Transcript “Implementation of Healthcare Reform and HIT Implementation on

“Implementation of Healthcare
Reform and HIT Implementation
on Health Care Providers”
Oct. 14, 2010
George Washington Hospital - Washington, DC
Randi Kopf, RN, MS, JD
Kopf HealthLaw, LLC
Rockville, Maryland
www.kopfhealthlaw.com
301-251-2788
SPEAKER BIO
Randi Kopf, RN, MS, JD is the founding and principal attorney of Kopf HealthLaw, LLC, a general health law
practice. Ms. Kopf has over 30 years of professional experience and serves as general and health counsel for individual physicians, medical
groups, national and regional medical and allied health associations, healthcare practitioners and entities locally and across the country, as well as,
certain patient matters. Her practice assists clients with corporate matters such as incorporation, practice structuring, medical practice acquisition
and sale, employee agreements and employment related matters, e-medicine and e-law issues, managed care contracting and negotiations and
professional grievance matters. Ms. Kopf provides advice regarding regulatory and legislative matters, practice Compliance plans, the application
of federal and state legislation, fraud and abuse issues, HIPAA, Stark, Medicare, health insurance matters and the new HealthCare Reform
legislation. She is an invited member of the Maryland Attorney Grievance Commission Peer Review Panel and has served on the Maryland
Health Care Commission EDI/HIPAA task force that developed nationally accepted privacy guideline tools.
Ms. Kopf has provided legal support for several U.S. Congressional health care bills and advocated on behalf of
physicians before the US Attorney’s Health Care Fraud Task Force. She has been a sought after speaker for national and state conferences on
medical legal topics. Ms. Kopf has extensive teaching experience and has held instructor and faculty positions at Georgetown University, the
University of Maryland and Adelphi University. Her published work includes Compliance Program Guide, Before You Sign … Managed Care
Contract Review for Health Care Providers, and The Nursing Handbook of Physical Assessment. She served as editor and contributor for the
Business and Legal Guidebook for Nurse Practitioners published by The American Association of Nurse Attorneys, (TAANA). The American Bar
Association, in their Health Lawyer Journal, published her article, “Antitrust Enforcement: How Medical Practices Feel the Effects”. Ms. Kopf
has been a frequent contributor to professional journals. She has been an editor and contributing author for the Journal of Nursing Law. She
serves on the Board of Advisors and contributor to Managed Care Contract Negotiator and Health Information Compliance Insider as well as
contributing to Medicare Compliance Alert, Medical Economics, BNA E-Health Reporter and other professional publications. Ms. Kopf has been
frequent lecturer for Bar and other professional associations
Ms. Kopf received a B.S. from Cornell University, a B.S. and M.S. degree from the State University of New York at
Stony Brook School of Nursing, and a J.D. degree from the University of Maryland School of Law. She is admitted to practice law in Maryland,
the District of Columbia and the United Sates Supreme Court. Ms Kopf was Board certified as a Family Nurse Practitioner for over 25 years. She
has received recognition by Who’s Who in American Medicine and Health Care, Who’s Who of American Women, Who’s Who in American
Nursing and received the Cornell University Alumni Award for Outstanding Volunteerism, the National Distinguished Service Award in Nursing
and the Distinguished Service Award for TAANA. Ms. Kopf is a member of the American Bar Association, American Health Lawyers
Association, TAANA, Maryland (MSBA) and District of Columbia Bar, Montgomery County Bar Association (former Chair of the Health law
section) and Special Technology Section of the MSBA. She serves as a Member of the Board of Directors and former Officer of TAANA,
President of the Chesapeake Nurse Attorneys, Inc. and has been recognized as a “Super Lawyer” in healthcare law in Maryland and Washington,
DC in 2007- 2010.
DISCLAIMER
This information is being
provided as general education
for informational purposes only
and not for the purpose of
providing legal advice.
Although it was prepared by a
professional it is not to be
utilized as a substitute for
personal legal counsel.
Healthcare Reform (ACA),
HITECH Act and Your Practice




Reformation of system incorporating preventive,
holistic care that benefits the patients, families and
society overall
Patient protective legislation – more covered services
(H&P), coverage for children w/ pre-existing illness,
previously uninsured, people with expensive medical
conditions, health insurance boundaries
Interdisciplinary provider networks to provide team
approach care (Medical Homes)
Payment shift from procedures to outcome



Lower covered fees for certain specialties
Bonus payments for better patient outcomes
Bonus payments to qualified primary care practices
Healthcare Reform (ACA),
HITECH Act and Your Practice

Use of HIT to further administrative, societal and
best medical practices goals


EHR and electronic claims filings will be
mandatory




Federal PHI data collection
Eligible Providers (EP) can apply for EHR grant money
Increased provider monitoring, evidence based
protocols, practices and limited medical
formularies
Compliance plans are mandatory
Increased provider and practice liabilities

no tort reform
Global EHR Considerations





Nationally centralized and accessible patient
information - acceptable pubic and national
interest
Federal collection of health data to assist
tracking of potential bioterrorism events
Retrieval and remote access issues
System interfacing - Compatible technology
Ability to treat and monitor patients from
remote sites including space & war zones acceptable national and public interest
Federal EHR Considerations

Reduction in health care costs as a
permissible business purpose
Administrative simplification
 Federal determination of Medicare patients’
‘best choice’ of medication or treatment
 Increased ability of Medicare and insurance
carriers to perform electronic clinical
performance reviews, referrals and billing
audits of providers/health care entities
 Health insurance payment determinations,
Workers Compensation determinations,
Disability SSI determinations

Societal EHR Considerations

Acceptable public interests
Reduction in medical error
 Promotion of public health
 Tracking of medication prescribing and use
 Identification of repetitive drug
procurement for addiction or sale
 Improved health via EHR and effective
home health care
 Professional oversight


E-Tracking of quality of care and outcome
HITECH ACT
(HIPAA Enforcement Provisions)






Applies to HIPAA Covered Entities (healthcare
providers, health plans, health care clearing houses)
and their Business Associates (BA)
Imposed breach notification requirements on
covered entities and their BAs.
Increased an individual’s rights re: PHI.
Increased enforcement and penalties for violation of
privacy and security of PHI.
Notification obligations only apply to unsecured
PHI
Breach is defined as unauthorized acquisition,
access, use or disclosure of PHI
HITECH Act Enforcement

HITECH Act raises the level of
enforcement



Secretary of HHS to perform investigation of
cases identified with willful neglect and to
impose civil money penalties
State Attorney Generals permitted to bring
civil action in federal court if they have
reasonable belief that a citizen has been
adversely affected by a HIPAA violation
FTC will also have regulatory authority to take
action
HITECH EHR Grant
Medicare Eligible Providers

Eligible Medicare Professionals (EP)


Eligible Medicaid Professionals




Doctor of Medicine or Osteopathy, Dental Surgery,
Dental Medicine, Podiatry, Optometry, Chiropractor
Physicians, nurse practitioners, nurse midwives, dentist,
PA in HRSA facilities
Must register for the incentive program- begins
1.1.2011
Must have 80% of patients in certified EHR
technology
Must demonstrate meaningful use for the EHR
reporting period


Must meet meaningful use requirements of Stage 1
90 days consecutive use for year 1
EHR Grant Resources and Help


http://www.cms.gov/EHRincentivePrograms
http://healthhit.hhs.gov
EHR Practice Issues

Practice concerns:






Inhibition of patient disclosure of personal
information due to access to their information
Chilling effect of appropriate and customary
‘off label’ use of medications
Increased potential for legal liability
Compliance with laws and policies
Creation of forensic evidence
Ease of misuse and abuse of PHI

Unauthorized redisclosure concerns
Preliminary Legal EHR Issues








Contracting issues for commercial software
Legal compliance
Risk assessment
Ownership
Access and Security
Certified Software
Interoperability
Insurance coverage for hardware and
technology software and electronic practice
EHR Practice Issues

Practice concerns:

Emailed PHI is vulnerable to:





Breach of confidentiality
HIPAA/policy violation
Incorrect party/employer viewing
Theft for commercial use – cyber pirates
Common cause of legal action
EHR Practice Issues

Practice Concerns:


HIPAA Security Rules and HITECH ACT compliance
EHR format reduces provider critical assessment





Forces choice of displayed options only
Charting errors difficult to correct and may stay
with patient’s record “forever”
Increased ability to perform clinical performance
reviews, referrals and billing audits of
providers/entities
Medication prescribing controlled by program
Any documentation omissions, errors, billing claim
irregularities or red flags detected by computer
screening
Potential Legal Actions

Civil actions




Negligence –malpractice, failure to inform,
warn or protect, breach of duty of care or
standard of care
Fraud, misrepresentation, falsifying encounter
information (insurance fraud)
Medical record or patient consent State laws
violations
Breach of Contract



Breach of fiduciary duty
Defamation
Breach of confidentiality & invasion of privacy


Federal consent laws and regulations
Commercial use of PHI without consent
Potential Legal Actions

Criminal actions

Health care fraud is a felony
Patient encounter documentation
 Billing, coding and claims submission
 Proof of intent no longer needed


Practicing medicine/nursing without a
license via email or telemedicine
Potential Legal Actions

Administrative actions

Federal or State regulatory violations can lead to
civil and/or criminal actions - potential fines,
penalties, restitution, imprisonment, exclusion as
a Medicare/Medicaid provider and loss of
professional license


Filing a complaint with OCR, HHS, CMS, DOJ, OIG, EEOC,
FBI, USAG, or State AG office
Filing a professional grievance with the professional
Board



Noncompliance with documentation principles or
professional guidelines
Professional Board investigation into violations of
Professional Rules of Conduct and Practice Acts
Filing a complaint with JCAHO or State Department of
Health
EHR Increases Practice Liabilities


Use of electronic forensic firms to reveal
‘deleted’ data, metadata and other eevidence
Greater potential for significant damages
with the EHR





Ease & Speed of disclosure
Breadth of potential disclosure
Reproduction of initial error
Identification and creation of pattern of
errors
HITECH Act gives everyone in a medical
office personal liability
Potential Consequences
of Regulatory Violations







Loss of Professional License
Loss of Employment
Legal Actions Against you, your practice or
your employer
Fines – you, your practice or your employer
Exclusion from Medicare/Medicaid as a
Provider
Personal Property & Asset Forfeiture
Prison
Steps to Minimize EHR Related
Liabilities

Perform a technology risk assessment


Assess computer security and file access
Identify security of electronic communications


Identify any current noncompliant physicians,
staff or office practices


EHR, Email, PDA, Texting, Website
Policy regarding taking laptops home
Review electronic vendor contracts



HIPAA Privacy & Security compliance
Liability
Warranty and Fitness for use
Reducing Practice Liability
Technology Risk Assessment

Perform a risk assessment prior to notification if there
is an unauthorized breach or disclosure




What was the type and amount of PHI involved?
Determine if the impermissible disclosure compromised the
privacy or security of the PHI and/or the individual
Are there any applicable exceptions?
What, if any, notification requirements apply


Time runs from when breach is discovered
These reporting exceptions are considered
controversial and HHS is currently considering
revising or repealing these criteria by the end of 2010

To remove the ‘harm’ determination from the breaching entity
and increased patient protection
Plan to Minimize Potential
Violations





Create HIPAA compliant policies and
procedures for your workplace
Inform staff that violations can be grounds
for immediate termination
Obtain proper consent from patients
Discuss or disclose PHI in private and
appropriate areas
Don’t leave a computer, laptop, PDA, cell
phone with PHI unattended or unlocked

Policy regarding portable devices containing EHR
Plan to Minimize Potential
Violations






Confirm compliance efforts required by
HIPAA, related laws and regulations
Limit staff access to PHI with passwords,
biometrics, etc.
Be sure EHR includes the ability to
retrieve PHI and a trail of any disclosures
Have a signed Business Associate
Agreement with vendors, lawyers, etc.
prior to releasing PHI
Post, make available and update the NPP
Work with an experienced health lawyer
E-Health Resources





National Coordinator for
Health Information
Technology of HHS (ONC)
– http://healthit.hhs.gov
CMS Doctors’ Office Quality
Information Technology
(DOQ-IT)
The President's
Information Technology
Advisory Committee – June
2004
Certification Commission
for Health Information
Technology –
www.cchit.org
ARRA HIT Grants –
www.grants.gov




Healthcare Information
and Management Systems
Society –www.himss.org
Office for the Advancement
of Telehealth (OAT) –
telehealth.hrsa.gov
American Health
Information Community of
HHS
Patient Privacy Rights –
www.patientprivacyrights.
org
26
E-Health Resources







Telemedicine Information
Exchange - tie.telemed.org
Electronic Privacy Center –
www.epic.org
Association of Telehealth
Service Providers –
www.atsp.org
International Society for
Telemedicine –
www.isft.org
Center for Telemedicine
Law – www.ctl.org
American Medical
Association – www.amaassn.org
Dept. of Health & Human
Services – HIT –




American Medical
Informatics Association www.amia.org
American Health
Information Management
Association www.ahima.org
American Telemedicine
Association –
www.atmeda.org
Office of Rural health
Policy –
www.ruralhealth.hrsa.gov
www.hhs.gov/recovery/repor
ts/plans/hit
27
Federal Governance of the
EHR






PPACA – Patient Protection
and Affordable Care Act
HIPAA – Privacy and
Security Rules & HITECH
Act
ARRA & HITECH Act
Office of the National
Coordinator of Health
Information Technology
(ONC)
Certification Commission of
Health Information
Technology (CCHIT)
www.cchit.org
Social Security Act Medicare\Medicaid








E-Prescribing Act of 2005
Health Care Fraud/False
Claims Act (FCA)
Prohibited Physician
Referral Laws – Stark
 Referral linked on E-Rx
Antikickback Statute
Workers Compensation
Freedom of Information Act
(FOIA)
Home Land Security
Public Health laws
 Substance Abuse
Treatment records
 Disease and abuse
reporting