HHS Proposes New Anti-Kickback Safe Harbors

On October 3, 2014 the U.S. Department of Health and Human Services Office of the Inspector General (“OIG”) published a proposed rule (“PR”) entitled: Medicare and State Health Care Programs: Fraud and Abuse; Revisions to Safe Harbors under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements and Gainsharing.  This PR proposes to make technical changes to existing federal regulations and add new safe harbors to the Federal anti-kickback statute (“AKS”). The good news is that these changes would protect health care providers from criminal liability and civil monetary penalties for certain conduct that might otherwise violate the AKS.

The AKS establishes criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward the referral of business reimbursable under Federal health care programs. An offense is a felony, punishable by fines of up to $25,000 and imprisonment for up to five years. Violations may also result in imposition of civil monetary penalties. Compliance with a safe harbor, however, insulates an individual or an entity from AKS liability and civil monetary penalties. Conduct that does not fall within a safe harbor is subject to a facts and circumstances analysis to determine whether it violates the AKS. In addition to technical corrections, the PR proposes to amend the AKS to include:
• Protection for certain cost-sharing waivers, including
• Pharmacy waivers of cost-sharing for financially needy Medicare Part D beneficiaries; and
• Waivers of cost-sharing for emergency ambulance services furnished by State- or municipality-owned ambulance services
• Protection for certain remuneration between Medicare Advantage organizations and federally qualified health centers
• Protection for discounts by manufacturers on drugs furnished to beneficiaries under the Medicare Coverage Gap Discount Program; and
• Protection for free or discounted local transportation services that meet specified criteria.

The PR also proposes to add exceptions to civil monetary penalties in these areas:
• Copayment reductions for certain hospital outpatient department services;
• Certain remuneration that poses a low risk of harm and promotes access to care;
• Coupons, rebates, or other retailer reward programs that meet specified requirements
• Certain remuneration to financially needy individuals; and
• Copayment waivers for the first fill of generic drugs.

Comments on the PR may be submitted to http://www.regulations.gov. Once the comment period is closed, the OIG will review the comments to determine whether to issue a final rule. Although these proposed regulations are not in effect, they signal the OIG’s recognition that additional safe harbors are needed to protect certain activities that pose a low risk to Federal health care programs.

New Qui Tam Procedures at Justice

In remarks at the Taxpayers Against Fraud Education Fund Conference on September 17, 2014 in Washington, D.C., Assistant Attorney General for the Criminal Division, Leslie R. Caldwell, announced that through its Fraud Section, the Department of Justice’s Criminal Division will be committing more resources to combat violations of the False Claims Act.

She announced a new procedure whereby all new qui tam complaints filed with the Civil Division will be shared with the Criminal Division as soon as the cases are filed.  She explained that experienced prosecutors in the Fraud Section are immediately reviewing the qui tam cases when they receive them to determine whether to open a parallel criminal investigation. This new policy will surely result in an increase in the number of qui tam cases prosecuted by the Department of Justice’s Fraud Section.

Read the comments.

Pay or Play? What Employers Need to Know About the Affordable Care Act

Update -The employer mandate was delayed until January 1, 2015.

Julie A. Simer, Esq., Stuart A. Simon, Esq., and Philip J. Wolman, Esq.

What does the Affordable Care Act (aka “Obamacare”) require of employers in 2014?

Beginning January 1, 2014, every “large employer” will be subject to Affordable Care Act penalties if at least 95 percent of its full-time employees are not offered affordable health care coverage.  A large employer is an employer that employed an average of at least 50 full-time employees during the preceding calendar year, including full-time equivalent employees.  The testing period for 2014 is the 2013 calendar year, making 2013 a critical year for determining the need to provide coverage.    Read more

Are You Prepared for the New Healthcare?

Wednesday, April 10, 2013

11:30a – 1:30p

The Arizona Biltmore Resort

Get informed on:
How It Affects Your Bottom Line • State & Federal Regulations
New Policies & Programs • Legal & Financial Implications

Hear from the Experts:
Health Insurance Companies • Healthcare Providers
Health Benefits Consultants • Government & Legal Experts

Who Should Attend:
Business Owners and CEOs • Human Resources Managers
Chief Financial Officers • Decision Makers for Businesses Large & Small

Panel 1: Hear from Top insurance companies on what to expect – How this will affect your bottom line

Panel 2: Hear from the Providers – Hospitals and Doctors will discuss changes for your employees

Panel 3: Hear from Government Officials and Attorneys – What to look out forAddress:

The Arizona Biltmore Resort
2400 E. Missouri Ave.
Phoenix, AZ  85016

Registration

Sequestration

Becker’s Hospital Review recently included this article by Jim McLaughlin on sequestration

Seven Healthcare Leaders Share Thoughts on Sequestration

New HIPAA Rules Mean New Burdens and Opportunities for Lenders

Julie A. Simer, Esq. and Robert A. Willner, Esq.

As an increasing number of health care providers move to electronic health record systems, patient privacy is becoming a serious concern. On January 25, 2013, new regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) were issued to strengthen protections for the privacy of health information and increase the penalties for violating those protections. (78 Fed. Reg. 5,565).

Many of the services lenders provide to customers are exempt from HIPAA, including payment processing, auditing, transferring receivables for payment, resolving customer inquiries or disputes, reporting to consumer reporting agencies, responding to subpoenas, or complying with the law. When a lender’s services extend beyond statutorily approved activities, however, the lender must comply with HIPAA. Therefore, lenders must understand how new HIPAA compliance requirements affect them and their borrowers.

Read more

Now is the Time to Revise Your Business Associate Agreements

By: Julie A. Simer and Brooke J. Ledger

There is a lot of confusion among providers caused by the recent publication of new rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). On January 25, 2013, the HIPAA final omnibus rule (“Final Rule”) issued by the U.S. Department of Health and Human Services (“HHS”) was published in the Federal Register (78 FR 5565). The Final Rule is actually four rules rolled into one massive 523‐page rule. The Final Rule changes the requirements necessary to protect the privacy and security of protected health information (“PHI”) under the HIPAA Privacy, Security, and Enforcement Rules. The Final Rule strengthens protection for PHI and heightens breach‐reporting obligations. For providers, it will require:

1. Revising Existing Notices of Privacy Practice

2. Revising Existing Business Associate Agreements

3. Requiring Business Associates to Execute Business Associate Agreements With Subcontractors

More

Buchalter Nemer Teleseminar – New HIPAA Rules

February 13, 2013

New HIPAA Rules and What to Do Now to Avoid Increased Penalties
Julie A. Simer and Brooke J. Ledger
12:00 Noon-1:00 PM PST (telecast from Orange County Office)

The 563-page final HIPAA Omnibus Rule published in the Federal Register on January 25, 2013 makes important changes to the HIPAA rules for privacy and security of protected health information. Among these changes are new breach notification requirements and increased the penalties for a breach of protected health information. This means that covered entities must assess their current privacy and security policies, review relationships with business associates and subcontractors, review notices of privacy practices, conduct risk assessments, and evaluate breach notification policies. Get practical information on what your organization must do now to avoid significant penalties.

2013 is Here: Time to Begin Counting Employees

 

On December 28, 2012, the IRS and the U.S. Treasury Department issued a Notice of Proposed Rulemaking (“Notice”) to announce how a company may determine whether it is a “large employer” subject to Affordable Care Act penalties if at least 95 percent of its full-time employees are not offered affordable health care coverage beginning January 1, 2014.

For the purpose of determining whether a person is an employee, the Notice states that an employee is one who is subject to the will and control of the employer not only as to what shall be done but how it shall be done. It is not necessary that the employer actually direct or control the manner in which the services are performed; it is sufficient if the employer has the right to do so.

A full-time employee is one that works at least 30 hours per week. Full-time equivalents are calculated by adding part –time and full-time employees as follows: 40 full-time employees employed 30 or more hours per week on average plus 20 half- time employees employed 15 hours per week on average are equivalent to 50 full-time employees. The proposed regulations address how to determine the average number of employees for a year, such as how to count salaried employees or seasonal workers.  A frequently asked questions publication issued by the IRS on the same day explains how the penalties will be calculated and collected.

Employers will determine each year, based on their current number of employees, whether they will be considered a large employer for the next year.  The IRS informed the public that for 2013, an employer may measure using any six-consecutive-month period in 2013, and it suggested that a company could use the period from January 1, 2013, through June 30, 2013 for measurement, so that it has time to analyze the results and make changes before 2014.

Employers will not be able to avoid the penalties by assigning employees to separate companies with related ownership. The IRS notes that companies that have a common owner or are otherwise related generally are combined together for purposes of determining whether or not the aggregate group constitutes a large employer. The IRS also intends to issue regulations to prevent employers from using leasing companies or other entities to skirt the requirements.

Although the rule is not final, the Notice states that employers may rely on the proposed regulations for purposes of compliance with the Employer Shared Responsibility provisions. If the final rules are more restrictive, employers will be given additional time to come into compliance. Comments on the proposed regulations are due by March 18, 2013.

Is Your Compliance Program Starting to Rust?

A legally sufficient compliance program is like an expensive sports car:  It does you no good sitting in the driveway. It must be driven regularly to realize its value. If your company’s compliance plan has been sitting idle, it is time for a tune-up. Using governmental corporate integrity agreements (CIAs) as a guide, these steps will put your compliance plan in motion:

1. Designate a compliance officer and compliance committee  The compliance officer (CO) should be a member of senior management reporting directly to the chief executive officer. The CO should report compliance matters directly to the board of directors (“Board”) at least quarterly and should be encouraged to report compliance matters to the Board at any time. Job responsibilities unrelated to compliance must not interfere with the CO’s ability to perform compliance responsibilities. The CO should chair the company-wide compliance committee, which should meet no less than quarterly.

2. Develop written standards and policies.  
 The organization’s code of conduct must be pro- vided to all employees. Policies and procedures should be developed to address the Anti-Kickback Statute and other laws related to governmental health care programs.  Policies should include sanctions for non-compliance and compliance criteria for performance reviews.  All personnel should regularly be made aware of these policies.

3. Implement a comprehensive employee training program.  All employees should receive a minimum of one hour of compliance training each year, and employees that deal with legal arrangements should receive an additional three hours of training annually, including training on (a) arrangements that may implicate the Anti-Kickback Statute (AKS) or other fraud and abuse laws, (b) policies and procedures relating to legal arrangements, including the tracking system, internal review and approval process, and tracking remuneration to and from sources of business or referrals, (c) the individual’s responsibility to know the applicable legal requirements and policies and procedures, (d) the legal sanctions under the AKS; and (e) examples of violations.

4. Retain an independent review organization to conduct annual reviews.  The organization should engage a qualified individual or an accounting, auditing, law, or consulting firm to perform a comprehensive annual review, including data privacy and security and quality assessments.

5. Establish a confidential disclosure program.  The organization should establish a telephone hotline to allow anonymous reporting of issues believed to be potential violations of criminal, civil, or administrative laws.  The hotline number should be publicized to all employees.

6. Restrict employment of ineligible persons.  Prior to hiring, and as part of the contracting process, the organization should screen all prospective employees and contractors against the federal program exclusion lists. Policies should require employees, agents and contractors to disclose immediately any debarment, exclusion, suspension, or other event that makes that makes that person ineligible to participate in governmental health care programs.

7. Record reportable events and self-disclosures.  The CO should maintain a log of reportable events and self-disclosures that includes the status of the internal review or root cause analysis and any corrective action taken. The CO should ensure self-reporting of violations.

8. Provide annual reports to the board on the status of the entity’s compliance activities.  The board should meet at least quarterly to review reports, oversee the compliance program and evaluate the performance of the CO and compliance committee. Each year, the board should review the IRO report to determine risk areas. Training programs, policies and procedures should be revised annually to address risk areas. Once the compliance program has received a tune-up, it is ready to move forward with its compliance program.