280 likes | 447 Vues
“Implementation of Healthcare Reform and HIT Implementation on Health Care Providers”. Oct. 14, 2010 George Washington Hospital - Washington, DC Randi Kopf, RN, MS, JD Kopf HealthLaw, LLC Rockville, Maryland www.kopfhealthlaw.com 301-251-2788. SPEAKER BIO.
E N D
“Implementation of Healthcare Reform and HIT Implementation on Health Care Providers” Oct. 14, 2010 George Washington Hospital - Washington, DC Randi Kopf, RN, MS, JD Kopf HealthLaw, LLC Rockville, Maryland www.kopfhealthlaw.com 301-251-2788
SPEAKER BIO Randi Kopf, RN, MS, JD is the founding and principal attorney of Kopf HealthLaw, LLC, a general health law practice. Ms. Kopf has over 30 years of professional experience and serves as general and health counsel for individual physicians, medical groups, national and regional medical and allied health associations, healthcare practitioners and entities locally and across the country, as well as, certain patient matters. Her practice assists clients with corporate matters such as incorporation, practice structuring, medical practice acquisition and sale, employee agreements and employment related matters, e-medicine and e-law issues, managed care contracting and negotiations and professional grievance matters. Ms. Kopf provides advice regarding regulatory and legislative matters, practice Compliance plans, the application of federal and state legislation, fraud and abuse issues, HIPAA, Stark, Medicare, health insurance matters and the new HealthCare Reform legislation. She is an invited member of the Maryland Attorney Grievance Commission Peer Review Panel and has served on the Maryland Health Care Commission EDI/HIPAA task force that developed nationally accepted privacy guideline tools. Ms. Kopf has provided legal support for several U.S. Congressional health care bills and advocated on behalf of physicians before the US Attorney’s Health Care Fraud Task Force. She has been a sought after speaker for national and state conferences on medical legal topics. Ms. Kopf has extensive teaching experience and has held instructor and faculty positions at Georgetown University, the University of Maryland and Adelphi University. Her published work includes Compliance Program Guide, Before You Sign … Managed Care Contract Review for Health Care Providers, and The Nursing Handbook of Physical Assessment.She served as editor and contributor for the Business and Legal Guidebook for Nurse Practitioners published by The American Association of Nurse Attorneys, (TAANA). The American Bar Association, in their Health Lawyer Journal, published her article, “Antitrust Enforcement: How Medical Practices Feel the Effects”. Ms. Kopf has been a frequent contributor to professional journals. She has been an editor and contributing author for the Journal of Nursing Law. She serves on the Board of Advisors and contributor to Managed Care Contract Negotiator and Health Information Compliance Insider as well as contributing to Medicare Compliance Alert, Medical Economics, BNA E-Health Reporter and other professional publications. Ms. Kopf has been frequent lecturer for Bar and other professional associations Ms. Kopf received a B.S. from Cornell University, a B.S. and M.S. degree from the State University of New York at Stony Brook School of Nursing, and a J.D. degree from the University of Maryland School of Law. She is admitted to practice law in Maryland, the District of Columbia and the United Sates Supreme Court. Ms Kopf was Board certified as a Family Nurse Practitioner for over 25 years. She has received recognition by Who’s Who in American Medicine and Health Care, Who’s Who of American Women, Who’s Who in American Nursing and received the Cornell University Alumni Award for Outstanding Volunteerism, the National Distinguished Service Award in Nursing and the Distinguished Service Award for TAANA. Ms. Kopf is a member of the American Bar Association, American Health Lawyers Association, TAANA, Maryland (MSBA) and District of Columbia Bar, Montgomery County Bar Association (former Chair of the Health law section) and Special Technology Section of the MSBA. She serves as a Member of the Board of Directors and former Officer of TAANA, President of the Chesapeake Nurse Attorneys, Inc. and has been recognized as a “Super Lawyer” in healthcare law in Maryland and Washington, DC in 2007- 2010.
DISCLAIMER This information is being provided as general education for informational purposes only and not for the purpose of providing legal advice. Although it was prepared by a professional it is not to be utilized as a substitute for personal legal counsel.
Healthcare Reform (ACA), HITECH Act and Your Practice • Reformation of system incorporating preventive, holistic care that benefits the patients, families and society overall • Patient protective legislation – more covered services (H&P), coverage for children w/ pre-existing illness, previously uninsured, people with expensive medical conditions, health insurance boundaries • Interdisciplinary provider networks to provide team approach care (Medical Homes) • Payment shift from procedures to outcome • Lower covered fees for certain specialties • Bonus payments for better patient outcomes • Bonus payments to qualified primary care practices
Healthcare Reform (ACA), HITECH Act and Your Practice • Use of HIT to further administrative, societal and best medical practices goals • Federal PHI data collection • EHR and electronic claims filings will be mandatory • Eligible Providers (EP) can apply for EHR grant money • Increased provider monitoring, evidence based protocols, practices and limited medical formularies • Compliance plans are mandatory • Increased provider and practice liabilities • no tort reform
Global EHR Considerations • Nationally centralized and accessible patient information - acceptable pubic and national interest • Federal collection of health data to assist tracking of potential bioterrorism events • Retrieval and remote access issues • System interfacing - Compatible technology • Ability to treat and monitor patients from remote sites including space & war zones - acceptable national and public interest
Federal EHR Considerations • Reduction in health care costs as a permissible business purpose • Administrative simplification • Federal determination of Medicare patients’ ‘best choice’ of medication or treatment • Increased ability of Medicare and insurance carriers to perform electronic clinical performance reviews, referrals and billing audits of providers/health care entities • Health insurance payment determinations, Workers Compensation determinations, Disability SSI determinations
Societal EHR Considerations • Acceptable public interests • Reduction in medical error • Promotion of public health • Tracking of medication prescribing and use • Identification of repetitive drug procurement for addiction or sale • Improved health via EHR and effective home health care • Professional oversight • E-Tracking of quality of care and outcome
HITECH ACT(HIPAA Enforcement Provisions) Applies to HIPAA Covered Entities (healthcare providers, health plans, health care clearing houses) and their Business Associates (BA) Imposed breach notification requirements on covered entities and their BAs. Increased an individual’s rights re: PHI. Increased enforcement and penalties for violation of privacy and security of PHI. Notification obligations only apply to unsecured PHI Breach is defined as unauthorized acquisition, access, use or disclosure of PHI
HITECH Act Enforcement • HITECH Act raises the level of enforcement • Secretary of HHS to perform investigation of cases identified with willful neglect and to impose civil money penalties • State Attorney Generals permitted to bring civil action in federal court if they have reasonable belief that a citizen has been adversely affected by a HIPAA violation • FTC will also have regulatory authority to take action
HITECH EHR Grant Medicare Eligible Providers • Eligible Medicare Professionals (EP) • Doctor of Medicine or Osteopathy, Dental Surgery, Dental Medicine, Podiatry, Optometry, Chiropractor • Eligible Medicaid Professionals • Physicians, nurse practitioners, nurse midwives, dentist, PA in HRSA facilities • Must register for the incentive program- begins 1.1.2011 • Must have 80% of patients in certified EHR technology • Must demonstrate meaningful use for the EHR reporting period • Must meet meaningful use requirements of Stage 1 • 90 days consecutive use for year 1
EHR Grant Resources and Help • http://www.cms.gov/EHRincentivePrograms • http://healthhit.hhs.gov
EHR Practice Issues • Practice concerns: • Inhibition of patient disclosure of personal information due to access to their information • Chilling effect of appropriate and customary ‘off label’ use of medications • Increased potential for legal liability • Compliance with laws and policies • Creation of forensic evidence • Ease of misuse and abuse of PHI • Unauthorized redisclosure concerns
Preliminary Legal EHR Issues • Contracting issues for commercial software • Legal compliance • Risk assessment • Ownership • Access and Security • Certified Software • Interoperability • Insurance coverage for hardware and technology software and electronic practice
EHR Practice Issues • Practice concerns: • Emailed PHI is vulnerable to: • Breach of confidentiality • HIPAA/policy violation • Incorrect party/employer viewing • Theft for commercial use – cyber pirates • Common cause of legal action
EHR Practice Issues • Practice Concerns: • HIPAA Security Rules and HITECH ACT compliance • EHR format reduces provider critical assessment • Forces choice of displayed options only • Charting errors difficult to correct and may stay with patient’s record “forever” • Increased ability to perform clinical performance reviews, referrals and billing audits of providers/entities • Medication prescribing controlled by program • Any documentation omissions, errors, billing claim irregularities or red flags detected by computer screening
Potential Legal Actions • Civil actions • Negligence –malpractice, failure to inform, warn or protect, breach of duty of care or standard of care • Fraud, misrepresentation, falsifying encounter information (insurance fraud) • Medical record or patient consent State laws violations • Breach of Contract • Breach of fiduciary duty • Defamation • Breach of confidentiality & invasion of privacy • Federal consent laws and regulations • Commercial use of PHI without consent
Potential Legal Actions • Criminal actions • Health care fraud is a felony • Patient encounter documentation • Billing, coding and claims submission • Proof of intent no longer needed • Practicing medicine/nursing without a license via email or telemedicine
Potential Legal Actions • Administrative actions • Federal or State regulatory violations can lead to civil and/or criminal actions - potential fines, penalties, restitution, imprisonment, exclusion as a Medicare/Medicaid provider and loss of professional license • Filing a complaint with OCR, HHS, CMS, DOJ, OIG, EEOC, FBI, USAG, or State AG office • Filing a professional grievance with the professional Board • Noncompliance with documentation principles or professional guidelines • Professional Board investigation into violations of Professional Rules of Conduct and Practice Acts • Filing a complaint with JCAHO or State Department of Health
EHR Increases Practice Liabilities • Use of electronic forensic firms to reveal ‘deleted’ data, metadata and other e-evidence • Greater potential for significant damages with the EHR • Ease & Speed of disclosure • Breadth of potential disclosure • Reproduction of initial error • Identification and creation of pattern of errors • HITECH Act gives everyone in a medical office personal liability
Potential Consequences of Regulatory Violations • Loss of Professional License • Loss of Employment • Legal Actions Against you, your practice or your employer • Fines – you, your practice or your employer • Exclusion from Medicare/Medicaid as a Provider • Personal Property & Asset Forfeiture • Prison
Steps to Minimize EHR Related Liabilities • Perform a technology risk assessment • Assess computer security and file access • Identify security of electronic communications • EHR, Email, PDA, Texting, Website • Identify any current noncompliant physicians, staff or office practices • Policy regarding taking laptops home • Review electronic vendor contracts • HIPAA Privacy & Security compliance • Liability • Warranty and Fitness for use
Reducing Practice LiabilityTechnology Risk Assessment • Perform a risk assessment prior to notification if there is an unauthorized breach or disclosure • What was the type and amount of PHI involved? • Determine if the impermissible disclosure compromised the privacy or security of the PHI and/or the individual • Are there any applicable exceptions? • What, if any, notification requirements apply • Time runs from when breach is discovered • These reporting exceptions are considered controversial and HHS is currently considering revising or repealing these criteria by the end of 2010 • To remove the ‘harm’ determination from the breaching entity and increased patient protection
Plan to Minimize Potential Violations • Create HIPAA compliant policies and procedures for your workplace • Inform staff that violations can be grounds for immediate termination • Obtain proper consent from patients • Discuss or disclose PHI in private and appropriate areas • Don’t leave a computer, laptop, PDA, cell phone with PHI unattended or unlocked • Policy regarding portable devices containing EHR
Plan to Minimize Potential Violations • Confirm compliance efforts required by HIPAA, related laws and regulations • Limit staff access to PHI with passwords, biometrics, etc. • Be sure EHR includes the ability to retrieve PHI and a trail of any disclosures • Have a signed Business Associate Agreement with vendors, lawyers, etc. prior to releasing PHI • Post, make available and update the NPP • Work with an experienced health lawyer
E-Health Resources National Coordinator for Health Information Technology of HHS (ONC) – http://healthit.hhs.gov CMS Doctors’ Office Quality Information Technology (DOQ-IT) The President's Information Technology Advisory Committee – June 2004 Certification Commission for Health Information Technology – www.cchit.org ARRA HIT Grants – www.grants.gov Healthcare Information and Management Systems Society –www.himss.org Office for the Advancement of Telehealth (OAT) – telehealth.hrsa.gov American Health Information Community of HHS Patient Privacy Rights – www.patientprivacyrights.org 26
E-Health Resources Telemedicine Information Exchange - tie.telemed.org Electronic Privacy Center –www.epic.org Association of Telehealth Service Providers – www.atsp.org International Society for Telemedicine – www.isft.org Center for Telemedicine Law – www.ctl.org American Medical Association – www.ama-assn.org Dept. of Health & Human Services – HIT – www.hhs.gov/recovery/reports/plans/hit American Medical Informatics Association - www.amia.org American Health Information Management Association - www.ahima.org American Telemedicine Association – www.atmeda.org Office of Rural health Policy – www.ruralhealth.hrsa.gov 27
Federal Governance of the EHR • PPACA – Patient Protection and Affordable Care Act • HIPAA – Privacy and Security Rules & HITECH Act • ARRA & HITECH Act • Office of the National Coordinator of Health Information Technology (ONC) • Certification Commission of Health Information Technology (CCHIT) www.cchit.org • Social Security Act - Medicare\Medicaid • E-Prescribing Act of 2005 • Health Care Fraud/False Claims Act (FCA) • Prohibited Physician Referral Laws – Stark • Referral linked on E-Rx • Antikickback Statute • Workers Compensation • Freedom of Information Act (FOIA) • Home Land Security • Public Health laws • Substance Abuse Treatment records • Disease and abuse reporting