Healthcare Law Blog

Kentucky Rural Health Clinics and FQHC’s/Look- A-Likes with Low Rates—Don’t Overlook this Rate Increase!

Approved by CMS and effective July 1, 2014, Kentucky’s Medicaid Program may now pay certain Rural Health Clinics (“RHC”), Federally Qualified Health Care Centers (“FQHC”) and Look-a-Likes a higher rate. The Department of Medicaid Services (“Medicaid”) sought approval to pay RHCs, FQHCs and Look-A-Likes that have a low per visit PPS rate at a rate equal to 125% of the Medicare rate.  This means that Kentucky RHCs, FQHCs and Look-A-Likes with low Medicaid rates, just got a raise-- that is if they claim it! While the Medicaid State Health Plan Amendment provides that an “Alternative Payment Methodology” is now available, this really means that clinics with low rates can ask to be paid at a higher rate per visit without qualifying for a change in scope of service.   This increase in rate is supposed to be effective on July 1, 2014, but is based upon the Medicare Upper Payment Limit for RHCs as of September 30, 2014 and the rate as we calculate it is approximately $99.70. Essentially, this means that providers with rates below the $99.70 threshold may elect to be paid under the alternative payment methodology. More >

Changes Proposed for Anti-Kickback Statute

It has been said before—healthcare is changing. Most often providers must adapt their practices to comply with governing regulations. Sometimes, governing regulations must be revised to adapt to providers practices. And on occasion, governing regulations must be revised to be consistent with other governing regulations. This is one of those occasions. More >

Reclassification of Hydrocodone Takes Effect This Week

The U.S. Drug Enforcement Administration (“DEA”) published a Final Rule on August 22, 2014, which elevates hydrocodone-combination products (“HCPs”) to a Schedule II category of drugs under the Controlled Substances Act. That rule becomes effective this week – on October 6, 2014. While some hydrocodone products are already listed as Schedule II, some combination products (such as Vicodin, Norco, and Tussionex) were previously listed on the less-restrictive Schedule III. In determining whether rescheduling was necessary, the DEA considered multiple factors including the potential for abuse, likelihood of dependence, and the threat to public health posed by the drug. More >

The Finalized Meaningful Use Rule – What Providers Need To Know

The Centers for Medicare and Medicaid Services (“CMS”) finalized a rule (“Final Rule”) on August 29, 2014, giving health care providers a bit more breathing room to comply with the Electronic Health Record (“EHR”) Incentive Program’s (“the Program’s”) meaningful use requirements. The Program began as a way to motivate health care providers to implement EHR systems. Hospitals and health care professionals can qualify through the Program for incentive payments from CMS for the “meaningful use” of certified EHR technology (“CEHRT”). What qualifies as “meaningful use” has been the source of much confusion. The Program is intended to be implemented in three stages, with each stage to be completed within one calendar or fiscal year. More >

The Walmart List: Milk, Eggs, and a Doctor Visit?

By January 2015, Walmart will be operating dozen primary care clinics across the U.S. Six of these have already opened in South Carolina and Texas. Currently, some Walmart stores include acute care clinics that are operated through leases with local hospital operators. The new primary care clinics are distinct from the existing ones in several ways. The new clinics will be fully-owned by Walmart, offer a broader range of services, and be open seven days a week with longer operating hours. Walmart is partnering with QuadMed nationally to operate the clinics, rather than with local partners. The primary care clinics will be staffed primarily by nurse practitioners and medical assistants and will be supervised by a physician. More >

Nursing Homes Agree To Pay $3.8 Million Settlement

Life Care Services, a Des Moines-based company that manages nursing homes across the United States, and ParkVista, a California nursing home company, have agreed to pay a $3.8 million settlement for the alleged overbilling of Medicare. The two companies were, according to Department of Justice officials, involved in an arrangement under which a therapy company provided “unreasonable and unnecessary” rehabilitation services to nursing home residents. More >

Reminder: Update Your “Grandfathered” HIPAA Business Associate Agreements Now!

In January 2013, the Department of Health and Human Services (“HHS”) published its Final Rule, which significantly increased the privacy and security responsibilities for the “business associates” of “covered entities,” as those terms are defined by HIPAA. A provision within the Final Rule mandated that all covered entities and their business associates revise their business associate agreements to reflect the new responsibilities. Specifically, a business associate must now, among other things: More >

A Recap of Part II of the Webinar, “Medicaid: Getting Paid and Keeping It”

On Wednesday, August 27, the McBrayer Health Care Group co-hosted Part II of a webinar entitled, “Medicaid: Getting Paid and Keeping It.” Co-hosts included Joe Smith from the Kentucky Primary Care Association and Barry Smith from Primary Care Centers of Eastern Kentucky. The series drew a large crowd of participants all wanting to know the same thing: how to navigate the Medicaid reimbursement and audit process. Part II focused on the following topics:

• Federal Medicaid Audit Authority;
• Overview of the Medicaid Integrity Contractors;
• What to do if you are contacted by a MIC auditor;
• Opportunities to contest a MIC Auditor’s adjustments/denials/identification of overpayment

In addition, panelists from McBrayer discussed the top issues that they encounter in practice, as well as emerging trends and questions. If you missed the webinar series, don’t worry! We have both the slides and the recording available for download. In addition, check out some of the questions that were addressed in the conversation below:

What are some of the ways that a Recovery Audit Contractor (RAC) and Medicaid Integrity Contractor (MIC) differ?

RACs, established in 2012 under the ACA, are paid based on the amount of money in improper payments they identify. MICs, in contrast, are not paid a contingency fee. While MICs conduct postpayment auditing to identify overpayments, RACs are instructed to look for both overpayments and underpayments. In addition, RACs are overseen by the States, while the Centers for Medicare & Medicaid Services operates the MIC program.

My facility was recently audited. The Audit MIC concluded that there was a potential overpayment and prepared a report. Do I get a chance to respond to the report?

The MIC’s draft report will be shared with the State and the provider for comment. It is vital that you, as the provider, respond to the report. The report may be revised based on your input. It is important to note that once the report is final, the State will pursue collection of overpayment, not the Audit MIC.

What is the look-back period for MIC audits?

Audit MICs are now limited to a five year audit look-back period, beginning on the date of issuance of the notification letter to the provider. However, CMS stated that it retains the right to adjust the five year look-back period. There are currently no limits on the number of records that a MIC may request; therefore, if you are subject to an audit, it is important to make sure your staff is prepared to produce a voluminous amount of records in an organized and timely fashion.

What do I need to know about re-enrollment in Medicaid?

The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Based upon this requirement, States must complete the revalidation process of all provider types by March 24, 2016. A failure to re-enroll means that CMS will de-activate payment until a successful re-enrollment process is completed. Be sure to watch the mail for your re-enrollment notice and contact legal counsel should you have any questions about the process.

The McBrayer Health Care Group would like to thank Joe Smith and Barry Martin for co-hosting and we hope that attendees found the webinar insightful! If you are a provider and have questions about Medicaid, do not hesitate to contact us!

Services may be performed by others.

This article does not constitute legal advice.

Health Care Industry Familiar with HIPAA Breaches, Not So Much Hackers

Community Health Systems (“Community”), which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems in a period between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.

It has been reported that the hackers responsible for the attack are a group of cybercriminals from China that traditionally go after intellectual property, including medical device and equipment development data.  They used malicious software to obtain the data, which has since been removed by Community from the network. Further remedial efforts are already underway, including notifying affected patients and offering them identity theft protection services.

Hospitals should be accustomed to protecting data against privacy breaches as part of their HIPAA obligations, but outright cybertheft is a threat that many providers have not likely considered. The FBI, which is now investigating the Community incident, said in April that health care providers typically do not use the same high levels of security technology as companies in other industries (such as banking or retail). This makes providers an easy target for hackers. If a leading hospital system like Community can be breached, then hospitals of every size are at risk.

It is crucial that HIPAA-covered entities (and their business associates) understand and identify potential threats to their secured information. The importance of HIPAA risk analysis cannot be stressed enough; in fact, a risk analysis is required as the first step in HIPAA Security Rule compliance. While it may be impossible to build an impenetrable fortress of secured online information, it is evident that health care providers must continue to make it a top priority to protect patient records – both from HIPAA breaches and hackers.

Christopher J. Shaughnessy is a member at McBrayer law.  Mr. Shaughnessy concentrates his practice area in healthcare law and is located in the firm’s Lexington office.  He can be reached at cshaughnessy@mcbrayerfirm.com or at (859) 231-8780, ext. 1251. 

Services may be performed by others.

This article does not constitute legal advice.

Join us for Part II of our Medicaid Webinar!

Part II of the webinar is scheduled for Wednesday, August 27 from 12-1:30pm, EST. This session will discuss federal Medicaid audit authority, what to do if you’re contacted by a Medicaid Integrity Contractor (“MIC”), and opportunities to contest a MIC’s auditor’s adjustment/denials/identification of overpayment.

Attendees of Part I will automatically be enrolled in Part II. If you missed Part I, but would like to take part in next week’s webinar, sign up here: https://attendee.gotowebinar.com/register/6389912240505419777. We look forward to hearing from you!

Lisa English Hinkle is a Member of McBrayer law.  Ms. Hinkle concentrates her practice area in health care law and is located in the firm’s Lexington office.  She can be reached at lhinkle@mcbrayerfirm.com or at (859) 231-8780, ext. 1256. 

Services may be performed by others.

This article does not constitute legal advice.