Welcome to this week's edition of the Health Law Update. Topics covered today include:
We hope you find this information helpful. Please contact any member of BakerHostetler's Healthcare Team with questions.
WHOLE GENOME SEQUENCING: ARE WE READY FOR THE NEXT PRIVACY FRONTIER?
Recently, the Presidential Commission for the Study of Bioethical Issues submitted a report to the President entitled Privacy and Progress in Whole Genome Sequencing (Report), making recommendations to the President as to how best to protect the privacy of sensitive genomic information without stifling medical advances resulting from whole genome sequencing. The Report attempts to reconcile the potential societal benefit from advances in whole genome sequencing with the privacy risks individuals who share their genomic data may face.
Whole genome sequencing is a technique used to determine the complete sequence of DNA in an individual's cells. While each individual's genome is unique, variations in certain human genes have been linked to disease. Whole genome sequencing allows researchers to better understand these links by aggregating and comparing large amounts of genetic data from numerous individuals in order to identify the specific genetic variations that lead to disease. By combining the information obtained from whole genome sequencing with other clinical information, researchers can design new treatments for diseases like cancer, heart disease and diabetes. In addition, whole genome sequencing allows researchers to more accurately identify an individual's risk of developing certain diseases and may eventually permit researchers to specifically tailor a treatment based on an individual's genetic makeup.
While multiple laws and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Common Rule, the Genetic Information Nondiscrimination Act (GINA) and some state genetic privacy laws are potentially applicable to the privacy of genomic information, the Report recognizes that the protections afforded by these provisions in their current forms are inadequate.
HIPAA requires covered entities to maintain the privacy and confidentiality of protected health information; however, it is unclear whether de-identified whole genome sequences are protected health information, and there is an emerging technological threat that even de-identified whole genome sequences can be "re-identified."
The Common Rule requires, among other things, that federally funded research on human subjects undergo independent review by an institutional review board and that sufficient procedures minimizing patient risk, including privacy risks, and ensuring informed consent be implemented. The Common Rule has similar limitations to HIPAA regarding de-identified genome sequences.
GINA prohibits discrimination on the basis of genetic information in the health insurance market and in employment decisions, such as hiring, firing, job assignments and promotions, but does not address unauthorized disclosure of or access to genomic information. Similarly, while less than half of the states have adopted genetic privacy laws that expand upon federal protections, most do not address unauthorized disclosure of or access to genomic information, and the significant variation between states creates uneven and unpredictable privacy assurances.
To address the shortcomings of the existing laws and regulations applicable to the privacy of genomic data, the Report includes the following policy recommendations to the President:
- Create strong baseline protections while promoting appropriate data access and sharing.
- Ensure the security of sequencing data and control access to sequencing databases.
- Maintain consent as a cornerstone of sequencing data privacy.
- Facilitate progress in whole genome sequencing.
- Ensure continued public benefit by sharing genomic advances as broadly as possible.
The privacy issues surrounding whole genome sequencing are sure to generate significant legal and regulatory changes that could impact all institutions conducting research involving human subjects. For more information or assistance with these privacy issues, please contact Lynn Sessions at firstname.lastname@example.org or 713.646.1352 or Cory J. Fox, email@example.com or 713.646.1358.
top of page
CMS'S PRIVACY PROBLEM: DATA BREACHES, MEDICARE NUMBERS AND INACTION
The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently published a report, CMS Response to Breaches and Medical Identity Theft (Response), which referenced 14 breaches of medical information by the Centers for Medicare and Medicaid Services (CMS), including Medicare numbers, affecting nearly 14,000 beneficiaries in the past two years. Because the Medicare number includes a beneficiary's social security number, the risk of identity theft resulting from these breaches is significant. CMS's notification to the affected individuals routinely failed to meet the timeliness and content requirements imposed by the Health Information Technology for Economic and Clinical Health Act (HITECH Act). To address these and other breaches, CMS has set up a database of the Medicare numbers of 284,000 beneficiaries and 5,000 providers that have been involved in medical identity theft in the past and are regarded as vulnerable. The Response notes, however, that database users reported problems with the interface and that the database alone is not an adequate remedy.
CMS's continued use of social security numbers as Medicare numbers has been under scrutiny for several years. Since 2002, the U.S. Government Accountability Office (GAO) has repeatedly recommended that CMS use a different methodology in assigning Medicare numbers in order to protect social security numbers. In May 2008, the OIG issued a report urging CMS to remove social security numbers from Medicare cards in order to prevent identity theft. CMS has consistently refused to modify its methodology, citing logistical and cost constraints. In an August 2012 hearing before the House Ways and Means Committee, Tony Trenkle, CMS's Chief Information Officer, testified that transitioning to a new methodology "would be a task of enormous complexity and cost that, undertaken without sufficient planning, would present great risks to continued access to healthcare for Medicare beneficiaries." Mr. Trenkle estimated that the cost of a smooth transition could be as high as $845 million, and he cautioned the committee that the transition would mean a substantial change for physicians treating Medicare patients.
This recent string of CMS data breaches has captured the attention of lawmakers, who once again are calling for CMS to act. If you would like more information regarding healthcare privacy matters or if you experience a data breach, please contact Lynn Sessions at firstname.lastname@example.org or 713.646.1352; Ted Kobus at email@example.com or 212.271.1504; or Cory J. Fox, firstname.lastname@example.org or 713.646.1358.
top of page
GAO REPORT REVEALS INCREASED EXPENDITURES FOR ADVANCED IMAGING SERVICES BY SELF-REFERRERS
A recent report by the GAO analyzing Medicare Part B claims and spending on advanced imaging services, including magnetic resonance imaging (MRI) and computed tomography (CT), revealed that self-referring providers referred substantially more of these services than did non-self-referring providers. A self-referral occurs when a provider refers a patient to an entity with which the provider or an immediate family member has a financial relationship, including referrals to the physician's own practice for advanced imaging services.
The GAO found that while the number of MRI and CT services increased overall from 2004 to 2010, the number of self-referred services increased much more dramatically by 80 percent over this period. Additionally, expenditures for self-referred MRI services increased approximately 55 percent during this period, while expenditures for non-self-referred MRI services decreased about 8.5 percent. Overall, self-referring physicians referred about two times as many advanced imaging services as providers who did not self-refer, with the largest percentage increase in referrals coming in the first year the provider began self-referring.
The GAO concluded that Medicare spent about $109 million more in 2010 than it would have if self-referring providers had referred MRI and CT services at the same rate as non-self-referring providers of the same specialty and practice size. HHS responded to the report and stated it would consider implementing an approach to insure the appropriateness of advanced imaging services referred by self-referring providers. HHS rejected the GAO's proposal to include a "self-referral flag" on its Part B claims for advanced imaging services because of concerns regarding the administration and accuracy of such a mechanism. HHS also declined to adopt the GAO's recommendation to implement a payment reduction for self-referred advanced imaging services.
The GAO was openly critical of HHS's response to the report and expressed concern that HHS appeared not to recognize the need to monitor the self-referral of potentially unnecessary advanced imaging services. The GAO also is currently reviewing self-referral of anatomic pathology services, intensity-modulated radiation therapy services and physical therapy services. Providers are reminded to review their practice models related to ancillary services to ensure compliance with an available exception to the Stark Law.
If you have any questions or concerns related to the Stark Law and ancillary services, please contact Donna S. Clark, email@example.com or 713.646.1302; or Darby C. Allen, firstname.lastname@example.org or 713.646.1311.
top of page
AHA SUES HHS FOR REFUSAL TO PAY FOR DENIED INPATIENT CLAIMS AS OUTPATIENT SERVICES
On November 1, 2012, the American Hospital Association (AHA) and four healthcare providers brought suit against HHS for maintaining a policy of refusing to pay for medically necessary care provided to patients. The suit specifically deals with the "wrong setting" scenario where hospitals provide services under Part A, and Recovery Audit Contractors (RACs) subsequently audit and deny those services as not appropriate at an inpatient level. In denying the services under Part A, HHS and CMS have taken the position that no payment to the hospitals is warranted; however, hospitals have long argued that the services still were medically necessary and should be reimbursed under Part B. Now the AHA and a handful of hospital systems and medical centers are suing in an effort to overrule this nonpayment policy.
The AHA challenges HHS's policy of prohibiting Part B payment for Part A denials as violative of the Administrative Procedure Act (APA). The AHA argues this prohibition of Part B payment for medically necessary services violates the Medicare Act and thus is invalid under APA. The suit also alleges that the policy of not allowing payment under Part B is arbitrary and capricious, that CMS's failure to follow precedent is arbitrary and capricious, is invalid for failure to undergo notice and comment rulemaking and is invalid because the policy was not promulgated as a regulation.
In sum, the AHA takes the position that "[p]ut simply, when a hospital furnishes reasonable and medically necessary items and services, if payment cannot be made under Part A, it must be made under Part B." The suit requests declaratory relief and an order that "all hospitals that have received Part A denials based upon the wrong setting of care be paid full Part B reimbursement."
The suit is in line with recently introduced legislation which, if passed, would legislatively provide for rebilling denied Part A inpatient claims under Part B where the services are found medically necessary at the outpatient level. See the October 25, 2012, issue of the Health Law Update. The AHA voiced support for that bill as well.
Scott McBride has extensive experience with defending claims and RAC appeals related to short stay and denied Part A services. For more information, please contact B. Scott McBride, email@example.com or 713.646.1390 or Ameena N. Ashfaq, firstname.lastname@example.org or 713.646.1329.
top of page
NEW ADDITION TO THE HEALTHCARE INDUSTRY TEAM: ED FRIEDMAN
Employment and labor attorney Edward L. Friedman recently joined BakerHostetler in the Houston office. Ed has a national employment and labor practice, with a particular industry focus on healthcare. He primarily handles matters related to noncompete, misappropriation of trade secrets and unfair competition matters, assisting companies in mergers and acquisitions, negotiating and drafting executive employment agreements, representing boards of directors with issues involving company officers and key employees and defending companies in wrongful termination and whistleblower litigation. Many of Ed's cases have involved medical device manufacturers and healthcare providers throughout the country. Additionally, Ed has expertise in social media policy, particularly with regard to the needs and concerns of healthcare providers.
Prior to joining BakerHostetler, Ed practiced for 25 years at Locke Lord. Ed received a law degree from The University of Michigan Law School, graduating with honors, and an undergraduate degree from Cornell University in the School of Industrial and Labor Relations, graduating Phi Kappa Phi.
A member of the Krewe of Tucks, Ed has been riding in the New Orleans Mardi Gras parade for the last nine years.
Ed can be reached at email@example.com or 713.646.1389.
top of page
HOLIDAY PUBLICATION NOTICE
The Health Law Update will not be published on Thursday, November 22. We will resume our regular bi-weekly schedule on December 6.
top of page
Cleveland counsel Thomas S. Campanella will speak on "The Current State of Health Care in the U.S." to third year medical students of the Ohio University Heritage College of Osteopathic Medicine at St. John's Medical Center in Westlake, Ohio.
Houston partner Donna S. Clark will speak on "Assuring Compliance With Stark Technical Requirements in Physician Contracting" at a webinar sponsored by the American Health Lawyers Association.
Columbus partners Robert K. Rupp and Joseph C. Devine will speak on "Whistleblowing Issues for Corporate Counsel: Practical, Ethical and Professional Considerations AND Substance Abuse Issues for Corporate Counsel: Prevention & Treatment" at a conference sponsored by the Association of Corporate Counsel, Columbus Chapter in Columbus, Ohio.
Houston counsel Lynn Sessions will speak on "Developing a Smartphone Policy for Healthcare Providers" at an audio conference sponsored by Lorman Education Services.
top of page
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2012 Baker & Hostetler LLP