The United States Department of Justice (“DOJ”) has intervened in a False Claims Act (“FCA”) case against a Florida compounding pharmacy, Diabetic Care Rx, LLC d/b/a Patient Care America (“PCA”), and, in an unexpected move, named PCA’s private equity sponsor and controlling shareholder, Riordan, Lewis & Haden, Inc. (“RLH”), as a co-defendant. The DOJ complaint accuses PCA, RLH and two PCA officers/directors (who were also RLH partners) of overseeing a kickback scheme which DOJ alleges induced referrals that resulted in TRICARE paying over $68 million for medically unnecessary compound drug prescriptions. DOJ alleges the illegal scheme was designed by RLH.

Continue Reading DOJ Adds Private Equity Firm to False Claims Act Complaint

As most healthcare providers know, HIPAA requires that covered entities or business associates  conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate.[1] Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis.
Continue Reading Top 5 Reasons to Conduct a Thorough HIPAA Security Risk Analysis

Image copyright Catherine Lane 2015My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose that you resolve now to become fully HIPAA compliant in 2016.

OCR delivered an early holiday gift, wrapped in the Director’s Sept. 23, 2015, report to the Office of Inspector General. In that report, she disclosed that OCR will launch Phase 2 of its HIPAA audit program in early 2016, focusing on noncompliance issues for both covered entities and business associates.

So, grab that cup of hot cocoa and peruse this review of 2014-2015 HIPAA enforcement actions, which should help identify noncompliance issues on which OCR will focus in 2016.
Continue Reading HIPAA compliance: another year older, but hopefully not deeper in debt

medical-filesiStock_000020182957_LargeThe state of Georgia reached a civil settlement agreement on April 23, 2015, with Grady Health System based on allegations that Grady incorrectly coded claims for neonatal intensive care unit (NICU) patients, resulting in overpayments by Georgia Medicaid. For more details, read the Georgia Attorney General’s press release announcing the settlement.
Continue Reading Grady Health System to pay over $2.9 million to settle claims of alleged inflated Medicaid NICU billing

Due diligence is often perceived as a mundane part of the mergers & acquisitions (M&A) process, but its importance in healthcare transactions is critical. Due diligence is one of the first steps of any transaction and involves a buyer undertaking an in-depth examination of the target to evaluate the business and uncover potential issues or liabilities. In the healthcare industry, diligence is especially important considering the heavy regulation of the industry, the unique areas of risk, and the significant liabilities that could be imposed upon a buyer if issues and liabilities are not identified before the transaction closes.
Continue Reading Unique Considerations in Healthcare M&A Part 1 – Due Diligence

In the Electronic Health Records (EHR) space, unconnected and competing systems carry the potential for organizational train wrecks.

Until robust, efficient, and mandatory interoperability standards emerge, providers should consider linking systems through other means, as failure to do so may lead to malpractice and regulatory compliance issues.

A new White Paper, Driving the Golden Spike:

Hopefully all of our nursing home clients know by now that CMS and the OIG have psychotropic drug use by nursing home residents on their radar.  A recent case filed by the Department of Justice (DOJ)  raises another concern that nursing homes may not have considered.  A Chicago psychiatrist was charged with violating the False

On September 25, 2012, two members of the Husch Blackwell Healthcare team, Brian Bewley and David Pursell, presented a webinar discussing:

  • An overview of Stark
  • Stark overpayment reporting requirements
  • Steps to take after discovering a potential Stark violation

As former Senior Counsel in the Office of Inspector General for Health and Human Services and

With the passage of the ACA, the voluntary nature of compliance programs is about to change. Smaller healthcare organizations and other ancillary providers who have previously not established compliance programs will now be required to adopt formal programs.  The ACA mandates providers and suppliers participating in federal health care programs to implement compliance programs with “core elements” as a condition of enrollment.

The HHS Secretary is responsible for setting a timeline to implement the new “core elements” for each health care sector and then setting a timeline for providers to adopt compliance programs.  Details regarding the extent of the program have not yet been described or published.  Skilled nursing facilities are the first providers required to implement an effective compliance program by March 23, 2013.

Our Insight.  Your Advantage.  By doing the work now, healthcare organizations can get ahead and avoid surprises when HHS eventually publishes the mandatory compliance program rules for other healthcare sectors. Many in the healthcare industry anticipate the OIG’s voluntary compliance program guidance will serve as an example to HHS as it determines which compliance program elements shall be required.  As you prepare your compliance programs, 

Continue Reading What Healthcare Organizations can do to Prepare for the Mandatory Compliance Condition of Enrollment