On June 9, 2011, Senator Orrin Hatch released a report by the Senate Finance Committee Minority Staff that outlines key concerns about Physician-Owned Distributors ("PODs"), specifically regarding the lack of regulatory oversight and clear guidance from the Department of Health and Human Services Office of Inspector General ("OIG"). The Committee Minority's report, Physician Owned Distributors (PODs): An Overview of Key Issues and Potential Areas for Congressional Oversight, set forth findings of committee staff who spoke to over fifty people and reviewed thousands of pages of documents. In addition to the report, the Chairman and Ranking Members of the Senate Financial Committee, Special Committee on Aging, and Judiciary Committee sent letters on the same day to the Administrator for Centers for Medicare & Medicaid Services ("CMS") and the Inspector General of Health and Human Services ("HHS") requesting further inquiry into the concerns set out in the Senator Hatch's report.… Continue Reading
On May 16, 2011, the Office of Inspector General ("OIG") published a report with the results from its nationwide review of the Centers for Medicare and Medicaid Services ("CMS'") oversight of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). In its review, the OIG sought to determine the sufficiency of CMS' oversight and enforcement actions pertaining to hospitals' implementation of the HIPAA Security Rule. Pursuant to the Security Rule, covered entities, such as hospitals, must implement technical, physical, and administrative safeguards for the protection of electronic protected health information ("ePHI"). According to the OIG, CMS' oversight and enforcement actions were "not sufficient," leaving limited assurance of the security of hospitals' ePHI.
The report details the results from the OIG's audits of seven hospitals. The audits disclosed "numerous internal control weaknesses." Specifically, the OIG identified 151 vulnerabilities in the systems and controls intended to protect ePHI. Of these vulnerabilities, 124 were categorized as "high impact." These vulnerabilities placed the confidentiality, integrity, and availability of ePHI at risk. The consequences of the high impact vulnerabilities is that it (1) may result in the highly costly loss of major tangible assets or resources; (2) may significantly violate, harm, or impede an organization's mission, reputation, or interest; or (3) may result in human death or serious injury.… Continue Reading
Earlier today the Department of Health and Human Services’ (HHS), Office for Civil Rights (OCR) announced the imposition of the first ever civil money penalty for violations of the HIPAA Privacy Rule. The penalty – which is $4.3 million – was assessed against Cignet Health of Prince Georges County, a health insurer. The underlying HIPAA … Continue Reading
This post was also written by Matthew E. Wetzel. On December 18, 2008, the Advanced Medical Technology Association (“AdvaMed”), the national trade association of medical technology manufacturers, issued a revised Code of Ethics on Interactions with Health Care Professionals (the “AdvaMed Code” or “Code”). The revised AdvaMed Code, which becomes effective July 1, 2009, contains … Continue Reading
On Aug. 19, 2008, the Centers for Medicare & Medicaid Services ("CMS") published a final rule to implement the Fiscal Year 2009 Hospital Inpatient Prospective Payment System (the "2009 IPPS final rule"). 73 Fed. Reg 48433. The IPPS final rule includes significant changes to the federal Physician Self-Referral Law, or "Stark Law," regulations.… Continue Reading
I. INTRODUCTION On April 30, 2008, the Centers for Medicare & Medicaid Services (“CMS”) published a proposed rule to implement the Fiscal Year 2009 Hospital Inpatient Prospective Payment System (the “IPPS proposed rule”). 73 Fed. Reg. 23528. The IPPS proposed rule includes possible changes to certain provisions of the federal Physician Self-Referral Law, or “Stark … Continue Reading