Category: Health Care

Auto Added by WPeMatico

 

Graham-Cassidy Proposal Falls Short on Votes While Other Deadlines Loom

Efforts to replace the Affordable Care Act (ACA) with the Graham-Cassidy legislation were unsuccessful as lawmakers rushed to meet the September 30th deadline when the Senate would have lost its current reconciliation vehicle.  Changes to the bill were incorporated in order to gain Republican support from a number of holdouts, but with Senator Susan Collins (R-ME) announcing she will not vote for the current proposal, Senate Republicans conceded today since they were short of the 50 votes required to pass the measure.  Senate Republicans are currently discussing potential paths forward, including future reconciliation vehicles that would allow for ongoing efforts to repeal and replace the ACA. Efforts to stabilize the insurance exchanges were  thwarted by Senator Mitch McConnell (R-KY) in order to advance Graham-Cassidy.

Status of CHIP Program

While all eyes have been on the Graham-Cassidy legislation, funding for the Children’s Health Insurance Program (CHIP) is set to expire on September 30, 2017. Last week, Senators Orrin Hatch(R-UT)) and Ron Wyden (D-OR) of the Finance Committee agreed to a five year reauthorization of CHIP.  However, there is no guarantee that the House will support their proposal. CHIP has been introduced as a part of the “Keep Kids Insurance Dependable and Secure Act of 2017” and, if passed, would fund the CHIP Program through federal fiscal year 2022.

We will continue to monitor all efforts this week as the September 30th deadline looms.

Powered by WPeMatico

Mandatory Cardiac Episode Payment Program: CMS Proposes Cancellation

Also Changes Required Participation in the CJR Model

 

On August 15, 2017, the Centers for Medicare and Medicaid Services (CMS) issued a proposed rule (Proposed Rule) that, if finalized, would (1) reduce the number of Metropolitan Statistical Areas (MSAs) in which there is mandatory participation in the Comprehensive Care Joint Replacement model (CJR) from 67 to 34, and (2) cancel the mandatory Episode Payment Models and Cardiac Rehabilitation incentive payment program.  The action reflects a change in course for CMS, de-emphasizing and significantly reducing mandatory participation in Alternative Payment Programs.

Reduced Mandatory Participation in CJR Model

The CJR model originally became effective on April 1, 2016 and mandated that hospitals in 67 specified MSAs must participate in an episode-based payment program for hip and knee joint replacements.  The Proposed Rule, anticipated to be effective as of February 1, 2018, reduces the mandatory participation in the CJR essentially by one half to 34 MSAs (see Table 1 below taken from the proposed rule for the remaining MSAs).

The remaining MSAs have the highest average wage-adjusted historic episode payments, that is, the counties with the highest average expense cost for the episodes involved. Under the Proposed Rule, hospitals in the other 33 MSAs would no longer be required to participate in the CJR model, but they may elect voluntarily to participate in that program by submitting a participation election letter to CMS by January 31, 2018. In addition, within the 34 MSAs for which participation is mandatory, identified low volume or rural hospitals also would no longer be required to participate, but they may elect voluntarily to do so.

According to CMS, the remaining 34 MSAs for which participation is mandatory will provide sufficient information to evaluate the effects of the CJR model across a broad range of providers.  The higher costs in these MSAs also allows the participating hospitals a greater opportunity for showing improvement through participation in the CJR model.

Cancellation of EPM and Cardiac Rehabilitation Incentive Program

The Proposed Rule also seeks to cancel the Episode Payment Model (EPM), that would have expanded mandatory participation in an episode-based payment to hospitals in a number of MSAs for acute myocardial infarctions, coronary artery bypass grafts and surgical hip/femur fracture treatment, and a Cardiac Rehabilitation Incentive payment model that was to be implemented simultaneously with the EPM. Regulations for both models were originally issued on July 25, 2016 and are described here.

What Does All This Mean?

The Proposed Rule shows CMS does not favor mandatory participation in Alternative Payment Programs. As CMS states in the commentary to the Proposed Rule “requiring hospitals to participate in episode payment models at this time is not in the best interests of the agency or affected providers.”  CMS further explained that large mandatory episode-based payment models “may impede [the] ability to engage providers, such as hospitals, in future voluntary efforts.”

While CMS and the Center for Medicare and Medicaid Innovation have introduced many Alternative Payment Programs which move reimbursement to providers away from fee-for-service reimbursement toward reimbursement models focused on efficiency, delivery of value, and quality care, some have thought the pace of the transition to value-based care has been slower than anticipated.  Since Alternative Payment Models are viewed as an effective way to restrain health care cost increases, some view that such slower pace will mean providers will not be required to take steps necessary to be more efficient and reduce costs.  Cancellation of and reductions in mandatory programs will allow providers to avoid, at least for the near term, preparing themselves for such models given the lack of any requirement to do so.

At the same time, voluntary participation ensures participants in such models are committed to and engaged in the value-based models. The continued evaluation of such models with voluntary participants also helps ensure that access to care, quality, and favorable outcomes are not adversely affected by mandatory participation of providers not ready for such programs.

Commercial payor arrangements and market incentives aimed at helping providers to become more efficient are not directly affected by the Proposed Rule. Their presence may still encourage providers to voluntarily participate in Alternative Payment Models.

Powered by WPeMatico

Medicare Claims Appeals: D.C. Circuit Reverses and Remands in Case Seeking Relief From Processing Delays

Summary of AHA v. Price, 2017 U.S. App. LEXIS 14887 (D.C. Cir. Aug. 11, 2017)

 

On August 11, 2017, the D.C. Circuit reversed the district court and held that the district court abused its discretion by ordering the Secretary of HHS to clear the backlog of administrative appeals of denied Medicare reimbursement claims within four years, because it failed to seriously test the Secretary’s assertion that this result was impossible. The underlying action demanded relief to address the Secretary’s inability to keep up with “an unexpected and dramatic uptick in appeals [that] produced a jam in the process” starting in fiscal year 2011.

In the initial proceedings, a group of hospitals sought a judicial order compelling the Secretary to provide relief from what they considered to be unreasonable delays in resolving Medicare claims appeals at the administrative appeals level.  The federal district court for the District of Columbia granted the Secretary’s motion to dismiss for lack of jurisdiction, but the D.C. Circuit reversed. The Circuit Court remanded the case back to the district court, with instructions to consider the merits of appeal, i.e., whether relief should be granted and if so the form of the relief.

The Four-Year Plan to Reduce the Backlog

In addressing the merits of plaintiffs’ allegations on remand, the district court adopted the hospitals’ so-called four-year plan and ordered the Secretary to reduce the current backlog of cases pending at the Administrative Law Judge level by 30% by the end of 2017; 60% by the end of  2018; 90% by the end of 2019; and 100% by the end of 2020.  The Secretary then appealed the district court’s order to the D.C. Circuit.  On appeal the Secretary argued that it would be impossible to comply with the timetable, because the only means of meeting the timetable would be to pay claims through mass settlements regardless of their merits, which (according to the Secretary) would be in violation of the Medicare statute.

Without finding whether in fact the Secretary would be unable to lawfully comply with the district court’s order, the D.C. Circuit held that because the Secretary represented that lawful compliance with the district court’s order was impossible, the district court committed reversible error by ordering the Secretary to comply with the timetable without first finding that lawful compliance was indeed possible. The Circuit Court also held that it was an error for the district court not to evaluate the Secretary’s assertion that the timetable would increase, not decrease, the number of backlogged appeals, because the timetable would generate an incentive for claimants to file additional appeals and hold out for big payouts.

The Case is Remanded to District Court to Determine Feasibility of Compliance Timetable

The D.C. Circuit therefore remanded the case again to the district court and ordered the district court to determine whether the Secretary’s compliance with the timetable is impossible. However, the Circuit Court noted that the Secretary will bears a “heavy burden to demonstrate the existence of an impossibility.” The Court further noted that if the district court finds on remand that the Secretary failed to carry his burden of demonstrating impossibility, it could potentially reissue its order without modification.

What Does this Decision Mean for Hospitals?

Many Medicare coverage appeals involve a hospital appealing the denial of a short stay on the basis that admission was not medically necessary, and that the patient could be treated as an outpatient. However, because CMS does not allow hospitals to rebill under Part B (except during the one year period following discharge, which in the majority of cases will have expired long before the RAC reopens and denies the inpatient claim), hospitals  believe that they have no choice but to appeal. It is important to keep in mind that although the D.C. Circuit faulted the district court for not considering the issue of whether the Secretary could legally comply with the prescribed timetable, the fact that the Secretary will bear the burden of proof on this issue may mean that the district court may end up issuing the same type of relief as it did before.

We will be following this case as the district court determines whether the Secretary’s compliance with the timetable is legally possible and will follow up once a decision is rendered.

Powered by WPeMatico

Alaska’s Telemedicine Business Registry: What You Need to Know

telemedicine business registry

Alaska’s Department of Commerce, Community, and Economic Development has finalized new regulations to create a special Telemedicine Business Registry for health care providers delivering telemedicine services in the Frontier State. The regulations in Title 12, Chapter 02 of the Alaska Administrative Code were effective on April 28, 2017 and implement provisions of Alaska SB 74 that was signed into law last summer.

Under the regulations, companies must be registered with the telemedicine business registry before providing telemedicine services to patients located in Alaska. To register, a business performing telemedicine services must submit an application and registration fee. A telemedicine company operating under multiple names to perform telemedicine services must file a separate registration for each name.

If the name, address, or contact information of a business on the telemedicine business registry changes, the business performing telemedicine services must submit a Business Registry Change Form within 30 days of the change.

A business that fails to comply with the regulations section in a timely manner may not perform telemedicine services in Alaska and must submit a new application to the telemedicine business registry before resuming telemedicine services.

Telemedicine companies and health care providers offering services in Alaska should be mindful of these developments. We will continue to monitor Alaska for any changes that affect or improve telemedicine opportunities in the state.

For more information on telemedicine, telehealth, and virtual care innovations, including the team, publications, and other materials, visit Foley’s Telemedicine Practice.

 

Powered by WPeMatico

Lessons Learned from 2017 OCR HIPAA Enforcement Actions

So far 2017 is proving to be an active year for Health Insurance Portability and Accountability Act (HIPAA) enforcement. This comes on the heels of 2016, which saw an unprecedented level of enforcement actions, with 13 total settlements and nearly a 300 percent increase in total collected fines over 2015. To date in 2017, nine actions have been settled and the average settlement amount continues to outpace 2016.

Three Tips to Help Reduce the Risk of a HIPAA Violation

Several themes have emerged from these enforcement actions that HIPAA-regulated entities should be mindful of to help reduce the risk of a HIPAA violation occurring and to reduce the potential resulting fine in the event of enforcement.

1. Conduct Risk Analyses Regularly. One of the most consistent themes that has emerged from the 2017 settlement and corrective action plans announced by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) is that organizations subject to HIPAA must regularly conduct risk analyses in accordance with the Security Rule to assess risk and vulnerabilities in an organization’s ePHI environment. The Security Rule does not proscribe a specific risk analysis methodology given that the analysis will vary depending on an organization’s size and capabilities. However, the risk analysis should comply with available OCR guidance, including the Guidance on Risk Analysis Requirements under the HIPAA Security Rule.

[A] lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine.
– OCR Acting Director Robinsue Frohboese

2. Implement a Risk Management Plan and Reasonable Safeguards. While conducting a risk analysis is critical, equally important is the risk management plan and the reasonable safeguards an organization adopts in light of any risks or vulnerabilities that are identified in the risk analysis. For example, OCR assessed a $3.2 million civil monetary penalty against a hospital in February, after noting that the hospital continued to use unencrypted devices even after reporting a breach in 2009 involving the loss of an unencrypted, non-password protected device. Note that the issuance of a penalty is rare, as most OCR enforcement actions result in a settlement, not a penalty. Here, however, the hospital chose to pay the penalty as opposed to negotiate with OCR.

hipaa3. Report Breaches in Timely Manner. A settlement announced in January made headlines as the first HIPAA settlement based on the untimely reporting or notification of a breach under the HIPAA Breach Notification Rule. OCR found that the healthcare network failed, with unreasonable delay, to notify OCR, the affected individuals, and the media within the required 60-day timeframe. Instead, the notifications were made over 100 days after discovery of the breach. This settlement highlights the importance of having clear policies and procedures that workforce members have been trained on in order to respond within HIPAA’s breach notification timeframes.

OCR Updated Web Tool

OCR recently announced the release of an updated web tool to provide enhanced transparency to the HIPAA breach reporting tool. New features include: 1) breaches currently under investigation and reported within the last 24 months; 2) an archive of all older data breaches; 3) tips for consumers; and 4) navigation to additional breach information.

Foley regularly assists clients with implementing HIPAA compliance programs, handling data breach notification requirements, and responding to OCR audits and investigations. For more information contact: Jennifer Rathburn, Jennifer Hennessy, or Julie Kadish.

Powered by WPeMatico

New Jersey’s Telemedicine Law: What Providers Need to Know

new jersey telemedicine

New Jersey has a new telemedicine law, recently signed by Governor Chris Christie. The law cements the validity of telehealth services in the Garden State, establishes telemedicine practice standards, and imposes telehealth coverage requirements for New Jersey Medicaid, Medicaid managed care, commercial health plans, and other State-funded health insurance. After a year of debate in the New Jersey Legislature, the bill (SB 291 now P.L.2017, c.117) unanimously passed both the House and Senate before going to the Governor’s Office. The law is effective July 21, 2017.

The new law is quite lengthy, but we have summarized and explained the essential provisions below:

Key Definitions

  • Telemedicine is broadly defined as the delivery of a health care service using electronic communications, information technology, or other electronic or technological means to bridge the gap between a health care provider who is located at a distant site and a patient who is located at an originating site. The term does not include “the use, in isolation, of audio-only telephone conversation, electronic mail, instant messaging, phone text, or facsimile transmission.

  • Telehealth is defined as the use of information and communications technologies, including telephones, remote patient monitoring devices, or other electronic means, to support clinical health care, provider consultation, patient and professional health-related education, public health, health administration, and other services.
  • Asynchronous Store-and-Forward is defined as the acquisition and transmission of images, diagnostics, data, and medical information either to, or from, an originating site or to, or from, the health care provider at a distant site, which allows for the patient to be evaluated without being physically present.
  • Health Care Provider is broadly defined as an individual who provides a health care service to a patient, which includes, but is not limited to, a licensed physician, nurse, nurse practitioner, psychologist, psychiatrist, psychoanalyst, clinical social worker, physician assistant, professional counselor, respiratory therapist, speech pathologist, audiologist, optometrist, or any other health care professional acting within the scope of a valid license or certification issued pursuant to Title 45 of the New Jersey Statutes.

Telemedicine Communication Modalities

  • The law also states that telemedicine services must be provided “using interactive, real-time, two-way communication technologies” (a requirement that interestingly does not appear to extend to “telehealth services” under the statute itself). Synchronous audio-video is not mandated except for Schedule II prescribing.
  • Interactive Audio with Store-and-Forward. A provider engaging in telemedicine or telehealth may use asynchronous store-and-forward technology to allow for the electronic transmission of images, diagnostics, data, and medical information; except that the provider may use interactive, real-time, two-way audio in combination with asynchronous store-and-forward technology, without video capabilities, if, after accessing and reviewing the patient’s medical records, the provider determines that the provider is able to meet the same standard of care as if the health care services were being provided in person.
  • Audio-Only or Text-Based Communications. The law excludes from the definition of telemedicine consultations provided by “the use, in isolation, of audio-only telephone conversation, electronic mail, instant messaging, phone text, or facsimile transmission.”

Telemedicine Practice Standards

  • Provider-Patient Relationship. A valid provider-patient relationship may be established via telemedicine or telehealth without an in-person exam. Moreover, New Jersey licensing boards are prohibited from passing regulations that would require an in-person exam as a prerequisite to delivering telemedicine or telehealth services. A valid provider-patient relationship must include, at a minimum, the following:
    • Properly identifying the patient using, at a minimum, the patient’s name, date of birth, phone number, and address. The provider may additionally use the patient’s assigned identification number, social security number, photo, health insurance policy number, or other appropriate patient identifier associated directly with the patient.
    • Disclosing and validating the provider’s identity and credentials, such as the provider’s license, title, and, if applicable, specialty and board certifications.
    • For an initial consult with a new patient, the provider must review the patient’s medical history and any available medical records before initiating the telemedicine consult. (For telehealth consults conducted in connection with a pre-existing provider-patient relationship, the provider may review the information with the patient contemporaneously during the consult.)
    • The provider must determine whether or not he/she will be able to meet the standard of care. This determination must be done prior to each unique patient consult.
  • A health care provider delivering services via telemedicine or telehealth must adhere to the following practice standards.
    • The provider’s identity, professional credentials, and contact must be made available to the patient during and after the provision of services. The contact information must enable the patient to contact the provider (or a substitute provider authorized to act on behalf of the provider who provided services) for at least 72 hours following the provision of services.
    • The provider must review the patient’s medical history and any available medical records.
    • After the consult, the patient’s medical information must be made available to the patient upon his/her request. If the patient consents/requests, the information must be forwarded directly to the patient’s primary care provider or health care provider(s) of record.
    • If a patient has no health care provider of record, the telemedicine or telehealth provider is allowed to advise the patient to contact a primary care provider, and, upon request by the patient, may assist the patient with locating a primary care provider or other in-person medical assistance that, to the extent possible, is located within reasonable proximity to the patient.
    • The telemedicine or telehealth provider must refer the patient to appropriate follow up care where necessary, including making appropriate referrals for emergency or complimentary care, if needed.
  • Standard of Care. Diagnosis, treatment, and consultation recommendations, including discussions regarding the risk and benefits of the patient’s treatment options, made via telemedicine or telehealth, including the issuance of a prescription based on a telemedicine or telehealth consult, are held to the same standard of care or practice standards as are applicable to in-person settings. If telemedicine or telehealth services are not consistent with this standard of care, the provider must direct the patient to seek in-person care.
  • Telemedicine Prescribing. A provider may prescribe medications via telemedicine only after establishing a valid provider-patient relationship.
    • Unless the provider has established a valid provider-patient relationship, a provider shall not issue a prescription to a patient based solely on the responses provided in an online questionnaire.
    • With regard to prescribing controlled substances via telemedicine, the law does not prohibit the activity except for Schedule II drugs. A provider may prescribe Schedule II controlled substances via telemedicine only after conducting an initial in-person examination of the patient. Moreover, subsequent in-person exams are required every three months for the duration of time that the patient is being prescribed the Schedule II controlled dangerous substance. Note: despite the New Jersey law, providers must still comply with the prescribing requirements under the federal Ryan Haight Act.
    • The New Jersey in-person exam requirement does not apply to prescriptions for Schedule II controlled stimulant drugs for use by a patient under the age of 18 if: 1) the provider uses interactive, real-time, two-way audio and video technologies; and 2) has obtained written consent from the minor patient’s parent or guardian to waive the in-person exam.
  • Patient Consent. The law does not require patient informed consent to telehealth services (although New Jersey Medicaid requires it for certain specialties). However, to the extent the provider must obtain patient consent for certain activities (e.g., recommending a primary care referral, clinical procedures), the patient’s consent may be oral, written, or digital in nature, provided that the chosen method of consent is deemed appropriate under the standard of care.
  • Originating site. There are no geographic or facility restrictions on originating sites, which are simply defined as “a site at which a patient is located at the time that health care services are provided to the patient by means of telemedicine or telehealth.”
  • Patient-Site Telepresenter. There is no requirement to use a patient-site telepresenter, unless otherwise needed by medical standard of care expectations.
  • Medical Records; HIPAA. Providers must maintain a complete record of the patient’s care and comply with all applicable State and federal statutes and regulations for recordkeeping, confidentiality, and disclosure of the patient’s medical record.

Other unique and notable highlights of the New Jersey law include:

  • Business Registration for Telemedicine or Telehealth Organizations. The law requires each telemedicine or telehealth organization operating in New Jersey to annually register with the Department of Health and submit annual reports on activity and encounter data. The content of the reports will be specified further in forthcoming regulations, but we know the reports will include, at least, for each consult: the patient’s race and ethnicity; the diagnostic codes; the evaluation management codes; and the source of payment for the consult. The Department of Health will compile the information into a statewide database. A “Telemedicine or telehealth organization” is a corporation, sole proprietorship, partnership, or limited liability company that is organized for the primary purpose of administering services in the furtherance of telemedicine or telehealth.
  • Telemedicine and Telehealth Review Commission. The law creates a seven-member New Jersey Telemedicine and Telehealth Review Commission. The Commission will review the information reported by telemedicine and telehealth organizations and make recommendations for policy and law changes to promote and improve the quality, efficiency, and effectiveness of telemedicine and telehealth services in New Jersey.
  • Exceptions to Provider-Patient Relationship. Telemedicine or telehealth may be practiced without a proper provider-patient relationship in the following circumstances:
    • During informal consultations performed by a provider outside the context of a contractual relationship, or on an irregular or infrequent basis, without the expectation or exchange of direct or indirect compensation.
    • During episodic consultations by a medical specialist located in another jurisdiction who provides consultation services, upon request, to a properly licensed or certified health care provider in New Jersey.
    • When a provider furnishes medical assistance in response to an emergency or disaster, provided that there is no charge for the medical assistance.
    • When a substitute provider, who is acting on behalf of an absent provider in the same specialty, provides health care services on an on-call or cross-coverage basis, provided that the absent provider has designated the substitute provider as an on-call provider or cross-coverage service provider.
  • Mental health screeners, screening services, and screening psychiatrists subject to the provisions of P.L.1987, c.116 (C.30:4-27.1 et seq.) are not required to obtain a separate authorization in order to engage in telemedicine or telehealth for mental health screening purposes, and are not required to request and obtain a waiver from existing regulations prior to engaging in telemedicine or telehealth.

New Jersey Telemedicine and Telehealth Insurance Coverage

The law establishes fairly broad coverage of telemedicine and telehealth services, both under New Jersey Medicaid and commercial health insurance plans. However, the law does not explicitly impose a payment parity requirement (i.e., mandating that reimbursement for telemedicine and telehealth services be equal to reimbursement rates for identical in-person services). Instead the law sets the in-person reimbursement rate as the maximum ceiling for telemedicine and telehealth reimbursement rates.

  • With regard to Medicaid and Medicaid managed care, the law states that the State Medicaid Program and NJ FamilyCare Program “shall provide coverage and payment for health care services delivered to a benefits recipient through telemedicine or telehealth, on the same basis as, and at a provider reimbursement rate that does not exceed the provider reimbursement rate that is applicable, when the services are delivered through in-person contact and consultation in New Jersey.”
    • Reimbursement payments may be provided either to the individual practitioner who delivered the reimbursable services, or to the agency, facility, or organization that employs the individual practitioner who delivered the reimbursable services, as appropriate.
    • The programs may limit coverage to services that are delivered by participating health care providers, but may not charge any deductible, copayment, or coinsurance for a health care service, delivered through telemedicine or telehealth, in an amount that exceeds the deductible, copayment, or coinsurance amount that is applicable to an in-person consultation.
  • With regard to commercial health insurance plans, the law states that “a carrier that offers a health benefits plan in [New Jersey] shall provide coverage and payment for health care services delivered to a covered person through telemedicine or telehealth, on the same basis as, and at a provider reimbursement rate that does not exceed the provider reimbursement rate that is applicable, when the services are delivered through in-person contact and consultation in New Jersey.”
    • Reimbursement payments may be provided either to the individual practitioner who delivered the reimbursable services, or to the agency, facility, or organization that employs the individual practitioner who delivered the reimbursable services, as appropriate.
    • A carrier may limit coverage to services that are delivered by health care providers in the health benefits plan’s network, but may not charge any deductible, copayment, or coinsurance for a health care service, delivered through telemedicine or telehealth, in an amount that exceeds the deductible, copayment, or coinsurance amount that is applicable to an in-person consultation.
  • The law establishes similar telemedicine and telehealth coverage requirements for contracts purchased through the New Jersey State Health Benefits Commission and the New Jersey School Employees’ Health Benefits Commission.

Passage of this new legislation is welcome news for telemedicine companies and health care providers looking to offer telemedicine services in New Jersey. We will continue to monitor New Jersey for any rule changes that affect or improve telemedicine opportunities in the state.

For more information on telemedicine, telehealth, virtual care, and other health innovations, including the team, publications, and other materials, visit Foley’s Telemedicine and Virtual Care practice.

Powered by WPeMatico

The Ball is in the SEC’s Court: What Health Care Borrowers Can Do While Waiting on Changes to Rule 15c2-12

On March 1, 2017, the Securities and Exchange Commission (SEC) issued Release No. 34-80130 (the Release) proposing several amendments to its Rule 15c2-12 (the Rule) that would add two new events to the list of events that must be included in the continuing disclosure undertakings of municipal issuers or obligors (Borrowers) of municipal bonds. These 2 new events are:

  1. The incurrence of “financial obligations, if material, or agreeing to covenants or other provisions that affect security holders, if material,” and
  2. The occurrence of one or more of the following events under the terms of such a financial obligation: “default, event of acceleration, termination event, modification of terms or other similar events under the terms of a financial obligation of the obligated person,” if the event reflects financial difficulties.

The SEC has yet to respond to the comments received on the proposed changes to the Rule and has a variety of alternatives from taking no action on the rule change, implementing the rule as proposed, or adopting the rule with various modifications. Given the increasing call for greater transparency in the municipal securities industry, but without firm guidance on the “materiality question” discussed below, the best action during this waiting period is simply to prepare for change. Following are some strategies for participants in the municipal market to address the challenges posed by the proposed amendments.

A Review of the Proposed Amendments

Scope of “financial obligations” that must be disclosed. The clear focus of the Release and the proposed amendments to the Rule is provision of continuing disclosure relating to direct placements of debt obligations, but the scope of the proposed financial obligations that would have to be disclosed is significantly broader than that. The term “financial obligation” is defined in the Release to include a “(i) debt obligation, (ii) lease, (iii) guarantee, (iv) derivative instrument, or (v) monetary obligation resulting from a judicial, administrative, or arbitration proceeding.”  These terms are interpreted broadly in the Release.

For example, the Release provides that the term “lease” is intended to include an operating lease or a capital lease, while a “guarantee” is intended to capture a contingent financial obligation of the issuer or obligor to secure the obligations of a third party or of the issuer or obligor itself. Thus, an extremely wide range of obligations, if material, would need to be disclosed on the Municipal Securities Rulemaking Board’s (MSRB) Electronic Municipal Market Access (EMMA) website by Borrowers if the amendments are adopted, as proposed.

Impact of “materiality” qualifier. A second area of concern is the use of materiality to qualify those events that must be disclosed. This qualification ideally would limit the amount of disclosure that must be provided only to events where there is a substantial likelihood that a reasonable investor would consider such information important in making an investment decision, based on the Basic v. Levinson standard of materiality. However, as was evidenced by the SEC’s recent Municipal Securities Disclosure Cooperation (MCDC) initiative, there is a lack of clear guidance regarding what is material to an investor in the municipal market, leading to a conservative view of materiality and what one market participant has termed “hyper disclosure.”

Determining which events are “material” to a reasonable investor could be difficult and, if the SEC does not later concur with the Borrower’s analysis, the consequences can be severe. Use of the materiality standard (without further guidance) to qualify the events that must be disclosed gives rise to the concern that Borrowers will be required to provide detailed summaries of their direct placements, leases, swaps, for example, or to post in full redacted copies of the underlying documentation, in order to comply with the amended Rule.

Preparing for Change

As described above, the amendments to the Rule as they are currently proposed could have a significant impact on the municipal market, especially upon Borrowers, but also on broker-dealers. Below are several actions that Borrowers and broker-dealers may wish to consider undertaking in response to the Release and Rule.

  • Review Current Arrangements and Disclosure Policies. If the proposed amendments to the Rule are adopted, Borrowers will need to be prepared to gather and disseminate a considerably wider scope of information regarding their financial obligations than is currently the case. We recommend that Borrowers review their existing disclosure undertakings and policies and consider what modifications may be necessary to comply with the Rule as amended.
  • Review Processes and Procedures for Event Notifications. Because of the potentially broad scope, the person responsible for filing event notices with EMMA will need to develop processes and procedures for becoming aware of these additional events in a timely manner, evaluating whether they are material or reflect financial difficulties, and preparing and filing the required notices, generally within 10 business days of the occurrence of the event. It seems likely that the most important and difficult element of this new, wider inquiry will be setting up processes to ensure that the designated person receives timely notice of the new events that must be disclosed.
  • Revise Due Diligence Processes. Similarly, broker-dealers will need to revise their due diligence processes to devise methods of determining whether any of the new listed events have occurred and, if so, whether they were material or reflect financial difficulties and, if so, were adequately and timely reported to EMMA.
  • Consider Disclosure Standards Under Federal Securities Laws and What Must Be Included in an Events Notice. Another critical element that must be borne in mind by Borrowers is that the requirements of Rule 10b-5, which requires that disclosure be accurate and complete, will apply to each of the event filings. Simply filing a notice with EMMA that a certain event has occurred may not be sufficient, even if such a notice meets the requirements of the applicable continuing disclosure undertaking. Because many of the new proposed events require a certain degree of analysis and context to determine whether they are material or reflect financial difficulties, additional disclosure necessary to provide the context of such a determination is likely to be necessary. Disclosure filed with EMMA is subject to the 10b-5 standard and therefore cannot contain any untrue statement of a material fact or omit to state any material fact necessary to make the statements therein, in light of the circumstances under which it was made, misleading.

What Resources Are Available to Learn More?

The SEC’s proposed amendments to the Rule are substantial and could have wide-ranging implications for Borrowers’ disclosure practices. We recommend that Borrowers examine their current disclosure practices and procedures to ensure that they are ready and able to comply with the Rule if and when it is amended. Additional information on the Release and the Rule, is available in the March 2017 client alert and the May 2017 webinar recording. Or contact Heidi Jeffery or David Bannard directly.

For more information on Foley’s healthcare finance practice, including the team, publications, and other materials, visit Foley’s Healthcare Finance Practice.

Powered by WPeMatico

OIG to Audit Medicare Telehealth Services: What You Need to Know

medicare telehealth

For what may be the first time, the Office of Inspector General (OIG) at the Department of Health & Human Services (HHS) recently announced a new project to review Medicare payments for telehealth services. Accordingly, providers who bill the Medicare program for telehealth services may expect to have those claims reviewed to confirm the patient was at an eligible originating site and that the statutory conditions for coverage were met. The audit is a new project added as a supplement to the OIG’s 2017 Work Plan.

OIG Work Plan

Historically, at the beginning of each new fiscal year, the OIG issued its Work Plan, setting forth the compliance and enforcement projects and priorities OIG intends to pursue in the coming year. Beginning in June 2017, OIG will update the annual Work Plan on a monthly basis.  The Work Plan contains dozens of projects affecting Medicare and Medicaid providers, suppliers and payors, as well as public health reviews and Department-specific reviews.

The Work Plan reflects (in large part) two aspects of the work of OIG:

1) Projects originating within the Office of Audit Services (OAS), which conducts financial, billing, and performance audits of HHS programs; and

2) Projects originating within the Office of Evaluations and Inspections (OEI), which provides management reviews and evaluations of HHS program operations.

Except by providing general statistics, the Work Plan itself does not detail the work of the Office of Investigations or the Office of Counsel to the Inspector General in investigating and enforcing matters involving specific individual providers and suppliers.  The new telehealth project will be run by the OAS.

Review of Medicare Payments for Telehealth Services

OIG describes its new telehealth review project as follows:

“Medicare Part B covers expenses for telehealth services on the telehealth list when those services are delivered via an interactive telecommunications system, provided certain conditions are met (42 CFR § 410.78(b)). To support rural access to care, Medicare pays for telehealth services provided through live, interactive videoconferencing between a beneficiary located at a rural originating site and a practitioner located at a distant site. An eligible originating site must be the practitioner’s office or a specified medical facility, not a beneficiary’s home or office. We will review Medicare claims paid for telehealth services provided at distant sites that do not have corresponding claims from originating sites to determine whether those services met Medicare requirements.”

The expected issue date of the OIG report is 2017, so presumably the review will commence shortly (although OIG Work Plan projects are sometimes continued or extended from year-to-year).

Medicare 2014 Telehealth Claims Data

The new OIG project is not the first time Medicare claims data has identified a potential mismatch regarding the conditions for coverage for telehealth services. A July 2016, Medicare Payment Advisory Commission (MEDPAC) Report to Congress: Medicare and the Health Care Delivery System contained a detailed chapter on telehealth services and the Medicare program.  In it, MEDPAC analyzed Medicare claims data from 2014 for preliminary qualitative assessments on the state of telehealth services under Medicare. The report included a paragraph on telehealth distant site claims without a corresponding originating site claim, stating:

“Among the 175,000 telehealth claims from distant sites, 95,000 (55 percent) were without an originating site claim.  This discrepancy could be due to providers not bothering to bill for the $25 facility fee, or it could be that some services inappropriately originated from a patient’s home, as other research has suggested (Gilman and Stensland 2013).  Among the distant site telehealth claims without an originating site claim, 56 percent (53,000 visits) were associated with rural beneficiaries and 44 percent (41,000 visits) were associated with urban beneficiaries.  Both claims groups suggest that beneficiaries could be inappropriately receiving telehealth services from home or another unapproved location that did not file an originating site claim.  The urban claims are also potentially problematic because they could be occurring in urban originating sites, which is inconsistent with Medicare statute.”

Medicare Coverage of Telehealth Services

Current coverage of telehealth services under Medicare is limited, with the coverage restrictions established via statute under the Social Security Act.  Any notable expansion of telehealth coverage under Medicare would require legislation by Congress.  There are several bills pending in Congress to remove these limitations, but until such time, there are five main conditions for coverage for telehealth services under Medicare.

  1. The beneficiary is located in a qualifying rural area (providers can check if the originating site is in a qualifying rural area by using the Medicare Telehealth Payment Eligibility Analyzer);
  2. The beneficiary is located at one of eight qualifying originating sites (i.e., the offices of physicians or practitioners; Hospitals; Critical Access Hospitals; Rural Health Clinics; Federally Qualified Health Centers; Hospital-based or CAH-based Renal Dialysis Centers (including satellites); Skilled Nursing Facilities; and Community Mental Health Centers);
  3. The services are provided by one of ten distant site practitioners eligible to furnish and receive Medicare payment for telehealth services (i.e., physicians; nurse practitioners;™physician assistants;™nurse-midwives;™ clinical nurse specialists;™ certified registered nurse anesthetists; clinical psychologists; clinical social workers; registered dietitians; and nutrition professionals);
  4. The beneficiary and distant site practitioner communicate via an interactive audio and video telecommunications system that permits real-time communication between them (store and forward is covered in Alaska and Hawaii under demonstration programs); and
  5. The CPT/HCPCS (Current Procedural Terminology/Healthcare Common Procedure Coding System) code for the service itself is named on the CY 2017 (or current year) list of covered Medicare telehealth services.

In order to bill Medicare for telehealth services, the distant site practitioner must fully comply with each of these requirements. If the service does not meet each of these above requirements, the Medicare program will not pay for the service.  If, however, the conditions of coverage are met, the use of an interactive telecommunications system substitutes for an in-person encounter (i.e., it satisfies the “face-to-face” element of a service).

Providers ought not fear the new OIG project, or see it as a reason not to offer telehealth services to their patients. Indeed, the project and its eventual report can help shed light on those areas of compliance which the OIG believes important. In the interim, providers should continue to ensure their telehealth programs and claims comply with Medicare requirements, including coverage, coding, and documentation rules.

For more information on telemedicine, telehealth, and virtual care innovations, including the team, publications, and other materials, visit Foley’s Telemedicine Practice.

Powered by WPeMatico

The Office of the National Coordinator Releases Guidance on Recent International Ransomware Campaign

With the news of the newest international ransomware campaign that is currently affecting some organizations within the Health Care sector, it is important to not only educate staff on necessary precautions, but also be aware of steps to take in the instance you are infected by a ransomware attack.

The following information was distributed  today by the Office of the National Coordinator (ONC).  Please take a moment to review the information and prepare your organization in the event that an attack occurs.

Be sure to review our preparedness recommendations and contact us with any questions.

Health and Human Services/Assistant Secretary of Preparedness and Response Critical Infrastructure Protection Program

If you are the victim of a ransomware attack

If your organization is the victim of a ransomware attack, HHS recommends the following steps:

  1. Please contact your FBI Field Office Cyber Task Force or US Secret Service Electronic Crimes Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT and FBI’s Internet Crime Complaint Center.
  3. **NEW**If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC@hhs.gov

Mitigating against this threat

  • Educate users on common phishing tactics to entice users to open malicious attachments or to click links to malicious sites.
  • Patch vulnerable systems with the latest Microsoft security patches available here.
  • Verify perimeter tools are blocking Tor .Onion sites
  • Use a reputable anti-virus (AV) product whose definitions are up-to-date to scan all devices in your environment in order to determine if any of them have malware on them that has not yet been identified. Many AV products will automatically clean up infections or potential infections when they are identified.
  • Monitor US-CERT for the latest updates from the U.S. government. See below for current reporting.
  • Utilize HPH Sector ISAC and ISAO resources. See below for further information.

US-CERT Resources

Multiple Petya Ransomware Infections Reported

06/27/2017 12:56 PM EDT

Original release date: June 27, 2017 US-CERT has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010. For general advice on how to best protect against ransomware infections, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).

Sector ISAO and ISAC resources

National Health Information-Sharing and Analysis Center has shared the following TLP-White Message and will continue to share information at nhisac.org.

HITRUST has shared the following Threat Bulletin for distribution.

ONC and OCR resources

  • ONC provides many helpful resources about Health IT Security to include cybersecurity guidance materials and training at here and here.
  • OCR provides cybersecurity guidance materials including a cybersecurity checklist, ransomware guidance and cyber awareness newsletters at here.

Powered by WPeMatico

Opioid Crisis Initiating New State Gift Ban Laws

opioid

The Maine legislature passed with broad bipartisan approval L.D. 911, An Act to Prohibit Certain Gifts to Health Care Practitioners. The legislation prohibits gifts to practitioners who are licensed to prescribe and administer drugs by manufacturers, wholesalers, or agents of manufacturers or wholesalers of prescription drugs.

What’s Excluded?

  • Free samples of prescription drugs for patients
  • Items less than $50 over a calendar year
  • Payments to sponsors of educational programs
  • Honoraria for educational conferences
  • Compensation for research
  • Publications or educational materials
  • Salaries to employees

At the Heart of the Bill is the State’s Opioid Crisis

While similar in substance to what already exists in Massachusetts, Vermont, and other states as a law designed to curtail conflicts of interest in physician prescribing practices, the purported impetus here is the state’s opioid crisis. Representative Scott Hamann, the sponsor for the bill, said that the goal is to ensure doctors do not have conflicts of interest when prescribing drugs, especially opioids. According to Hamann’s testimony before the legislature, “People are dying, and the addiction often starts in the doctor’s offices.” The bill intends to curb any influence on the prescribing of opioids given the perspective that there is a correlation between payments and prescribing behavior. Maine has seen a forty percent increase in drug overdose deaths in the last year, and spending on physicians nearly doubled from 2014 to 2015.

The “gift ban” law is now awaiting the Maine Governor’s signature. It will be interesting to see if other states impacted heavily by heroin and opioid abuse will follow suit with increased surveillance or banning of industry gifts to physicians.

Powered by WPeMatico