CMS Releases CY 2018 OPPS and ASC Payment System Final Rules Slashing Reimbursement for the 340B Program

by Paul L. Croce

On November 1, 2017 the Centers for Medicare and Medicaid Services (CMS) issued its final rule updating payment rates and policy changes for the Hospital Outpatient Prospective Payment System and Ambulatory Surgical Center Payment System.

The most controversial aspect of the Rule is the significant reductions to reimbursement for drugs purchased through the 340B program. The final Rule reduces reimbursement for such drugs from the Average Sale Price (ASP) plus 6% to ASP minus 22.5%.  CMS indicated that it selected this reimbursement rate based on an analysis previously performed by the Medicare Payment Advisory Commission (MedPAC).  However, this reduction greatly exceeds that suggested by MedPAC who when commenting on the proposed Rule recommended a reduction of only 10% of the ASP.  Thus, it is unclear exactly what CMS ultimately relied upon to determine the appropriateness of the ASP minus 22.5% rate.

These reductions exclude certain facilities including Rural Sole Community Hospitals, Children’s’ Hospitals and PPS-Exempt Cancer Hospitals. The Rule also does not apply to Critical Access Hospitals and non-excepted provider based sites under Section 603 of the Bipartisan Budget Act.  Each of these facilities will continue to be paid at the prior rate of ASP plus 6%.

CMS anticipates this policy will result in a decrease of $1.6 billion in drug payments which will be redistributed to non-drug items and services throughout the OPPS to maintain budget neutrality. CMS indicates that overall OPPS payments will increase in 2018 by 1.4%.  Nevertheless, 340B facilities will see significant decreases in drug reimbursement in CY 2018.

Unsurprisingly, the reductions in 340B reimbursement have been met with great criticism from the impacted parties. Indeed, within two weeks of the issuance of the final rule several hospital associations and hospitals filed suit seeking to enjoin the implementation of this provision in the CY 2018 OPPS Rule.  The government has moved to dismiss and a hearing on the matter is scheduled for December 21, 2017.

While the reduction in 340B payments is the most significant change in the final Rule, there are several other aspects of the Rule worth commenting on:

  • The Rule increases OPPS payment rates by 1.35% and ASC payment rates by 1.2%.
  • The Rule removes Total Knee Arthroplasty from the Medicare inpatient only list, thereby allowing reimbursement for such procedures performed on an outpatient basis.
  • The Rule also establishes a new modifier, “FY” to be used to identify X-rays taken using computed radiography technology. Claims submitted with this modifier will be subject to phased-in payment reductions of 7% for services provided in CY 2018 through CY 2022 and 10% for services provided in or after CY 2023.
  • The Rule will also allow laboratories to bill Medicare directly for molecular pathology tests and advanced diagnostic laboratory tests in order to reduce concerns that the current date of service policy known as the “14 Day Rule” creates operational burdens for hospitals and laboratories.

Absent the Court issuing a preliminary injunction in the previously mentioned lawsuit, each of these rule changes will become effective January 1, 2018.

Overlapping Regulations for Confidentiality Regarding Substance Abuse Treatment

by John Zen Jackson

Our starting point is that privacy and confidentiality are important in any type of treatment but in connection with substance abuse and addiction treatment, there is a need for some enhanced protections. The United States Court of Appeals for the First Circuit has stated that “[t]he express purpose” of federal initiatives in this area was “to encourage patients to seek treatment for substance abuse without fear that by so doing their privacy will be compromised.” United States v. Cresta, 825 F.2d 538, 551-52 (1st Cir. 1987).  The collateral stigmas for an individual and the family are of such great concern that they can be obstacles to even seeking treatment. Reputations are at risk for having the disease and jobs or work opportunities may be jeopardized. Family members will be embarrassed. Federal regulations involving the HIPAA Privacy Rule and special provisions for substance abuse treatment programs recognize these concerns. While there have been efforts to align these two regulatory systems, it is important to recognize that these regulations intersect, overlap, and sometime supersede each other. In addition, state licensing or regulatory provisions may have stricter requirements or may, as in New Jersey (N.J.A.C. 10:161B-3.6(b)(5)), incorporate the Federal standards.

HIPAA is the first body of regulations concerning medical privacy that comes to mind for most persons. But historically speaking, it is not. The Health Insurance Portability and Accountability Act (HIPAA), 42 USC §1320d, enacted in 1996 directed the Secretary of Health and Human Services and the Attorney General to develop guidelines that “appropriately protect the confidentiality of the information and the privacy of individuals receiving health care services.”  This eventually led to the release of the Privacy Rule in 2002 with an April 13, 2003 effective date and codification at 45 CFR Parts 160 and 164. In contrast, the restrictions on disclosures concerning substance abuse treatment have their origins in the 1970 Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act and the 1972 Drug Abuse and Prevention, Treatment and Rehabilitation Act with implementing regulations issued by the then Department of Health, Education and Welfare in 1975 with various revisions and supplements. The pertinent statute is 42 USC §290dd-2 with regulations now codified at 42 CFR Part 2.

As with the HIPAA regulations, there have been some recent amendments to the 42 CFR Part 2 regulations. 82 Fed.Reg. 6052 (Jan. 18, 2017). The most recent update was to go into effect as of February 17, 2017 but was delayed to March 21, 2017 by virtue of the 60-day regulatory freeze issued by the Trump Administration on January 20. The amendments were intended to make the Part 2 regulations more consistent with HIPAA. Differences persist with the potential for resulting confusion.

Here is one starkly clear reality: violation of the substance abuse treatment restrictions is a federal crime with a fine to be imposed pursuant to Title 18 of the United States Code.  42 USC §290dd-2(f). While both sets of regulations cover similar material, there are points of difference. But a reasonably valid heuristic in choosing between HIPAA and Part 2, with a slight refinement, is: Whichever standard is stricter — usually 42 CFR Part 2 — and provides the greater privacy protection should be applied.

Here is the refinement to that problem-solving heuristic. While HIPAA covers the health care industry broadly, the provisions of 42 CFR Part 2 only apply to “federally assisted” drug and alcohol “programs.” These are defined terms in 42 CFR 2.11. Thus, the records of a primary care physician who is not held out as providing alcohol or drug abuse treatment is not covered. The special confidentiality provisions would not apply to a hospital except to an identified unit that has a “primary function” of providing substance abuse diagnosis, treatment or referral. Similarly, the rules would not apply to an emergency room. See generally Center for Legal Advocacy v. Earnest, 320 F.3d 1107 (10th Cir. 2003); United States v. Zamora, 408 F.Supp.2d 295 (S.D. Tex. 2006). The applicability of Part 2 requires not only a “program” as defined in the regulation but also that the program be “federally assisted.” Federal funding is, of course, endemic in health care and the definition in 42 CFR 2.12(b) is consistent with that reality but being “federally assisted” must be confirmed.

The basic HIPAA rule of thumb is that except in connection with disclosures to the individual whose health information is at issue or to HHS or its Office of Civil Rights enforcement arm, a covered entity should not make any use or disclosure without a patient’s authorization unless permitted by the Privacy Rule. However, in addition to the broad approval for use or disclosure for treatment, payment or operations (TPO) without patient authorization, there are quite a few permissive disclosures without patient authorization set forth in 45 CFR 164.512 including such circumstances as public health activities and oversight, judicial and administrative proceedings, law enforcement purposes, and reporting crimes. The Part 2 regulations on the other hand are much stricter and more limited than what is allowed under HIPAA. Disclosures without a patient’s consent are allowed in the following circumstances:

  • Communications among program personnel
  • Communications between a program and a Qualified Service Organization
  • Crimes on program premises or against program personnel but without an exception for the duty to warn others unless the threatened violence is against program personnel.
  • Reports of suspected child abuse and neglect limited to making the initial report with any disclosure for subsequent investigation not permitted in the absence of a court order or signed authorization.
  • Medical emergencies involving an immediate threat to the health of the patient requiring immediate medical intervention.
  • Scientific research
  • Audits and evaluation activities
  • Court order, which must comply with special requirements set forth in the regulations.

Moreover, in the absence of consent or the special court order, the regulations in 42 CFR  2.13(c) prohibit a substance abuse treatment facility from even acknowledging that a particular individual is a patient.

Another instance of a stricter standard in Part 2 can be found in connection with a consented-to disclosure. 42 CFR 2.31 requires written voluntary consent. A verbal consent is inadequate. The consent document must contain ten elements specified in the regulation. Furthermore, under the provisions of the HIPAA Privacy Rule found at 45 CFR 164.508(c)(2) information that is disclosed pursuant to an authorization has the potential for being re-disclosed and no longer subject to HIPAA privacy protection. In contrast, an authorized disclosure under Part 2 must be accompanied by an explicit statement that further disclosure of information that identifies a patient as having or being treated for a substance use disorder is prohibited. 42 CFR 2.32(a).

HIPAA covers “protected health information” (PHI) and “individually identifiable health information” (IIHI). The Part 2 regulations speak in terms of “records” which term is defined in 42 CFR 2.11 as “any information” whether recorded or not, created by, received, or acquired by a Part 2 program relating to a patient whether involving diagnosis, treatment, referral for treatment, billing, emails, voice mails, and texts. For the purpose of the regulations “records” include both paper and electronic records.

Both HIPAA and Part 2 address disclosures in connection with judicial proceedings and various law enforcement activities. Although there are few judicial decisions concerning 42 CFR Part 2, there is a lucid and helpful discussion by the Connecticut Superior Court in Briggs v. Winter, 2014 Conn. Super. LEXIS 1292, 2014 WL 2922643, of these “two discrete but complementary federal statutory schemes” in the civil context. The HIPAA approaches of “satisfactory assurances” concerning civil subpoenas and the effectiveness of grand jury subpoenas without a court order are inadequate for substance abuse records. The statutory standard found in 42 USC §290dd-2 requires a showing of “good cause.” The Part 2 regulations more specifically set forth separate requirements for what constitutes “good cause” as to the court orders to be issued in connection with disclosures for noncriminal purposes such as civil law suits and those for criminal investigations and prosecutions of patients as well as for investigations or prosecutions of Part 2 programs or employees including the use of undercover agents. Under 42 CFR 2.64, the criteria for entry of an order authorizing disclosure for a noncriminal matter require a finding of “good cause” with determinations (1) that other ways of obtaining the information are not available or would not be effective and (2) that the public interest and need for the disclosure outweigh the potential injury to the patient, the physician-patient relationship and the treatment services. In connection with disclosures for criminal matters, the criteria in 42 CFR 2.65 are more extensive and “all” must be met. The threshold is that the crime involved is extremely serious, such as one which causes or directly threatens loss of life or serious bodily injury including homicide, rape, kidnapping, armed robbery, assault with a deadly weapon, and child abuse and neglect. Next, there must be a reasonable likelihood that the records will disclose information of substantial value in the investigation or prosecution along with a demonstration that other ways of obtaining the information are not available or would not be effective. As part of the evaluation, the court must determine that the potential injury to the patient, to the physician-patient relationship and to the ability of the Part 2 program to provide services to other patients is outweighed by the public interest and the need for the disclosure. Lastly, if the applicant is a law enforcement agency or official, the person holding the records has been afforded the opportunity to be represented by independent counsel; and any person holding the records which is an entity within federal, state, or local government has in fact been represented by counsel independent of the applicant.

In connection with any contemplated disclosure, there are several questions to be posed which include at least the following. Can or should patient authorization be obtained? Is there an exception for disclosure without patient authorization? Is the recipient to whom the disclosure is to be made pursuant to an exception authorized under the regulations to receive the information?

American society has long placed significant value on a private sphere protected from intrusion. In addition, bioethical principles of nonmalefience — the doing of no harm — and respect for persons call for safeguarding personal privacy and placing importance on individual autonomy. In follow-up at another time or in another place, musings on whether or not privacy and confidentiality really exist in this era might be appropriate.

CMS Issues The 2018 MACRA Quality Payment Program Final Rule

by Glenn P. Prives

The Centers for Medicare and Medicaid Services (“CMS”) recently published the 2018 Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”) Quality Payment Program (“QPP”) final rule.  CMS maintained that it is listening to feedback and concerns from providers and that what it has heard is reflected in many of the provisions of the rule.

Among the many changes in the final rule are the following:

  • For 2018, CMS will exempt providers and groups with less than $90,000 in Medicare Part B allowed charges or that care for less than 200 Medicare Part B patients. These providers would be exempt from participating in the QPP altogether.
  • Small practices (those with fifteen or fewer practitioners) can earn five additional points to their Merit-Based Incentive Payment System final score if they submit data on at least one performance category. Further, CMS will award providers up to five bonus points if their patient population is deemed particularly complex, as measured by a combination of Hierarchical Conditions Category risk scores and the number of dually eligible patients treated.
  • Providers are allowed to continue using 2014 Edition Certified Electronic Health Record Technology (“CEHRT”), rather than upgrading to 2015 Edition technology, to report the Advancing Care Information (“ACI”) transition measures.  Providers that exclusively use 2015 CEHRT to report the ACI objectives and measures (the Stage 3 equivalent measure set) could be eligible for a ten percent bonus score.
  • The reporting period for quality performance, which was ninety days during 2017, which was the transition year, is now the full calendar year.
  • Solo practitioners and small practices can form a virtual group without specialty or location limitations to participate in MIPS.  While it was previously known that virtual groups would be an option, more detail on how those groups can be formed and can apply for treatment as virtual groups is now available.
  • CMS will implement a MIPS measurement option that allows hospital-based clinicians to use their hospital’s value-based purchasing results for the MIPS cost and quality categories.  However, this option will not be available until calendar year 2019.
  • Providers will be assessed on cost measures for 2018.  This was originally a 2019 requirement under the proposed rule.  The cost category will be weighted at ten percent of the MIPS final score in 2018 and will increase to thirty percent in 2019.

The 2018 final rule is emblematic of CMS’ continued approach to tinker with MACRA’s obligations and burdens on providers of all sizes.  From the beginning, it has been clear that MACRA would be a work in progress that would evolve, especially in the early years.  Thus, it is important that providers continue to pay attention to additional MACRA-related rules to ensure that they are current on the latest requirements, especially those that may be beneficial.

Trump Provides Leeway to Employers to Withhold Birth Control Coverage

by Brooks Evan Doyne

On October 6, 2017 President Donald Trump signed an executive order calculated to provide employers more opportunities in denying coverage concerning contraceptives. Under the Affordable Care Act (“ACA”), most health plans are required to cover all methods of birth control approved by the Food and Drug Administration without charging women for them. Although religious employers and some private employers with strong religious objections are exempt, very few met the requirements and had to provide the contraception.

President Trump’s executive order officially opens the door for many companies or nonprofit organizations with religious or moral objection to contraception to stop offering it. The move has been long anticipated given the fact that President Trump issued an executive order on “religious liberty” in May 2017. Over 55 million US women have birth control coverage with zero out-of-pocket costs, according to the National Women’s Law Center. Moreover, according to the center, Obamacare saved women an estimated $1.4 billion on birth control pills alone in 2013. To further efforts against the executive order experts have relied on the fact that many women use contraception methods for more than pregnancy prevention. On the other side, Health and Human Services officials claim the new rule would have no impact on “99.9% of women” in the United States. The agency calculated that at most, 120,000 women would be affected: mainly those who work at the roughly 200 entities that have been involved in 50 or so lawsuits over birth control coverage.

Notwithstanding what the early headlines may have inferred, the executive order does not eliminate the ACA’s contraceptive coverage guarantee. This issue is the unknown factor of how many individuals will lose coverage because an employer will claim a religious or moral exemption. A 2015 study from the Henry J. Kaiser Family Foundation estimated that 3% of all nonprofits and 10% of the largest nonprofits have been using the accommodation. There are more than 1.4 million nonprofits in the United States and thousands consist of hospitals, long-term care facilities, schools, and charities—are affiliated with the Catholic church, the hierarchy of which objects to contraception.

Time will tell whether these religious based nonprofits will continue to use the accommodation or whether they will instead actively deny contraceptive coverage to all of those employees, dependents, and students.

How Telemedicine May Change the Landscape of Health Care In New Jersey

by Megan R. George

Technological advances such as EMR, remote patient monitoring, and the use of tablet based patient registration have revolutionized the health care industry. Today, a patient can use an app on their phone to schedule an appointment, obtain their medical records, and locate physicians in the area. It is no surprise that over the past five years, telemedicine has become a popular form of treatment for physicians and patients. New Jersey recently unanimously passed legislation that establishes the requirements for the practice of telemedicine in the state of New Jersey. The passage of this legislation signals the importance of telemedicine to the state of New Jersey and the health care field.

The New Jersey bill defines key terms as follows: “health care provider” as an individual who provides a health care service to a patient, which includes, but is not limited to, a licensed physician, nurse, nurse practitioner, psychologist, psychiatrist, psychoanalyst, clinical social worker, physician assistant, professional counselor, respiratory therapist, speech pathologist, audiologist, optometrist, or any other health care professional acting within the scope of a valid license or certification issued pursuant to Title 45 of the New Jersey Statutes; and “Telemedicine” as the delivery of a health care service using electronic communications, information technology, or other electronic or technological means to bridge the gap between a health care provider who is located at a distant site and a patient who is located at an originating site. The term telemedicine, as explained in the bill, does not include “the use, in isolation, of audio-only telephone conversation, electronic mail, instant messaging, phone text, or facsimile transmission.”

The New Jersey legislation sets standards that those providing telemedicine services must follow. Prior to engaging in telemedicine, a provider-patient relationship must be established. The provider must (i) properly identify the patient using, at a minimum, the patient’s name, date of birth, phone number, and address; (ii) disclose and validate the provider’s identity and credentials, such as the provider’s license, title, and, if applicable, specialty and board certifications; (iii) review the patient’s medical history and any available medical records before initiating the telemedicine consult; and (iv) determine whether or not he/she will be able to meet the same standard of care as if the services were provided in person. When necessary, the provider also must refer the patient to appropriate follow up care, including making appropriate referrals for emergency care, if needed.

The newly passed law allows telemedicine to be covered under New Jersey Medicaid and commercial health insurance plans. As currently written, the law does not go as far as to require that the reimbursement rates for telemedicine be equal to the reimbursement rates that would be paid if the service was provided in-person. The language of the bill reads, “The State Medicaid and NJ FamilyCare programs shall provide coverage and payment for health care services delivered to a benefits recipient through telemedicine or telehealth, on the same basis as, and at a provider reimbursement rate that does not exceed the provider reimbursement rate that is applicable, when the services are delivered through in-person contact and consultation in New Jersey.” The language for commercial plans reads the same regarding parity of payments for telemedicine. As expected, the law sets the in-person reimbursement rate as the maximum reimbursement for telemedicine services. The law allows reimbursement to be paid to either the provider or the facility/organization with whom the provider is associated with, depending on the appropriate billing practices.

The emergence and acceptance of telemedicine as a viable option in the health care setting is extremely beneficial to patients who find themselves within the service area of a community hospital. Many community hospitals do not offer the array of service lines that large facilities offer. In situations where time is of the essence, telemedicine saves lives. One example of telemedicine at work in the community hospital setting is with pediatrics. Prior to telemedicine, when a child was brought into an emergency department without pediatric capabilities, the hospital and the patient’s family was faced with quickly transporting the patient to a facility with pediatric capabilities. Often, had the hospital had the ability to diagnose the patient, the transport would not have had to occur. Telemedicine allows the hospital to connect with a pediatric physician at another facility for a quick and accurate diagnosis. It must be noted that once a diagnosis is made, the patient may still require transportation, but the transportation is now only made in situations where it is medically necessary. For other situations, a physician, via telemedicine, can diagnose and prescribe treatment options that can be carried out in the community hospital or through prescription medicines, eliminating the stress and cost of transportation for the patient and the patient’s family.

Teleneurology, another important use of telemedicine, makes prompt neurological care available to patients in even the most remote locations—an important consideration since, with the treatment of stroke symptoms, every second counts. Teleneurology allows a patient, presenting to a hospital without a neurologist on-site, to have his or her symptoms observed by a physician via tele-conference for diagnosis purposes. The diagnosing physician can observe and converse with the patient and obtain close images of the patient’s eyes to determine if the patient is expecting or has experienced a stroke. Ischemic strokes, which are most commonly treated by giving the patient an injection of tissue plasminogen activator (“tPA”). tPA is used to dissolve the blood clot to improve blood flow to the part of the brain being deprived of blood. tPA, while highly effective, must be administered within three hours of the patient experiencing a stroke. Subtracting the time that it takes for a patient to arrive at a hospital for treatment, the patient may now have less than two hours to be given lifesaving medication. Given this shorter timeframe, it is essential for a hospital to quickly and accurately diagnose stroke symptoms. The use of teleneurology gives the patient the best possible chance of receiving a quick diagnosis and obtaining tPA within the three hour timeframe.

Telemedicine can also be utilized in hospitals to facilitate patient discharge. Often, a patient is ready to be discharged, but continues to wait at the hospital until his or her physician can physically discharge the patient from the hospital. For physicians with robust offsite practices, this step may not be immediate. A patient waiting to be discharged can cause patient flow and capacity issues for the hospital and can cause frustration for the patient and their family, ultimately leading to low patient satisfaction scores for the hospital. Allowing a physician to evaluate the patient via telemedicine would alleviate some of these issues. The physician could have a face to face discussion with the patient, asking the necessary questions prior to discharge, while not having to leave his or her office.

As technology advances and health care becomes more reliant on technology, the uses of telemedicine will continue to grow. Telemedicine will become engrained in the culture of providing top level care to patients, regardless of geographical location. Providers seeking to utilize this technology to implement this new means of delivering medical services must be sensitive to the current laws regulating this area and the fact that this area is continually evolving and developing, especially in New Jersey where the law is brand new.

New Jersey Proposes Enhanced Limitations on Payments From Pharmaceutical Companies to Health Care Providers

by Glenn P. Prives

The New Jersey Division of Consumer Affairs recently proposed enhanced limitations on payments from pharmaceutical companies to health care providers.  Those licensees affected by the proposed rules are the following:  physicians, podiatrists, physician assistants, advanced practice nurses, dentists and optometrists.

With limited exceptions, providers would not be able to accept any of the following from pharmaceutical manufacturers or their agents:

  • gifts
  • payments
  • stock
  • stock options
  • grants
  • scholarships
  • subsidies
  • charitable contributions
  • entertainment or recreational items, such as tickets to theater or sporting events, or leisure or vacation trips
  • meals
  • any item of value that does not advance disease or treatment education, including:
  • pens, note pads, clipboards, mugs or other items with a company or product logo
  • items intended for the personal benefit of the prescriber or staff, such as floral arrangements, sporting equipment, artwork, or items that may have utility in both the professional and non-professional setting, such as electronic devices
  • any payment in cash or cash equivalent, such as a gift certificate
  • any payment or direct subsidy to a non-faculty prescriber to support attendance at, or as remuneration for time spent attending, or for the costs of travel, lodging, or other personal expenses associated with attending any continuing education event or a promotional activity

There are some exceptions to the proposed limitations:

  • items designed for educational purposes for patients
  • a manufacturer subsidized registration fee at a continuing education event if that fee is available to all event participants
  • modest meals provided through the event organizer at a continuing education event, provided the meals facilitate the educational program to maximize prescriber learning and are capped at the fair market value of $15.00 per prescriber
  • modest meals provided to non-faculty prescribers through promotional activities no more than four times in a calendar year from the same manufacturer, each of which is capped at the fair market value of $15.00 per prescriber
  • fair market value compensation for providing bona fide services as a speaker or faculty organizer or academic program consultant for a continuing education event (subject to disclosure to attendees), plus reasonable payment and remuneration for travel, lodging, and other personal expenses associated with such services and continuing education credit if permitted by the licensee’s licensing board
  • fair market value compensation (capped at $10,000 per year from all pharmaceutical manufacturers) for providing bona fide services as a speaker or faculty organizer or academic program consultant for a promotional activity (subject to disclosure to attendees), plus reasonable payment or remuneration for travel, lodging, and other personal expenses associated with such services, but no continuing education credit
  • fair market value compensation for participation on advisory bodies or under consulting arrangements, but subject to the aforementioned $10,000 per year cap (together with payments for services for a promotional activity)

A provider can still receive samples from manufacturers, provided that the licensee does not charge patients for the samples and dispenses samples in accordance with the licensee’s licensing board.

The New Jersey Board of Medical Examiners, Board of Dentistry and Board of Optometry already have regulations that govern the relationships between their respective licensees and pharmaceutical companies, but the proposed regulations will both clarify and strengthen the existing rules.

While restrictions on payments to providers exist in other states, New Jersey’s proposed rules appear to be particularly stringent.  Pharmaceutical companies will need to carefully review their policies on all interactions with providers and, if the rules are passed, revise them accordingly as well as educate and monitor their employees and contractors for compliance.  Providers will also need to carefully track their relationships with pharmaceutical companies.  The regulations, if passed, will burden both parties.

Beware CMS’ Ability to Preemptively Suspend or Revoke a Provider’s License

by John W. Kaveney

Most providers primarily worry about the financial impact of fraud and abuse and other compliance issues. However, as occurred recently in Dallas Texas, federal and state agencies can also come for a provider’s license either via a limitation, suspension or revocation causing far greater long-term and permanent damage to the institution. And, what is most troubling, is that the authority to take such action does not necessarily require the right of the provider to receive a hearing or even an opportunity to refute the allegations.

On August 18th a Dallas laboratory filed suit against federal and state officials and agencies seeking to temporarily restrain them from suspending or revoking the company’s federal laboratory licenses. This lawsuit was prompted as a result of federal inspectors allegedly finding regulatory violations in the way the laboratory operated and conducted business. It is believed that the federal and state investigations came as a result of a lawsuit filed by the private insurer, UnitedHealthcare, against the laboratory. In that lawsuit UnitedHealthcare claims that there were bribes and kickbacks to doctors and other providers during a five year period for overpriced and unnecessary drug and genetic tests.

According to a letter sent on May 10th from CMS to the laboratory’s officials, there were “systemic and pervasive problems throughout the laboratory which [] led to the findings of immediate jeopardy.” A finding of immediate jeopardy provides CMS with the authority under federal law to suspend, limit or even revoke a laboratory’s license to operate arguably without any right to a hearing or opportunity for the laboratory to refute the allegations.

These events demonstrate the broad authority held by CMS to pull licenses if it is believed that the ongoing actions are likely to cause patients injury, harm, impairment or death. This further underscores the critical importance of maintaining an effective compliance program and having proper protocols in place to perform internal audits/investigations and to respond to and remediate any outside audits/investigations. Furthermore, this laboratory is just the latest example of situations where claims and disputes with a private payer can quickly pivot to investigations and claims by the federal or state governments. Providers must be diligent in addressing the allegations of private payers and always be mindful of how those allegations may impact on federal or state health care programs. Failing to do so can place a provider in a detrimental position. And, for most providers, having their licenses suspended or revoked, even if just for the period of time the investigation is occurring, can be catastrophic to their business.

The Senate Continues to Shape Its Version of A Health Care Insurance Bill

by Megan R. George

Recently Republican Senate Majority Leader Mitch McConnell released the Senate’s updated version of the Better Care Reconciliation Act (“BCRA”). Although a similar version of the bill passed in the House, the BCRA failed to obtain the necessary support in the Senate, leaving Republican leaders and the American people asking the question of “what next?” A summary of the key provisions of the BCRA are below. While this list is not exhaustive, it serves as the Republican party “wish list” of changes to the Affordable Care Act. Any further legislation will most likely have all, if not many, of the below provisions included.

  • The BCRA eliminates Employer and Individual Mandate Penalties enacted under the Affordable Care Act (“ACA”). The Individual Mandate Penalty has been a hot topic since the ACA was enacted.
  • The BCRA repeals taxes that were enacted under the ACA such as the excise tax on medical devices, the health insurance tax, the Medicare surcharge tax, the net investment tax, the branded prescription tax, the health insurance executive tax, the Medicare tax on high income taxpayers and the tanning tax. The bill would also temporarily repeal the “Cadillac tax” through 2026.
  • The BCRA ends the exclusion of coverage for over-the-counter medications from HSA or FSA funds, allows individuals to use HSA funds to pay insurance premiums, allow individuals to use HSA funds to cover health care related expenses incurred up to 60 days before HSA coverage becomes effective, and increase the amount that an individual can contribute annually to an HSA.
  • The BCRA eliminates the ACA’s small business tax credit by the year 2020.
  • The BCRA amends the IRS code to allow small business health plans to be treated as a group health plan.
  • The BCRA provides $45 million in federal funding to combat the current opioid crisis.
  • The BCRA will restructure the premium tax credits beginning in year 2020. Subsidies will be available to those below 350% of poverty. Subsidies are geared to a plan with an actuarial value of 58%, just below a bronze-level plan. The current subsidies are tied to the silver plans, which cover 70% of costs for most customers.
  • Cost Sharing Reduction (“CSR”) payments will be fully repealed by year 2020.
  • An additional $70 billion in stabilization funding will be provided to insurers as a way of reducing premiums and reducing out of pocket costs. This is an increase from the first version of the Senate’s BCRA, which provided for $112 billion dollars in stabilization funding.
  • The BCRA begins to phase out the enhanced federal match for Medicaid expansion over a three year period beginning in calendar year 2021.
  • Medicaid payments to beneficiaries will be capped for each Medicare beneficiary beginning the calendar year 2020. Blind and disabled children are not subject to the cap.
  • BCRA provides safety-net funding over a five years period to states that did not expand Medicaid under the ACA.
  • The BCRA has an incentive program in the form of a bonus payment for states in if states can demonstrate that on a set of child and adult quality measures, they were able to achieve results while also showing lower-than-expected aggregate Medicaid expenditures during an annual performance year.
  • The BCRA, like the AHCA will impose more frequent eligibility redeterminations. Although the BCRA makes this an optional exercise, the Senate bill would increase by 5 percentage points the federal contribution to state costs in connection with a more frequent eligibility redetermination process.
  • The BCRA allows the states to impose work requirements on non-disabled, nonelderly, and non-pregnant adults using the TANF work rules as the basis of a new Medicaid work policy.
  • The BCRA allows states to offer Medicaid coverage of “qualified inpatient psychiatric hospital services” to persons age 21 through 65. Under this provision, qualifying stays cannot exceed 30 consecutive days in a month or 90 total days in any calendar year.
  • As with the AHCA, the BCRA prohibits using tax credits to purchase health plans that cover abortion.
  • Also the same as the AHCA, the BCRA prohibits for one year any Medicaid, CHIP, Maternal and Child Health Services Block Grant, and Social Services Block Grant funding for Planned Parenthood.
  • The BCRA loosens 1332 waiver requirements.

Ted Cruz’s amendment to the BCRA will allow consumers to buy health insurance plans that do not meet the current requirements for health plans under the ACA. In essence, these plans would be cheaper and offer less coverage. Insurers could offer these plans if the insurer also offers a plan that does include all of the current ACA requirements, allowing those with pre-existing conditions to obtain coverage at a reasonable rate. This is a heated topic in the discussions surrounding the passage of the BCRA. One of the most population functions of the ACA is that individuals with pre-existing conditions can obtain affordable health insurance.  Because all Americans are currently required to purchase health insurance, risk shifting takes place between those with preexisting conditions and those who are generally healthy but still paying high premiums. Opponents of the Cruz legislation argue that all Americans will purchase the bare bones plan, essentially making health insurance costs rise for those purchasing the more comprehensive plans. With less being collected by insurance companies in the form of premiums, the funds will have to be recaptured elsewhere.

After the failure of the BCRA, Senate Republicans attempted a “skinny repeal” of the Affordable Care Act, repealing only some of the provisions of the ACA, allowing further legislation to be passed in the future. The skinny repeal would have included repealing the unpopular individual mandate, defund planned parenthood while diverting funds to community health centers, eliminate the medical device tax for three (3)  years, allow for increased contribution to Health Savings Accounts, allow states to have more flexibility in determining waivers for essential health benefits, and eliminate the employer mandate for eight (8) years. The hot button topic of Medicaid was not discussed in the skinny repeal. Even without some of the more controversial topics being included, the skinny repeal of the ACA did not pass. Again, Republicans and the American people are asking themselves the question of what will happen next. Regardless of what side of the political spectrum you fall, health care and health insurance affects every American.

There is great uncertainty surrounding the Republican effort to repeal and replace the Affordable Care Act. Thus, it is unclear whether the Republican “wish list” outlined above or any other version can ultimately muster up sufficient votes to make it through both chambers of Congress to get to the President’s desk.

Changes to MACRA to Hopefully Lessen the Burdens

by Glenn P. Prives

The Centers for Medicare & Medicaid Services (“CMS”) recently published a proposed rule, which included modifications to the final rule that implemented the Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”) in 2017.  Some of the changes are detailed in this blog post.

The proposed rule increases the required participation threshold for providers from Medicare Part B annual charges of $30,000 to $90,000 and 100 or less Medicare patients annually to 200 or less Medicare patients annually.

CMS also finally provided proposed guidance on how to participate in virtual groups.  A virtual group is a combination of two or more federal tax identification numbers (“TIN”), with each TIN consisting of ten or fewer eligible clinicians.  The virtual group must form itself and provide written notice of this election to CMS by December 1 of the calendar year preceding the performance period.  Clinicians can only participate in one virtual group.  All eligible clinicians in a TIN must participate in the virtual group except for those who participate in the Alternative Payment Model (“APM”) scoring.  Virtual groups can opt to receive a determination as to whether the participants qualify to form a virtual group and will then be required to establish a formal agreement amongst the members.  Virtual groups will be subject to the same reporting and performance standards as non-virtual Merit-Based Incentive Payment System (“MIPS”) track groups.

Another part of the proposed rule is the creation of a new partial group reporting option.  Under this option, some clinicians under a TIN could use the APM reporting standard while the remaining participants would collectively report under MIPS.

CMS also proposed a Facility Based Measurement for the 2018 MIPS performance year.  Facility-based clinicians who have at least seventy-five percent of their professional services furnished in the emergency department or other hospital inpatient setting would qualify for this option.  The hospital Total Performance Score from the facility where the clinician treats the highest number of Medicare beneficiaries during the measurement period would be converted into the MIPS quality performance category and cost performance category score.

By proposing these changes and others, CMS has indicated a willingness to continually examine the impact of MACRA on providers and make adjustments to help with compliance while preserving the goals of the program. While 2017 is the transition year, 2018 is fast approaching, and providers need to be prepared for a full year of MACRA implementation.  Providers of all sizes, including institutional providers that employ clinicians, should continue to ramp up their readiness for full MACRA performance.

Breach of Medical Confidentiality and Privacy Claims

by John Zen Jackson

On July 12, 2017, the New Jersey Appellate Division issued an opinion in the case of Smith v. Datla, which involved the question of how much time a party has to file a lawsuit arising out of the unauthorized disclosure of private medical information. The court ruled that the appropriate statute of limitations period was two years.  In the opinion the court reiterated New Jersey’s adherence to the widely held rule that there is no private right of action under the Federal HIPAA rule but clarified that conduct that violates HIPAA regulatory provisions provides a state law claim for disclosure of the patient’s protected health information. While the decision is currently binding precedent in New Jersey, it could be appealed to the New Jersey Supreme Court for further review.

The appeal was presented on a somewhat limited factual record.  The plaintiff, identified by the pseudonym of John Smith, was a hospitalized patient.  The physician, a board-certified nephrologist, was treating the patient for acute kidney failure.  During an emergency bedside consultation with John Smith in his private hospital room, the doctor discussed his medical condition including the patient’s HIV-positive status.  It is not clear if this was an established diagnosis or newly conveyed information. The conversation took place while “an unidentified third party” was in the room.  In a footnote the court stated that “[t]he record does not reveal the third party’s identity nor his or her relationship to plaintiff.” Plaintiff claimed that the HIV disclosure was without his consent. The plaintiff further claimed that the disclosure caused him to endure pain and suffering, emotional distress, other emotional injuries and insult, and permanent injury with physiological consequences.

That third-party’s identity and relationship to the patient may become an important factor in the eventual outcome of this case.  The HIPAA Privacy Rule specifically permits covered entities to share information that is directly relevant to the involvement of a spouse, family members, friends, or other persons identified by a patient, in the patient’s care or payment for health care. If the patient is present, or is otherwise available prior to the disclosure, and has the capacity to make health care decisions, the covered entity may discuss this information with the family and these other persons if the patient agrees or, when given the opportunity, does not object. The covered entity may also share relevant information with the family and these other persons if it can reasonably infer, based on professional judgment that the patient does not object.

On an admittedly “limited record,” the court evaluated the consequences of this disclosure which took place on July 25, 2013 and with the lawsuit being filed on July 1, 2015.

Ultimately, following motion practice, the plaintiff’s amended complaint asserted three causes of action: (1) invasion of privacy based on public disclosure of private facts; (2) medical malpractice based on the improper disclosure; and (3) violation of the AIDS Assistance Act, N.J.S.A. 26:5C-1 to -14.

Defendant filed a new motion to dismiss on the grounds that all three claims were barred by the one-year statute of limitations found in N.J.S.A. 2A:14-3 where the complaint had been filed nearly two years after the incident.  Arguing that all three claims were predicated on the public disclosure of private facts, defendant contended that they should be subject to the same statute of limitations.  Defendant noted that there was no specific statute of limitations for the public disclosure of private facts, but analogized that type of invasion of privacy claim to claims for placing plaintiff in a false light in the public eye and defamation.  This motion was denied by the trial court with leave to appeal granted.

The Appellate Division engaged in an extended analysis leading to the rejection of defendant’s contention.  It invoked the classic comments of Professor William Prosser regarding invasion of privacy being “not one tort, but a complex of four.”

The law of privacy comprises four distinct kinds of invasion of four different interests of the plaintiff, which are tied together by the common name, but otherwise have almost nothing in common except that each represents an interference with the right of the plaintiff to “be left alone.” [Quoting William L. Prosser, The Law of Torts § 112 (3d ed. 1964).]

The four braches of Prosser’s taxonomy of the privacy tort included (1) intrusion, (2) public disclosure of private facts, (3) placing a person in a false light in the public eye, and (4) appropriation of the plaintiff’s name or likeness for the defendant’s benefit.  The court observed that the limitations period for the public disclosure of private facts was an “unresolved issue” in New Jersey.  In Rumbauskas v. Cantor, 138 N.J. 173 (1994), the Supreme Court had held that the limitations period for the intrusion on seclusion type of privacy tort was two years and approved the use of a six-year period for actions based on appropriation of a person’s name or likeness for the benefit of the defendant. In commenting on varying limitations periods for the different types of privacy torts, it had stated:

The limitation periods applicable to actions involving other types of invasion of privacy are not before us. … Regarding actions for public disclosure of private facts or placing one in a false light, case law in other jurisdictions indicates that such actions are subject to the limitations period for defamation claims, which is one year in New Jersey. [Id. at 183.]

 In rejecting the defense contention in Smith v. Datla for use of the one-year limitations period for public disclosure of private facts, the key factor in the court’s analysis is that the essential element of a defamation action is the dissemination of false information.  Here the private facts that were disclosed were true.  The court emphasized the heightened protection afforded to a person’s HIV and AIDS status in various contexts including the New Jersey Law Against Discrimination (LAD), the New Jersey Civil Rights Act, and actions under Section 1983 for deprivation of federally protected civil rights.  All of these claims were subject to a two-statute of limitations.

This heightened protection was also embodied in the AIDS’ Assistance Act which required that records regarding this infection were to be kept confidential and disclosed only with a person’s “prior written informed consent” in limited circumstances.  The Act provided for a private cause of action including compensatory and punitive damages as well as attorneys’ fees.  The Act did not set forth a particular statute of limitations but the court concluded that this statutory-based action was analogous to the public disclosure of private facts tort for which it had determined there was a two-year statute of limitations.

The court went through a similar analysis with regard to the medical malpractice claim.  Describing such a claim generally as a deviation from an accepted standard of care, it referred to the HIPAA requirements that health care providers protect personal medical information from unauthorized disclosure as well as the mandate of the AIDS’ Assistance Act.  Aside from these statutorily-based obligations, the court referred to “the common law duty “to maintain the confidentiality of patient records and information.”  It cited several prior cases involving breaches of physician-patient confidentiality.  Curiously, the court did not refer to Crescenzo v. Crane, 350 N.J. Super. 531, 541-44 (App. Div.), certif. denied, 174 N.J. 364 (2002) which had involved a physician releasing patient records to a lawyer in response to an improperly issued subpoena.  In concluding that there was “a viable cause of action” against the physician, the Crescenzo court had referred to the Board of Medical Examiners’ regulations mandating confidentiality of patient records.

In concluding that this claim also was within the two-year statute of limitations in N.J.S.A. 2A:14-2, the court stated:

The breach of a physician’s duty to maintain the confidentiality of his patient’s medical records is a deviation from the standard of care, giving rise to a personal injury claim based upon negligence, not defamation or placing plaintiff in a false light.

 In addition, plaintiff’s claim for medical malpractice is most analogous to the category of invasion of privacy claims that are grounded on an allegation that defendant improperly disclosed private facts concerning the plaintiff to a third party.

 The court affirmed the denial of the motion to dismiss.

The Appellate Division in its comprehensive opinion nonetheless placed too much emphasis on the categorization of the privacy tort as articulated by Professor Prosser. Prosser’s contributions to the development of tort law regarding privacy are widely acknowledged.  However, his “taxonomy” of the privacy tort has been criticized as too restrictive and omitting other important interests.  Neil M. Richards & Daniel J. Solove, Prosser’s Privacy Law: A Mixed Legacy, 98 Calif. L. Rev. 1887, 1891 (2010).  One of these omissions is the tort of breach of confidence.  “This tort provides a remedy whenever a person owes a duty of confidentiality to another and breaches that duty.” Id. at 1909. See generally Daniel J. Solove & Neil M. Richards, Privacy’s Other Path: Recovering the Law of Confidentiality, 96 Geo. L.J. 123 (2007).  This tort is well recognized in a variety of professional settings.

At the end of the day, this case is a further illustration of the importance of sensitivity to a patient’s right of privacy.  It is difficult to accept that the defendant was informing the patient for the first time that he had AIDS and presumably the patient was already aware of that diagnosis as a backdrop for the discussion of his current condition. A brief time-out in which the physician either asked the third party to leave the room or during which the patient was asked if he wanted that person to remain during the discussion could have avoided this litigation.