Categories
Around the Web

Texas Small Businesses: Control Healthcare Prices and Regulate Hospital Consolidation

Will Maddox for D Magazine:

Consolidation is on the rise as well. According to research from Deloitte, the largest 10 healthcare systems in the U.S. control nearly a quarter percent of all hospitals. Between 2013 and 2018, the ten largest health systems saw revenue increase 82 percent from $505 billion to $918 billion, five times faster than the rest of the market.

Consolidation has been occurring since the 1990’s, and will likely continue as more hospitals struggle to stay profitable. Torch, an organization of rural and community hospitals, has some troubling statistics:

  • Texas leads the nation in rural hospital closures.
  • 26 Texas rural hospital closures (permanently or temporarily) have occurred in 22 communities since the beginning of 2010. Nationally, more than 120 rural hospitals have closed in the same time frame.
  • A Centers for Healthcare Quality and Payment Reform study estimates 76 rural Texas hospitals are at risk of closure and 12 rural Texas hospitals are at immediate risk of closing.
  • The closures are taking an economic toll on Texas as a rural hospital closure – on average – costs 170 jobs and an annual payroll of $22 million.
  • Closures have a ripple effect in the community reducing sales tax revenue to local government, reducing school student numbers driving down state payments to the local school, and hurting local businesses across the community.
Categories
Around the Web

FBI: Healthcare Hit with Most Ransomware Attacks of Any Critical Sector

More scary statistics related to ransomware attacks on healthcare providers. Nearly half (47%) of healthcare IT professionals said their organizations experienced a ransomware attack in the past two years, up from 43% in 2021, according to a survey released by the Ponemon Institute

Ill-prepared providers must make the hard choice to pay or not to pay. The consequences can be devastating.

Ron Southwick, writing for Chief Healthcare Executive:

The Lehigh Valley Health Network in eastern Pennsylvania disclosed a ransomware attack last month, and said it would not pay. Lehigh Valley said a gang known as BlackCat, which has ties to Russia, launched the attack. The health network said this month that the ransomware group posted photos of cancer patients on the dark web, according to WPVI-TV in Philadelphia and other media outlets.

Categories
Around the Web

Ophthalmology Practice Agrees to Pay Over $2.9 Million to Settle Kickback Allegations

From the Eastern District of Texas:

Ophthalmology provider group, Arlington Ophthalmology Association, P.L.L.C. d/b/a Kleiman Evangelista Eye Centers (“K&E”), with offices located in Arlington, Dallas, Plano, Southlake, Mount Pleasant, and Gun Barrel City, Texas, has agreed to pay $2,902,505 to resolve False Claims Act allegations that it offered and paid kickbacks to optometrists to induce referrals of patients who were candidates for cataract surgery in in violation of the False Claims Act and Anti-Kickback Statute, announced Eastern District of Texas U.S. Attorney Brit Featherston.

This is a great example of how business practices common in other industries do not work in healthcare. Even if Medicare was not involved, Texas’ Patient Solicitation Act prohibits “offering to pay or agreeing to accept anything of value to secure or solicit a patient or patronage for or from a licensed professional.” It is called an “All-Payor” statute, meaning a violation is not limited to referrals for services paid by government health programs

Categories
Around the Web

DOJ Continues to Eye Clinical Researchers

Jonathan Porter, writing for Healthcare Law Insights, highlights several types of fraud associated with medical research and clinical trials: Clinical trial fraud, grant fraud, and failure to disclose ties to foreign governments, are all types of fraud associated with medical research and clinical trials. The Department of Justice, through it’s consumer protection branch, has become more interested in this type of fraud, which will necessarily impact researchers, including universities and research hospitals:

What is clear from these cases is that universities and hospitals must be aware that they have liability if their employees commit fraud or make false statements. Investing in a robust compliance program to root out fraud is critical, in order to both reduce False Claims Act risk and to save institutional reputation. Contact your Husch Blackwell attorney today with questions.

Categories
Around the Web

Safety vs. Hospitality: A Healthcare Dilemma

The root problem is our society is mentally sick. Violence is the symptom. All the security in the world won’t stop someone who is intent on hurting others. Any solution must address the problem.

Will Mattox, writing for D Magazine:

But the issue seems to be getting worse. The American Hospital Association says that 44 percent of nurses experienced physical violence, and 68 percent experienced verbal abuse during the pandemic. Given the rise of violence in the workplace in healthcare settings, one might expect these facilities to be as secure as a sporting event or airport, with metal detectors at every entrance, guests and staff asked to empty their pockets while being searched, and visible security forces throughout the facility.

But herein lies the growing tension in healthcare, especially around hospital operations and design. Healthcare leaders don’t want their facilities to feel like locked-down institutions. Walking into a new hospital these days is more likely to feel like entering the lobby of a luxury hotel with engaging art, attractive light fixtures, natural light, and multiple seating areas. A metal detector, security guard with a wand, or other deterrents might ruin the ambiance medical centers want to exude.

Categories
Around the Web

If the Government Cut Medicare Fraud, It Wouldn’t Have to Cut Medicare

From Merrill Matthews, writing for The Hill:

The point is that if the federal government were better at preventing Medicare and Medicaid fraud, the programs could save perhaps $100 billion a year or more. While that wouldn’t solve Medicare’s long-term financial challenges, it would certainly help delay the day of reckoning.

While no one defends the fraud, many politicians and bureaucrats don’t seem that interested in trying to fix it. Indeed, when Republican state legislators propose verifying state Medicaid rolls to ensure recipients are qualified, Democrats usually push back.

What’s clear is that there is a way to cut Medicare without hurting Medicare patients, and that’s to cut the fraud. But it’s much less work, and perhaps more politically rewarding, to just attack political opponents.

Most people would agree that Medicare fraud should be stopped, but that’s easier said than done. Medicare’s Prospective Payment System (PPS) is part of the problem. They pay first and ask questions later. By that time, the money is long gone.

The federal waste, fraud, and abuse laws are also complicated. Many well-meaning providers do not understand them. There is growing support for revamping the Anti-Kickback Statute.

Categories
Around the Web

Is Dropbox HIPAA Compliant?

A lot of my healthcare clients use Dropbox. Many assume, incorrectly, that it is HIPAA compliant. I am generally concerned with any service that declares itself to be HIPAA compliant. Like many services, Dropbox can be used in a HIPAA compliant manner, but the burden rests on the user, not on Dropbox.

From Samuel Okoruwa, writing for Cloudwards:

Dropbox offers health organizations a secure way to store sensitive files. It’s not HIPAA compliant in itself, but relies on the user to use it in HIPAA-compliant ways. 

Health organizations that use Dropbox to upload medical information bear the greater responsibility of protecting this information by issuing Dropbox a contract called a business associate agreement and correctly configuring their accounts. 

Health organizations can take steps to correctly configure their accounts by limiting health information access to only authorized users, monitoring user activity and evaluating third-party apps.

Categories
Around the Web

Exploring Data De-Identification in Healthcare

From Health IT Analytics:

Adequately de-identifying healthcare data is critical for health systems, payers, and other stakeholders to ensure HIPAA compliance. However, the advent of newer technologies, such as artificial intelligence (AI) and connected devices, has created questions about ensuring patient privacy while enabling data sharing and access to improve care and drive medical breakthroughs.

At its most basic, de-identification refers to the principle of being unable to re-identify a person based on the information in their medical record, which often involves removing or hiding information such as the individual’s name, date of birth, gender, or address.

Beyond this basic level of de-identification to obscure explicitly personal information, healthcare stakeholders need to be aware of additional information and levels of identifiability to protect patient information.

Many people misunderstand de-identification. Certainly, the patient’s name and other unique identifiers should be removed. But there is also identification inherent in the pattern of care, the diagnosis, prescriptions, and other characteristics which can be used to re-identify specific patients, especially when there is a known dataset.

“In other words, there are additional safeguards and controls that go beyond the mere extraction of personally identifiable information,” [Suraj Kapa, MD] said. “So fine, you eliminate the medical record number, you eliminate the name, you eliminate the address, you eliminate all this other stuff from individual records. However, say you’re running a large analytic function across, say, the US, on patients with a specific type of cancer and trying to understand what we call social determinants of health.”