Tag: Health and Human Services (HHS)
Physician NPI Revocations
The US Department of Health and Human Services will close six of its 10 regional counsel offices in 2025, raising concerns about delays, due process and physician appeals of NPI revocations.
Why does this matter to doctors? First, and most obviously, many enforcement actions could be slowed to a crawl, which would at first blush, seem to be a good thing for doctors.
However, there is a second problem. Some actions, such as “revocations” of NPI numbers, can be performed administratively, without any legal due process whatsoever. When this happens, providers may receive a letter informing them that their NPI number has been suspended or revoked together with a statement of the provider’s “appeal” rights.
Although doctors must appeal immediately, an appeal cannot go forward without lawyers from the OGC to appear on behalf of HHS. What happens if there aren’t any?
I tried a case in 2021 with a fully staffed OGC. First, to the Department Appeals Board and then to an ALJ in Washington D.C. My client’s offense? “Failure to produce medical records.” HHS administratively revoked my client’s NPI for 10 years.
While the DAB lowered the revocation to 3 years, when we appealed to the ALJ, we didn’t get an answer for two more years, during which time, the doctor was not allowed to submit any claims to CMS. And this was with a fully staffed OGC. Can you imagine what will happen with 6 of 10 offices closed?
A physician could continue to see patients, during the appeal of a suspension or revocation, but ordinarily must hold the claims until his NPI number suspension is reversed. Which, as I noted, took me two years to push an appeal through, when the OGC was fully staffed.
I have no idea how anyone is going to get any relief, if no one can have a hearing. Meaning, “due process” no longer exists in NPI revocations.
Martin Merritt is a health lawyer and health care litigator at Martin Merritt PLLC, as well as past president of the Texas Health Lawyers Association and past chairman of the Dallas Bar Association Health Law Section. He can be reached at [email protected].
HIPAA Compliance is Not A Choice
|
The HHS Office for Civil Rights (OCR) just sent another clear message: HIPAA compliance isn’t optional no matter your practice size. The OCR has reached a resolution with Vision Upright MRI, a small California imaging provider, after a breach of unsecured protected health information (PHI) impacted 21,778 patients. The breach originated from an unsecured server that housed radiology images and lacked proper risk analysis, audit controls, and breach notification procedures. What happened:
As a result, the total settlement cost was a $5,000 fine plus 2 years of monitoring in addition to mandatory corrective actions including:
Why this matters to you:Whether you’re a solo provider or part of a large system, OCR expects every HIPAA-covered entity to:
|
FBI and HHS release Joint Cybersecurity Advisory
The Federal Bureau of Investigation (FBI) and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory (CSA) to share known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with a social engineering campaign. The campaign focuses on healthcare, public health entities, and providers, recognizing healthcare organizations as prime targets for hackers due to their large scale, reliance on technology, access to personal health information, and the significant consequences of disruptions in patient care.. ~Ann Ribeiro, Industrial Cyber News Editor
Physicians Can Delegate Breach Notifications to Change Healthcare
However, this delegation is only allowable if Change Healthcare or UHC are business associates of the covered entity. OCR made clear that the ultimate responsibility for ensuring such notifications occur remains with the covered entity, meaning physicians may still need to provide breach notifications under those circumstances.
New Option to Report Violations of the Emergency Medical Treatment and Labor Act
“Health and Human Services (HHS) is committed to protecting access to emergency medical care for everyone in America.”
“We will continue to uphold the law and the right to emergency care, to inform people of their rights under EMTALA, and to make it easier for someone denied care to file a complaint.”
For more information, please visit: https://www.cms.gov/priorities/your-patient-rights/emergency-room-rights.
UHC Responsible for Breach Notifications
The Health and Human Services (HHS) Department announced Friday (May 31, 2024), United HealthCare must take responsibility for informing people about privacy breaches resulting for the the Change Healthcare cyberattack.
UnitedHealth Group previously disclosed that the ransomware attack exposed personal information of a “substantial portion” of Americans.
That “substantial portion” turns out to be 1 in 3 Americans.
“OCR must affirm its position that the breach was perpetrated upon Change Healthcare, whose status as a healthcare clearinghouse makes them a covered entity under HIPAA and thus responsible for the breach of any [protected health information] which it processes or facilitates the processing of,”
Under HIPAA, UnitedHealth Group must provide affected individuals with descriptions of the incident, what data were compromised, how the company responded to the attack, how the company can be reached and what individuals can do to protect themselves.
Your Mac is Novitas Solutions
Today, HHS is announcing immediate steps that the Centers for Medicare & Medicaid Services (CMS) is taking to assist providers to continue to serve patients. CMS will continue to communicate with the health care community and assist, as appropriate. Providers should continue to work with all their payers for the latest updates on how to receive timely payments.
Medicare providers needing to change clearinghouses that they use for claims processing during these outages should contact their Medicare Administrative Contractor (MAC) to request a new electronic data interchange (EDI) enrollment for the switch. The MAC will provide instructions based on the specific request to expedite the new EDI enrollment. CMS has instructed the MACs to expedite this process and move all provider and facility requests into production and ready to bill claims quickly. CMS is strongly encouraging other payers, including state Medicaid and Children’s Health Insurance Program (CHIP) agencies and Medicaid and CHIP managed care plans, to waive or expedite solutions for this requirement
CMS has contacted all of the MACs to make sure they are prepared to accept paper claims from providers who need to file them. While we recognize that electronic billing is preferable for everyone, the MACs must accept paper submissions if a provider needs to file claims in that method.
Novitas Phone # (855) 252-8782. Have your PTAN and the last 5 of your TIN.
Change HealthCare!
Looking for answers? So is POET. We are looking for work-arounds. Hopefully we will have some up before closing today.
Substance Use Disorder Patient Records
HHS Finalizes Rule Changing Regulations
The Department of Health and Human Services (HHS) finalized a rule making changes to the regulations governing the Confidentiality of Substance Use Disorder (SUD) Patient Records under 42 CFR part 2 (Part 2). HHS aligned many Part 2 regulations with HIPAA in accordance with language from the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).
Changes included allowing a single consent for all future uses and disclosures of Part 2 records for treatment, payment, and operations; HIPAA covered entities and their business associates may redisclose records following HIPAA regulations under this consent. The rule aligned Part 2 penalties and breach notification requirements with HIPAA, and restricted the use of Part 2 records in certain civil or criminal proceedings against patients without their consent or a court order.
Medicare Advantage Audits
In response, the Texas Medical Association has developed free CME to help member physicians prepare for such audits.
Recent Comments