HIPAA AUDITS COMING IN 2015

January 6, 2015 at 1:42 pm | Posted in Department of Public Health, ePHI, Health and Human Services, HIPAA | Leave a comment
Tags: , , , ,

The Office of Civil Rights  in the Department of Health and Human Services has announced that, among other entities such as healthcare providers, it will audit approximately 100 employer sponsored health plans and 50 business associates in 2015. It is reported that:

  • Covered entities and business associates will have two weeks following receipt to respond to the initial data requests. OCR will not consider data submitted late.
  • OCR will conduct audits remotely through “desk audits.” Desk audits will be made using an updated audit protocol which OCR has not yet made available.
  • Audit participants will not have an opportunity to provide clarifications or supplemental information after responding to the initial data request.

Within 60 days following their submissions, audit participants will be presented with a draft version of OCR’s final report for review prior to publication. If your health plan has access to an employee’s protected health information (PHI), at a minimum, the following should be done:

  • Adopt written HIPAA policies and procedures addressing the HIPAA privacy, security, and breach notification rules;
  • Designate a HIPAA privacy official and a HIPAA security official;
  • Conduct a detailed analysis of the risks and vulnerabilities of electronic PHI;
  • Train those members of your workforce who have access to PHI.
  • Identify any HIPAA Business Associates, make sure you have a HIPAA Business Associate agreement with them and alert them to your expectations of them in regards to safekeeping your plan’s PHI

 

 

U.S. Supreme Court to Hear Challenge to ACA Exchanges and Subsidies on March 4th

December 30, 2014 at 10:00 am | Posted in Affordable Care Act | Leave a comment
Tags: , , , ,

The U.S. Supreme Court will hear oral arguments on March 4th in the matter of David King et al. vs. Sylvia Burwell. The case examines whether the provisions in the ACA that created the public exchange system and the premium subsidy tax credits allow the federal exchanges (As opposed to state-run exchanges) run by the U.S. Department of Health and Human Services offer access to the tax credits and premium subsidies. The challengers assert that the ACA only permits state-based exchanges to offer the tax credits.

The 4th U.S. Circuit Court of Appeals ruled 3-0 in July on the King case that the ACA is so unclear that it does not indicate whether the HHS-run exchanges can offer the subsidies or tax credits but that another provision gives the HHS secretary the right to resolve ambiguous exchange program provisions.

The D.C. U.S. Circuit Court of Appeals ruled on the same day, however, in a similar case, Halbig et al. vs. Burwell et al., that the ACA’s statutory text clearly makes the subsidies available only through state-based exchanges. Notwithstanding the difference of opinions in the legal camps, there is a strong consensus that should the Supreme Court side with the D.C. Circuit Court of Appeals, the ACA’s exchanges and premium subsidy structure could unravel, and with it the penalties associated with the employer mandate. A decision is expected by late June 2015.

Massachusetts: New $254 Million Health Exchange Website is working

November 18, 2014 at 2:30 pm | Posted in Affordable Care Act, Health and Human Services, Health Care, Health Insurance Marketplace, HHS, Medical, Wellness | Leave a comment
Tags: , , , , , , , , , ,

by Steve LeBlanc, Associated Press

BOSTON (AP) — Massachusetts officials are reporting a successful weekend launch of the state’s revamped health insurance website, but cautioned of possible “hiccups” in the system with expected heavier traffic during the week.

Officials said Monday that in the first two days of the new federal open enrollment period, nearly 5,000 eligible people were immediately registered for state Medicaid coverage.

Nearly 7,000 others were able to complete the process of determining eligibility for plans that comply with the federal Affordable Care Act. They still need to review those insurance plans, choose one, and make their first month’s premium payment.

The successful rollout was in sharp contrast to a year ago, when a failed health exchange forced the state to place hundreds of thousands of residents into temporary Medicaid coverage and led to a costly overhaul of the website. The website woes were also an embarrassment for the state that provided a blueprint for the federal health care law.

Maydad Cohen, a special assistant to Gov. Deval Patrick, said Monday that the new website has proven stable and reliable — handling more than 57,000 visitors over the first two days of open enrollment.

“During the weekend we saw excellent performance of the website,” Cohen told reporters Monday. “We had a very successful, very exciting weekend.”

Of the nearly 7,000 people deemed eligible to obtain insurance through the state’s health insurance exchange during the weekend, about 3,600 individuals and families already have selected a plan and 137 already have paid their first month’s premium, state Health Connector officials said.

Those numbers will continue to climb as more people sign up for insurance.
Hundreds of call representatives also are assisting those looking to sign up for coverage, having trouble with the website or are unsure how to use it.

Cohen said one of the main reasons for high call wait times is that many of those seeking one-on-one help want to go through the entire application on the phone, something that can take 45 minutes or more per application.

Cohen urged those seeking to sign up for coverage to try the website first.

As a result of the previous website troubles, the state ended up putting more than 400,000 individuals into temporary subsidized insurance programs, including MassHealth, the state’s Medicaid program.

Secretary of Health and Human Services, John Polanowicz said between 175,000 and 225,000 of those were expected to enroll in new coverage, including through MassHealth.

Polanowizc said the number is lower than the 400,000 because of what he called the natural “churn” of subsidized care, with individuals losing their eligibility because they’ve found a job that offers insurance, or have obtained health care through a spouse, or have moved out of state.

Dec. 23 is the deadline to ensure coverage that starts on Jan. 1. Fixing the website hasn’t been cheap. The original cost of Massachusetts’ website was estimated at $174 million. That has jumped to $254 million.

DOL Issues Compliance Guidance for Plans Contemplating Reducing Contraception Coverage in Wake of Hobby Lobby

August 5, 2014 at 11:18 am | Posted in Affordable Care Act, Department of Labor, ERISA, Health and Human Services | Leave a comment
Tags: , , , , , , , , , , , ,

On July 17th the DOL, in reaction to the Supreme Court’s recent decision in Hobby Lobby, released FAQ guidance reminding employers and plan sponsors that ERISA requires them to disclose any type of contraception exclusion in their Summary Plan Description and to utilize a Summary of Material Modification if they are contemplating removing the benefit from their current plan. The guidance follows.

Set out below is an additional Frequently Asked Question (FAQ) regarding implementation of the Affordable Care Act. This FAQ has been prepared by the Departments of Labor, Health and Human Services (HHS), and the Treasury (collectively, the Departments). Like previously issued FAQs (available at http://www.dol.gov/ebsa/healthreform/), this FAQ answers a question from stakeholders to help people understand the law and benefit from it, as intended.

Disclosure with respect to Preventive Services

Q: My closely held for-profit corporation’s health plan will cease providing coverage for some or all contraceptive services mid-plan year. Does this reduction in coverage trigger any notice requirements to plan participants and beneficiaries?

Yes. For plans subject to the Employee Retirement Income Security Act (ERISA), ERISA requires disclosure of information relevant to coverage of preventive services, including contraceptive coverage. Specifically, the Department of Labor’s longstanding regulations at 29 CFR 2520.102-3(j) (3) provide that, the summary plan description (SPD) shall include a description of the extent to which preventive services (which includes contraceptive services) are covered under the plan. Accordingly, if an ERISA plan excludes all or a subset of contraceptive services from coverage under its group health plan, the plan’s SPD must describe the extent of the limitation or exclusion of coverage. For plans that reduce or eliminate coverage of contraceptive services after having provided such coverage, expedited disclosure requirements for material reductions in covered services or benefits apply. See ERISA section 104(b)(1) and 29 CFR 2520.104b-3(d)(1), which generally require disclosure not later than 60 days after the date of adoption of a modification or change to the plan that is a material reduction in covered services or benefits. Other disclosure requirements may apply, for example, under State insurance law applicable to health insurance issuers.

HHS Releases Report on HIPAA Security, Breach Notification and Enforcement

June 12, 2014 at 9:16 am | Posted in Health and Human Services, HIPAA | Leave a comment
Tags: , , , , , , , , ,

Earlier this week the Office of Civil Rights for HHS submitted to Congress its most recent reports on HIPAA security, breach notification and enforcement. In regards to “lessons learned”, the following summary from the compliance report will underscore to health plans and those responsible for securing PHI of all of the steps they need to take:

  • Risk Analysis and Risk Management. Ensure the organization’s security risk analysis and risk management plan are thorough, having identified and addressed the potential risks and vulnerabilities to all ePHI in the environment, regardless of location or media. This includes, for example, ePHI on computer hard drives, digital copiers and other equipment with hard drives, USB drives, laptop computers, mobile phones, and other portable devices, and ePHI transmitted across networks.
  • Security Evaluation. Conduct a security evaluation when there are operational changes, such as facility or office moves or renovations that could affect the security of PHI, and ensure that appropriate physical and technical safeguards remain in place during the changes to protect the information when stored or when in transit from one location to another. In addition, conduct appropriate technical evaluations where there are technical upgrades for software, hardware, and websites or other changes to information systems to ensure PHI will not be at risk when the changes are implemented.
  • Security and Control of Portable Electronic Devices. Ensure PHI that is stored and transported on portable electronic devices is properly safeguarded, including through encryption where appropriate. Have clear policies and procedures that govern the receipt and removal of portable electronic devices and media containing PHI from a facility, as well as that provide how such devices and the information on them should be secured when off-site.
  • Proper Disposal. Implement clear policies and procedures for the proper disposal of PHI in all forms. For electronic devices and equipment that store PHI, ensure the device or equipment is purged or wiped thoroughly before it is recycled, discarded, or transferred to a third-party, such as a leasing agent.
  • Physical Access Controls. Ensure physical safeguards are in place to limit access to facilities and workstations that maintain PHI.
  • Training. Ensure employees are trained on the organization’s privacy and security policies and procedures, including the appropriate uses and disclosures of PHI, and the safeguards that should be implemented to protect the information from improper uses and disclosures; and ensure employees are aware of the sanctions and other consequences for failure to follow the organization’s policies and procedures.

A copy of the HHS HIPAA reports can be found here:

2011 – 2012 Report to Congress on the Breach Notification Program

Report to Congress on Privacy Rule and Security Rule Compliance

HHS Releases Simple and Informative Health Insurance Coverage Options for Graduating College Students

June 5, 2014 at 10:29 am | Posted in Health and Human Services | Leave a comment
Tags: , , , , , , , , , ,

HHS released a simple and informative menu of health insurance coverage options for graduating college students.

College students and recent graduates have several options for finding coverage in the Health Insurance Marketplace.

1. Special Enrollment Periods for College Grads

2. Medicaid and CHIP coverage

3. Coverage on a parent’s plan

4. Catastrophic coverage

IRS Says Employer Payment Plan for Marketplace Individual Coverage Triggers $36,500 per Employee per Year Penalty

May 27, 2014 at 3:25 pm | Posted in Affordable Care Act, Health Insurance Marketplace, IRS | Leave a comment
Tags: , , , , , , , , , ,

Last week the IRS released the FAQS below which are intended to disincent employers from directing employees to a Marketplace/Exchange with the promise of reimbursing the employee for any premiums used for Exchange coverage since the “employer payment plan” is considered a “group health plan” that violates the ACA group health plan reforms.   Note that the first FAQ concludes:

“Consequently, such an arrangement fails to satisfy the market reforms and may be subject to a $100/day excise tax per applicable employee (which is $36,500 per year, per employee) under section 4980D of the Internal Revenue Code.”

Employer Health Care Arrangements

Q1. What are the consequences to the employer if the employer does not establish a health insurance plan for its own employees, but reimburses those employees for premiums they pay for health insurance (either through a qualified health plan in the Marketplace or outside the Marketplace)?

Under IRS Notice 2013-54, such arrangements are described as employer payment plans. An employer payment plan, as the term is used in this notice, generally does not include an arrangement under which an employee may have an after-tax amount applied toward health coverage or take that amount in cash compensation. As explained in Notice 2013-54, these employer payment plans are considered to be group health plans subject to the market reforms, including the prohibition on annual limits for essential health benefits and the requirement to provide certain preventive care without cost sharing. Notice 2013-54 clarifies that such arrangements cannot be integrated with individual policies to satisfy the market reforms. Consequently, such an arrangement fails to satisfy the market reforms and may be subject to a $100/day excise tax per applicable employee (which is $36,500 per year, per employee) under section 4980D of the Internal Revenue Code.

Q2. Where can I get more information?

On Sept. 13, 2013, the IRS issued Notice 2013-54, which explains how the Affordable Care Act’s market reforms apply to certain types of group health plans, including health reimbursement arrangements (HRAs), health flexible spending arrangements (health FSAs) and certain other employer healthcare arrangements, including arrangements under which an employer reimburses an employee for some or all of the premium expenses incurred for an individual health insurance policy.

DOL has issued a notice in substantially identical form to Notice 2013-54, DOL Technical Release 2013-03, and HHS will shortly issue guidance to reflect that it concurs with Notice 2013-54. On Jan. 24, 2013, DOL and HHS issued FAQs that addressed the application of the Affordable Care Act to HRAs.

HHS Claims that Quality Improvements and the Affordable Care Act Saved 15,000 Lives and $4 Billion in Health Spending During 2011 and 2012

May 7, 2014 at 10:43 am | Posted in Affordable Care Act, Health and Human Services, Health Care, Medical, PPACA, Regulations | Leave a comment
Tags: , , , , , , , , ,

HHS announced today that new preliminary data show an overall 9% decrease in hospital acquired conditions nationally during 2011 and 2012. National reductions in adverse drug events, falls, infections, and other forms of hospital-induced harm are estimated to have prevented nearly 15,000 deaths in hospitals, avoided 560,000 patient injuries, and approximately $4 billion in health spending over the same period.

HHS claims that the Affordable Care Act is also helping reduce hospital readmissions. After holding constant at 19% from 2007 to 2011 and decreasing to 18.5% in 2012, the Medicare all-cause 30-day readmission rate has further decreased to approximately 17.5% in 2013. This translates into an 8% reduction in the rate and an estimated 150,000 fewer hospital readmissions among Medicare beneficiaries between January 2012 and December 2013.

A complete copy of the HHS announcement can be found here: http://www.hhs.gov/news/press/2014pres/05/20140507a.html

Failure to Secure PHI and Two Stolen Laptops Results in $1,975,220 in HIPAA Violation Fines

April 23, 2014 at 1:25 pm | Posted in Compliance, ePHI, Health and Human Services, HIPAA, Regulations | Leave a comment
Tags: , , , , ,

The HHS Office of Civil Rights (OCR) announced that is has levied $1,975,220 in HIPAA fines against Concentra Health Services and QCA Health Plan Inc. for their failure to encrypt PHI stored on two laptops that were stolen.

Both Concentra and QCA, who self reported the stolen laptops, had undergone a HIPAA risk analysis and were aware…but did nothing…to secure the PHI stored on the laptops. The Concentra laptop was stolen from an employee’s office. The QCA laptop was stolen from an employee’s car. Concentra was fined $1,725,220 and QCA was fined $250,000.

“Covered entities and business associates must understand that mobile device security is their obligation,” said Susan McAndrew, OCR’s deputy director of health information privacy. “Our message to these organizations is simple: encryption is your best defense against these incidents.”

A copy of the HHS OCR press release is here:
http://www.hhs.gov/news/press/2014pres/04/20140422b.html

March 31 Exchange Open Enrollment Deadline Extended With Appeal and Honor System

March 26, 2014 at 9:19 am | Posted in Health Insurance Exchanges | Leave a comment
Tags: , , , , , , , ,

The Washington Post is reporting today that the Obama administration will extend the March 31 open enrollment deadline for people who say they tried to sign-up for coverage on the new healthcare exchanges but failed to complete the process on time. “Open enrollment ends March 31,” Health and Human Services spokeswoman Joanne Peters said in an email Tuesday evening. “We are experiencing a surge in demand and are making sure that we will be ready to help consumers who may be in line by the deadline to complete enrollment – either online or over the phone.” Those that tried to sign up, but missed the March 31 deadline, can appeal for an extension that will allow them to complete the enrollment process into mid-April. An official said the rule change would apply to only a “limited number of situations.” However, the Washington Post report says the appeals process will run on the “honor system,” and that consumers need only claim they tried to sign-up before the deadline to be granted an extension.

Next Page »

Blog at WordPress.com.
Entries and comments feeds.