New Jersey HIPAA Health Law Lawyer & Attorney : Fox Rothschild LLP Law Firm : Serving Newark, Jersey City, Paterson, Princeton, Mercer County

In its May 28th Advisory Opinion, the Centers for Medicare & Medicaid Services (CMS) found that a hospital system's proposal to pay for customized software to facilitate communication between its electronic health record (EHR) system and EHR software used by physicians affiliated with the hospital would not constitute a prohibited compensation arrangement under the Stark Law.  CMS explained that since the software would be used solely to order or communicate results of tests and procedures furnished by the hospital, the arrangement would not be a prohibitive arrangement.  CMS also emphasized the relevance of the fact that the software could not be modified to perform an alternate function and could not be resold, transferred or assigned by an affiliated physician practice.  Since CMS found that the arrangement fell outside of the Stark Law's prohibition with respect to a "compensation arrangement," it did not address whether the arrangement complies with any of the physician self-referral exceptions, including the 2006 EHR Exception for arrangements involving donated EHR technology.

• Email This
• Print
• Comments
• Trackbacks

May 23 is the compliance date for the National Provider Identifier (NPI) to be used exclusively for electronic health care claims under HIPAA.  Providers who do not use their assigned NPI after this date may find health insurers starting to reject and return electronic claims.  Although millions of NPI numbers have been issued, it is unclear how may providers are in compliance.  As a result, the next several weeks-to-months are likely to be bumpy as providers begin to find that claims they believe are compliant are rejected.  Some commentators have predicted that if the industry experiences severe problems starting over the Memorial Day Weekend, CMS might relax the deadline.  Health Data Management noted, however, that providers that get too many claim rejections may resubmit the claims on paper. That will enable providers to get paid, but slow the process considerably and adversely affect cash flow.

• Email This
• Print
• Comments
• Trackbacks

Yesterday, the White House Office of the Press Secretary announced that President Bush signed the Genetic Information Nondiscrimination Act of 2008 ("GINA").  The intent of GINA is to protect individuals from employers and insurance companies denying employment, promotions or health coverage to people when genetic tests show they have a predisposition to cancer, heart disease, or other ailments.  But critics of the law are concerned that certain provisions are vague and may expose employers and insurers to frivolous lawsuits.  

The Genetic Information Nondiscrimination in Employment ("GINE") Coalition lobbied and prepared numerous letters to Congress to have certain provisions of GINA revised prior to enactment in order to protect employers' nondiscriminatory practices and legitimate collection and uses of genetic information.  According to Michael Eastman, executive director of labor law policy at the US Chamber of Commerce and a member of the GINE Coalition, the group remains concerned that GINA (1) will not preempt inconsistent state laws, (2)  will award “excessive” punitive and compensatory damages that will likely encourage “unmeritorious litigation," and (3) lacks exceptions to provisions barring the collection of genetic information.  

For a good review of the pros and cons of GINA, see an article published by GenomeWeb Daily News.  For a quick and dirty summary of  legal provisions of GINA, click and read on . . .

• Email This
• Print
• Comments
• Trackbacks

The National Alliance for Health Information Technology released its final Report to the Office of the National Coordinator for Health Information Technology (aka "ONC") today which, among other things, provides consensus definitions for the following six key health information technology terms:

• Electronic Medical Record (EMR)
• Electronic Health Record (EHR)
• Personal Health Record (PHR)
• Health Information Exchange (HIE)
• Health Information Organization (HIO)
• Regional Health Information Organization (RHIO)

The project which resulted in the Report was called "Defining Key Health Information Technology Terms" and was funded by ONC with the goal of addressing the need to clarify terminology used in health IT policy, regulation, contracts and other initiatives.  The Report, which also includes helpful explanations, guidance, statistics, and links to a number of other helpful resources, is an must-see for all individuals, groups or organizations engaging in HIE and/or looking to form an HIO or RHIO . . .  as such terms are defined in the Report, of course.

• Email This
• Print
• Comments
• Trackbacks

On May 13th, the Office of the Governor announced several direct appointments to the New Jersey Health Information Technology (NJ-HIT) Commission, and I am extremely pleased to pass along that I have been appointed to the attorney seat on the Commission.  I look forward to bringing my experience and enthusiasm to the table, and contributing to the success of the Commission's goals.

The NJ-HIT Commission was created by the New Jersey Health Information Technology Promotion Act, and its members, with the assistance of the Department of Banking and Insurance, are charged with developing, implementing and overseeing the establishment and creation of a state-wide health information technology plan utilizing electronic medical records.  Among other things, the Commission will be looking to the national standards for the State's HIT system for security, privacy, data content, format, vocabulary and information transfer standards.

The Commission will ultimately include over 19 members of the public, including representatives from professional health care organizations from across the State.

In 1994, Thomas Edison State College released a health care information networks and technology study that showed that New Jersey could save as much as $760 million by migrating from paper-based systems to an electronic network.

• Email This
• Print
• Comments
• Trackbacks

Last week, the Office for Civil Rights (OCR) added a new data section on its Compliance and Enforcement Web Site.  The new section can be viewed at www.hhs.gov/ocr/privacy/enforcement/data.html.  The public can now access enhanced information about several aspects of OCR's enforcement program, including:

• Charts showing state-specific case investigation results;
• Calendar-year enforcement-results graphs and charts;
• Calendar-year graph showing complaint receipts; and
• Yearly variation in the issues in cases resolved through corrective action.

Below is a chart posted on OCR's new data section illustrating enforcement results for New Jersey:

 Another interesting chart lists the top five types of complaints for each of the last 5 years.  It is worth noting that between 2003-2007, the top 4 types of complaints were exactly the same, in the following order: 

• #1 - Impermissible Uses and Disclosures
• #2 - Safeguards
• #3 - Access
• #4 - Minimum Necessary

The last spot has changed from 2003 through 2007, with last year's number 5 spot being taken by "Notice" issues.

• Email This
• Print
• Comments
• Trackbacks

On May 8th, 2008, John C. Richter, United States Attorney for the Western District of Oklahoma, announced in a press release that a 30-year old Oklahoma City woman who pled guilty to violating HIPAA may face up 10 years in prison and a fine of up to $250,000!  

As part of her plea, the woman admitted that in the summer of 2007, while she was employed by a counseling center in Oklahoma City, she knowingly allowed two individuals to take patient files from her place of employment which contained individually identifiable health information with the intent to obtain personal gain.  The press release provides more details of the circumstances of the case.

U.S. Attorney John C. Richter states in his Department of Justice press release:                  

“This case illustrates how easily an illegal disclosure of patient files can be used by others to commit identity theft causing financial trauma to many victims.”

A sentencing hearing is supposed to be set in approximately 90 days.

• Email This
• Print
• Comments
• Trackbacks

The Centers for Medicare & Medicaid Services (CMS) announced in a Press Release dated May 7, 2008 its new pilot test project in South Carolina that will use an on-line tool called a Personal Health Record (PHR) to give Medicare beneficiaries the ability to collect and then access information about their health or health care services, and collect information about their health.   CMS states that it is ensuring that strict privacy and security safeguards are in place to protect all beneficiary data.    

The CMS Press Release explains that one feature of the test pilot PHR allows individuals to look up information specific to their own personal health status and health conditions.  The PHR tool used in the pilot also provides convenient links to carefully selected Web sites with educational material on health topics.  This makes it easier for the beneficiary or other authorized users to do research that will help them understand their health issues and better manage their own care.  The beneficiary also will control who is able to see the information in the PHR, and will decide whether and with whom the information can be shared – from health care providers to caregivers and family members.  

The pilot, which began on April 4, 2008, is expected to run for 12 months and CMS will use information gathered from the pilot to determine future steps with respect to PHRs. 

• Email This
• Print
• Comments
• Trackbacks