Office of Federal Contract Compliance Programs (OFCCP) New Rules Target Veterans and Individuals with Disabilities

DrinkerBiddle

Familiar with this?  It’s time to update your affirmative action plans.  For the women and minorities plan, you gather your applicant data, prepare spreadsheets and update your written materials to reflect new goals and changes in your recruiting sources.  For the veterans and individuals with disabilities plan, you update a bit and you’re done.  Starting early next year, however, the rules will change making updates more onerous for employers.  On August 27, 2013, the Office of Federal Contract Compliance Programs announced final rules for federal contractors regarding hiring and employment of disabled individuals and protected veterans and imposing new data retention and affirmative action obligations on contractors.  The rules are expected to be published in the Federal Register shortly and will become effective 180 days later.

The key changes include:

  • Benchmarks.  Contractors must establish benchmarks, using one of two methods approved by the OFCCP, to measure progress in hiring veterans.  Likewise, contractors must strive to hire individuals with disabilities to comprise at least seven percent of employees in each job group.  The OFCCP says these are meant to be aspirational, and are not designed to be quotas.
  • Data Analysis and Retention.  Contractors must document and update annually several quantitative comparisons for the number of veterans who apply for jobs and the number of veterans that they hire.  Likewise, for individuals with disabilities, contractors are required to conduct analyses of disabled applicants and those hired.  Such data must be retained for three years.
  • Invitation to Self-Identify.  Contractors must invite applicants to self-identify as protected veterans and as an individual with a disability at both the pre-offer and post-offer phases of the application process, using language to be provided by the OFCCP.  This particular requirement worries employers who know that the less demographic information they have about applicants, the better – especially when the application is denied.  Contractors must also invite their employees to self-identify as individuals with a disability every five years, using language to be provided by the OFCCP.

Additional information, including with respect new requirements such as incorporating the equal opportunity clause into contracts, job listings, and records access, can be found here (http://www.dol.gov/ofccp/regs/compliance/vevraa.htm) and here (http://www.dol.gov/ofccp/regs/compliance/section503.htm).

Contractors with an Affirmative Action Plan already in place on the effective date of the regulations will have additional time, until they create their next plans, to bring their plan into compliance.  However, whether they have a current Affirmative Action Plan or not, federal contractors should begin looking at these new rules now and take steps to ensure they are in compliance.

Article By:

 of

Mandatory Paid Sick Leave Arrives in New York City

VedderPriceLogo

On Thursday, June 27, members of the New York City Council voted to override Mayor Michael Bloomberg’s veto of the City’s Earned Sick Time Act (the Act). New York City thus became the latest (and the most populous) of a growing number of localities – including San Francisco; Washington, DC; Seattle; Portland, ME; and the State of Connecticut – to impose mandatory sick leave obligations on employers.

The NYC Earned Sick Time Act: An Overview

Virtually all private sector employers within the geographic boundaries of New York City are covered by the Act’s provisions. Notable exceptions include a limited number of manufacturing entities, as well as employers whose workers are governed by a collective bargaining agreement that expressly waives the Act’s provisions while at the same time providing those workers with a comparable benefit.

The Act will eventually cover more than one million employees, providing each of them with up to five days of paid leave each year. In its first phase of implementation, currently scheduled to take effect on April 1, 2014, the Act will apply only to those employers that employ 20 or more workers in New York City. The second phase of implementation will begin 18 months later (currently, October 15, 2015), at which time the Act will expand to those employers with at least 15 City-based employees. The Act will require employers with fewer than 15 City-based employees to provide their employees with unpaid, rather than paid, sick time.

New York City-based employees (regardless of whether they are employed on a full- or part-time, temporary or seasonal basis) who work more than 80 hours during a calendar year will accrue paid sick time at a minimum rate of one hour for each 30 hours worked. The Act caps mandatory accrual of paid sick time at 40 hours per calendar year (the equivalent of one five-day workweek). Although the Act provides only for a statutory minimum, employers are free to provide their employees with additional paid time if they so desire. Accrual of paid leave time begins on the first day of employment, but employers may require employees to first work as many as 120 days before permitting them to make use of the time they have accrued.

The Act specifies that employees will be able to use their accrued time for absences from work that occur because of: (1) the employee’s own mental or physical illness, injury or health condition, or the need for the employee to seek preventive medical care; (2) care of a family member in need of such diagnosis, care, treatment or preventive medical care; or (3) closure of the place of business because of a public health emergency, as declared by a public health official, or the employee’s need to care for a child whose school or childcare provider has been closed because of such a declared emergency.

Although the Act allows employees to carry over accrued but unused leave time from year to year, it does not require employers to permit the use of more than 40 hours of paid leave each year. Likewise, it does not require employers to pay out accrued, but unused, sick leave upon an employee’s separation from employment.

Employers that have already implemented paid leave policies – such as policies that provide for paid time off (PTO), personal days and/or vacation – that provide employees with an amount of paid leave time sufficient to meet the Act’s accrual requirements may not be required to provide their employees with anything more once the Act takes effect. As long as an employer’s current policy or policies allow the paid leave in question to be used “for the same purposes and under the same conditions as paid sick leave,” nothing more is necessary.

The Act Requires Proper Notice to Both Employees and Employers

Once the Act is implemented, employers will be required to inform new employees of their rights when they are hired, and will have to post additional notices in the workplace (suitable notices will be made available for download on the Department of Consumer Affairs website). In addition to providing information about the Act’s substantive provisions, employees must also be informed of the Act’s provision against retaliation and how they may lodge a complaint.

Likewise, an employer may require reasonable notice from employees who plan to make use of their accrued time. The Act defines such notice as seven days in the case of a foreseeable situation, and as soon as is practicable when the need for leave could not have been foreseen.

Penalties and Enforcement

The Act will be enforced by the City’s Department of Consumer Affairs. Because the Act contains no private right of action, an employee’s only avenue for redress will be through the Consumer Affairs complaint process. Employees alleging such a violation have 270 days within which to file a complaint. Penalties for its violation are potentially steep; they include: (1) the greater of $250 or three times the wages that should have been paid for each instance of sick time taken; (2) $500 for each instance of paid sick time unlawfully denied to an employee, or for which an employee is unlawfully required to work additional hours without mutual consent; (3) full compensation, including lost wages and benefits, for each instance of unlawful retaliation other than discharge from employment, along with $500 and equitable relief; and (4) $2,500 for each instance of unlawful termination of employment, along with equitable relief (including potential reinstatement).

Employers found to have violated the Act may also face fines from the City of up to $500 for the first violation, $750 for a second violation within two years of the first, and $1,000 for any subsequent violation within two years of the one before. Additionally, employers that willfully fail to provide the required notice of the Act’s substantive provisions will be fined $50 for each employee who did not receive such notice.

The Act, meanwhile, does not prohibit employers from requiring that such an employee provide documentation from a licensed health care professional to demonstrate the necessity for the amount of sick leave taken. Employers are free under the Act to discipline employees, up to and including termination, who take sick leave for an improper purpose. They are prohibited, however, from inquiring as to the nature of an employee’s injury, illness or condition.

A Federal District Court in Florida Finds Hospital System Properly Terminated a Professional Services Contract for a Health Insurance Portability and Accountability Act (HIPAA) Breach

Dickinson Wright Logo

The U.S. District Court for the Southern District of Florida found on June 20, 2013 that defendant Community Health Systems, Inc., and its affiliated hospital, Salem Hospital (collectively, “CHS”) properly terminated a Professional Services Agreement it had with Managed Care Solutions, Inc. (“MCS”) for breach of contract after determining that Nichole Scott, one of MCS’s employees, misappropriated Protected Health Information (“PHI”) from the hospital. Ms. Scott misappropriated PHI from the hospital’s patients including patients’ checks, credit card numbers and social security numbers.

The Business Associate Agreement (“BAA”) between CHS and MCS provided, among other things, that in the event MCS breached its obligations under the BAA, CHS could terminate both the BAA and the Professional Services Agreement. After CHS terminated the Professional Services Agreement with MCS as a result of Ms. Scott’s misappropriation of its patients’ PHI, MCS sued CHS for breach of contract. The Florida District Court granted CHS’s motion for summary judgment and dismissed the lawsuit.

The lesson from this case is that healthcare entities should have clear cross-default provisions in their Professional Services Agreements with their business associates and in their Business Associate Agreements that allow them to terminate the Professional Services Agreement or take other appropriate remedial action in the event of a breach by the business associate of its obligations under the Professional Services Agreement and/or under the Business Associate Agreement.

Article By:

 of

Photocopiers – A Recurring Data Security Risk

DrinkerBiddle

In a case that illustrates the data privacy risks associated with modern copiers, the United States Department of Health and Human Resources (HHS) has announced a $1,215,780 settlement with Affinity Health Plan, Inc. (Affinity), arising from an investigation of potential violations of the HIPAA Privacy and Security Rules.

This matter started when Affinity was advised by CBS Evening News that CBS had purchased a photocopier previously leased by Affinity.  CBS explained that the copier’s hard drive contained confidential medical information relating to Affinity patients.  As a result, on August 15, 2010, Affinity self-reported a breach with the HHS’ Office for Civil Rights (OCR).  Affinity estimated that the medical records of approximately 344,000 persons may have been affected by this breach.  Moreover, Affinity apparently had returned multiple photocopiers to office equipment vendors in the past without erasing the data contained upon the internal hard drives of those returned copiers.

After investigating this matter, OCR determined that Affinity had failed to incorporate photocopier hard drives into its definition of electronic protected health information (ePHI) in its risk assessments as required by the Security Rule.  Affinity also failed to implement appropriate policies and procedures to scrub internal hard drives when returning photocopiers to its office equipment vendors.  As a result, OCR determined that Affinity also violated the Privacy Rule.

In discussing this issue, Leon Rodriguez, Director of OCR, stated that, “This settlement illustrates an important reminder about equipment designed to retain electronic information: Make sure that all personal information is wiped from hardware before it is recycled, thrown away or sent back to a leasing agent…HIPAA covered entities are required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have appropriate safeguards in place to protect this information.”

In addition to the agreed upon settlement payment of $1,215,780, the settlement also requires the implementation of a Corrective Action Plan (CAP).  The CAP requires Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and take protective measures to safeguard all ePHI going forward.

Points to Consider

Affinity’s case demonstrates the risks presented by the modern copier – they are specialized computers that will store data and retain itindefinitely.  Thus, they pose a security risk for any company that processes and/or possesses personally identifiable information or proprietary information, such as trade secrets, research and development records, marketing plans and financial information.  Clearly, this risk applies to businesses regardless of specific business sector.

Therefore, when acquiring a copier, consider all options available to protect the data processed on that machine, typically through encryption or overwriting.  Encryption will scramble the data that remains stored on the copier’s hard drive.  Overwriting (or wiping) will make reconstructing the data initially on the drive very difficult.

Finally, anticipate the copier’s return to the vendor or other disposition.  Make sure that arrangements are made prior to the copier’s departure to effect the hard drive’s removal and secure disposition so as to make any data on it unusable to third parties.  Often vendors will provide such a service as will IT consultants.

Note that protecting sensitive information is a company’s ongoing responsibility.  Make sure that copiers are considered as part of any comprehensive data security or privacy policy (as are PCs, laptops, smart phones, flash drives and other electronic devices) to avoid an avoidable, but costly and embarrassing, data breach.

For additional information from the FTC on safeguarding sensitive data stored on the hard drives of digital copiers, click here.

Article By:

 of

Health Care on the Hill: Week of September 9, 2013

DrinkerBiddle

This week Congress returns to Washington, DC following their August recess and are jumping right back into legislative matters. Listed below are a few health-related hearings scheduled for this week.

Each Monday Capitol Health Record will be providing health-related highlights for the coming week.

Tuesday, September 10, 2013

10:15 a.m.
PPACA Pulse Check: Part Two
House Energy and Commerce Subcommittee on Health Hearing
2322 Rayburn House Office Building

Wednesday, September 11, 2013

2:00 p.m.
The Threat to Americans’ Personal Information: A Look into the Security and Reliability of the Health Exchange Data Hub
House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies Hearing
311 Cannon House Office Building

Thursday, September 12, 2013

10:00 a.m.
Dental Crisis in America: The Need to Address Cost
Senate Health, Education, Labor, and Pensions Subcommittee on Primary Health and Aging Hearing
430 Dirksen Senate Office Building

Thursday, September 12, 2013 and Friday, September 13, 2013

In addition to the above Congressional hearings, the Medicare Payment Advisory Commission (MedPAC) will be meeting in Washington, DC on Thursday and Friday to discuss recommendations regarding Medicare payment policies. MedPAC will meet at the Ronald Reagan Building and International Trade Center (1300 Pennsylvania Avenue, NW) from 9:30 a.m. to 5:15 p.m. on Thursday and 9:00 a.m. to 12:00 p.m. on Friday (agenda).

Amy Walker contributed to this article.

 of

A Continued Examination of Charitable Patient Assistance Programs Part Seven in a Series: Charitable PAPs: Donations and Transparency 2013-09-03

Mintz Logo

In today’s challenging health care environment, Charitable Patient Assistance Programs (Charitable PAPs) have emerged to meet the needs of the nearly 30 million Americans that are underinsured and have difficulty paying out-of-pocket medical costs. As potential donors make strategic decisions to invest in Charitable PAPs, there are many elements that must be considered to ensure compliance with all applicable laws and regulations. For the previous alerts in the series, please refer here.

As Charitable PAPs are entrusted with donations to help patients, it is important that the organization is accountable to its donors and is in compliance with all relevant audit requirements. When considering a donation to a Charitable PAP, it is important to evaluate the organization’s commitment to regular and thorough independent, third-party reviews to verify program and financial transparency and to validate operations:

  • Does the organization undergo regular, independent financial audits? In most cases, non-profit 990s are prepared by an accredited and industry-recognized financial auditing firm typically named on the 990. Researching the firms can provide insight into the thoroughness of the audit.
  • Does the Charitable PAP agree to operate in a certain manner with its donors? Is compliance audited? It is possible to request copies of compliance audits to make sure the organization is adhering to applicable requirements and restrictions as outlined to donors.
 of

Top Whistleblower Settlements of 2013 – To Date

tz logo 2

The theme of the top whistleblower settlements to date in 2013 is, once again, health care fraud. Eight of the largest settlements involve fraud in the health care industry. This is indicative of the number of health care fraud cases being filed in recent years. According to the Department of Justice, since January 2009, over $10.3 billion has been recovered from health care fraud cases. This year, the focus seems to have particularly shifted to cases involving violations of the Anti-Kickback Statute and Stark law, which prohibit the giving of financial incentives for referrals or the use of particular pharmaceuticals or devices. Without further ado, here are the top whistleblower settlements of 2013 to date:

1. Ranbaxy USA Inc. ($500 Million)

Ranbaxy USA Inc., a subsidiary of Indian generic pharmaceutical manufacturer Ranbaxy Laboratories Limited, agreed to pay a total of $500 million to settle criminal and civil allegations filed against the company. Ranbaxy pleaded guilty and agreed to pay a criminal fine and forfeiture of $150 million. The civil settlement, which resolves False Claims Act violations, was for $350 million. Ranbaxy was accused of poor oversight and inadequate testing and maintenance of drugs manufactured at its facilities in Paonta Sahib and Dewas, India. This lead to false claims being submitted to numerous government agencies including the FDA, Medicaid, Medicare, TRICARE, the Federal Employees Health Benefits Program, the Department of Veterans Affairs, and USAID. The whistleblower in this case, former Ranbaxy executive Dinesh Thakur, will receive $48.6 million from the federal share of the civil settlement.

For more information about this settlement, read the DOJ press release.

2. C.R. Bard Inc. ($48.26 Million)

C.R. Bard Inc., a New Jersey-based corporation that develops, manufactures, and markets medical products, agreed to pay $48.26 million to resolve kickback allegations filed against the company. Bard was accused of submitting false claims to Medicare for brachytherapy seeds used to treat prostate cancer. According to the complaint filed in 2006, Bard paid illegal kickbacks in numerous forms to both physicians and customers who used the seeds to perform treatment for prostate cancer. The whistleblower in this case, Julie Darity, was a former Bard manager for brachytherapy contracts administration. She will receive $10,134,600 as her portion of the settlement.

For more information about this settlement, read the DOJ press release

3. Par Pharmaceutical Companies Inc. ($45 million)

Par Pharmaceutical Companies, Inc., one of the top five U.S. generic pharmaceutical companies, pleaded guilty to federal criminal charges and agreed to settle civil allegations involving the company’s promotion of the drug Megace ES. Par was fined $18 million and ordered to pay an additional $4.5 million in criminal forfeiture. The company will also pay $22.5 million to resolve the civil allegations. The civil suit accused Par of promoting Megace ES for non-FDA approved uses that were not covered by federal healthcare programs and of actively ignoring some of the negative side effects the drug has on various patient groups when promoting Megace ES. The settlement resolves three separate whistleblower lawsuits that were filed against the company. Two of the five whistleblowers in the cases, Mr. Michael McKeen and Ms. Courtney Combs will receive $4.4 million as their portion of the settlement. Any payments to the other whistleblowers, Ms. Christine Thomas, Mr. James Lundstrom, and Mr. Elliott, are unknown at this time.

For more information about this settlement, read our blog post.

4. Dr. Steven J. Wasserman ($26.1 Million)

This year, the Department of Justice announced one of the largest ever settlements with an individual under the False Claims Act. Florida dermatologist, Dr. Steven J. Wasserman agreed to settle allegations filed against him for $26.1 million. Dr. Wasserman was accused of performing medically unnecessary services and engaging in an illegal kickback scheme. Dr. Alan Freedman, the whistleblower in this case, was a pathologist at a company involved in the kickback operation. He filed his qui tam lawsuit in 2004 and will receive slightly over $4 million as his share in the settlement.  

For more information about this settlement, read our blog post. 

5. CH2M Hill Hanford Group Inc. ($18.5 Million)

CH2M Hill Hanford Group Inc. and its parent company CH2M Hill Companies Ltd. agreed to settle civil and criminal allegations relating to time card fraud for a total of $18.5 million. CH2M had a contract with the Department of Energy to manage and clean 177 large underground storage tanks that contained radioactive and hazardous waste at a nuclear site in Washington. CH2M employees allegedly regularly overstated the number of hours they worked on time cards submitted to the Department of Energy. As a result, CH2M was overpaid for more hours of work than were actually performed. The civil settlement was for $16.55 million. CH2M will also pay $1.95 million to resolve the criminal liabilities. To date, eight CH2M employees have pleaded guilty to engaging in the time card fraud. The whistleblower in this case, Carl Schroeder, was a former CH2M employee and one of the individuals who pleaded guilty to the scheme. The qui tam provisions of the False Claims Act bar whistleblowers from receiving a portion of the settlements if they are convicted for their role in the fraud scheme. Therefore, Mr. Schroeder will not receive a portion of this settlement.

For more information about this settlement, read the DOJ press release. 

6. American Sleep Medicine LLC ($15.3 Million)

The Department of Justice announced a $15.3 million False Claims Act settlement it reached with American Sleep Medicine LLC. American Sleep is a Florida-based company that owns and operates 19 diagnostic sleep testing centers across the country. Its primary business is to provide testing for patients who suffer from sleep disorders. American Sleep allegedly submitted false claims to Medicare, TRICARE, and the Railroad Retirement Medicare Program for tests that were performed by technicians who lacked the proper certification required by these agencies for reimbursement. The whistleblower in this case, Daniel Purnell, will receive about $2.6 million as his portion of the settlement.

For more information about this settlement, read the DOJ press release.  

7. Adventist Health System & White Memorial Medical Center
   ($14.1 Million)

This month, Adventist Health System and its affiliated hospital White Memorial Medical Center agreed to a $14.1 million settlement. The settlement was the result of a qui tam lawsuit filed against the companies accusing them of violating the Anti-Kickback Act and the Stark Statute. Of the $14.1 million, $11.5 million will go to the federal government and $2.6 million will go to California’s Department of Health Care Services. Adventist Health was allegedly improperly compensating physicians for patient referrals to White Memorial by transferring medical and non-medical supplies and other inventory to the physicians at less than fair market value. White Memorial was also accused of paying referring physicians at a rate above fair market value for teaching services at the family practice residency program. The whistleblowers in this case were Dr. Hector Luque and Dr. Alejandro Gonzalez, who were members and partners of White Memorial. They will collectively receive $2,389,219 as their portion of the settlement.

For more information about this settlement, read our blog post.

8. Cooper Health System ($12.6 Million)

Cooper Health System and Cooper University Hospital, a hospital and health care system in South New Jersey, agreed to a $12.6 million settlement that resolved allegations that Cooper engaged in an elaborate illegal kickback scheme. According to the complaint, Cooper created a sham advisory board to pay high-volume medical practices upwards of $18,500 each to attend four meetings over the course of a year with the true goal of encouraging medical practices to refer patients to Cooper. The whistleblower in this case, Dr. Nicholas L. DePace, is a prominent Delaware Valley cardiologist. Dr. DePace was invited to join the sham advisory board and, after attending one of the meetings, figured out Cooper’s true intentions. Dr. DePace’s whistleblower reward has not yet been determined.

For more information about this settlement, read our blog post.

9. Hospice of Arizona ($12 Million)

Three Arizona hospice companies, Hospice of Arizona LC, American Hospice Management LLC and American Hospice Management Holdings LLC, agreed to settle a False Claims Act lawsuit with the government for $12 million. In order for hospice care to be reimbursed by Medicare, patients are required to have a life expectancy of, at most, six months.The qui tam lawsuit, filed against the companies in 2010, accused the defendants of submitting false claims to Medicare for patients who did not need to be admitted to the Hospice of Arizona. Additionally, they were accused of submitting false claims by overbilling Medicare for some of the hospice’s services. Ellen Momeyer, the whistleblower in this action, was a former Hospice of Arizona employee. Momeyer will receive $1.8 million (approximately 15%) as her share of the settlement.

For more information about this settlement, read our blog post.

Article By:

 of

Michigan Cardiology Settlement of Medicare and Medicaid Fraud Allegations

tz logo 2

On July 10, 2013, United States Attorney Barbara L. McQuade announced a $4 million settlement between Allegiance Health d/b/a W.A. Foote Memorial Hospital, Jackson Cardiology Associates, P.C., Jashu R. Patel, M.D. and the U.S. Government.  The U.S. Department of Justice collaborated with the Birmingham, Michigan law firm, Vezina Law, PLC, in pursuing this action against the Jackson, Michigan based defendants.

According to allegations brought against the defendants in 2008, Foote Memorial Hospital, Jackson Cardiology Associates, and Dr. Patel knowingly billed Medicare, Medicaid, and other federal health care programs for medically unnecessary cardiovascular procedures and tests, including, but not limited to, stress tests, cardiac catheterizations, cardiac stents, and peripheral angiography procedures.

The lawsuit was filed in the United States District Court for the Eastern District of Michigan under the qui tam provisions of the Federal and State False Claims Acts.  Both False Claims Acts allow private individuals with knowledge of fraud against a government program to file lawsuits on the Government’s behalf.  If the case is successful, the private plaintiffs, known as relators or whistleblowers, are entitled to a percentage of the Government’s recovery.  The state and federal False Claims Acts both provide for recovery of three times the single damages incurred by the government as a result of the fraud, as well as civil monetary penalties of between $5,500 and $11,000 per false claim submitted and statutory attorney fees.

The relator in this case is Dr. Julie Movach, an independent contractor with Medical Practice and a physician board certified in internal medicine, cardiology, and echocardiography.  Dr. Movach released a statement explaining how important it is for her to deliver the best care to her patients and ensure that they do not undergo any unnecessary procedures.  When she realized that certain health care providers were more concerned with their personal financial well-being rather than the welfare of their patients, to the point that they would commit fraud against federal health care programs, Dr. Movach knew she must expose this corruption.  She took it upon herself to file a lawsuit against the defendants on behalf of the U.S. government.  Dr. Movach deserves our thanks and applause for her willingness to risk her livelihood in order to ensure people with genuine need can continue to receive assistance from Medicare and Medicaid.

In this case, the combined settlement was $4,150,988.31. The Foote Memorial Hospital settled the allegations with the federal government for $1,824.927.98 and with the State of Michigan for $126,060.33.  At the same time, Dr. Patel and Jackson Cardiology settled the allegations with the federal government for $2,200,000.00.  As the whistleblower, Dr. Movach will receive a 19% share of the overall settlement, which amounts to approximately $760,000 of the proceeds.

 of

Countdown to HITECH Compliance: How to Redistribute Your Notice of Privacy Practices

Poyner SpruillSeptember 23, 2013 is the fast-approaching compliance deadline for the final omnibus HIPAA/HITECH rules.  Many provisions required revisions to Notices of Privacy Practices (NPPs) maintained and distributed by covered entities.  The U.S. Department of Health and Human Services (HHS) has made clear that these changes are material.  As a result, covered entities must redistribute their NPPs shortly in order to meet HITECH’s requirements.  This alert describes the manner of redistribution dictated by HIPAA.

General Requirements

When revising NPPs, keep in mind that whether paper or web-based, HHS requires them to be accessible to all individuals, including those with disabilities.  Covered providers required to comply with Section 504 of the Rehabilitation Act or the Americans with Disabilities Act must also take steps to ensure effective communication with individuals with disabilities, including making the revised NPP available in Braille, large print, or audio.  HIPAA also requires NPPs to be written in plain language.

Changes to the NPP may not be implemented prior to the NPP’s new effective date, unless otherwise required by law.  Typically, any change to the practices described within the revised NPP may only be applied to PHI created or received after the effective date of the change.  All previous versions of the NPP and any acknowledgments of its receipt must be maintained for six years from the last effective date.

If You Are a Health Care Provider

For existing patients, you must make the revised NPP available upon request on or after the effective date of the changes (for most, this date will be September 23, 2013).  If you have a physical service delivery site (such as a clinic or hospital), you must have copies of the NPP available at the site for individuals to take with them upon request.  You also must post a copy of the NPP or summary of the revisions in a clear and prominent location, where it is reasonable to expect individuals to be able to read the posting.  You must ensure all new patients receive the revised NPP at the time of first service after the effective date of the changes.  The revised NPP must be made available on your website if you have one.  If patients have agreed to receive electronic notice of the NPP, you may e-mail the revised NPP to those patients.  You do not need to obtain acknowledgment of receipt from individuals, except for the initial distribution of the NPP provided at the first time of service.

If You Are a Health Plan

You must distribute the revised NPP to current plan participants.  If you post your NPP on a website, then you must post the revised NPP, or a description of the material changes, prominently on that website by the effective date of the changes.  You also must provide in your next annual mailing to participants either the revised NPP or information regarding material changes and how to obtain a copy of the NPP.  If you do not post your NPP on a website, then you must provide participants with the revised NPP or information about the material changes and how to obtain the revised NPP within 60 days of the material changes.  Note that all health plans also must continue to notify participants of the availability of the NPP and how to obtain a copy at least once every three years.

HHS has stated that if covered entities or health plans amended and redistributed NPPs prior to issuance of the final omnibus rule then they are not required to repeat the process, so long as the current NPP that was redistributed meets all the requirements in the final rule.  For all other covered entities, the NPP must be revised and effective by September 23, 2013, and redistributed as appropriate.

Article By:

 of

Healthcare Fraud Case Results in $491 Million Settlement

tz logo 2

On July 30, 2013, Pfizer Inc., one of the world’s largest pharmaceutical companies, announced its finalized agreement to pay $491 million to the U.S. government in order to resolve accusations that the company and one of its subsidiaries defrauded the U.S. healthcare system.  Under the settlement, Pfizer will pay $257 million in order to resolve civil allegations that Wyeth Pharmaceuticals Inc., owned by Pfizer, engaged in illegal marketing that led to false claims being brought to Medicare and similar healthcare programs.  Pfizer will pay the other $234 million of the settlement in order to cover criminal fines and penalties.

According to allegations in the lawsuit, Wyeth Pharmaceuticals had illegally marketed a transplant drug named Rapamune for uses that had not been approved by the U.S. Food & Drug Administration (FDA).  Patients use Rapamune in combination with other drugs following kidney transplants.  However, Wyeth’s advertising campaigns advocated the drug for unapproved applications, such as use after liver, lung, heart, pancreas, and islet transplants.  According to a U.S. attorney, this type of off-label marketing endangers patients and erodes the population’s confidence in the FDA.  In 2002, the FDA required Wyeth to place a “black box warning,” the most stringent type of warning required by the agency, on the Rapamune product label.  This warning would advise people of the risks inherent in using Rapamune after liver transplants.  One year later, the FDA required a similar type of warning with regard to the use of Rapamune after lung transplants.  Nevertheless, claims up to 90% of Wyeth’s Rapamune sales were allegedly for “off-label” uses.

The $491 million settlement resulted from two qui tam lawsuits filed against Wyeth Pharmaceuticals Inc.  Under provisions of the False Claims Act, private citizens with knowledge of fraud committed against the government can file a qui tam lawsuit on behalf of the United States.  The individual filing the lawsuit is known as the relator or whistleblower.  Healthcare whistleblowers, such as the persons who brought the lawsuits against Wyeth, serve an important role in exposing and eradicating healthcare fraud.  Many whistleblowers have personal knowledge of deceptive practices because they work for the companies that submit false claims to the Government.  By relating their knowledge to the appropriate authorities, these individuals can assure that healthcare programs can achieve their intended benefits to Americans with the greatest need of federal assistance.

In the first case, the False Claims Act whistleblowers were Marlene Sandler and Scott Paris.  They jointly filed a lawsuit in Pennsylvania that alleged aspects of off-label marketing.  At the time, the Government declined to intervene and the relators commenced to litigate the case on their own.  Two years later, a second qui tam whistleblower, Mark Campbell, came forward.  Mr. Campbell is a former Wyeth sales representative who worked for the company for twenty years.  Throughout the tenure of his employment, he became aware of Wyeth’s off-label marketing practices.  After he filed his lawsuit against Wyeth in the U.S. District Court for the Western District of Oklahoma, the Department of Justice intervened in the Sandler and Paris action.  The Government then transferred the matter to the Oklahoma court and consolidated the two cases.  The three Medicare fraud whistleblowers have aligned their interests and cooperated to help the investigation into Wyeth’s actions.

Because the whistleblowers took on a personal risk in bringing allegations against their employer and they devoted their time in relaying information vital to the case, they will obtain a significant proportion of the settlement.  False Claims Act whistleblowers typically receive 15% to 25% of settlements.  That means that Ms. Sandler, Mr. Paris, and Mr. Campbell will all potentially receive millions of dollars from Pfizer Inc.

 of