1 / 42

Rapid Fire

Rapid Fire. Affordable Care Act and HIPAA – Are You In Compliance? Erik P. Crep Stuart T. O’Neal Wicker, Smith, O’Hara, McCoy & Ford, P.A. Burns White Miami, Florida Philadelphia, Pennsylvania.

derek-finch
Download Presentation

Rapid Fire

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Rapid Fire Affordable Care Act and HIPAA – Are You In Compliance? Erik P. Crep Stuart T. O’Neal Wicker, Smith, O’Hara, McCoy & Ford, P.A. Burns White Miami, Florida Philadelphia, Pennsylvania

  2. New Approaches to Attacking Damages Affordable Care Act

  3. What is ACA? • Adopted by Congress on March 23, 2010 • Held constitutional by U.S. Supreme Court in National Federations of Independent Business v. Sebelius, 132 S.Ct. 2566 (2012) • Provides that all persons in the U.S. be afforded health insurance, regardless of their health or financial situation • Act contains 5 essential components designed to improve access to health care and health care insurance benefits: 1. The individual mandate 2. Minimum essential benefits 3. Guaranteed issue requirement 4. The employer mandate 5. Tax credits and subsidies

  4. Individual Mandate • Requires every applicable individual to obtain minimum coverage or pay a penalty. 26 USC § 500 A(a) – (e). • Supreme Court upheld the law, calling it a tax (but the challenges continue) • Therefore, argument is that it is not a collateral source because it is a tax • Limitations on deductibles by federal law. In 2014 that maximum amount if $6,350.00 for individuals, $12,700 for families. • 26 USC § 1302(b) • Plaintiffs have a duty to mitigate their damages • Duty to mitigate combined with the individual mandate means the Plaintiff by law must buy insurance and by case law has a duty to mitigate damages. • Defense argument is that the Defendant can pay for the health insurance to allow the Plaintiff to • A. Comply with the law • B. Get insurance • C. Get insurance with a limitation per year of $6,350.00. • D. Pre-existing conditions are covered – no policy exclusions • Defense argument is to be liable for the out of pocket deductible, the annual premium and any increase in the premium and co-payments.

  5. Essential Health CoverageAll qualified plans are required to provide minimum essential coverage and must include: 26 USC § 1302(b) • Ambulatory patient services • Emergency Room • Hospitalization • Maternity and Newborn Care • Mental Health and Substance Abuse • Prescription Drugs • Lab Services • Preventable Wellness Care and Chronic Disease Management • Pediatric Services

  6. Guaranteed Issue Requirement • Under Act – no pre-existing exclusion • No lifetime caps • Can be limitations but depends on plan selected. In Florida we have • Catastrophic Florida Blue • Platinum 90% of actuarial level • Gold 80% of actuarial level • Silver 70% of actuarial level • Bronze 60% of actuarial level Each State offers a blend of services, goods and coverage depending on the premium cost. Physical therapy, occupational therapy and speech and rehab are examples of covered services. Must check each State’s exchange for delineated services covered. Cheaper to buy insurance, calculate the out of pocket maximum and increase in premium than to pay for life care plan.

  7. Collateral Source Rule • Traditional application to prohibit reference to “collateral sources” such as Insurance, Medicare and Medicaid • This Rule is the biggest obstacle to reducing damages for future medical costs for private health insurance • Challenges to Collateral Source Rule Application under ACA • Future payments have to be “reasonable and necessary.” Introduction goes to “reasonableness” and refutes life care plan/economic estimates. • Individual mandate premised on a tax via Supreme Court • ACA will apply to future payments – not past amounts. • Any award will enable Plaintiff to purchase health insurance which is “affordable”.

  8. Collateral Source Rule continued General Justification for No Offset vs. ACA • Enforced principle that tortfeasor pays for the consequences of their actions • Tortfeasors should not receive windfall of less or no damages based on benefits paid by a 3rd party • In the past, courts were reluctant to “reward” tortfeasors because of plaintiff’s foresight to purchase insurance – this foresight has been replaced with legal obligation to obtain insurance

  9. Mitigation of Damages • Plaintiff not entitled to recover damages for harm that he/she could have avoided by use of reasonable effort or expense • Precludes recovery of unreasonably excessive expenses incurred in response to a tort • All plaintiffs must take reasonable measures/effort to minimize damages

  10. Expert Witnesses for the Defense • Need experts on available plans and services implemented by each State and available to patient • Need expert to opine on the annual increase of the premium and the set out of pocket maximum • Attach plaintiff’s life care plan with this alternative and demonstrate many services are provided by insurance • Experts to consider: • Economist • Insurance person • Life expectancy expert • Experts to explain the benefits of the ACA to the Plaintiff

  11. Billed vs. Negotiated Insurance Rate • Large difference between what is billed vs. what insurance carriers actually pay • As much as 8-10 x’s higher • Prior to ACA, less that 5% of patients paid a provider’s “billed” rates.

  12. “Attack” on Defense • Define damages, assessment of future medical damages. • Defendants must ensure Plaintiffs establish future damages (burden of proof) • Future damages need be reasonably certain to be sustained or occur in the future • Future medical costs are “medically reasonable and necessary” • Damages to compensate the patient or “make them whole” – not to punish the defendant

  13. Cases: The Good, the Bad and the Ugly

  14. Good Cases

  15. Bad/Ugly Cases • Leung v. Verdugo Hills Hospital, 2013 WL 221654 (CA. Ct. App. 2013) • Med. Mal case with future medical expenses • Hospital argued on appeal that it should have been permitted to introduce evidence of Plaintiff health insurance to rebut plaintiff’s future medical expenses in part due to ACA, “the availability of such federally mandated available insurance options makes the prospect of future health insurance coverage for plaintiff anything but speculative” • Court NOT persuaded, holding “such evidence, standing along, is irrelevant to prove reasonably certain insurance coverage … because it has no tendency in reason to prove that specific items of future care and treatment will be covered, the amount that coverage, or the duration of that coverage.”

  16. Defense Counter to Leung v. Verdugo Hills Hospital, 2013 WL 221654 (CA. Ct. App. 2013)---------------------------------------------------------------- • Leung court failed to take into account ACA’s minimum coverage requirements • Under ACA, all plans will be required to meet certain minimum coverage standard • While there will be future variations above the minimum, all plan policies will maintain a certain required baseline • Jury should be able to consider an attack on life care plan that fails to take into account ACA’s minimum coverage

  17. Halsne v. Avera Health, 2014 WL 1153504 (D. Minn. 2014) • Issue: whether plaintiff’s future medical expense damage should be limited to projected payments of premiums and deductibles under ACA • Under Minn. collateral source doctrine, plaintiff can recover full damage regardless of whether plaintiff can recover some or all of his damages from a collateral source of payment, such as insurance • District Court held that any benefits received through the ACA do not provide a basis for reducing the potential award to plaintiff

  18. Issue: Each State’s Collateral Source Doctrine --- ex. FLORIDA No known case discussing ACA in Florida However, collateral source/Medicare cases shed light State Farm v. Joerg, 2013 WL 3107207 (Fla. 2d DCA 2013) • Earned (paid) vs. unearned (free) benefits • While it is true that the introduction of potential future Medicare benefits may be speculative to an injured plaintiff, Florida Supreme Court rejected this point. • Holding: admission of evidence of disabled person’s receipt of medical services under Medicare program in determining future damages would not violate common law collateral source rule

  19. State Farm v. Joerg, 2013 WL 3107207 (Fla. 2d DCA 2013) continued … • The availability of services under the [Medicare] program (including the risk of unavailability), as well as the costs and quality of such services, are relevant to the determination of the amount of future damages and relevant to assist jury in determining the reasonable cost of the plaintiff’s future care. The jury remains free to find that the publicly available services do not meet the plaintiff’s future needs.

  20. ACA Conclusion • Argue Mitigation, collateral sources and discovery of cost of care • Retain experts • Need to do more than just point to ACA – this strategy has already been rejected • Use ACA at mediation. Show which services/care are covered by ACA. • Evidence should show that future insurance coverage is reasonably certain • Link covered services with items/costs listed in plaintiff’s life care plan • Present reasonable basis that plaintiff reasonably certain to have coverage • Present grounds to establish with reasonable certainty the time period the ACA coverage will exist

  21. HIPAA – Are You in Compliance

  22. HIPAA – What is it? • Sets standards for confidentiality and privacy of individually identifiable health information • Applies to Covered Entities • Health plans • Health care clearinghouses • Health care providers that transmit health information electronically

  23. Protected Health Information “PHI” is health information from an individual that is created by: • Health care providers and clearinghouses • Health plans • Public health authorities • Employers • Life insurers • Schools or universities

  24. The Security Rule applies only to PHI that is transmitted or maintained electronically • Requires administrative, physical and technical safeguards to ensure confidentiality, integrity and security of PHI -------------------------------------------------------------------------------- • The Privacy Rule applies to PHI that is transmitted electronically, verbally or in written form • Requires safeguards to protect the privacy of PHI and set limits and conditions on the use and disclosure made without patient authorization • Can’t leave voicemail with patient’s family • Can’t discuss patient condition in waiting room • Computers of physician office visible to other patients in waiting room

  25. Allowed Disclosures • Covered entities are permitted to disclose PHI without authorizations for the purposes of: • Treatment: management of healthcare • Payment: reimbursement and benefits • Healthcare Operations: medical reviews, contracts, compliance, business planning, financial, and legal activities (45 CFR 164.501)

  26. States and HIPAA • HIPAA is a federal floor for patient protections and industry standards, each individual state maintains the ability to enforce laws which exceed those federal boundaries. • HIPPA requires the states to self-determine: • Which agencies meet the federal definition of a covered entity • Whether those entities are governed by state law, HIPAA, or other federal privacy laws.

  27. MYTH HIPAA does NOT apply to attorneys and law firms

  28. FACT All attorneys who work with PHI must comply with HIPAA and HITECH rules and must ensure that their subcontractors comply as well (45 CFR 160.102)

  29. Attorneys Representing Covered Entities • Attorneys are responsible for ensuring that others hired to assist in providing legal services to the covered entity will also safeguard the privacy of the PHI. • Includes joint counsel, jury consultants, experts, investigators, litigation support, etc. • ** Not responsible for opposing counsel even if PHI was disclosed to them because they are not assisting in representing the covered entity (45 CFR 164.504(e))

  30. Attorneys Representing Covered Entities • Business Associate Agreements are signed to provide that the attorney will ensure the “minimum necessary” standard of disclosure of PHI are consistent with those of the covered entity’s • Law firms must now have all subcontractors (ex. Experts) sign Business Associate Agreements when representing Covered Entities.

  31. Health Information Technology for Economic and Clinical Health (HITECH) Affects Privacy: • Covered entities and business associates will have to notify individuals of any security breach – sometimes the media will need to be notified as well. • Vendors of personal health records and other non-HIPAA covered entities will have to report security breaches • Determination of “unsecured” will be made by feds. • Encryption of electronic information and destruction of PHI will render is “unusable, unreadable, or indecipherable to unauthorized individuals” and will relieve the covered entity of the need to notify individuals in case of a breach

  32. HIPAA & HITECH • Law firms representing covered entities must comply with the Administrative, Technical and Physical Safeguards required by the Security Rule.

  33. Safeguards • Risk Analysis and Risk Management: assess potential risks to the confidentiality, integrity and availability of electronic PHI • Sanction Policy: against workforce members who fail to comply with security procedures • Security Awareness: training, incident responses & reporting • Contingency Plans, Data Backup Plan, Disaster Recovery Plans and Emergency Mode Operation Plans are required to protect electronic PHI from vandalism, natural disasters and other security incidents (45 CFR 164.308)

  34. Technical Safeguards • Electronic Access Integrity and Control • Unique user ID with time-outs and automatic log-off • Person or entity authentication • Emergency access procedure • Monitor I.T. systems containing PHI • Transmission security must include encryption and decryption

  35. Cloud Storage Compliant? • Dropbox – not HIPAA compliant/secure • iCloud – not HIPAA compliant/secure • Amazon S3 – not HIPAA compliant/secure • -------------------------------------------------------------------- • Google Drive – yes • Egnyte – yes • Symform - yes

  36. Enforcement • The Department of Health and Human Services (HHS) established rules for investigating, prosecuting, and imposing penalties for HIPAA Privacy Rule violations. • Tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision • Criminal violations fined up to $250,000 and up to 10 years in prison (enforced by Dept. of Justice) • HHS hired auditing firms to randomly audit covered entities and business associates for compliance

  37. Examples of Violations • Not verifying individuals by phone/person/writing • Faxing information to wrong fax number in error • Sending information to wrong email in error • Leaving detailed PHI on answering machine • Loss/theft of unencrypted drives/computers • Careless handling of user name and password • Sale of PHI to any source • Failure to secure confidential information • Allowing unauthorized person to enter area where PHI could have been viewed • Stolen laptop/records from backseat of car

  38. Violations and Enforcement

  39. Examples From 2009 – 2011, records breached for over 18 million patients Mass. General Hospital fined $1 million for loss of portable data on subway • BCBS Fined $1.5 million for loss of 57 unencrypted drives containing data of 1 million patients

  40. Value on Black Market • Credit Card #: $6 • I.D. (SS# and D.O.B.): $15 • Medical Chart/Records: $50

  41. Questions? Comments? Erik P. Crep Wicker, Smith, O’Hara, McCoy & Ford, P.A. 2800 Ponce de Leon Blvd, Suite 800 Coral Gables (Miami), FL 33134 (305) 448-3939 ecrep@wickersmith.com Stuart T. O’Neal, III Burns White 100 Four Falls, Suite 515 1001 Conshohocken State Road West Conshohocken (Philadelphia), PA 19428 (484) 567-5700 soneal@burnswhite.com

More Related