Governor Christie Signs Bill Aimed at Combating Opioid Abuse

by Paul L. Croce

On February 15, 2017 Governor Christie signed into law P.L. 2017, c. 28, Senate No. 3 designed to curb the ongoing opioid abuse epidemic facing the State of New Jersey.  The scope of the overwhelming opioid epidemic facing the State was demonstrated by the bipartisan support the bill received.  Indeed, the bill passed with virtually no opposition, passing with a Senate vote of 33-0 and an Assembly vote of 64-1 with 5 abstentions.

The bill takes a multipronged approach to combating the ongoing opioid crisis by: (1) requiring insurance companies to provide coverage for both inpatient and outpatient substance abuse treatment; (2) limiting the amounts of opioid medications practitioners can prescribe; and (3) imposing additional continuing education requirements on the medical community.

In regard to insurance coverage, the bill requires insurers to provide 180 days per plan year of inpatient and outpatient treatment of substance abuse disorders when determined to be medically necessary by the patient’s physician, psychologist or psychiatrist without the need for any prior authorization.  The bill further prohibits any retrospective or concurrent review of medical necessity for the first 28 days of inpatient or intensive outpatient substance abuse treatment.

Thereafter, inpatient treatment may be subject to concurrent review which cannot be initiated more frequently than two week intervals.  However, the law provides the patient with both internal and external review processes on an expedited basis if the insurer’s review determines treatment is no longer medically necessary.  Moreover, even if the insurer’s determination is upheld on appeal, the patient cannot be discharged until after all appeal rights have been exhausted and the insurer must provide benefits through the date following the final determination.

Conversely, outpatient treatment after the initial 28 days may be subject to retroactive review of medical necessity by the insurer.  Nevertheless, it is not until the first 180 days of either inpatient or outpatient substance abuse treatment has passed that further treatment can be subject to preauthorization by the insurer.

The bill further limits initial prescriptions of opioid medications to a five day supply which shall be for the lowest effective dose of the immediate-release opioid medication.  Prior to issuing an initial prescription a practitioner is required to: (1) take and document a thorough medical history, including the patient’s past experience with non-opioid medication and pain management techniques, and the patient’s substance abuse history; (2) conduct and document a physical examination of the patient; (3) develop a treatment plan focused on determining the cause of the patient’s pain; and (4) access relevant information from the Prescription Monitoring Program.

Four days after the issuance of an initial opioid prescription, a practitioner may issue a subsequent prescription for up to a thirty day supply. However, such prescriptions may be written only if: (1) the patient’s prior prescription for the opioid drug was given within the last year; (2) the practitioner determines the subsequent prescription is necessary and appropriate to the patient’s treatment needs and documents his or her rationale for that determination; and (3) the practitioner determines and documents that the subsequent prescription does not present an undue risk of abuse, addiction or diversion.

Moreover, if a third prescription for opioid medication is given the practitioner must enter into a “pain management agreement” with the patient.  The “pain management agreement” is a written contract executed between practitioner and patient which is designed to: (1) prevent the development of physical or psychological dependence; (2) document both the practitioner’s and patient’s understanding of the pain management plan; (3) establish the patient’s rights in regard to treatment  and obligations associated with the use and storage of opioid medications; (4) identify the specific medications and other modes of treatment that are included in the pain management plan; (5) specify the measurers the practitioner may employ to ensure the patient’s compliance, including random specimen screens and pill counts; and (6) establish the process for terminating the agreement, and consequences if the practitioner has reason to believe the patient is not complying with the agreement.

Furthermore, the bill attempts to ensure that patients taking these medications are doing so with informed consent.  To do so, prior to issuing the first and third prescriptions of an opioid drug a practitioner is required to discuss with the patient, or the patient’s parent or guardian if under 18 years of age, the risks associated with the drugs being prescribed.  This discussion must include, but is not limited to: (1) the reasons the prescription is necessary; (2) alternative treatments that may be available; and (3) the risks of addiction and overdoes associated with the drugs being prescribed, including that: (i) opioids are highly addictive, even when taken as prescribed; (ii) that there is a risk of developing physical of psychological dependence on the drug; and (iii) that taking more opioids than prescribed, or mixing opioids with alcohol, sedatives or benzodiazepines can result in fatal respiratory depression.  A record of these discussions must be documented in the patient’s chart.

There are additional requirements on practitioners treating patients requiring long term treatment, exceeding three months, from opioid medications.  Under those circumstances, the practitioner must: (1) at a minimum of every three months, review and document the course of treatment, any new information regarding the source of the pain and the patient’s progress toward treatment objectives; (2) determine and document whether the patient is experiencing problems associated with physical and psychological dependence prior to each prescription renewal; (3) periodically make and document reasonable efforts, unless clinically contraindicated, to stop the use of opioid medications by attempting other medications or treatments to reduce the potential for abuse or dependency; (4) review Prescription Drug Monitoring information; and (5) monitor compliance with the pain management agreement.

Finally, the bill adds additional continuing education requirements on practitioners.  Specifically, to meet their continuing education requirements practitioners are now required to complete at least one credit per compliance period of educational programs on topics or issues concerning prescription of opioid medications including responsible prescribing, alternatives for managing and treating pain and the risks and signs of opioid abuse, addiction and diversion.  These continuing education requirements apply to physicians, physician assistants, nurses, advanced practice nurses, optometrists, dentists and pharmacists.

The new bill is a significant attempt to curb the opioid epidemic facing New Jersey.  While it remains to be seen how effective these attempts will be, if success is shown, given Governor’s Christie’s recent appointment by President Trump as the chairman to the White House’s commission to combat America’s opioid problem, this bill may form the basis for federal attempts to combat this nationwide epidemic.

The 2017 OIG Work Plan – Areas of New Focus In the New Year

by John W. Kaveney

On November 10, 2016 the Department of Health and Human Services Office of Inspector General released its 2017 Work Plan. The Work Plan, which is updated annually, furnishes key guidance to providers, suppliers, and others doing business in the health care industry regarding audit and enforcement activities that will be focused upon by the agency in the upcoming year. Providers should therefore be diligent in ensuring that their compliance programs and scheduled audit activities encompass these areas of focus. The following is a summary of some of the key new areas of focus identified in the Work Plan for Part A and Part B Medicare services. Unlike in some prior years, there does not appear to be one new area of emphasis by the OIG but rather the identification of a few select focused new items of interest that it has added to its Work Plan. In addition to these new areas, the OIG has maintained in its Work Plan several other areas of focus that it will continue to work this year.

Hospitals

  1. Hyperbaric Oxygen Therapy Services – Hyperbaric oxygen (HBO) therapy involves giving a beneficiary high concentration of oxygen within a pressurized chamber. Given that HBO therapy is primarily an adjunctive treatment for the management of select nonhealing wounds, CMS Publication 100-03, National Coverage Determinations Manual, Ch. 20, § 20.29(A) requires a beneficiary meet 1 of 15 covered conditions for providers to receive reimbursement. In the past the OIG has reviewed such claims for medical appropriateness, sufficient documentation and noncovered conditions. The OIG intends to reemphasize its efforts in assessing whether reimbursement was in accordance with Federal requirements.
  2. Incorrect Medical Assistance Days Claimed by Hospitals – The OIG will be reviewing Medicaid patient days to determine whether the Medicare administrative contractors have properly settlement Medicare cost reports for disproportionate share hospitals (DSH) that have received Medicare DSH payments to ensure compliance with all Federal requirements.
  3. Inpatient Psychiatric Facility Outlier Payments – From FY 2014 to FY 2015 the number of claims with outlier payments increased by 28 percent for Inpatient Psychiatric Facilities providing active psychiatric treatment to meet the urgent needs of those experiencing an acute mental health crisis, which may involve mental illness or alcohol- or drug-related problems. In terms of Medicare payments for such stays, the total outlier payments have increased from $450.2 million to $534.6 million. OIG intends to determine whether these facilities have complied with Medicare documentation, coverage and coding requirements for stays resulting in outlier payments.
  4. Case Review of Inpatient Rehabilitation Hospital Patients Not Suited for Intensive Therapy – In a separate medical review seeking to identify adverse events in inpatient rehabilitation hospitals, physician reviewers found a small number of cases in which patients appeared to be unsuited for intensive rehabilitation therapy. This study will assess a sample of rehabilitation hospital admissions to determine whether the patients participated in and benefited from intensive rehabilitation therapy for their illness, injury or surgery. For those identified as not suitable candidates, the reviewers will identify reasons why.

Nursing Homes

  1. Nursing Home Complaint Investigation Data Brief – The OIG will be reviewing the diligence with which State agencies are investigating complaints categorized as “immediate jeopardy” or “actual harm” within the applicable timeframes called for under the law at nursing homes.
  2. Skilled Nursing Facilities – Unreported Incidents of Potential Abuse and Neglect – The OIG will be assessing whether there are incidences of abuse and neglect at Skilled Nursing Facilities that are going unreported. The OIG will be looking for evidence that incidents were properly reported and investigated per Federal and State requirements.
  3. Skilled Nursing Facility Reimbursement – Skilled Nursing Facilities must periodically assess their patients using the tool called the Minimum Data Set to classify each patient into a resource utilization group for payment. Medicare reimbursement is tied to the activities of daily living and therapy received by each beneficiary and reported on the Minimum Data Set. The OIG will be reviewing documentation at selected SNFs to determine if the requirements for each particular resource utilization group is accurate.
  4. Skilled Nursing Facility Adverse Event Screening Tool – The OIG will be assisting in rolling out the Adverse Event Screening Tool in coordination with the Institute for Healthcare Improvement. The goal of the product is to disseminate practical information about the tool for use by those involved with the skilled nursing industry.

Hospices

  1. Medicare Hospice Benefit Vulnerabilities and Recommendations for Improvement – The OIG has identified vulnerabilities in payment, compliance and oversight as well as quality-of-care concerns that directly impact beneficiaries of these services. The OIG will be making recommendations for protecting beneficiaries and improving the program.
  2. Review of Hospices’ Compliance with Medicare Requirements – A review of hospice medical records and billing documentation will be conducted to determine whether Medicare payments for hospice services were made in accordance with Medicare requirements.
  3. Hospice Home Care – Frequency of Nurse On-Site Visits to Assess Quality of Care and Services – A review will be conducted to determine if hospice nurses were performing the requirements on-site visits to the homes of Medicare beneficiaries receiving hospice care at least once every 14 days to assess quality of care and services provided by the aid.

Home Health Services

  1. Comparing HHA Survey Documents to Medicare Claims Data – The OIG is concerned with identifying potentially unqualified or fraudulent providers. Home Health Agencies are required to supply patient information to State agencies and thus a determination will be made as to whether HHAs are accurately providing patient information to State agencies for recertification surveys.

Medical Equipment and Supplies

  1. Part B Services During Non-Part A Nursing Home Stays: Durable Medical Equipment – If a beneficiary resides at a SNF after 100 days, Medicare Part B may provide coverage for certain therapy and supplies (non-Part A stay). However, a 2009 OIG report found that Medicare Part B allowed inappropriate payments of $30 million in 2006 for durable medical equipment, prosthetics, orthotics and supplies during non-Part A stays in SNFs. This new study will determine the extent of inappropriate Medicare Part B payments for such items during non-Part A stays in 2015.
  2. Medicare Market Share of Mail-Order Diabetic Testing Strips – The OIG will be releasing its required reporting on the market share of diabetic testing strips in anticipation of the next round of the competitive bidding program.
  3. Positive Airway Pressure Device Supplies – Beneficiaries routinely receive replacements of continuous positive airway pressure or respiratory assist device therapy (PAP) when they wear out or are exhausted. Previously the OIG had discovered that equipment was being shipped when no physician order for refills were in effect. The OIG will be investigating whether claims for frequent replaced PAP device supplies were properly documented as medically necessary along with ensuring frequency of replace and other Medicare requirements are being met.

Prescription Drugs

  1. Drug Waste of Single-Use Vial Drugs – The FDA approves vial sizes for single use submitted by manufacturers but does not control the vial sizes submitted for approval. A study will be conducted to determine if savings might be realized if smaller single use vial sizes were utilized here in the United States as is done in other countries.
  2. Potential Savings from Inflation-Based Rebates in Medicare Part B – Each year statutorily mandated rebates enable Medicaid to recoup substantial portions of the billions spent on prescription drugs. In contrast, Medicare Part B similarly spends billions annually but has no similar rebate. The OIG will perform a sample study to calculate how much the Federal Government could potentially collect from pharmaceutical manufacturers if similar rebates were required for Part B.

The Work Plan also contains new endeavors relating to other Providers and Suppliers such as Diagnostic Laboratories, Transitional or Chronic Care Management and Ambulance Services.

In addition to Medicare Part A and Part B, the OIG will be implementing new focuses for Part C and Part D services as well. They include the following new initiatives:

Part C – Medicare Advantage

  1. Medicare Part C Payments for Service Dates After Individual’s Date of Death – CMS pays MA organizations for Part C benefits prospectively. A prior OIG review determined that Medicare improperly made $23 million in payments in 2011 for deceased beneficiaries of which $20 million was directly related to Part C payments. The OIG will therefore be examining if payments made after a beneficiaries’ date of death were in accordance with Medicare requirements.
  2. Extent of Denied Care in Medicare Advantage and CMS Oversight – Capitated payments, as used by CMS to pay MA plans, can result in financial incentives for plans to underserve beneficiaries. A review will be conducted to assess the extent to which inappropriate denials are occurring.

Part D – Prescription Drug Program

  1. Medicare Part D Rebates Related to Drugs Dispensed by 340B Pharmacies – The OIG will assess potential savings if pharmaceutical manufacturers paid rebates for drugs dispensed through the Medicare Part D program but at 340B covered entities and contract pharmacies.
  2. Questionable Billing for Compounded Topical Drugs in Part D – Part D spending for compounded topical drugs grew by more than 3,400 percent between 2006 and 2015. The OIG will be investigating the potential fraud risk given this sharp increase in spending and identifying pharmacies with questionable Part D billing for these drugs and any associated prescribers.

A review of the full Work Plan identifies a number of other areas to be reviewed by the OIG including review of the States’ operations of their Medicaid programs and the activities within the Health Insurance Marketplaces.

Not surprisingly, it will be another busy year for the OIG and its various audit, investigation and review bodies.

MACRA: Alignment Beyond The New Advanced Alternative Payment Models

by Glenn P. Prives

The Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”) provides for two reporting tracks for eligible practitioners:  the Merit-based Incentive Payment System (“MIPS”) and Advanced Alternative Payments Models (“AAPMs”). There are only a few models that have been approved by the Centers for Medicare and Medicaid Services as AAPMs for 2017, and the list of expected 2018 AAPM models is quite short.  Further, the AAPM requirements include, among other criteria, a strict risk-bearing standard.

Missing from the list of AAPMs: clinically integrated networks (“CINs”), physician-hospital organizations (“PHOs”) and many of their brethren.  However, that does not mean that CINs and PHOs and other non-advanced alternative payment models (“APMs”) are about to fade into the night.  On the contrary, it is likely that these types of models will continue to proliferate.  The reporting requirements for eligible practitioners on the MIPS track are quite daunting.  Additionally, independent practitioners will need to expend significant sums and time reporting for MIPS.

This is where the non-advanced APMs come in. By this time, most of the remaining independent practitioners fall into one of three categories: (1) those who do not want to be employed by a health system; (2) those who a health system does not want to employ and (3) those that were employed by a health system, but are not any longer.  Yet, most of those practitioners will be subject to MACRA and will have a difficult time going it alone.  Moreover, in an era of continued consolidation and competition, health systems continue to evaluate alignment models with community practitioners.

It is possible that independent practitioners will now see more than ever the value of joining a non-advanced APM. The non-advanced APM likely has the personnel and the resources to help practitioners choose the appropriate measures for MIPS reporting, compile the necessary data, analyze the data and complete the actual reporting.  Further, the cost of joining and maintaining participation in a non-advanced APM for an independent practitioner is likely much less than what it would cost that same practitioner to comply with MACRA on his or her own.  Additionally, these benefits would be in addition to those already offered by non-advanced APMs such as data sharing, best practice protocols and joint contracting.  Non-advanced APMs allow the practitioners to remain independent, but also bring alignment, on a non-exclusive basis, with a health system.

MACRA represents a significant change for health care providers, but it also represents a great opportunity.

Appellate Division Enforces The Self-Critical Analysis Privilege Protections of the Patient Safety Act

by John W. Kaveney

On February 6, 2017, the New Jersey Appellate Division reversed a trial court ruling by holding that a hospital’s failure to notify regulators of a treatment error does not mean that the hospital loses the privilege and confidentiality afforded to its internal self-critical analysis under the Patient Safety Act.

The matter of Brugaletta v. Chilton Memorial Hospital, et al. concerned a claim of medical malpractice by a patient, Ms. Brugaletta. During discovery she sought the hospital’s internal self-critical analysis of her care. The trial judge initially ruled the documentation should be produced claiming that Ms. Brugaletta had suffered a “serious preventable adverse event” (“SPAE”) and that the hospital had failed to report the event to the New Jersey Department of Health or Ms. Brugaletta in violation of the Patient Safety Act. The hospital appealed that determination disputing that Ms. Brugaletta suffered an SPAE and that it had any reporting obligation to the Department or Ms. Brugaletta.

The Patient Safety Act (N.J.S.A. 26:2H-12.23, et al.) creates an absolute privilege over certain documents that a hospital develops as part of a self-critical analysis. In analyzing the Patient Safety Act, the Appellate Division held that the only statutory precondition of the self-critical analysis privilege is compliance with the statutory requirement that hospitals develop and implement a patient safety plan in accordance with the requirements established by the commissioner by regulation. Thus, as long as the proper procedure is followed as set forth in the hospital’s safety plan, then the self-critical analysis is protected by the privilege.

The Appellate Division rejected any interpretation whereby the self-critical analysis privilege was conditioned on a hospital meeting its reporting obligations. Rather, it viewed those as a separate and distinct obligation under the Patient Safety Act. The Appellate Division also disagreed with the trial court’s finding that an SPAE had occurred as the trial court failed to identify record evidence to make such a conclusion, specifically with regard to causation. 

Thus, the Appellate Division found the trial court had erred in compelling the hospital to disclose the self-critical analysis and in finding that the hospital failed to report an alleged SPAE to the Department and Ms. Brugaletta.

This case and decision are just the most recent example of the continuing efforts by patients to challenge the protections of the Patient Safety Act and the courts’ efforts at determining the legislature’s intended purpose of the statute’s language. History suggestions this will not be the last such case.

 

The State of Health Insurance After President Obama

by Marissa Koblitz-Kingman

In President Obama’s weekly address on December 10, 2016, the President encouraged Americans who do not currently have healthcare, to enroll in a health insurance plan under the Affordable Care Act (ACA). In the address, the President likely also wanted to remind everyone listening that the threat of Republicans in Congress repealing this law was now a real possibility. President Obama stated “that if Congress repeals Obamacare as they’ve proposed, nearly 30 million Americans would lose their coverage. Four in five of them would come from working families. More than nine million Americans who would receive tax credits to keep insurance affordable would no longer receive that help.” Now that President-elect Trump will take office in a matter of days, what is the fate of healthcare in America?

“The first order of business is to keep our promise to repeal Obamacare and replace it with the kind of healthcare reform that will lower the cost of health insurance without growing the size of government,” Vice President Elect Pence told a news conference recently. Pence also said that Trump would work with congressional leaders for a “smooth transition to a market-based healthcare reform system” through legislative and executive action. House Speaker Paul Ryan said that lawmakers would take action that did not “pull the rug out from anybody” and that the party had “plenty of ideas.” Democrats and many health-care experts are warning that a swift repeal could lead insurers to stop selling policies to individuals on federally mandated exchanges. More than 12 million Americans are covered under those policies.

The current Health and Human Services Secretary, Sylvia Mathews Burwell, briefed Senate Democrats on December 8, 2016, on the expected unraveling of Obamacare’s insurance exchanges. As previously discussed on the MDM&C blog, Trump’s selection of Representative Tom Price to the position of Secretary of Health and Human Services seems to be Trump’s first step towards repealing the ACA. Price has been a regular voice in opposition to the ACA. Price’s philosophy on fixing Obamacare is rooted in “clear[ing] out the bureaucratic impediments” to health-care providers so that the marketplace can figure out the best way to get people health insurance.

Some commentators have stated that a possible less drastic route Congress may go is to replace the ACA rather than an all-out repeal. Congress could pass a plan that doesn’t call for repeal for several years. Between now and then, there would need to be some kind of transition to whatever replaces Obamacare that did not just dump people off coverage with no alternative. However, others still believe that the Republican Congress will swiftly replace ACA’s ban on health status underwriting and pre-existing condition exclusions, as well as its individual mandate, with a continuous coverage guarantee and high-risk pools. This could mean that if individuals were initially uninsured or if they had to drop coverage because of financial hardship, they may face a penalty when they seek coverage significantly greater than the repealed individual mandate penalty. Many argue that these Republican plans would fall far short of the assistance lower-income Americans need, who are currently being helped by ACA.

However, in his recent 60 Minutes interview, President-Elect Trump assured the public that he agrees with certain parts of ACA. Trump plans to keep the ACA policy that allows young adults to stay on their parents’ insurance plans until age 26, as well as the provision that insurers must cover people with pre-existing conditions.

We are likely to know more in the coming months as Congress and the President-Elect begin to take action.

A Light at the End of the Telemedicine Tunnel Appears (on the New Jersey Side)

by Cecylia K. Hahn

Upon recently reviewing the healthcare coverage benefits under a particular health plan, I was almost giddy to note that telemedicine services (both medical and mental health) were covered and reimbursable at the same rate as traditional in-person services. While some carriers have come to appreciate this form of health care service delivery, standards for licensure, practice, reimbursement, and prescription of medication have to date been unregulated and thus unclear in New Jersey.

Nevertheless, New Jersey lawmakers are working hard toward enacting legislation that would provide clarity by regulating the practice of telemedicine. The Senate Health and Human Services Committee and the Senate Appropriations Committee unanimously recommended the passage of Bill No. S291, while testimony was recently taken by the Assembly Health and Senior Services Committee on an identical Bill No. A1464.

What is Telemedicine?

The bill’s definition of “telemedicine” is quite technical and I would refer you to the bill for that technical definition. In sum, telemedicine is the delivery of a health care service using electronic means or technology to remotely bring together a health care practitioner (e.g., a physician, nurse practitioner, psychologist, and psychiatrist) with a patient typically via two-way videoconferencing or store-and-forward technology. (Store-and-forward technology is the transmission of medical data from a patient’s location to a distant site practitioner for later assessment.) This form of communication is meant to replicate the in-person encounter experience; thus, real-time visual and auditory communication is a must. Telemedicine is not a simple phone call, email, instant message, text, or fax.

Standard of Care

Another important issue, particularly if a health care practitioner is located out-of-state, is which state’s standard of care would apply? One view has been to look to the standard of care where the patient is located. The proposed bill confirms, for New Jersey, a health care practitioner is subject to the same standard of care as he/she would be subject to if the patient encounter was physically located within New Jersey. This would apply to recordkeeping rules as well as maintenance of patient confidentiality.

Added Responsibility of Hospitals

Where a health care practitioner wishes to engage in telemedicine with patients in a hospital, the hospital’s governing body must first verify and approve the credentials of, and grant telemedicine practice privileges to, the practitioner based solely upon the recommendations of the medical staff. The medical staff recommendation is based on information provided by the originating site employer (i.e., employer of health care practitioner at location where service rendered).

Licensing

License portability is an added challenge. Most states that permit telemedicine require that a health care practitioner be licensed in the state where the patient is located. This makes sense given the state’s responsibility to protect its residents. Pursuant to the telemedicine bill, the process to obtain a New Jersey license by an out-of-state practitioner wishing to practice here will be easier or harder depending on the laws of the practitioner’s home state. If the following criteria are met, the appropriate licensing board will be required to grant a reciprocal license to an out-of-state health care practitioner: (1) the other state has substantially equivalent requirements for licensure, registration, or certification; (2) the applicant has practiced in the profession within the five-year period preceding application; (3) the respective New Jersey State board receives documentation showing that the applicant’s out-of-state license is in good standing, and that the applicant has no conviction for a disqualifying offense; and (4) an agent in New Jersey is designated for service of process if the non-resident application does not have an office here. Further, the bill proposes clarifying State Board regulations that provide only for discretionary reciprocal license: the discretion is limited to permit a reciprocal license where not all of the criteria above are met; if they are all satisfied, a license must be granted.

Face-to-face Encounter for Online Prescribing

Federal law makes if generally illegal to prescribe a controlled dangerous substance based solely on an online questionnaire completed by a patient. The question with online prescription of medication is always whether a health care practitioner (who is authorized to prescribe medication) must have an in-person encounter with a patient before prescribing medication to that patient via telemedicine. The bill permits a physician to prescribe, dispense or administer medication to a New Jersey patient if (1) the physician first performs a face-to-face examination of the patient (which examination may occur in-person or via telemedicine and must comply with the standard of care) and (2) the physician adheres to particular laws that apply to that medication. 

Reimbursement

Last, but certainly not least, there is the issue of reimbursement. Even though state regulators currently may permit various providers to engage in telemedicine, the issue of reimbursement remains. The bill would generally prohibit New Jersey Medicaid and New Jersey FamilyCare programs and private health benefit plans from requiring in-person encounters between a health care practitioner and patient, or establishing location restrictions, as a condition of reimbursement under the pertinent program. Further, parity is required for benefits covered and reimbursement rates whether the encounter is in-person or via telemedicine. A drawback to the reimbursement parity, cited by insurance plans, is that it will prevent the use of telemedicine as a cost-savings tool. Of course, the use of telemedicine in the particular situation would have to make sense (and not be contraindicated).

To date, there has been no indication on when the Assembly Health and Senior Services Committee will be voting on Bill No. A1464. If the bill were to pass, it would go before the Governor for review and consideration.

Say Goodnight To The Two Midnight Rule’s Payment Reductions

by Paul L. Croce

The Two Midnight Rule, which was introduced as part of CMS’ FY 2014 Inpatient Prospective Payment System (“IPPS”) rule, dictates that when a physician expects a beneficiary to require care that crosses two midnights and admits the beneficiary based on that expectation, Medicare Part A payment is generally appropriate.  Conversely, if the beneficiary’s hospital stay is expected to be less than a period spanning two midnights, payment under Medicare Part A is generally inappropriate.

Because CMS anticipated significant increases in expenditures as a result of the Two Midnight Rule, CMS exercised the Secretary’s “broad authority” under 42 U.S.C. 11395ww(d)(5)(I)(i) to impose a 0.2% reduction to the national capital federal rate in FY 2014 to offset the anticipated increase in expenditures.  That same reduction was applied to the national capital federal rate in FY 2015 and FY 2016 as well.

In connection with the adoption of the Two Midnight Rule numerous commenters questioned the validity of the Secretary’s prediction of increased expenditures, upon which the decision to reduce rates was based. However, CMS never addressed these comments in detail when adopting its final rule except to say that the reductions were an appropriate use of the Secretary’s statutory exceptions and adjustments authority.

Having not received an adequate response to their comments during the rule making process, numerous hospitals filed suit challenging the 0.2% reduction. Several of those suits were consolidated before the United States District Court for the District of Columbia under the caption Shands Jacksonville Medical Center, et al. v. Burwell, Consolidated Civil Case Nos. 14-263, 14-503, 14-536, 14-607, 14-976, 14-1477 (the “Shands Litigation”).

On September 21, 2015 the Court in the Shands Litigation found that the Secretary’s failure to disclose critical assumptions made by the actuaries who calculated the alleged increase in expenditures, which was relied upon to impose the 0.2% reduction, failed to meet the standards of the Administrative Procedures Act by depriving the public of a meaningful opportunity to comment on the proposed rule. As a result, the Court remanded the matter back to the agency for further proceedings regarding the adequacy of the 0.2% reduction.

After remand, CMS issued public notice of the basis for the 0.2% reduction and its underlying assumptions.  As a result of the comments received to that public notice, CMS eliminated the 0.2% reduction for FY 2017 in connection with the FY 2017 IPPS final rule.  Additionally, CMS adjusted the FY 2017 capital IPPS rate to effectively eliminate the impact of the 0.2% reduction to rates in previous years by implementing a one-time prospective adjustment of 1.006 in FY 2017 to the national capital Federal rate.

Despite implementing this adjustment, CMS denies any error and continues to maintain that “the assumptions underlying the 0.2% reduction to the rates put in place beginning in FY 2014 were reasonable at the time we made them in 2013.”  Nevertheless, whether CMS recognized its error, or felt compelled to make this change as a result of the Shands Litigation, the end result is the same for hospitals throughout the country.  They have been relieved of the burden imposed by the 0.2% reduction associated with the adoption of the Two Midnight Rule.

 

The Future Is Uncertain For the Patient Protection and Affordable Care Act

by John W. Kaveney

With the election of Donald Trump to the office of President of the United States, Republicans and their supporters began implementing plans for the repeal and replacement of President Obama’s signature legislation, the Patient Protection and Affordable Care Act (“ACA”). President-Elect Trump’s selection of Representative Tom Price (R-GA) to the position of Secretary of Health and Human Services signaled the next step in those efforts.

Dr. Price, an orthopedic surgeon, has been a regular voice in opposition to the ACA and many in Congress and the media see this selection as confirmation that every effort will be made to replace the ACA. Several Democrats have already come forth indicating they plan to challenge Dr. Price’s selection as they see any threat to the ACA as a threat to thousands of patients that have only received insurance as a result of the ACA.

While a repeal of the ACA is still not guaranteed and many are already challenging whether it could even be effectuated without significant impacts on the health insurance industry and millions of Americans, it is nevertheless important to understand what a replacement program might look like. Dr. Price has previously submitted one of the more detailed Republican plans to replace the ACA. His previously proposed legislation is known as the Empowering Patients First Act.

Unlike the ACA, Dr. Price’s legislation seeks to minimize government’s role in health care. The following are five key elements of Dr. Price’s prior proposal:

  1. Fixed tax credits that rise with age so that patients can purchase their own insurance on the private market, including across state lines. The tax credits would not fluctuate based on income.
  2. Expand health savings accounts to further incentivize patients to contribute to such accounts to pay co-pays and deductibles.
  3. Preexisting conditions would continue to be excluded as a basis to deny coverage but only if the patient has had continuous insurance for eighteen months prior to selecting a new policy. If not, coverage might be denied for up to eighteen months under the new policy.
  4. Limiting the amount of money companies can deduct from their taxes for employee health insurance expenses.
  5. States would be paid federal funds to set up high risk pools to assist those with preexisting conditions that cannot afford insurance on the private market.

While Dr. Price has indicated his willingness to negotiate and compromise on what the ultimate replacement looks like, it remains to be seen how flexible he and the Republicans will be on a substitute for the ACA. Regardless of the final form, one cannot forget that as Secretary of HHS, Dr. Price would ultimately control the authoring of the enabling regulations to implement the new legislation.

It is anticipated that during President-Elect Trump’s first 100 days in office this issue will be addressed.

OCR and FTC Detail Overlapping Interests Between HIPAA and the FTC Act

by Leonardo M. Tamburello

On October 21, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) issued joint guidance highlighting agencies’ common interest in protecting individuals’ health information.

The health care industry is familiar with the restrictions on use and disclosure of protected health information (PHI) imposed by HIPAA.  In general, other than as required by the HIPAA Privacy Rule or for treatment, payment or health care operations, HIPAA requires a valid, signed authorization from the individual before any further use or disclosure of their PHI can occur.   This authorization must be in “plain language,” not be combined with any other type of authorization, and include specific terms and descriptions of the information sought and the proposed use or disclosure.

The FTC’s interest in the healthcare sector’s information security practices is less well known, however.  Many may be surprised by the FTC’s longstanding position that its broad power to regulate unfair and deceptive practices under Section 5 of the FTC Act includes overlapping jurisdiction with OCR concerning the privacy and security practices of HIPAA-regulated entities.

The FTC Act prohibits a contemplated use or disclosure of health information from being a “deceptive or unfair” act or practice.  Among other things, this means that individuals may not be “mislead” about how their PHI may be being used or disclosed.   The FTC therefore recommends that entities consider all of their consumer-facing messaging to ensure it is free from any deceptive or misleading statements.   Moreover, the FTC explicitly cautions against burying key facts regarding use and disclosure of health information in links to a privacy policy, terms of use, or HIPAA authorizations.  It also warns against manipulating font sizes or colors online in a manner which would make disclosure statements deceptive.  Instead, it recommends that all disclosure statements be “clear and conspicuous” from a consumer’s perspective.

OCR and the FTC have a history of collaboration and joint enforcement in the security area.  In February 2009, OCR entered into a $2.25 million settlement agreement with CVS Pharmacy, Inc. (CVS) and required implementation of a detailed corrective action plan to ensure the proper disposal of PHI.  Simultaneously, in a separate but related agreement, CVS resolved FTC charges that it failed to implement reasonable and appropriate procedures for handling personal information about customers and employees, did not adequately train employees, did not use reasonable measures to assess compliance with its policies and procedures for disposing of personal information, and did not employ a reasonable process for discovering and remedying risks to personal information.

A year later, in July 2010, Rite Aid Corporation entered into a similar resolution agreement, paying $1 million to OCR and implementing a corrective plan of action while simultaneously settling a FTC complaint which alleged it failed to properly dispose of personal information, inadequately trained employees, did not sufficiently assess compliance with its disposal policies, and did not employ a reasonable process for discovering and remedying risks to personal information.

In addition, the FTC has not hesitated to bring enforcement actions on its own against healthcare entities.  Most notably, the FTC has doggedly pursued LabMD, a former clinical laboratory which no longer operates, for failure to protect patients’ sensitive personal information.  This resulted in a July 2016 unanimous opinion from the FTC which found LabMD’s security practices unreasonable, “lacking even basic precautions to protect the sensitive consumer information maintained on its computer system.”  A motion to stay the FTC’s enforcement order has recently been filed in the Eleventh Circuit by LabMD. See, LabMD, Inc. v. FTC, 11th Cir., No. 16-16270, motion to stay filed, Oct. 7, 2016.

It remains to be seen whether this recent joint statement from OCR and FTC foreshadows a more robust collaboration between the two agencies which builds on their efforts in the CVS and Rite Aid cases and expands into the HIPAA Privacy Rule area.  Even if that does not immediately occur, the FTC remains active in pursuing cases on its own, such as LabMD.  Whatever the outcome, businesses in the healthcare sector should remain sensitive to the FTC’s mandates, along with those from OCR.

HIPAA Enforcement At All-Time High So Far in 2016

by Leonardo M. Tamburello

Still with four months to go, 2016 has been a record-setting year for HIPAA enforcement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR). Before September even begins, OCR has already levied over $20 million in fines resulting from its investigation of suspected HIPAA violations. This amount more than triples the $6.2 million in HIPAA penalties which it assessed for all of 2015. These enforcement actions included both first-ever settlement of possible HIPAA violations by a Business Associate and the largest single fine of $5.5 million for suspected HIPAA violations.

In addition, OCR has recently begun an initiative to more widely investigate the root causes of breaches affecting fewer than 500 individuals. While Regional Offices will still retain discretion to prioritize which smaller breaches to investigate, each office will increase its efforts to identify and obtain corrective action to address entity and systemic noncompliance related to these breaches.   The factors that OCR’s Regional Offices will consider in this manner include:

  • The type and size of the breach, including the amount nature, and sensitivity of the PHI involved
  • Whether the breach involved theft or improper disposal of unencrypted PHI;
  • Breaches that involve unwanted intrusions to IT systems (for example, by hacking);
  • A particular covered entity or business associate’s breach history;
  • Lack of breach reports affecting fewer than 500 individuals when comparing a specific covered entity or business associate to like-situated covered entities and business associates.

This flurry of enforcement activity has occurred against the backdrop of “Phase 2” desk and onsite audits of approximately 200 – 250 covered entities and their business associates which will examine compliance with specific requirements of the Privacy, Security, or Breach Notification Rules. In particular, these audits will focus on Notice of Privacy Practices’ contents, individual’s rights to access protected health information, risk analysis, risk management, and timeliness and content of breach notification. There will also be a limited number of comprehensive on-site audits. All audits are expected to be completed by December 31, 2016.

Even if not selected for an audit, the covered entities and business associates would be well-advised to review the Audit Protocol available through the HHS website, ensuring their internal list of business associates is current, and reviewing, and if necessary, updating their risk analysis and risk management in light of recent developments, particularly the proliferation of ransomware attacks targeting the health industry.