As the United States continues to grapple with the effects of the coronavirus epidemic, the U.S. Department of Health and Human Services (“HHS”) announced new rules extending compliance dates and timeframes under the Cures Act. The agency’s new rules—most of which take effect on Dec. 4, 2020—are aimed at giving IT developers and health care providers flexibility in responding to the coronavirus pandemic.
The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.
On November 3, 2020 new rules from the Health and Human Services Department concerning information blocking in healthcare will come into effect. The rules are an implementation of the 21st Century Cures Act (“Act”) which is the latest in the government’s effort to lower costs and allow for greater patient access to electronic health information (“EHI”). The Act aims to prevent covered healthcare providers from restricting the flow of EHI in inappropriate ways. Violations of the new Act may result in considerable civil fines.
The Centers for Medicare & Medicaid Services (“CMS”) Innovation Center (“CMMI”) recently announced a new model for health care providers in rural areas to receive payment from the federal government. The Community Health Access and Rural Transformation (“CHART”) initiative aims to improve rural health care while promoting the Trump Administration’s push to shift health care providers into a more expansive value-based payment model.
The effects of COVID-19 create numerous hospital financial management issues. One specific issue is hospitals maintaining financial stability. As the United States adjusts to the pandemic, hospitals have the burden of navigating their purpose, mission, and values while maintaining operations. The Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) is a comprehensive bill that includes provisions that financially assist healthcare providers. Nevertheless, as with all federal assistance, compliance with specific conditions is required. As the pandemic continues, if hospitals accept federal help to stabilize finances, awareness, and increasing training to comply with federal guidelines is crucial.
Recent regulatory waivers and rule changes by the Centers for Medicare and Medicaid Services (“CMS”) have resulted in a notable increase in patients seen remotely, according to two recent studies. The studies suggest that CMS regulatory waivers and rule changes, which included expanded access to COVID-19 testing and telehealth services in response to challenges faced by health care providers and patients during the COVID-19 pandemic, have increased remote delivery of mental health care and highly specialized clinical practices like plastic surgery.
The Centers for Medicare & Medicaid Services (“CMS”) released new guidance for skilled nursing facilities (“SNFs”) as part of a larger rulemaking agenda for healthcare institutions in the throes of the current public health emergency with COVID-19. CMS has also detailed the fines for non-compliance with the new COVID-19 requirements for SNFs and other healthcare institutions such as hospitals and laboratories.
On October 9, 2019, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule to modernize and clarify the regulations that interpret the Medicare physician self-referral law (often called the “Stark Law”), which has not been significantly updated since it was enacted in 1989. As CMS tries to reconstruct the healthcare field, it is imperative for compliance programs to prepare for the changes in regulations to come. The following discussion provides a brief overview of the proposed changes but is not an exhaustive list of all rulemakings related to the physician self-referral law.
On September 5, 2019, the Centers for Medicare and Medicaid Services (“CMS”) released its final rule with comments on Program Integrity Enhancements to the Provider Enrollment Process (“ The Program Integrity Enhancements”). The final rule gives CMS the power to revoke Medicare, Medicaid, and Children’s Health Insurance Program (CHIP) enrollments of providers or suppliers who have an “affiliation” with previously sanctioned entities, even if those providers and suppliers aren’t directly violating any existing rules themselves. CMS says that this new authority will help to “stop fraud before it happens.”
In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.