Podcast

Fined For Actual And Potential HIPAA Violations! – Podcast

Chasing down HIPAA violations isn’t just about enforcing compliance, it’s about the government collecting big bucks.

Listen in as we discuss a recent settlement of an actual HIPAA violation. And even more troubling, learn about another HIPAA breach settlement that didn’t even involve am actual HIPAA breach . . . only a potential one.

Scared? You should be.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Play

Continue Reading...

Podcast

CVS, Aetna and Your Practice – Podcast

The Wall Street Journal portrays it as causing panic in the streets.

I’m taking about the pending acquisition of Aetna by CVS Healthcare. It’s stoking fear of the combination of a ubiquitous retail delivery platform, CVS, with the health insurance, managed care, and huge patient database of Aetna.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Play

Continue Reading...

Strategy

Take A Minute (Clinic) to Consider The Future of Your Medical Practice

Many physicians bemoan the fact that we have retail, corporate run walk in clinics, such as the Minute Clinics run by CVS, staffed with nurse practitioners and PAs.

But, like it or not, the Minute Clinic and other variants of a consumer-friendly model are going to become an increasing part of the way healthcare is delivered in the U.S. And, they’re going to become an increasing force as the gateway to physicians (especially to specialists), to facilities, and to ancillary service providers.

The reality is that that’s the future. The question is whether you’re going to attempt to stop it or whether you’re going to do something to align your practice and the way it operates with that type of future.

Note that I don’t mean that you have to align with CVS (or any other drug store chain) in particular. I’m simply using CVS as an example, but with its coming combination with Aetna, expect that they’ll be pushing hard to assemble their own, integrated provider network in an attempt to crush competition from hospital-centric healthcare.

Instead, I’m urging that you pause to consider how the increasingly consumer friendly model will impact your practice. And, better yet, that you consider how you can participate, whether as a direct operator, a co-venturer, or simply as a referral-receiving provider, in the future of the retail healthcare market.

When you’re doing this thinking, consider that there’s no one, single model. The concept isn’t limited to the in-retail-store model. It’s as varied as app-based portals, to walk-in clinics, to “surgery center centers of excellence,” to wellness centers, and on and on.

I’m sure that carriage manufacturers took one look at the Model T and thought “we should pass laws to keep these things off the road.” But saying that, or even screaming that, didn’t stop cars from running over their business.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Continue Reading...

Manage Your Practice

CVS, Aetna and Your Practice

The Wall Street Journal portrays it as causing panic in the streets.

I’m taking about the pending acquisition of Aetna by CVS Healthcare. It’s stoking fear of the combination of a ubiquitous retail delivery platform, CVS, with the health insurance, managed care, and huge patient database of Aetna. More traditional health insurers and large scale pharmacies are afraid that their days are numbered.

But there’s another lesson here for physician practices, and it’s not directly related to either CVS or Aetna. Instead, it’s something that I touched on before on the blog in the post The Pharmacy Will See Your Patients Now, which discussed the fact that pharmacies are beginning to encroach on physician practice.

Healthcare is increasingly becoming less “silo-ized.” The pretty and neat silos of the pharmacy, insurance company, hospital, medical practice, and so on – the walls between types of entities, organizations, silos have been breaking down over time. And, the walls between healthcare entities and other retail business, too, have become permeable.

Over many decades, retail pharmacies morphed into convenience stores and more recently into platforms for employment of, or collaboration with, physicians, PAs, and nurse practitioners. So, too, have physicians morphed into pharmacies, either via direct ownership or direct dispensing. And, of course, physician practices and medical groups have morphed into retail care – the walk in clinic, the urgent care facility, and, in some states, the freestanding E.R.

The opportunity for physicians and other players smaller than the CVSs of the world is to understand that the membranes between types of organizations and types of professions which were completely impermeable are not only now becoming semi-permeable, they’re becoming almost completely permeable.

The question to ask is how can you take advantage of that in your own business structure.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Continue Reading...

Compliance

“But Everyone Is Doing It!” Is Not A Great Defense To A Compliance Violation

I’m on my way to work. The speed limit on this road is 40. I’m not going to tell you how fast I’m going, but I will say that I’m going with the flow of traffic.

For argument’s sake, let’s assume what you already think: we’re all going a lot faster than 40 mph. Let’s also assume a policeman pulls over the guy in the silver Honda in front of me.

Do you think that Mr. Honda Driver will be successful arguing his way out of a ticket by exclaiming, “but, officer, everyone is speeding!”

Nope, that’s not going to work.

Even if that sort of argument were to work later in front of a judge, Mr. Honda Driver is still going to spend his day in court, and, depending on how far he’s willing to fight until he settles or gives up, hire a “speeding ticket defense lawyer.” And, then there’s the cost of increased car insurance when the ticket hits his driving record.

So, even if he wins, there’s a transaction cost to speeding, potentially a heavy one.

Most people understand that.

But yet, so many people – physicians and business people – engaging in arrangements involving sophisticated federal and state anti-kickback issues and self-referral issues, often simply point to someone else who’s doing what they claim is the same thing, as if that makes it acceptable.

“Everyone is giving up something for referrals.” “My friend from residency says that his group makes a fortune by doing it.” “No one is going to find out because people do it all the time.” “The hospital says we can do it, and they have a department full of lawyers.”

In other words, they point at all the other speeders.

Let’s, for the moment, give the others the benefit of the doubt: Even if it’s true that they are doing the same thing, it’s essential to remember this all-so-true adage in terms of healthcare compliance: “If you’ve seen one deal you’ve seen one deal.”

You don’t know if that deal was properly structured. And, if it were, you don’t know if the pivotal reason why the deal does work applies to your situation.

These days, unfortunately, physicians and other healthcare providers and their ventures have targets painted on their backs in terms of prosecution. There are federal, state, and even local law enforcement task forces aimed at healthcare fraud. Prosecutors are using new tricks to turn state crimes into federal ones. And, the transaction cost of defending against charges related to a questionable deal can easily exceed $500,000 or even $1 million, plus the attendant months or years of limbo, and the damage to your practice, reputation, and business while the wheels of justice turn slowly.

At the same time, changes in healthcare, especially in terms of new ventures that take advantage of the The Impending Death of Hospitals, bring tremendous opportunity to those willing to pursue it.

In pursuing those opportunities, you must think twice, no, thrice, about how those new ventures and other relationships are structured. If not, you’re inviting whistleblowers – enemies, jilted potential partners, former employees and observers – to simply drop the dime on you or even to file a claim against you under the False Claims Act.

Don’t skimp and save, trying to avoid an expense, when it might just be that the only place you have to spend it is in the federal prison commissary.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Continue Reading...

Compliance | Success In Motion | Videocast

But Everyone’s Doing It – Not A Great Defense To Compliance Violations – Success In Motion Video Series

Ride along with Mark as he discusses the tendency of many physicians and healthcare entrepreneurs to skip a critical review of the legality of their business structures. After all, they think, everyone is doing it. Or, they point to someone, a “friend,” who is. Big mistake. If you’ve seen one properly structured deal, you’ve seen one properly structured deal.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Continue Reading...

Compliance

Fined For Actual And Potential HIPAA Violations!

Chasing down HIPAA violations isn’t just about enforcing compliance, it’s about the government collecting big bucks.

Earlier this year, the U.S. Department of Health and Human Services’ Office of Civil Rights (“OCR”), the branch charged with enforcement of HIPAA’s Privacy and Security Rules, settled with Florida-based Memorial Health System (“MHS”) for $5.5 million.

The charge? Alleged violations of the Privacy and Security Rules arising from the failure to properly control access to patients’ protected health information (“PHI”).

MHS operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities. It’s also affiliated with physicians’ offices through a HIPAA Organized Health Care Arrangement.

OCR alleged that the PHI of over 100,000 patients had been impermissibly accessed by MHS employees and impermissibly disclosed to affiliated physicians’ office staff. Of those, 80,000 individuals’ PHI had been accessed by a single former employee whose login credentials hadn’t been terminated.

In a Success in Motion video, I previously discussed another OCR settlement, that one involving no alleged actual HIPAA breach, but only a potential breach.

That case involved Saint Elizabeth’s Medical Center, a hospital in Brighton, Massachusetts, that paid over $200,000 to OCR settle. The medical center’s employees were using hundreds of online applications to store or submit patients’ PHI. As a result PHI could have been disclosed.

In fact, it’s been reported that in the average large hospital setting there can be up to 900 cloud-based sharing apps being used by hospital employees. Who even knew there were that many cloud-based sharing applications!

The point here is that no matter what you think about HIPAA compliance, that it’s all make-work or even pure B.S., HIPAA is real and so is its enforcement.

Compliance with the Privacy and Security Rules takes both documentation and (surprise!) actual implementation.

And, it takes a large dose of introspection and auditing. What works in your particular instance, in the context of your ASC, other facility, or medical group? What is actually going on, day-to-day, in terms of PHI access and use among your employees, medical group partners, and subcontractors? Are their actions resulting in actual, or even in potential, HIPAA violations?

Compliance isn’t dry. It’s alive and active. And, the penalties for blowing it off or mistakenly blowing it are substantial.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.weisspc.com

Continue Reading...