On November 10, 2016, the Office of Inspector General (“the OIG”) of the U.S. Department of Health and Human Services (“DHHS”) released its 2017 Work Plan. Published annually and updated throughout the year, the Work Plan identifies the OIG’s key areas of focus as it carries out its mission of protecting the integrity of programs within DHHS. The OIG is charged with ensuring the integrity of more than 100 programs administered by DHHS, including those within the Centers for Medicare and Medicaid Services, Center for Disease Control and Prevention, the Food and Drug Administration, and the National Institute of Health. The OIG Work Plan summarizes the OIG’s current activities – comprised of both new and revised activities — along with information regarding previously identified activities that have been completed, postponed, or cancelled.
The Work Plan highlights new and continuing priorities applicable to various provider types, including hospitals, nursing homes, hospices, home health, clinical laboratories, physicians and other health professionals, medical equipment suppliers and manufacturers, pharmaceutical manufacturers and other providers and suppliers.
The 2017 Work Plan is available here.
The following is a sampling of some of the new and ongoing efforts highlighted in the Work Plan:
The Office of Civil Rights (“OCR”) has issued new guidance in connection with an increase of malicious cyberattacks, namely ransomware attacks on healthcare organization’s computer systems. Ransomware is a defined by HHS as a type of malicious software whose defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker until the requested ransom is paid.Read More
When the North Carolina Division of Medical Assistance (“DMA”) decides to place a Medicaid provider on prepayment review, it can be the equivalent of a death sentence for a small business. The primary problem is that there are few avenues to appeal the decision to be placed on prepayment review, even when there is little or even no justification for DMA’s decision. Prepayment review then becomes a waiting game reducing cash flow and overwhelming providers with a paper chase gotcha game. Although the initial decision to place a provider on prepayment review cannot be challenged, this does not mean that a Medicaid provider has no options to challenge the prepayment review process.
From time to time the Parker Poe Health Care Blog will be asking experts in the health care field to serve as guest bloggers. Our first guest blogger is Daniel Carter from Ascendient. Ascendient is a Health Care Consulting firm located in Chapel Hill, North Carolina, that provides strategic health care planning and Certificate of Need advice and analysis. Ascendient has recently completed an in-depth analysis of the Certificate of Need (“CON”) law in North Carolina to determine how a potential repeal of the law would affect health care providers and consumers in the state. After reading it, we decided we should share this analysis with you. Here is a summary with a link to the full report.
Much of the debate over whether North Carolina’s Certificate of Need (“CON”) law should be repealed has focused on market theories without a great deal of focus on measurable realities. Ascendient decided to expand the perspective beyond the ideological arguments and review the data to see if it could draw some conclusions about how a potential repeal of the CON law in North Carolina would affect health care providers and consumers.
Based on an analysis of facts and objective data, we conclude that any move now to deregulate North Carolina’s healthcare system by reducing or eliminating the CON program would be premature and put already vulnerable hospitals at much greater risk as new entrants pick off their best patients without taking up the burden of indigent care.
There has been a lot of discussion about major changes to North Carolina’s Certificate of Need law. As these legislative discussions continue, the State Health Coordinating Council continues its work on next year’s State Medical Facilities Plan (“SMFP”). The draft plan is available on the N.C. Division of Health Service Regulation’s website. Public hearings on this proposed SMFP were held in July. Several petitions have been submitted seeking adjustments to the new determinations in the proposed 2016 SMFP.
A summary of the need determinations in the proposed 2016 SMFP is set forth below. Petitions submitted to adjust the need determinations also are listed.
The Office of Civil RIghts (“OCR”) recently announced that Phase 2 of the HIPAA audits would be further delayed because the audit portals and project management tools that are needed to initiate the audit process are not ready and available for usage. Phase 2 of the HIPAA audits was initially slated to begin in the fall of 2014 and was subsequently moved to late 2014 or early 2015. Currently, no timeline has been provided as to when the next round of audits will officially begin.
A delay in Phase 2 of the OCR HIPAA Audits does not mean that covered entities and business associates should not continue to make sure they are in compliance with all HIPAA regulations. The potential consequences for failure to comply with HIPAA regulations are significant. While the audit portals are still under development, it is a good time for covered entities to (i) make sure their HIPAA policies and procedures are up to date and meet the latest privacy and security requirements, (ii) create a list of all business associates that provide services to the covered entity, and (iii) conduct an internal risk assessment to identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
Among other things, Parker Poe’s healthcare attorneys advise our healthcare clients about (i) compliance with HIPAA’s privacy requirements as they affect healthcare information, including preparing employee and patient notices, plan policies and procedures, plan amendments and authorization and other forms, and (ii) HIPAA compliance requirements for business associates.
While many of us were shopping for last-minute gifts for our families, Governor McCrory was busy approving the 2015 State Medical Facilities Plan (“SMFP”). The SMFP is a document created annually by the State Health Coordinating Council that sets forth the methodology and allocations of available Certificates of Needs (“CON”) for the upcoming year. Under North Carolina law, the SMFP must be approved by the Governor. On December 22, 2015, the Governor approved the need allocations that will be available for the award of CONs in 2015 by signing the SMFP. Although the 2015 SMFP does not allocate a large number of potential CONs, there are some significant healthcare projects in the 2015 SMFP for which providers may wish to apply in the coming months.
In terms of technology and equipment, a CON for a fixed MRI scanner in Harnett County will be up for review in 2015. Applications for the fixed MRI scanner are due on August 17, 2015. Otherwise, 2015 looks to be a relatively quiet year for equipment applications.
Adult care home CONs provide one bright spot in the 2015 SMFP. The 2015 SMFP allocated 340 beds to Brunswick County. Applications for this allocation are due August 17, 2015. Providers should be mindful that they can apply for all or part of the 340 available beds. This allocation provides a good opportunity for adult care home providers to grow in a part of the state that is seeing an increased number of retirees.
On the home care and hospice front, the 2015 SMFP has no allocation for additional home health offices. However, the SMFP allocates one CON for a hospice home care Medicare-certified office in Cumberland County. Applications for the Cumberland County hospice home care CON are due June 15, 2015. Read More