Is Your Lab Paying Your Practice an Illegal Kickback?

The issue of laboratory payments to physician practices surfaced again last week when the U.S. Department of Justice intervened in a whistleblower False Claims Act lawsuit. The suit seeks $11,000 per specimen penalty, treble (triple) damages, and attorney’s fees, claiming Berkeley Heartlab Inc., and its marketing company, BlueWave Healthcare Consultants Inc., paid $80 million in kickbacks, conducted unnecessary medical testing, and cheated the government in at least some of the $500 million in claims paid by Medicare and other government programs. The defendants are expected to deny all allegations.

The lawsuit alleges doctors were paid improper “processing and handling” fees to refer blood samples to Berkeley and other designated laboratories for expensive tests. BlueWave, the marketing arm, is accused of entering into illegal contracts calling for physicians to refer lab tests to certain companies.

The lawsuit alleges a form of “kickback” occurred in two principle ways: 1.) handling fees the lab paid to the physicians are alleged to be too high to constitute a fair market value payment; and 2.) the waiver of copayments for private insurance patients amounts to a kickback, essentially “steering” patients to the lab.

This week, we will discuss payments to you might be offered by an ancillary services provider; also the subject of a June 2014, OIG Special Fraud Alert entitled, “Laboratory Payments to Referring Physicians.” According to the Alert, “[w]hen a laboratory pays a physician more than fair market value for the physician’s services or for services the laboratory does not actually need or for which the physician is otherwise compensated, the federal Anti-Kickback Statute (AKS) is implicated.”  Labs can pay doctors for a service, and the doctors can make referrals under the AKS, as long as the Personal Services safe harbor rules are followed.

In the context of payments to you from a lab (or any ancillary service provider) for any type of service, the key is often “fair market value.” This could be a payment for processing samples, or a payment for medical director services. Fair market value is complicated, but essentially has two major components: 1.) Is the payment to you a fair value for the service actually performed?; and 2.) Did the lab or ancillary service provider legitimately need the service?

A lab could pay you for any service it actually needs. As an example including mowing the yard once a week. But the lab could not pay you for an hour of physician time to mow grass, because the job doesn’t call for a physician.Nor could the lab pay you and 50 other doctors, even at $15 an hour, to mow the yard every week. That would be 50 times more service than the lab actually needs.

Read Article on Physicians Practice

Waiving Patient Payments a Kind, but Problematic, Gesture

HHS’ Office of Inspector General (OIG) has long taken the position that routine waiver of patient responsible amounts can constitute a type of healthcare fraud. I recently discussed collection of copayments and coinsurance topic with Amanda Ward, president of Dallas’ business process outsourcing firm Best Receivables Management (BRM).

Martin Merritt: As early as 1994, the OIG published a Special Fraud Alert warning that routine waivers of copayments can constitute Medicare fraud. Why?

Amanda Ward: The OIG takes the position that a doctor who routinely waives Medicare copayments or deductibles is misstating the actual charge. The example cited in the alert states, if a doctor states that his charge for a visit is $100, but routinely waives the 20 percent copayment, the OIG feels the actual charge is $80. Medicare should be paying 80 percent of $80 (or $64), rather than 80 percent of $100 (or $80). As a result, the Medicare program is paying $16 more than it should for this item.

MM: Are private payers picking up on this as well?

AW: Insurance network contracts have long contained a provision that the physician will seek to collect the patient-responsible portion. As dollars become increasingly scarce, benefit managers or insurance auditors have begun to request evidence of attempts to collect coinsurance. More recently, manuals state that the physician must actually collect this payment. If the physician cannot provide proof, the insurance company may demand repayment of benefits or terminate the contract.  More troubling, the insurance company can pick and choose when to enforce this provision; often targeting physicians with the highest utilization rates.

MM: But a requirement that a physician can actually collect seems to run contrary to AMA Ethics Opinion 6.12 “Forgiveness or Waiver of Insurance Copayments”?; (which I’ve previously discussed). Do you agree?

AW: A March 2015 cover story in Money Magazine states that 39 percent of people earning $75,000 a year would not be able to cover a $1,000 unexpected expense from savings. It is frankly absurd to think that the average person can afford to pay the out-of-pocket annual limit, say $7,500 for an individual, or $15,000 per family, particularly where the illness occurs in December, and the new annual limit must be met beginning January of the next year.

MM: So what is your advice to physicians?

AW:  First, always read your network provider manual and check your state’s medical board rules. As AMA Opinion 6.12 states, it’s never a good idea to advertise that you waive copayments or are willing to accept what insurance will pay; writing off the rest. This can be considered insurance fraud or at least unfair competition. Advertising that you waive coinsurance may also violate your state board rules. Secondly, where an insurance plan goes too far, requiring actual collection of coinsurance, which is discussed in Opinion 6.12, this can act as a barrier to necessary care. This can be taken up with your state board of insurance.

In many cases, there simply is no clear rule. It is best to approach this with a common-sense plan which takes into account the various interests involved. While it is not possible to always actually collect the entire patient responsible amount, it is important that a physician make the attempt. At BRM, we take a sensible and compassionate approach. We contact patients to find out if they have the ability to pay some amount, and offer a payment plan. If they cannot, we document the attempt so that our physicians can demonstrate good faith. Sometimes, that makes all the difference.

The key is treating everyone with respect and that includes the insurance plan. We find insurance companies can be reasonable, if there is evidence that the physician’s office is attempting to respect the provisions of the insurance plan.

It is the failure to do anything, albeit with the best intentions, which can land physicians on the wrong side of a private payer audit or worse, on the wrong side of the OIG.

Read Article on Physicians Practice

Tax Court Rules on Physician-Hospital Employment Bonuses

Robert Lane, a CPA with the Dallas accounting firm of Lane Gorman Trubitt, PLLC, explains the U.S. Tax Court’s April 20, 2015, opinion on the tax treatment of relocation bonuses paid by hospitals to physicians and what happens if the physician does not remain for the entire length of the contract.

Lane is head of Lane Gorman Trubitt’s Healthcare Group, who has been in practice for more than 30 years. He is certified as a Personal Financial Specialist (PFS) by the American Institute of Public Accountants (AICPA) and holds a state of Texas CPA license. In addition, he holds both Texas and federal securities licenses.

Martin Merritt: What is the issue in Tax Court Summary Opinion 2015-31?

Robert Lane: Hospitals frequently guarantee payments to physicians in an underserved community as part of its efforts to recruit and retain physicians. Under the agreement, the physician isn’t required to repay … if he remains in the community. These are considered bona fide loans. The question is whether this is a forgiveness of debt for tax purposes?

MM: Can you summarize the tax rules relating to loans?

RL: Money received pursuant to a loan cannot be included in gross income at the time that it is lent because there is an obligation to repay it. However, if the obligation to repay is forgiven or canceled by the lender, gross income may arise.

In general, cancellation of debt (COD) produces income in an amount equal to the difference between the amount due on the obligation and the amount paid for the discharge. The rationale for this principle is that cancellation of indebtedness provides the debtor with an economic benefit … equivalent to income.

MM: So what happened in this case?

RL: Darrel Wyatt is a physician who moved to Putnam County, Florida — a medically underserved community — in 2006 after the local hospital recruited him to practice there. Wyatt and the hospital entered into a recruiting agreement (agreement) that provided, among other things, that he would practice medicine in Putnam County for a minimum of four years and that the hospital would provide certain assistance to help him establish his practice.

The hospital and Wyatt also entered into what was, in effect, an income guaranty with repayment forgiveness. A simultaneously executed addenda to the agreement provided that the hospital would advance Wyatt up to approximately $33,000 (the “guarantee amount”) per month for 12 months (the “guarantee period”).

During the guarantee period, Wyatt received $260,627 from the hospital pursuant to the agreement and addenda. Dr. Wyatt never left the area, so that amount was forgiven and cancelled over a 36-month period occurring from 2007 to 2010.

In the tax court, Wyatt argued that the amount he received from the hospital was a nonrecourse loan that he was not personally liable to repay, and therefore he didn’t receive income when the loan was forgiven.

The court concluded that the amount received by Wyatt from the hospital was a bona fide loan, the forgiveness or cancellation of debt of which gave rise to income.

The court stated that the absence of a promissory note isn’t dispositive as to personal liability, noting that if Wyatt failed to live up to his end of the agreement, the hospital could have sued him to recover the unpaid loan. Other rights that the hospital had under the agreement, including that it could ask Wyatt to grant it a perfected security interest under certain circumstances, were also inconsistent with his assertion that he wasn’t personally liable; and the fact that the hospital didn’t find it necessary to take these actions didn’t negate his liability.

In addition, the court noted that cancellation of indebtedness can potentially give rise to income even if a taxpayer isn’t personally liable for a debt.

MM: What should other physicians take away from this opinion?

RL: Physicians should recognize that any form of incentive, advance, loan, guarantee, or bonus structure can have tax consequences, especially if the repayment is forgiven. It is important, therefore, for physicians to consult with a CPA knowledgeable in the tax consequences involved in complex healthcare employment contracts and arrangements.

OIG Offers Overbilling, Kickback Guidance to Hospitals

HHS’ Office of Inspector General recently released a guide, thought to be the first-of-its-kind, for hospital governing boards on how to detect and avoid overbilling, kickbacks, and privacy breaches that can lead to civil and criminal punishment.

The guide is also unique in that it represents collaboration among the OIG, the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association. The guide states it is “intended to assist governing boards of health care organizations (boards) to responsibly carry out their compliance plan oversight obligations under applicable laws.”

The guide is important not only to physicians serving on hospital boards, but also could indicate greater OIG scrutiny of hospital board oversight of physician relationships and physician-owners of hospitals.

The OIG outlines several areas of guidance, including:

• Expectations for Board Oversight of Compliance Program Functions
• Roles and Relationships
• Reporting to the Board
• Identifying and Auditing Potential Risk Areas
• Encouraging Accountability and Compliance

The guide addresses several specific areas of concern, including upcoding, billing for medically unnecessary or nonexistent care, and disclosure of protected health information. The guide also notes the potential for newer healthcare delivery schemes which can create fraud liability, and advises boards to scrutinize referral and compensation arrangements with physicians for possible violations of the Stark Law and the Anti-Kickback Statute.

The guide ominously warns that ignorance of the law or facts is no excuse:
“A board must act in good faith in the exercise of its oversight responsibility for its organization, including making inquiries to ensure: (1) a corporate information and reporting system exists and (2) the reporting system is adequate to assure the Board that appropriate information relating to compliance with applicable laws will come to its attention timely and as a matter of course.”

Couched as “Practical Guidance,” the OIG states:
“‘The Guidelines’ offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program.”

In reality, the publication could be more of a “warning,” as legal liability usually follows “duty.”

And this guide appears to me to look to be a clear statement of expected duty.  The OIG cautions, for example, “[a]lthough compliance program design is not a ‘one size fits all’ issue, boards are expected to put forth a meaningful effort.”

The OIG may very well be signaling its intention to hold boards, or even individual board members, responsible for failure put forth “meaningful effort” to act in good faith to exercise oversight responsibility for hospital operations, contracts, relationships, and privacy. In other words, according to the OIG, the duty is not merely to avoid participating in illegal activity, but to investigate and discover violations of healthcare statutes and regulations.

On the other hand, many board members serve as a matter of public service, and do not expect remuneration or financial gain. If the OIG were to hold individual board members liable, the result would likely be a mass exodus of qualified, civic-minded members, on a scale similar to the savings and loan crisis of the 1980s. Hopefully, it will not come to that; time will tell.

Read Article on Physicians Practice

Texas Medical Board Unplugs Telemedicine for Some

“I am a doctor, and I play one on TV,” may replace the old slogan for Vicks 44, according to an April 15 press release from the Texas Medical Board entitled, “TMB Adopts Rules Expanding Telemedicine Opportunities.”

According to the Texas Medical Board, the rule represents “the best balance of convenience and safety by ensuring quality healthcare for the citizens of Texas. Essentially the only scenario prohibited in Texas is one in which a physician treats an unknown patient using telemedicine, without any objective diagnostic data, and no ability to follow up with the patient.”

Critics say the rule is specifically designed to devastate a growing number of businesses and entrepreneurs, whose business model competes with traditional brick-and-mortar doctors. One such company according to a report by the Dallas Business Journal, is freshbenies, a company that hawks health discount cards that include the ability to call a doctor 24/7 and get a prescription if needed via telephone without an in-person visit.

“It’s crazy that Texas would do this [ban telephonic prescribing] at a time when it’s growing so fast in other parts of the country,” freshbenies owner, Reid Rasmussen, told the publication.

The rules authorize the following types of telemedicine:

• Patients can interact with their physicians via telemedicine beyond the traditional office visit including receiving appropriate care from their homes, between multiple healthcare settings, and from other medical sites like a school nurse’s office, a fire station, or even an oil rig.

• Once a physician has made an initial diagnosis of a patient through a face-to face visit held either in person or via telemedicine, the physician can treat a patient for their preexisting condition, via telemedicine, for up to one year in their home. The presence of another medical provider to assist in communicating the patient’s diagnostic information to the physician is only required for the initial consultation.

• A physician can provide mental health services to a patient via telemedicine at the patient’s home, which can include a group or institutional setting where the patient is a resident. No other healthcare provider is required to be with the patient to present the patient’s symptoms to the physician unless there is a behavioral emergency.

The press release notes that the rules do not:

• limit a patient to an in-person visit to establish a physician-patient relationship before receiving treatment, the relationship can also be established via appropriate face-to-face telemedicine;

• change traditional on-call coverage used by many physicians’ offices (physicians, who are in the same medical specialty and provide reciprocal services, may provide on-call telemedicine medical services for each other’s active patients); or

• severely restrict the types of telemedicine scenarios authorized in Texas (the rules expand the scenarios already allowed to include greater access to treatment from a patient’s home and greater access to treatment for behavioral and mental health).

Dallas-based telemedicine provider Teledoc has been engaged in a long-running litigation battle with the Texas Medical Board after the board sent Teladoc a letter challenging its approximately 90 doctors’ ability to teleprescribe in Texas.

The board’s limits, well-meaning though it may be, could place it on the wrong side of history, which is often written by the larger financial interests. It is simply cheaper to treat patients by playing a doctor on TV, even if you’ve never seen that patient in-person before. But for now, the new rule stands.

CMS Self-Disclosure Protocol “Good Intent, Bad Process.”

When it comes to Medicare self-disclosure of potential wrongdoing, the two most important protocols to physicians are the Stark Law’s self-referral disclosure protocol (SRDP) and the more general provider self-disclosure protocol (SDP). The Stark Law self-disclosure webpage explains that beginning in 2010, when Congress enacted the Affordable Care Act, the HHS secretary, in cooperation with the HHS Office of the Inspector General (OIG), was mandated to establish a SRDP, “to facilitate the resolution of only matters that, in the disclosing party’s reasonable assessment, are actual or potential violations of the physician self-referral law.”

The OIG webpage explains the more general provider SDP, “[P]roviders who wish to voluntarily disclose self-discovered evidence of potential fraud to OIG may do so under the Provider Self-Disclosure Protocol (SDP). . . To start the disclosure process moving quickly, submit your disclosure electronically using the online submission button below.” Thus, CMS and the OIG websites declare these agencies stand ready, willing, and able to quickly discuss your self-disclosed evidence to quickly determine whether you have violated Stark Law or some other regulation.

Conceptually, the idea of voluntary self-disclosure, in exchange for lower penalties, is a solid one. Trouble is, it doesn’t work; for anyone. According to a 2013 OIG published a report on the SDP , here is how it works: “The SDP is available to facilitate the resolution of matters that, in the disclosing party’s reasonable assessment, potentially violate federal criminal, civil, or administrative laws for which [civil monetary penalties] are authorized.”

In “making a disclosure, a disclosing party must acknowledge that the conduct is a potential violation.In making a self-disclosure, [di]sclosing parties must explicitly identify the laws that were potentially violated and should not refer broadly to, for example, ‘federal laws, rules, and regulations’ or ‘the Social Security Act.'”

In reality, the OIG seems to find that disclosing physicians often avoid acknowledging that there is a potential violation and as a result, “are more likely to have unclear or incomplete submissions or unrealistic expectations about resolutions, which result in a lengthier review and resolution process.”

Further, the same 2013 OIG report reveals: “statements such as ‘the government may think there is a violation, but we disagree’ raise questions about whether the matter is appropriate for the SDP.” The OIG concludes, the “resulting back-and-forth over these issues can create unnecessary delays in reaching a resolution and may result in the disclosing party’s removal from the SDP.”

The delay is borne out by data. As of January 12, 2015, CMS has received 529 disclosures through the SDRP, 128 of which have been resolved through settlement or were otherwise closed. The OIG has proposed to Congress changes in the SDRP to limit disclosure protocol to cases of more clearly demonstrable fraud, which focus less upon common arrangements which might merely potentially involve a violation.

A fair read of the self-disclosure protocol’s short history reveals that while the concept might appear valid on paper, in actual experience, it is more trouble that it is worth. The OIG’s limited resources would be better spent on cases the OIG has identified as problematic, and less on merely potential violations which are self-reported by the most conscientious physicians.

Read Article on Physicians Practice

Texas AG Probes Physician Investment in Pharmacies

According to a lawsuit filed January 30 by Healthscripts of America in District Court in Austin, Texas Attorney General Ken Paxton issued Civil Investigative Demands (CIDs) to a number of Texas physicians who have invested in compounding pharmacies. The CIDs, according to the suit (In re Healthscripts Specialty Pharmacy, et al. Cause No. D-1-GN-15-000380), were issued in aid of the attorney general’s authority to investigate Deceptive Trade Practices Act (DTPA) violations, which came on the heels of news articles questioning the legality of physician ownership in compounding pharmacies.

Physician ownership in any ancillary services company is usually analyzed under the Texas Solicitation of Patients statute Tex. Occ. Code 102.001; a criminal statute which broadly forbids any licensed healthcare entity, including pharmacies, from knowingly paying remuneration in cash or in kind for the solicitation of patients.

The statue is not limited to Medicare and Medicaid, but applies equally to private insurance and cash payers. The statute contains a safe harbor protecting any practice authorized by the federal Anti-Kickback Statute (AKS). One of these, and the safe harbor at issue in the lawsuit, is the “Small Business Investment Safe Harbor,” 42 CFR 1001.952(a)(2) . The Small Business Investment Safe Harbor contains eight applicable standards which must be met by physician investors. These include several financial requirements (i.e., that no more than 40 percent of a pharmacy may be owned by persons in a position to make or influence referrals; no more than 40 percent of the pharmacies income be generated from physician investors; and the return on investment must be proportionate to the capital investment). Some of these requirements naturally will not be known (or even knowable) at the time of the investment.

Thus, in Texas, physician investment in compounding pharmacies is legal under the Solicitation of Patients statute, if done correctly. The statute expressly authorizes the attorney general to institute a civil action for injunction or civil monetary penalties, if the statute is violated. The DTPA, a consumer protection statute, authorizes CIDs if the Texas attorney general’s office believes a consumer protection provision may have been violated. While DTPA CIDs are common, it is very rare to see DTPA CIDs asking physician investors for financial records and any communications related to an investment covered by the Solicitation of Patients statute.

Healthscripts has not been accused of any wrongdoing at this time. The Healthscripts lawsuit seeks to set aside the CIDs, which ask individual physician investors to “produce all documents of your involvement and communications with Healthscripts” and “produce a copy of all documents showing the amount of remuneration of any kind paid to these prescribers who invested money … ”

Although the lawsuit at this time is confined to Healthscripts assertion of privilege against the disclosure of financial information sought by the attorney general in the CID, the case could have nationwide implications for physician investors in any form of ancillary service.

Most states have some form of laws against payment for healthcare referrals. Some are merely statements of medical ethical principles, others authorize private causes of action by whistleblowers. Absent involvement of a federal government program, like Medicare, investigations under these state statutes is usually quite rare. That is why the Texas case is so unusual: seldom does a state’s attorney general seek to investigate physician investments. It is most unusual for an attorney general to dig so deeply into what would appear to be the finer nuances of the safe harbor for physician investments.

Read Article on Physicians Practice

ABCs of Healthcare Corporate Compliance Programs

In 2010, the Affordable Care Act mandated compliance programs for Medicare and Medicaid providers. The reform law, which applies to all Medicare and Medicaid providers, requires the HHS secretary to promulgate “core elements” and set an effective date for compliance programs, presumably through rulemaking, but does not set a deadline for these actions.

Corporate compliance programs, in general, were developed in response to the Federal Sentencing Reform Act of 1984, which led to the development of U.S. Sentencing Guidelines. As a result of large corporate financial scandals in 2001 and 2002, the Sarbanes-Oxley Act, passed in 2002, required all publicly-traded companies to submit an annual report of the effectiveness of their internal accounting controls to the Securities and Exchange Commission beginning in 2004. The spirit of these corporate compliance programs was carried over into healthcare.

In 1997, the concept of voluntary healthcare corporate compliance was adopted by HHS’ Office of Inspector General (OIG). The OIG published “OIG Compliance Program for Individual and Small Group Physician Practices” (65 Fed. Reg. 59434-59552; Oct. 5, 2000).

Every federal agency has an OIG. The HHS OIG exclusively investigates cases of fraud, waste, or abuse involving government programs. However, OIG pronouncements become the standard by which best practices are judged for healthcare compliance programs. References to the OIG here are intended to denote best practices as dictated by the HHS OIG, and do not necessarily imply that the OIG has jurisdiction over non-government billing and coding.

The purpose of compliance programs is to assist providers and their agents and develop effective internal controls that promote adherence to applicable federal and state law, and the program requirements of federal, state, and private health plans. The adoption and implementation of voluntary compliance programs significantly advance the prevention of fraud, abuse, and waste in these healthcare plans while at the same time furthering the fundamental mission which is to provide quality care to patients.

Fundamentally, compliance efforts are designed to establish a culture within an organization that promotes prevention, detection and resolution of instances of conduct that do not conform to federal and state law, and federal, state, and private payer healthcare program requirements, as well as the provider’s ethical and business policies. In practice, the compliance program should effectively articulate and demonstrate the organization’s commitment to the compliance process. The existence of benchmarks that demonstrate implementation and achievements are essential to any effective compliance program.

According to the OIG, a Corporate Compliance Program should have seven elements:

1. Implement written compliance policies, procedures, and standards of conduct;

2. Designate a compliance officer and compliance committee, who will be responsible for monitoring compliance efforts and enforcing practice standards;

3. Conduct effective training and education on the compliance policies, procedures, and standards of conduct;

4. Develop effective lines of communication to facilitate communication with staff and allow anonymous reporting mechanisms;

5. Conduct internal monitoring and auditing by performing periodic self-audits;

6. Enforce standards for employees through well-publicized disciplinary guidelines; and

7. Respond promptly to detected offenses and develop corrective action plans.

HHS OIG has strongly advised healthcare providers to make compliance plans a priority now. Corporate compliance programs are now a mandatory condition of participation. Under nearly any potential scenario, other than a total repeal of Obamacare, it is nearly certain that mandatory requirements of compliance programs are here to stay.

Read Article on Physicians Practice

The HIPAA Threat Tied to Online Patient Behavior

Have you ever used the “check in” application on Facebook to tell friends of the latest trendy restaurant you visited? Psychologists say this behavior serves an important need in all of us. The “likes” provide much needed validation. According to a January 30 article in The Wall Street Journal, this same behavior serves an important need of cyber criminals.

The article, entitled “Even nameless data can reveal identity” warns, “Your shopping habits can expose who you are even when you are just one of a million nameless customers in a database of anonymous credit-card records.” A study conducted by the Massachusetts Institute of Technology analyzed anonymous credit card transactions by 1.1 million people. “Using a new analytic formula, they needed only four bits of secondary information — metadata such as location or timing — to identify the unique individual purchasing patterns of 90 percent of the people involved, even when the data were scrubbed of any names, account numbers or other obvious identifiers,” according to the article.

All the researches had to go on was the records of purchases over a period of three months by shoppers at 10,000 stores. The banks weren’t named, the country wasn’t named, and the shopper wasn’t named; transactions were time-stamped with day of purchase and linked to the stores.””

According to the report, “After isolating a purchasing pattern, researchers said, an analyst could find the name of the person in question by matching their activity against other publicly available information such as profiles on LinkedIn and Facebook, Twitter messages that contain time and location information, and social-media ‘check-in’ apps such as Foursquare.”

This should be doubling alarming for physicians and other medical practices. HIPAA, HITECH, and various state laws are enacted to protect some 18 different kinds of personal health information (PHI),”” including fingerprints, photographs, license plates and other seemingly nonsensical bits of information. The MIT study proves the definition of PHI may not be so nonsensical after all.

The article notes of the MIT research, “it is very, very, very difficult to remove any ability to identify people in these data sets, especially financial data,” according to a quote from Joseph Hall, chief technologist at the Center for Democracy & Technology, a nonprofit that studies privacy and data issues. “Data brokers who buy and collect very large quantities of information like this have the ability to take thousands of data points and pin those on individuals,” Hall said.

Experts also warn that stolen medical data is much more valuable than stolen credit card information. Medical identity theft is much harder to detect and correcting the problem takes a great deal longer.

The WSJ article reveals something CMS and HHS’ Office of Civil Rights, the agency responsible for administering HIPAA, have known all along: Patients are serving up massive amounts of personal data to criminals every time they pay a bill, use a credit card, and yes, when they “check in” on Facebook.

While it is probably too much to hope that patients would stop using Facebook to “check in,” you can protect yourself and your practice from liability under HIPAA and state laws modeled after HIPAA. If you have not already performed a HIPAA compliance audit and adopted compliance, now is the time. Once the patient’s data is out in cyberspace, it is too late.

New CMS Rule Cracks Down on Past Medicare Offenders

On Dec. 3, CMS issued a final rule giving the agency greater power to deny or revoke enrollment to providers, by scrutinizing employees and owners of providers, who may have a less than stellar history with the Medicare program. The government is also considering greater reliance on the IRS to assist with delinquent recoupment collections.

Among the highlights:

· Adding the ability to deny the enrollment of providers, suppliers, and owners affiliated with an entity that has unpaid Medicare debt. CMS says this will help prevent individuals and entities from being able to incur substantial debt to Medicare, leave the Medicare program, and then re-enroll as a new business to avoid repayment of the outstanding Medicare debt. CMS will only enroll otherwise eligible individuals or entities if they repay the debt or enter into a repayment plan.

· Adding the ability to deny the enrollment or revoke the billing privileges of a provider or supplier if a managing employee has been convicted of certain felony offenses. This provision ensures that CMS can block or remove bad actors from the Medicare program to protect beneficiaries and safeguard the Medicare trust funds.

· Permitting CMS to revoke billing privileges of providers and suppliers that have a pattern or practice of billing for services that do not meet Medicare requirements. This is intended to address providers and suppliers that regularly submit improper claims in such a way that it poses a risk to the Medicare program.

Meanwhile, The Hill reported recently that, “Twenty-five Republicans are asking the Supreme Court to take up another case against Obamacare, this time challenging a controversial medical board that the party has labeled ‘a death panel.'” The dust-up, this time, involves something called the Independent Payment Advisory Board (IPAB), which is charged with cutting Medicare spending if it exceeds a certain level.

Why are these two stories related? The new CMS rules and the IPAB issue perfectly describe the Medicare and Medicaid problem. Spend too much, then make the only rules anyone can actually agree on: Those which punish physicians and providers.

The idea behind IPAB is that we can’t afford to keep spending as if there were no tomorrow, but we can’t trust elected officials to ever say, “No, we can’t afford it.” IPAB was designed to make these hard “end-of-life vs. how much it costs” choices; makes perfect sense, even if the solution isn’t perfect.

Common fiscal sense, however, goes out the window, when politics are factored into the equation. The result is a government which spends way too much and won’ t make hard choices about cutting spending.

Instead, we continue to create a system in which it is possible for physicians and providers to rack up huge amounts in “Medicare debt,” and then must enter an agreement to work it off, or they cannot find work at all.

Maybe this new rule will only be targeted at the really bad apples; I am not so sure. I am starting to hear echoes of Tennessee Ernie Ford’s Dust Bowl song, “Sixteen Tons,” about company stores, and company debt, which can never be worked off.

Read Article on Physicians Practice