Posted In: Health Care
Industry:
Health Care
Compliance Checkup: Year End 2020 - No Looking Back
on December 29, 2020
We often think of 20/20 vision in the context of great eyesight. But this analogy about perspective is especially meaningful in health care. If there is one good thing about the year 2020, it is that it has given us many opportunities to have great perspective. And while we’d love to forget it and not look back, we would be remiss if we did not try to use our new perspective as we forge ahead.
We wanted to share, at least from a legal perspective, some takeaways from 2020 that you may want consider priorities as you start 2021.
-
Provider Relief Fund Accounting. For providers who accepted Provider Relief Funds (PRF) under the CARES Act, the reporting of the use of these funds was a condition of payment acceptance. HHS requires providers to begin reporting in 2021. Here are some key dates for this requirement:
• January 15, 2021: reporting portal opens for providers
• February 15, 2021: first reporting deadline for all providers on use of PRF funds
• July 31, 2021: final reporting deadline for providers who did not fully expend PRF funds prior to December 31, 20201
Be sure to work with your accounting and finance teams to ensure the necessary obligations have been met and can be reported according to the specifications provided by HHS.
-
Compliance Plan Refresh. We recommend revisiting your compliance plan and program at the beginning of every year; but this year, it is even more important for several reasons. Health care providers should expect some additional scrutiny by the government in 2021 as part of the OIG’s work plan to ensure that PRF were used appropriately. Once the government is inspecting your internal operations, everything is fair game. Be sure you have more than just a policy. Be prepared to show what your practice has done to advance its compliance enforcement.
-
Cybersecurity Risk Review. Part of your compliance plan and program refresh should include a security risk audit under your HIPAA obligations. Although the HIPAA compliance component is always critical, your practice should have cyber crime defense on the top of its list in 2021. The pandemic has been a true disruption for many businesses. Health care providers in particular, were pushed to the boundaries as they looked to offer telehealth and other remote work platforms for their employees on a moment’s notice. This newly-developed environment is likely to stay with us, but most providers probably have some cleanup work to do to ensure those platforms are secure and compliant in a post-pandemic era. The Office of Civil Rights (OCR) has said it will relax enforcement during the public health emergency, but we suggest providers promptly perform a security risk assessment and cement appropriate security measures in telehealth, electronic medical record (EMR) systems and anywhere your practice has electronic protected health information (PHI). Finally, re-check your cyber liability insurance coverage to ensure you have the right type and amount of coverage. Keep in mind your employees and their remote work details.
-
Stark and Anti-Kickback Law Risk Review. In a late announcement in November 2020, CMS and the OIG collaborated to issue final changes to the Stark Law and the Anti-Kickback Statute (AKS) and Beneficiary Inducement Civil Monetary Penalty Law (CMPL) (collectively, the AKS Rule). In many respects the final rules attempted to liberalize some restraint on health care arrangements in order to provide clarity in otherwise legitimate relationships between health care providers. To highlight, most providers will be impacted in the realm of physician compensation. The agencies attempted to loosen the definitions of fair market value, commercial reasonableness, and the application of volume or value in physician compensation arrangements. Finally, the group practice definition and application to physician bonus arrangements has been clarified, although this change has been delayed to January 1, 2022. As you can imagine, physician compensation arrangements are vastly different and each is very fact-specific. If nothing else, review all of your physician compensation arrangements with your health care attorney to ensure appropriate compliance, particularly bonus arrangements. Remember, non-compliance with the AKS Rule can subject your practice to the False Claims Act and the return of reimbursement to governmental payors during periods of non-compliance.
-
HIPAA Changes on the Horizon. On December 21, 2020, the OCR released proposed changes to the HIPAA laws which are nearly twenty-five years old. Although these are proposed changes that are subject to the required 60-day notice and comment period, expect little pushback in a final approval due after February 12, 2021. The theme in the proposed rules is patient access. Just when health care providers pushed boundaries to implement telehealth, expect the bar to be raised even higher giving patients more access to their PHI in more robust ways. In the same ways we have access through apps to various profiles and personal data in other industries, health care providers will now be asked to perform in the same way. This will be a challenge for many as EMR technology remains relatively static and not very patient-friendly. The proposed rules also include some loosened definitions of “health care operations” and related permissible uses. Stay tuned over the next few months as these rules are finalized.
As so many of us wish for anything better in 2021 than 2020, let us not forget our new perspective as we forge ahead into another new year. To all of our health care clients, colleagues and friends, thank you for your persistence during this pandemic year. We are honored to collaborate with you on your legal and compliance needs so you can focus on the work you do to keep us healthy and safe. Our best to you in 2021!
1Note: At the time of this writing, the President just signed the COVID Relief Deal which provides additional PRF funds. Some of the reporting timelines may be subject to change as a result of additional legislation.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.