Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 OIG Risk Areas: Reserved Bed Arrangements & HIPAA AHCA Compliance Webinar Series August 25, 2009 Ken Burgess, Poyner Spruill Jennifer Gimler Brady, Potter.

Similar presentations

Presentation on theme: "1 OIG Risk Areas: Reserved Bed Arrangements & HIPAA AHCA Compliance Webinar Series August 25, 2009 Ken Burgess, Poyner Spruill Jennifer Gimler Brady, Potter."— Presentation transcript:

1 1 OIG Risk Areas: Reserved Bed Arrangements & HIPAA AHCA Compliance Webinar Series August 25, 2009 Ken Burgess, Poyner Spruill Jennifer Gimler Brady, Potter Anderson Corroon LLP

2 2 Where We’ve Been  Mechanics of compliance program –Compliance committee/officer –Boards of Directors –Auditing and monitoring systems –Corporate philosophy statements  Compliance “risk areas” per OIG  Anti-Kickback, False Claims, resident safety  With section on auditing/monitoring sample

3 3 Today  Reserved bed arrangements –Potential for Anti-Kickback violations –And Medicare provider agreement violation  HIPAA –Privacy primarily –Focus on new HITECH provisions

4 4 Reserved Bed Arrangements  Payments or items of “in-kind” exchange to reserve beds for hospital patients –Especially with higher acuity residents –Or in areas with limited SNF beds  OIG Supplemental Guidance identifies this as potential risk area under federal Anti-Kickback statute  No items of value in exchange for referrals of federal program health care business

5 5 Reserved Bed Arrangements  Two resources / sources of reference and legal requirements  OIG 2008 Supplemental Guidance  CMS Provider Reimbursement Manual, section 2105.3  Site:

6 6 Reserved Bed Arrangements  Per both, these are permitted  IF price or exchange value not based on value or volume of referrals from SNF to hospital –Potential for disguised kickback if: Double dipping by SNF – bed already occupied Reserve more than hospital really needs Payments = excessive – more than costs SNF to hold bed or than SNF would lose by holding bed based on its occupancy and resident acuity mex

7 7 Reserved Bed Arrangements  Per OIG, these should be entered into only when hospital has legitimate need –Tip: records of monthly admissions by hospital, length of waits, local areas census, hospital’s difficulty with placement –May not be used based on future referrals from SNF to hospital “I pay you X and you send me your hospital business”

8 8 Best Source for Specifics: PRM Section 2105.3  Accepting a bed reservation payment for an occupied bed violates prohibition on accepting payment established for Medicare or Medicaid program –Violation of federal regs and your provider agreement –Doesn’t change rule in charging for “luxury items”

9 9 Specific Examples of Permitted & Impermissable BRAs  May only pay for days bed is vacant –May not also charge for difference in program payment and a higher reservation fee established by the agreement –So once bed is occupied, no further payment under agreement for that bed except “luxury items” as with any occupied bed

10 10 Specific Examples of Permitted & Impermissable BRAs  Need to establish reservation fee based on cost to SNF of holding the bed  Or amount SNF would reasonably lose by holding the bed (normal charge?) –Based occupancy rates –And resident acuity –Tip: establish as part of agreement some basis for fee that considers these and other potentially relevant factors so its objective

11 11 Specific Examples of Permitted & Impermissable BRAs  In-kind exchanges: –Permitted if offered to all residents of SNF and not just those in reserved beds or during period a reserved bed is occupied  Hospital gives RN to SNF –Must be full time and available to all residents –Not just “reserved bed” patients or when those beds are occupied

12 12 Specific Examples of Permitted & Impermisable BRAs  Free pharmacy, lab, radiology services  Free in-service education to SNF staff  Or discounted charges to SNF for these same services –Or others following these guidelines –These are only examples so you can be creative within these parameters  The PRM also addresses how these costs are reported by SNF/hospital on cost reports

13 13 Auditing & Monitoring for Reserved Bed Arrangements  Detailed sample in webinar materials  Look at: –Are we doing these agreements? –What do our contracts say vis-à-vis these guidelines in PRM / OIG Guidance? –Is legal counsel reviewing/approving? –Are we following those contracts in practice? –Is someone monitoring these periodically?

14 14 Auditing & Monitoring for Reserved Bed Arrangements  Who, by title, is responsible for executing and monitoring these agreements?  Are we interviewing SNF and hospital staff to ensure we are following, in practice, what our contracts say?  Are our billing/cost reporting folks properly recording or not recording these costs per the PRM’s guidelines?

15 15 Auditing & Monitoring for Reserved Bed Arrangements If these “audits” find problems, are we revising policy/procedure, sharing with compliance officer & committee and reporting this, via compliance officer, to Board of Directors along with any corrective actions and monitoring of those periodically? Are we then making sure these changes are passed back to operations for implementation?

16 16 HIPAA Privacy Rule Requirements  General principle for uses and disclosures  Permitted uses and disclosures –To the individual –Treatment, payment, health care operations –Opportunity to agree or object –Public interest and benefit Required by law Public health activities Victims of abuse, neglect or domestic violence Judicial and administrative proceedings

17 17 HIPAA Administrative Requirements  Privacy policies and procedures  Workforce training and management  Mitigation  Data safeguards  Retaliation and waiver  Documentation and record retention

18 18 HIPAA Authorized Uses and Disclosures  Authorization required unless specifically exempted  Psychotherapy notes – release requires authorization except –Originator may use in treatment, training, certain legal proceedings, and to avert serious and imminent threat to public health or safety

19 19 HIPAA Notice and Other Individual Rights  Privacy practices notice  Access  Amendment  Disclosure accounting  Restriction request

20 20 HIPAA Business Associates  Definition: a person or organization, other than a member of a covered entity’s workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of protected health information  Contract: the Privacy Rule requires that the covered entity include certain protections for the information in a business associate agreement

21 21 HIPAA Security Rule Requirements  General principle – protect confidentiality of electronic PHI  Required specifications  Addressable specifications  Compliance process –Assess –Evaluate –Implement –Document –Review  Enforcement by Office of Civil Rights, as of August 2009

22 22 HITECH Act  Health Information Technology for Economic and Clinical Health Act  Passed February 2009  Enhances privacy and security requirements  Changes enforcement structure –Increased sanctions for violations –Explicit authority for state AGs to pursue private claims on behalf of individuals  Creates new obligations for breach notification, information sharing and business associate relationships

23 23 HITECH Notification Requirements  Expands obligation to contact individuals affected by a breach  Applies only to unsecured protected health information  Any breach must be reported to individuals where information is reasonably believed to have been accessed, acquired or disclosed  Must be made within 60 days of breach discovery

24 24 HITECH Notification Requirements  Notice should include as much of the following information as possible –Description of what happened –Dates of breach and discovery –Types of information involved –Steps to take to protect against improper use –Actions taken in response to breach –Contact information for individuals to follow up

25 25 HITECH Notification Requirements  New methods of notice required –First class mail unless individual specified email –If contact information unavailable for 10 or more individuals, must post publicly Home page of Web site Notice in print or broadcast media  Breaches must be documented and submitted annually to Secretary of HHS  Breaches impacting 500 or more individuals requires immediate notification to HHS –If within the same state or jurisdiction, must notify major media outlets

26 26 HITECH Notification Requirements: Secured Health Information  Does not apply to secured health information  Encrypted so as to be unusable, unreadable or indecipherable  Subject to existing HIPAA rules  Encryption must be developed or endorsed by organization accredited by American National Standards Institute  Switching to encryption should be considered

27 27 HITECH Business Associates  All privacy requirements also apply to business associates that obtain or create protected health information  Requirements must be incorporated into contracts  Violations will be subject to civil and criminal penalties under the Social Security Act  Effective no later than February 17, 2010  Must notify covered entity of information breaches within 60 days of discovering breach

28 28 Restrictions on Data Use  If payment is out-of-pocket, individual has right to request that no information be disclosed  Disclosure should be as limited data set – minimal identifying information or only what is necessary  Accessing electronic health records must be tracked – individual can request up to three years of history  Authorization required for use of any information for which entity receives direct or indirect payment

29 29 HITECH Penalties  Penalties significantly enhanced  Four-tiered liability system –Inadvertent violation – $100-$50,000 –Willful neglect that goes uncorrected – up to $50,000 for each case with an annual cap per entity of $1.5 million –State AGs can bring actions on behalf of residents – $100 per violation, up to $25,000 annually, plus attorneys’ fees  Penalties already in effect

30 30 To reach us: Jennifer Gimler Brady Direct dial: (302) 984-6042 Potter Anderson & Corroon LLP 1313 North Market Street PO Box 951 Wilmington, DE 19899-0951

Download ppt "1 OIG Risk Areas: Reserved Bed Arrangements & HIPAA AHCA Compliance Webinar Series August 25, 2009 Ken Burgess, Poyner Spruill Jennifer Gimler Brady, Potter."

Similar presentations

Ads by Google