such as a clinic or hospital), you must have copies of the NPP available at the site for individuals to take with them upon request.  You also must post a copy of the NPP or summary of the revisions in a clear and prominent location, where it is reasonable to expect individuals to be able to read the posting.  You must ensure all new patients receive the revised NPP at the time of first service after the effective date of the changes.  The revised NPP must be made available on your website if you have one.  If patients have agreed to receive electronic notice of the NPP, you may e-mail the revised NPP to those patients.  You do not need to obtain acknowledgment of receipt from individuals, except for the initial distribution of the NPP provided at the first time of service.

If You Are a Health Plan

You must distribute the revised NPP to current plan participants.  If you post your NPP on a website, then you must post the revised NPP, or a description of the material changes, prominently on that website by the effective date of the changes.  You also must provide in your next annual mailing to participants either the revised NPP or information regarding material changes and how to obtain a copy of the NPP.  If you do not post your NPP on a website, then you must provide participants with the revised NPP or information about the material changes and how to obtain the revised NPP within 60 days of the material changes.  Note that all health plans also must continue to notify participants of the availability of the NPP and how to obtain a copy at least once every three years.

HHS has stated that if covered entities or health plans amended and redistributed NPPs prior to issuance of the final omnibus rule then they are not required to repeat the process, so long as the current NPP that was redistributed meets all the requirements in the final rule.  For all other covered entities, the NPP must be revised and effective by September 23, 2013, and redistributed as appropriate.

Article By:

 of

Healthcare Fraud Case Results in $491 Million Settlement

tz logo 2

On July 30, 2013, Pfizer Inc., one of the world’s largest pharmaceutical companies, announced its finalized agreement to pay $491 million to the U.S. government in order to resolve accusations that the company and one of its subsidiaries defrauded the U.S. healthcare system.  Under the settlement, Pfizer will pay $257 million in order to resolve civil allegations that Wyeth Pharmaceuticals Inc., owned by Pfizer, engaged in illegal marketing that led to false claims being brought to Medicare and similar healthcare programs.  Pfizer will pay the other $234 million of the settlement in order to cover criminal fines and penalties.

According to allegations in the lawsuit, Wyeth Pharmaceuticals had illegally marketed a transplant drug named Rapamune for uses that had not been approved by the U.S. Food & Drug Administration (FDA).  Patients use Rapamune in combination with other drugs following kidney transplants.  However, Wyeth’s advertising campaigns advocated the drug for unapproved applications, such as use after liver, lung, heart, pancreas, and islet transplants.  According to a U.S. attorney, this type of off-label marketing endangers patients and erodes the population’s confidence in the FDA.  In 2002, the FDA required Wyeth to place a “black box warning,” the most stringent type of warning required by the agency, on the Rapamune product label.  This warning would advise people of the risks inherent in using Rapamune after liver transplants.  One year later, the FDA required a similar type of warning with regard to the use of Rapamune after lung transplants.  Nevertheless, claims up to 90% of Wyeth’s Rapamune sales were allegedly for “off-label” uses.

The $491 million settlement resulted from two qui tam lawsuits filed against Wyeth Pharmaceuticals Inc.  Under provisions of the False Claims Act, private citizens with knowledge of fraud committed against the government can file a qui tam lawsuit on behalf of the United States.  The individual filing the lawsuit is known as the relator or whistleblower.  Healthcare whistleblowers, such as the persons who brought the lawsuits against Wyeth, serve an important role in exposing and eradicating healthcare fraud.  Many whistleblowers have personal knowledge of deceptive practices because they work for the companies that submit false claims to the Government.  By relating their knowledge to the appropriate authorities, these individuals can assure that healthcare programs can achieve their intended benefits to Americans with the greatest need of federal assistance.

In the first case, the False Claims Act whistleblowers were Marlene Sandler and Scott Paris.  They jointly filed a lawsuit in Pennsylvania that alleged aspects of off-label marketing.  At the time, the Government declined to intervene and the relators commenced to litigate the case on their own.  Two years later, a second qui tam whistleblower, Mark Campbell, came forward.  Mr. Campbell is a former Wyeth sales representative who worked for the company for twenty years.  Throughout the tenure of his employment, he became aware of Wyeth’s off-label marketing practices.  After he filed his lawsuit against Wyeth in the U.S. District Court for the Western District of Oklahoma, the Department of Justice intervened in the Sandler and Paris action.  The Government then transferred the matter to the Oklahoma court and consolidated the two cases.  The three Medicare fraud whistleblowers have aligned their interests and cooperated to help the investigation into Wyeth’s actions.

Because the whistleblowers took on a personal risk in bringing allegations against their employer and they devoted their time in relaying information vital to the case, they will obtain a significant proportion of the settlement.  False Claims Act whistleblowers typically receive 15% to 25% of settlements.  That means that Ms. Sandler, Mr. Paris, and Mr. Campbell will all potentially receive millions of dollars from Pfizer Inc.

 of

Health Care Reform Update – Week of August 26th , 2013

Mintz Logo

Leading the News

CMS Announces Matching Agreements for Data Hubs

On August 21st, the Centers for Medicare and Medicaid Services (CMS) announced its most recent agreement with state entities for exchange data hubs. States are now required to report any suspected or confirmed loss of personally identifiable information within an hour of discovery to their designated Center for Consumer Information and Insurance Oversight (CCIIO) State Officer, who will then notify the relevant Federal agency. CMS has posted a draft of the reporting form and has asked for public comments to be submitted by September 20th.

Lawmakers Defend Critical Access Hospitals

On August 22nd, a bipartisan group of 20 Senators, led by Senator Tammy Baldwin (D-WI), sent a letter to Chairman Max Baucus (D-MT) and Ranking Member Orrin Hatch (R-UT) of the Senate Finance Committee defending critical access hospitals and challenging a report released last week by the Department of Health and Human Services (HHS) Inspector General which criticized hospitals participating in the Medicare Critical Access Hospital program.

Implementation of the Affordable Care Act

On August 16th, the Small Business Administration (SBA) and the Small Business Majority announced a new series of weekly webinars to help small business owners learn how the ACA will affect their businesses and their employees.

On August 19th, HHS announced that it will be partnering with the Young Invincibles for the Healthy Young America video contest.

On August 21st, seventy nine Republicans in the House of Representatives signed a letter to Speaker John Boehner (R-OH) and Majority Leader Eric Cantor (R-VA) urging them to de-fund the implementation and enforcement of the ACA in any relevant appropriations bill.

On August 21st, Republican members of the House Energy and Commerce Committee sent a letter to Treasury Secretary Jack Lew stating that they have not yet received a response to questions submitted for the record to Mark Iwry on August 2nd regarding the delay of the employer mandate.

On August 23rd, the IRS released proposed rules on the ACA’s small business tax credit, which will be available to employers with no more than 25 full time employees purchasing health insurance through the Small Business Health Options Program (SHOP) exchange.

Other HHS and Federal Regulatory Initiatives

On August 19th, an Oklahoma judge granted a temporary injunction against a state law that placed additional restrictions on access to Plan B One-Step pending the outcome of a lawsuit challenging the law. The new restrictions contradict FDA approval for unrestricted, over the counter sale of Plan B One-Step.

On August 19th, the Agency for Healthcare Research and Quality (AHRQ) announced Richard Kronick will replace Carolyn Clancy as the director of the agency. He is currently the Deputy Assistant Secretary for Planning and Evaluation in the Office of Health Policy.

On August 20th, the Centers for Disease Control (CDC) announced an award of approximately $75.8 million to all 50 states through the Epidemiology and Laboratory Capacity for Infectious Diseases Cooperative Agreement.

On August 22nd, the HHS Office of the Assistant Secretary for Planning and Evaluation released an issue brief which found that the percentage of office-based physicians who are accepting new Medicare patients has not changed significantly between 2005 and 2012, and is slightly higher than the percentage accepting new privately insured patients.

On August 23rd, Iowa Governor Terry Branstad (D) submitted a Medicaid expansion waiver to CMS, which will formally replace the previous Medicaid waiver for the Iowa Care program with the Iowa Health and Wellness Plan.

Other Congressional and State Initiatives

On August 19th, Congressman Charles Rangel (D-NY) and Senator Kirsten Gillibrand (D-NY) announced they will be introducing the Communities United with Religious Leaders for the Elimination of HIV/AIDS (CURE) Act of 2013.

Other Health Care News

On August 19th, the RAND Corporation released a report stating that the one year delay of the employer mandate will not substantially impact the ACA.

On August 20th, the Kaiser Family Foundation released its annual Employer Health Benefits survey, which found that premiums increased at modest levels, consistent with the last several years.

On August 21st, the Commonwealth Fund released their findings from their Health Insurance Tracking Survey, conducted from 2011 to 2013, which indicated that only 27% of 19 to 29 year olds are aware of the new health insurance marketplaces instituted by the ACA.

On August 22nd, Gallup released a poll which showed that while the number of Americans who approved or disapproved of the ACA remained steady, the number of people who had no opinion of the law increased from 4% in June to 11%.

Hearings and Mark-Ups Scheduled

The Senate and the House of Representatives are in recess until the week of September 9th.

Alyssa Franke also contributed to this article.

Article By:

of

Family and Medical Leave Act (FMLA) Protected Leave Now Available To Same-Sex Spouses

DrinkerBiddle

United States Secretary of Labor, Thomas Perez, recently issued an internal memorandum to department staff outlining the Department of Labor’s plan to issue guidance documents which will, among other things,  make protected leave available to same-sex couples under Family and Medical Leave Act (“FMLA”).  This action comes as the Department prepares to implement the Supreme Court’s recent decision in U.S. v. Windsor, which struck down the provisions of the Defense of Marriage Act (“DOMA”) that denied federal benefits to legally married same-sex spouses.  Calling it a “historic step toward equality for all American families,” Secretary Perez noted that the Department of Labor will coordinate with other federal agencies to make these changes “as swiftly and smoothly as possible.”

Secretary Perez stated that guidance documents would be updated to remove references to DOMA and to “affirm the availability of spousal leave based on same-sex marriages under the FMLA.  This change is of great consequence to same-sex spouses who previously were unable to access the job-protected leave provided under the FMLA.  Now, eligible same-sex spouses will be able to take FMLA leave for certain specified family and medical reasons, including caring for a spouse with a serious health condition, and generally will be returned to their original position or another position with equivalent pay, benefits and status.  The new interpretation reflected in the Department’s updated guidance documents will be effective immediately.

In the Department’s official blog, Modern Families and Worker Protections, Laura Fortman, the principal deputy administrator of the Wage and Hour Division, announced on August 13, 2013 that revisions had already been made to various FMLA guidance documents to reflect the changes necessitated by U.S. v. Windsor.  Fortman clarified that the “changes are not regulatory, and they do not fundamentally change the FMLA.”  They merely expand the universe of employees who are eligible for FMLA benefits by including legally married same- sex couples.  The updated documents can be viewed at these links:

Although Secretary Perez did not specifically address the question, the updated guidance documents indicate that the Department only intends to expand FMLA benefits to same-sex spouses in the 13 states and the District of Columbia that have recognized same-sex marriage.  As an example, Fact Sheet#28F,Qualifying Reasons for Leave Under the Family and Medical Leave Act, defines “spouse” for purposes of FMLA leave as  “a husband or wife as defined or recognized under state law for purposes of marriage in the state where the employee resides, including “common law” marriage and same-sex marriage.”   In contrast, the Office of Personnel Management announced on its website that benefits will be extended to Federal employees and annuitants who have “legally married a spouse of the same sex, regardless of the employee’s or annuitant’s state of residency.”

As initial steps to implementing these changes, employers should inform or train human resources personnel regarding the availability of FMLA leave to eligible employees under the specified definition of spouse; review internal procedures and leave documentation to ensure compliance, and finally, review employee handbooks and policies to include provisions for same-sex couples where appropriate.

Is Obesity A Disease? The American Medical Association Says “Yes”; The Americans with Disabilities Act Says . . .

Bracewell & Giuliani Logo

In June 2013, the American Medical Association (AMA) declared obesity a disease. The president of the AMA gave several reasons for this declaration[1] “[R]ecognizing obesity as a disease will help change the way the medical community tackles this complex health issue.” The AMA president emphasized that classifying obesity as a disease could encourage people to pay attention to the seriousness of obesity, increase the dialogue between patients and physicians, and result in greater investments in research.

The Americans with Disabilities Act (ADA) was amended, effective January 1, 2009, to greatly expand the coverage of the act. Employers and individuals continue to observe how the Equal Employment Opportunity Commission (EEOC) and courts interpret and implement the amendments. Obesity is one condition that continues to be affected by the amendments.

In the original regulations implementing the ADA, the EEOC stated that “except in rare circumstances, obesity is not considered a disabling impairment.” 29 C.F.R. § 1630.16 App. (§ 1630.2(j)). Similarly, in its pre-amendment Compliance Manual, the EEOC stated that normal deviations in height, weight or strength are not impairments. However, “severe obesity,” which the Compliance Manual defined as “100% over the norm,” is “clearly an impairment,” although whether obesity rises to the level of “disability” is, like all impairments, determined by the substantial limitations test. The EEOC also noted that persons who are severely obese may have underlying or related disorders such as hypertension or thyroid disorder which do qualify as impairments.

The EEOC’s March 2011 regulations, which reflect changes made by the ADA Amendments, retain the statement that “[t]he definition of the term ‘impairment’ does not include physical characteristics such as . . . height, weight, or muscle tone that are within ‘normal’ range and are not the result of a physiological disorder.” This statement, however, does not prevent obesity from being considered a disability under the amended ADA. The ADA requires an individual assessment of the individual to determine whether he or she is disabled.

There are two principal ways in which the amendments increase the likelihood that obesity will be considered a disability under the ADA: (i) broader standards under the “substantial limitations” test and (ii) individuals no longer need to show that they are actually disabled to prevail under the “regarded as” disabled prong.

The substantial limitation test and major life activities

To qualify for protection under the ADA, an individual must show that he or she is disabled—substantially limited in a major life activity. The amendments were, in large part, a legislative response to courts’ narrow interpretation of what constituted a substantial limitation.[2] Significantly, “‘[s]ubstantially limits’ is not meant to be a demanding standard.”[3]

In combination with an expanded interpretation of major life activities, which include walking, standing, sitting, reaching, lifting, bending, breathing and working as well as major bodily functions including digestive, respiratory, circulatory functions, it is likely that many individuals whose weight restricts them from performing these activities or is a result of the dysfunction of a bodily system will be disabled within the meaning of the amendments.[4]

“Regarded as” disabled

An individual may be illegally discriminated against under the ADA if he or she suffers an adverse employment action because his employer considers him to be disabled. Under the ADA amendments, the individual does not need to show that she is actually disabled, or that she is substantially limited in a major life activity—simply that her employer thought that she was and took adverse action based on that perception.

For example, in 2010 a Mississippi district court allowed Ms. Lowe, an obese receptionist, to proceed with her ADA “regarded as” claim because her former employer harassed her based on her use of disabled parking.[5] The court stated that under the amendments “an individual is now not required to demonstrate that the disability she is regarded as having is an actual qualified disability under the ADA or that it substantially limits a major life activity.” Instead, the plaintiff was only required to show that “she has been subjected to an action prohibited under [the ADA] because of an actual or perceived physical or mental impairment whether or not the impairment limits or is perceived to limit a major life activity.”

Significantly, “a plaintiff now might be considered disabled due to obesity under the ADA if her employer perceived her weight as an impairment.” Therefore, employers should take care not to assume that employees are unable to complete tasks simply because of their weight. The ADA also prohibits discrimination in hiring, so employers should not decline to hire an individual simply because he or she is obese.

The ADA does not apply to individuals who cannot perform the essential functions of their job because of a medical condition, including obesity. As with all medical conditions, employers must identify the job responsibilities that employees are not able to complete and engage in a dialogue with the employee about accommodations that will allow the employee to perform these functions. If employees cannot perform their essential job functions with accommodation, employers may take adverse employment actions based on the performance failures.

[1] Ardis D. Hoven, Obesity As a Disease?, Huffington Post, June 28, 2013, www.huffingtonpost.com/ardis-d-hoven-md/obesity-as-a-disease_b_3518956.html.

[2] See Regulations to Implement the Equal Employment Provisions of the American With Disabilities Act, as Amended, 76 Fed. Reg. 16981 (March 25, 2011) (stating that, in the ADA Amendments Act Congress “simply indicates that ‘substantially limits’ is a lower threshold than ‘prevents’ or ‘severely or significantly restricts,’ as prior Supreme Court decisions and the EEOC regulations had defined the term”.

[3] 29 C.F.R. § 1630.2(j)(1)(i).

[4] Although some courts impose a requirement that the individual be “severely obese” or have a weight “outside the normal range” to be disabled, the amendments likely supersede any such requirement for individuals who can show that their weight substantially limits a major life activity or is the result of the dysfunction of a major bodily function. Compare BNSF Ry. Co. v Feit, 2013 WL 1855832 (D. Mont. May 1, 2013) (relying on the repealed EEOC compliance manual for the definition of “severely obese”); with EEOC, Section 902 Definition of the Term Disability, available at: http://www.eeoc.gov/policy/docs/902cm.html (stating that the definition has been removed from the website because “the analysis in it has been superseded by the ADA Amendments Act.”).

[5] Lowe v. American Eurocopter LLC, No. 1:10CV24-A-D, 2010 U.S. Dist. LEXIS 133343 (N.D. Miss. Dec. 16, 2010).

Article By:

 of

Complying with the Affordable Care Act’s Exchange Notice Requirement

Mintz Logo

The Patient Protection and Affordable Care Act (the “Act”) amends the Fair Labor Standards Act (“FLSA”) to require employers of all sizes to provide their employees a notice of the availability of coverage through public health insurance exchanges by March 1, 2013.1 In January of this year, the U.S. Department of Labor, the agency charged with administering the FLSA, announced a delay in the effective date of the notice to the “late summer or fall of 2013.”2 In Technical Release No. 2013-02 (entitled, “Guidance on the Notice to Employees of Coverage Options under Fair Labor Standards Act §18B and Updated Model Election Notice under the Consolidated Omnibus Budget Reconciliation Act of 1985”),3 the Labor Department provided details about the FLSA exchange notice requirement. The effective date of the requirement is now October 1, 2013 for current employees or within 14 days of an employee’s start date for employees hired after that date.

Background

The FLSA exchange notice must include a description of the existence of, and services provided by, public exchanges. That Act further requires that the notice:

  • Explain how the employee may be eligible for a premium tax credit or a cost-sharing reduction if the employer’s plan does not meet certain requirements;
  • Inform employees that if they purchase a qualified health plan through the exchange, then they may lose any employer contribution toward the cost of employer-provided coverage, and that all or a portion of the employer contribution to employer-provided coverage may be excludable for federal income tax purposes;
  • Include contact information for customer service resources within the exchange, and an explanation of appeal rights;
  • Meet certain accessibility and readability requirements; and
  • Be in writing.

The Department has provided two model notices — one for employers who offer a health plan4 to some or all employees and another for employers who do not.5 The model notice for employers who offer a health plan includes two parts. Part A (entitled “General Information”) tracks the requirement of the statute. Part B (entitled, “Information About Health Coverage Offered by Your Employer”) solicits information about the employer’s group health plan coverage that is intended to assist employees who apply for subsidized coverage under a group health plan product offered through the exchange. Part B includes an optional section that asks the employer to disclose whether the health care coverage offered meets the minimum value standard and whether the cost of coverage is intended to be affordable. While not required, employers may decide to complete this part of the notice in order to avoid having to respond to inquiries from exchanges seeking to process an individual’s application.

The notice requirement applies to all employers who are subject to the FLSA. In general, the FLSA applies to employers that employ one or more employees who are engaged in, or produce goods for, interstate commerce. For most firms, a test of not less than $500,000 in annual dollar volume of business applies. The FLSA also specifically covers the following entities, regardless of dollar volume of business: hospitals; institutions primarily engaged in the care of the sick, the aged, mentally ill, or disabled who reside on the premises; schools for children who are mentally or physically disabled or gifted; preschools, elementary and secondary schools, and institutions of higher education; and federal, state and local government agencies. (For an explanation of the reach of the FLSA, please see http://www.dol.gov/compliance/guide/minwage.htm.)

Timing and Delivery of Notice

Under the heading “Timing and Delivery of Notice,” Technical Release No. 2013-02 provides as follows:

Employers are required to provide the notice to each new employee at the time of hiring beginning October 1, 2013. For 2014, the Department will consider a notice to be provided at the time of hiring if the notice is provided within 14 days of an employee’s start date. With respect to employees who are current employees before October 1, 2013, employers are required to provide the notice not later than October 1, 2013. The notice is required to be provided automatically, free of charge.

The notice must be provided in writing in a manner calculated to be understood by the average employee. It may be provided by first-class mail. Alternatively, it may be provided electronically if the requirements of the Department of Labor’s electronic disclosure safe harbor at 29 CFR 2520.104b-1(c) are met.

(Emphasis added).

The reference to “employees” means all employees, full-time and part-time, but there is no need to provide notices to dependents. Nor does the notice have to be provided to former employees or other individuals who are not employees but may be eligible for coverage (e.g., under COBRA).

The question of who, exactly, is an employee is an important one. The Act’s exchange notice requirement amends the FLSA. Thus, while the Internal Revenue Code and ERISA look to the “common law” standard, applicable court precedent interpreting the FLSA’s use of the term “employee” relies on the broader, “economic realities” test. Accordingly, an individual is an “employee” for FLSA purposes if he or she is economically dependent on the business for which he or she performs personal services. Thus, individuals properly classified as independent contractors for tax purposes may nevertheless be employees (to whom notice must be provided) for FLSA purposes.

Delivery can be in hand or by first class mail. Delivery may also be made electronically under the Department of Labor’s “electronic disclosure safe harbor at 29 CFR 2520.104b-1(c).” The regulations at 29 CFR 2520.104b-1 provide a safe harbor under which electronic delivery is permitted to employees who have the ability to effectively access documents furnished in electronic form at any location where the employee is reasonably expected to perform duties as an employee and with respect to whom access to the employer’s or plan sponsor’s electronic information system is an integral part of those duties. Under the safe harbor, other individuals may also opt into electronic delivery.

Enforcement

The Act does not appear to impose any separate penalty for ignoring the exchange notice requirement. The FLSA authorizes administrative actions, civil suits and criminal prosecutions for violations of pre-existing FLSA sections, but not, it seems, for this requirement. This does not mean, of course, that noncompliance is a good idea or even a viable option. The lack of penalties does not translate into a lack of consequences. Plan sponsors still have a fiduciary obligation to be forthcoming with plan participants and beneficiaries. (This situation is similar to the rules governing the distribution of summary plan descriptions — while not technically required, there are many good reasons to comply.)

Article By:

of

U.S. Department of Labor (DOL) Clarifies Family and Medical Leave Act (FMLA) Leave Entitlement for Same-Sex Spouses

Morgan Lewis logo

In the wake of the Supreme Court’s Windsor decision, employers should review and, if necessary, revise their FMLA policies and procedures to ensure compliance.

The U.S. Department of Labor (DOL) recently clarified that same-sex spouses are now covered by the Family and Medical Leave Act (FMLA) to the extent that an employee’s marriage is recognized in the state in which the employee resides. This clarification, which follows the U.S. Supreme Court’s decision in United States v. Windsor,[1] is consistent with the existing FMLA regulatory language defining a “spouse” for purposes of FMLA coverage.

The DOL did not issue any new formal, stand-alone guidance but instead revised several existing FMLA guidance documents to remove references to the Defense of Marriage Act (DOMA). It also affirmatively stated in a newly released Field Operations Handbook section on the FMLA that “[s]pouse means a husband or wife as defined or recognized under state law for purposes of marriage in the State where the employee resides, including common law marriage and same sex marriage.

Moving forward, FMLA spousal leave will only be available to employees who reside in a state that recognizes same-sex marriage, given that the existing FMLA regulatory language tied spousal coverage to the place of residence prior to the Windsor decision. However, the U.S. Office of Personnel Management (OPM), which has jurisdiction over FMLA rights for federal employees, recently issued post-Windsor guidance that extends FMLA leave rights to the spouses of federal employees without regard to states of residence.[2] OPM’s approach could eventually be followed by DOL for private sector employees and those employees otherwise covered by DOL rules but likely would require regulatory changes that would involve a notice and comment period.

It is worth noting that, while DOL’s clarification reflects a general increase in federal FMLA leave rights available to same-sex couples, in some circumstances, the availability of FMLA leave rights could mean a decrease in a given employee’s overall leave entitlement. For example, same-sex spouses residing in states recognizing same-sex marriage will now be subject to the FMLA’s restrictions on the combined amount of leave that spouses working for the same employer can use in certain circumstances. Similarly, an employee might have been entitled pre-Windsor to leave pursuant to state (but not federal) law to care for a same-sex spouse, which meant that the employee’s state and federal leave entitlements could not be exhausted concurrently.

Conclusion

In light of DOL’s updated guidance, employers should make sure that their FMLA policies allow spousal leave for employees in a same-sex marriage that is lawful in the state in which the employee resides. Employers, however, will need to think carefully about how they will administer such policies to avoid both employee relations issues and sexual orientation discrimination claims. For example, if an employer does not request documentation from an employee in an opposite-sex marriage as to whether the employee’s marriage is recognized in the state in which he or she resides, issues may arise if this information was requested of an employee in a same-sex marriage. While some employers may choose simply to grant FMLA leave to all employees regardless of domicile, employers need to be aware that such time may not be recognized as statutory FMLA leave. Employers should also pay close attention to future developments in this area as more states consider recognizing same-sex marriages.

[1]United States v. Windsor, 133 S. Ct. 2675 (2013).

[2]See U.S. Office of Personnel Admin., Benefits Administration Letter No. 13-203, Coverage of Same-Sex Spouses (July 17, 2013).

Article By:

Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health (HIPAA/HITECH) Compliance Strategies for Medical Device Manufacturers

Sheppard Mullin 2012

As computing power continues to become cheaper and more powerful, medical devices are increasingly capable of handling larger and larger sets of data. This provides the ability to log ever expanding amounts of information about medical device use and patient health. Whereas once the data that could be obtained from a therapeutic or diagnostic device would be limited to time and error codes, medical devices now have the potential to store personal patient health information. Interoperability between medical devices and electronic health record systems only increases the potential for medical devices to store personal information.

The concern has become so significant that the U.S. Food and Drug Administration recently issued a draft guidance and letter to industry noting concerns associated with theft or loss of medical information by cybersecurity vulnerable devices. For a more detailed discussion of this issue, see last month’s blog post.

This raises another important issue for medical device manufacturers and health care providers: medical device compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Compliance with HIPAA and HITECH has become a major concern for hospitals and health care providers, and will increasingly be an issue that medical device manufacturers will need to deal with.

A medical device manufacturer needs to answer three questions in order to determine whether the collection of patient information by a medical device is subject to HIPAA and HITECH:

  • Does the information qualify as Protected Health Information?
  • Is a Covered Entity involved?
  • Does a Business Associate relationship exist with a Covered Entity?

Protected Health Information

Protected Health Information (PHI) is individually identifiable health information transmitted or maintained in any form or medium.[1] Special treatment is given to electronic PHI, which is subject to both the HIPAA Privacy Rule, and the Security Rule (which only applies to electronic PHI). To be “individually identifiable,” the PHI must either identify the individual outright, or there must be a reasonable basis to believe that the information can be used to identify the individual.[2]

“Health information” is any information (including genetic information) that is oral or recorded in any form or medium, and meets two conditions.[3] First, the information must be created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.[4] Second, the information must relate to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual.[5]

If data collected by a medical device does not meet the definition of “individually identifiable,” or “health information,” it is not covered under HIPAA and HITECH. For example, a medical device that logs detailed medical diagnostic information about a patient, but includes no means by which that information may be traced to the patient, the data would likely fall outside of HIPAA and HITECH. Alternatively, a medical device, such as a mobile medical app, may request that a user provide detailed medical information about himself or herself. Provided that information is requested outside of the context of a health care provider, health plan, public health authority, employer, life insurer, school or university, HIPAA and HITECH similarly would likely not apply.

Covered Entities and Business Associates

There are two types of persons regulated by HIPAA and HITECH: “Covered Entities” and “Business Associates.” A Covered Entity is a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a covered transaction.[6] A Business Associate is a person who either creates, receives, maintains, or transmits PHI for a regulated activity on behalf of a covered entity, or provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to a covered entity, where the service involves the disclosure of PHI.[7]

Therefore, at a minimum, in order to be subject to HIPAA and HITECH a Covered Entity needs to be involved. For example, medical devices sold directly to consumers for personal use would generally not be subject to HIPAA and HITECH.

Conversely, just because a medical device manufacturer is not a “Covered Entity,” HIPAA and HITECH may apply through a Business Associate relationship. Business Associates include Health Information Organizations, E-prescribing Gateways, and others that provide data transmission services with respect to PHI to a covered entity, and that require access on a routine basis to PHI.[8] Business Associates also include persons that offer PHI to others on the behalf of a covered entity, or that subcontract with a Business Associate to create, receive, maintain, or transmit PHI.[9]

[1] 45 C.F.R. § 160.103 “Protected health information”.

[2] 45 C.F.R. § 160.103 “Individually identifiable health information” (2)(i) and (ii).

[3] 45 C.F.R. § 160.103 “Health information”.

[4] 45 C.F.R. § 160.103 “Health information” (1).

[5] 45 C.F.R. § 160.103 “Health information” (2).

[6] 45 C.F.R. § 160.103 “Covered entity”.

[7] 45 C.F.R. § 160.103 “Business associate” (1).

[8] 45 C.F.R. § 160.103 “Business associate” (3)(i).

[9] 45 C.F.R. § 160.103 “Business associate” (3)(ii) and (iii).

Article By:

 of

A Review of Centers for Medicare & Medicaid Services' (CMS) Approach to $125 Million Recoupment of Payments to Providers for Services to Incarcerated / Unlawfully Present Beneficiaries

Sheppard Mullin 2012

CMS seeks to recover from providers $125 million in alleged overpayments for services to beneficiaries who are belatedly identified as ineligible (incarcerated/unlawfully present). This post examines the recovery process CMS has put in place, noting CMS procedural shortcomings and reviewing some substantive defenses available to providers facing such demands.

In January 2013, CMS’ Office of Investigator General released two parallel reports, criticizing CMS for making improper payments to providers for services rendered to beneficiaries who, according to updated Social Security Administration records, were either incarcerated or unlawfully present in the United States at the time of such service.[1]

OIG concluded that between 2010-2012, CMS made more than $125 million in improper payments to providers (including hospitals, outpatient facilities, physicians, skilled nurses, DME suppliers, home health, and hospice). OIG recommended that CMS take steps to recover such funds and avoid such payments in future.

In response, CMS noted that it already had in place a system that checks, at the time a claim is submitted, the eligibility status of each beneficiary. If data indicates that a patient is not eligible, the claim is rejected. As a result, all overpayments identified by OIG resulted from changes to SSA data after claims were processed.

Apparently anticipating these OIG reports, in November 2012, CMS published two change requests[2] to implement an Informational Unsolicited Response Process (IUR). Through an IUR, the Common Working File system would automatically flag and report to the MACs any previously paid claims where subsequent data updates indicated that the beneficiary was not eligible at time of service due to incarceration or unlawfully present status. In Spring 2013, CMS began implementing the incarcerated patient IUR.

Although CMS has Regional Audit Contractors (RACs) in place to perform post payment technical bill review, CMS has bypassed the RAC process; instead, using the IUR, CMS has instructed the MACs to “initiate recoupment procedures” upon receipt of an IUR to recover these funds. MACs, acting upon this instruction, immediately initiated recoupment through remittance advice[3] based simply upon the subsequent SSA data change. By acting in this way, CMS:

Failed to provide any explanation of the reason for the overpayment redetermination;
Failed to provide the required 15 day opportunity for rebuttal;
Failed to defer recoupment pending the 15 day rebuttal period and through reconsideration;
Failed to address whether provider liability should be waived under section 1870 of the Social Security Act (no fault waiver); and
Failed to advise providers of their appeal rights.[4]

Providers reacted with surprise, placing many calls to the MACs and SSA (to address mistakes in data). In many cases, SSA data indicating incarceration of a patient was simply erroneous; even if valid, it appears that, like CMS, provider were generally unaware of ineligibility at the time of service.

CMS initially took the position that notice letters were not required and there would be no appeal rights; CMS at first indicated that any erroneous findings would be addressed by “data revisions” (presumably through a discretionary reopening by the MAC).

CMS has modified some of its positions based upon provider objection.

In recent FAQs,[5] CMS now concedes that providers do have appeal rights.

But CMS says most errors won’t be fixed until October 2013.

Critically, CMS has not yet addressed its failure to give providers proper notice, explanation of findings, rebuttal rights, its failure to consider no fault waiver. CMS also has so far failed to honor the post payment restrictions on recoupment pending rebuttal and appeal.

The SSA database is not perfect. In one case, a hospice was put on recoupment for months of service to a female beneficiary in 2010-2011 who was mistakenly identified in the SSA database with an unrelated incarcerated male patient. Notice and thoughtful consideration of rebuttal evidence would have prevented this error.

Perhaps more importantly for the general provider community, at the time each provider filed claims for services previously rendered, SSA data showed that the patient was eligible (or the claim would not have been paid). This fact presents a strong case for waiver of provider overpayment liability under the no fault provisions of section 1870 of the Social Security Act.

[1]http://oig.hhs.gov/oas/reports/region7/70203008.htm and https://oig.hhs.gov/oas/reports/region7/71201116.asp

[2] CR 8007 and CR 8009; eg: http://www.cms.gov/Regulations-and-Guidance/Guidance/Transmittals/Downloads/R1134OTN.pdf

[3] Incarcerated Patient shows ANSI Code 81G.

[4] Key Authorities Include: 42 USC §§ 1395ff, 1395gg, 1395ddd(f); 42 CFR §§ 405.373, 405.379, 405.982; and the Medicare Financial Management Manual, Ch. 34, § 90.

[5] http://www.cms.gov/Medicare/Medicare-Contracting/FFSProvCustSvcGen/Downloads/Incarcerated-Beneficiary-FAQs-8-1-13.pdf

Article By:

 of

U.S. Medical Oncology Practice Sentenced for Use and Medicare Billing of Cancer Drugs Intended for Foreign Markets

GT Law

In a June 28, 2013 news release by the Office of the United States Attorney for the Southern District of Californiain San Diego, it was reported that a La Jolla, California medical oncology practice pleaded guilty and was sentenced to pay a $500,000 fine, forfeit $1.2 million in gross proceeds received from the Medicare program, and make restitution to Medicare in the amount of $1.7 million for purchasing unapproved foreign cancer drugs and billing the Medicare program as if the drugs were legitimate. Although the drugs contained the same active ingredients as drugs sold in the U.S. under the brand names Abraxane®, Alimta®, Aloxi®, Boniva®, Eloxatin®, Gemzar®, Neulasta®, Rituxan®, Taxotere®, Venofer® and Zometa®), the drugs purchased by the corporation were meant for markets outside the United States, and were not drugs approved by the FDA for use in the United States. Medicare provides reimbursement only for drugs approved by the Food and Drug Administration (FDA) for use in the United States. To conceal the scheme, the oncology practice fraudulently used and billed the Medicare program using reimbursement codes for FDA approved cancer drugs.

In pleading guilty, the practice admitted that from 2007 to 2011 it had purchased $3.4 million of foreign cancer drugs, knowing they had not been approved by the U.S. Food and Drug Administration for use in the United States. The practice admitted that it was aware that the drugs were intended for markets other than the United States and were not the drugs approved by the FDA for use in the United States because: (a) the packaging and shipping documents indicated that drugs were shipped to the office from outside the United States; (b) many of the invoices identified the origin of the drugs and intended markets for the drugs as countries other than the United States; (c) the labels did not bear the “Rx Only” language required by the FDA; (d) the labels did not bear the National Drug Code (NDC) numbers found on the versions of the drugs intended for the U.S. market; (e) many of the labels had information in foreign languages; (f) the drugs were purchased at a substantial discount; (g) the packing slips indicated that the drugs came from the United Kingdom; and (h) in October, 2008 the practice had received a notice from the FDA that a shipment of drugs had been detained because the drugs were unapproved.

In a related False Claims Act lawsuit filed by the United States, the physician and his medical practice corporation paid in excess of $2.2 million to settle allegations that they submitted false claims to the Medicare program. The corporation was allowed to apply that sum toward the amount owed in the criminal restitution to Medicare. The physician pleaded guilty to a misdemeanor charge of introducing unapproved drugs into interstate commerce, admitting that on July 8, 2010, he purchased the prescription drug MabThera (intended for market in Turkey and shipped from a source in Canada) and administered it to patients. Rituxan®, a product with the same active ingredient, is approved by the Food and Drug Administration for use in the United States.

Article By:

 of