Cyber threats and cybersecurity controls have evolved significantly over the past two decades since the HIPAA Security Rule were originally promulgated. During this same time, healthcare entities have increasingly become a prime target of hackers seeking to extort payment using ransomware, exfiltrate patient data to commit fraud, or disrupt operations in other nefarious ways. Recognizing these challenges, some security professionals have sought further clarity on the HIPAA Security Rule that they deem to be “long in the tooth”. Yet, regulators have not made any significant modifications – perhaps driven by the original policy considerations of the HIPAA Security Rule that: “the standard should be comprehensive and coordinated to address all aspects of security”; that it be “scalable, so that it can be effectively implemented by covered entities of all types and sizes”; and that it “not be linked to specific technologies, allowing covered entities to make use of future technology advancements.”
Hitting the Reset Button: NIST Seeks Comments on Version 2.0 of HIPAA Security Rule Compliance Guidance
As featured in #WorkforceWednesday: While the Equal Employment Opportunity Commission says that employers can institute mandatory vaccination policies, there are many legal considerations that come with those policies, especially as more employees return to work. And employers that do not mandate vaccines are wondering what workplace rules they can implement without legal risk. Attorneys Jennifer Barna and Nathaniel Glasser tell us more. You can also read more about the legal considerations of mandating vaccination.
On May 3, 2021, New York Governor Andrew Cuomo and New Jersey Governor Phil Murphy announced a significant easing of COVID-19-related capacity restrictions on businesses in their respective states. Governor Ned Lamont of Connecticut, who joined the other two governors in the announcement, had previously ordered a comparable lifting of capacity restrictions in his state.
Specifically, effective May 19, New Jersey and New York will remove most capacity limitations on businesses, which are currently based on a percentage of maximum capacity, and replace them with limitations based on the space available for individuals to comply with the social distancing mandate of six-feet; Connecticut’s easing of restrictions will also be in place by May 19. It is not yet clear how the new social-distancing requirement will be enforced, since, as of this writing, only Governor Murphy has issued an executive order regarding the removal of capacity limitations for businesses, and it does not contemplate enforcement. Additionally, no other formal guidance has been issued.
Getting Paid for COVID-19 Test Claims: What Every Clinical Lab Needs to Know to Maximize Collected Dollars
As many labs have discovered, getting reimbursed for COVID-19 tests is not a given. Several sources of risk—such as inadequate posting of prices, improper coding, noncompliance with state & federal laws, and inadequate documentation—result in clinical laboratories not being paid for COVID-19 testing or, more likely, getting paid and later facing post-payment audits that result in the recoupment of some payments.
Podcast: Whistleblowing, Retaliation Risks Are On the Rise for Health Care Employers – Diagnosing Health Care
In this episode of the Diagnosing Health Care Podcast: Since the start of the COVID-19 pandemic, many jurisdictions have enacted protections from COVID-19-related liability claims through legislation and executive orders. These liability shields, however, may give health care businesses a false sense of security and offer little protection when it comes to employment claims.
Epstein Becker Green attorneys Denise Merna Dadika, Gregory Keating, and Elena Quattrone discuss the unintended liability consequences health care employers must consider as they transition more employees back to in-person work and the ways to mitigate increasing whistleblower and retaliation risks.
Small and midsize employers may be entitled to tax credits for providing paid leave related to COVID-19 vaccinations
The American Rescue Plan Act of 2021 allows small and midsize employers, and certain governmental employers, to claim refundable tax credits that reimburse them for the cost of providing paid sick and family leave to their employees due to COVID-19. This includes leave taken by employees to receive or recover from COVID-19 vaccinations.
On April 19, 2021, the Office of Inspector General’s (OIG) Office of Audit Services (OAS) released the results of an audit conducted on the accuracy of diagnosis codes submitted to CMS by Humana, Inc. for 2015 dates of service. Based on the audit results, the OIG recommended Humana return a whopping $197.7 million in alleged overpayments and enhance its policies and procedures to prevent, detect and correct noncompliance with Federal requirements for diagnosis codes that are used to calculate risk-adjusted payments.
The Federal Communications Commission Announces Narrow Window to Apply for Second Round of COVID-19 Telehealth Program Funding – Applications Due May 6, 2021
On April 29, 2021, the Federal Communications Commission (FCC) will begin accepting applications for the second round of its COVID-19 Telehealth Program (the “Program”). However, the application filing window will only be open for a very short seven day period and will close on May 6, 2021. To give all applicants an equal opportunity to have their applications reviewed, the FCC announced that all applications filed during this period will be reviewed once the application filing window has closed.
On April 13, 2021, a New York-based chiropractor, was sentenced to nine years in prison, and ordered to pay close to $20 million, for running what the federal government alleged was a large scale scheme to defraud Medicare and other third party insurers. The sentencing stems from a case originally filed under seal on August 29, 2018, in which the U.S. Attorney’s Office for the Southern District of New York alleged that two New York chiropractors – James and Jeffery Spina – improperly owned and controlled multiple medical practices and engaged in submission of fraudulent health care claims from 2011 until September 2017.
U.S. Department of Justice Reports on Heightened Enforcement Activities Against COVID-19 Related Fraud
On March 26, 2021, the U.S. Department of Justice (“DOJ”) reported on the agency’s heightened criminal and civil enforcement activities in connection with COVID-19-related fraud. As of that date, DOJ had publicly charged 474 defendants with criminal offenses in connection with COVID-19-related schemes across 56 federal districts to recover more than $569 million in U.S. government funds.