HIPAA Privacy in Emergency Situations0

iStock_000019241379SmallThis State Bar of California Health Law E-Bulletin was published on November 19, 2014.

In response to concerns about the spread of Ebola Hemorrhagic Fever, the United States Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) issued a bulletin clarifying the ways in which the HIPAA Privacy Rule applies in emergency situations. Designed to protect the privacy rights of patients’ protected health information (“PHI”), OCR is mindful that in certain events health care providers must balance privacy rights with the need to protect the nation’s public health. The Privacy Rule provides for certain exceptions on a daily basis:

*  The Privacy Rule permits covered entities to share patient information without authorization when it is necessary to treat the patient (or to treat different patients).

*  Public health authorities and other parties responsible for ensuring public health and safety have access to PHI. This includes possible disclosure to a public health authority, at the direction of a public health authority, or to individuals at risk of contracting or spreading a disease or condition.

Read more →

Medicare’s Hospital Readmissions Reduction Program0

statebarlogo

This November 10, 2014, e-Bulletin is from the Health Law Committee of the Business Law Section of the California State Bar.

In its third year, Medicare’s Hospital Readmissions Reduction Program (“RRP”) penalized hospitals for certain excess readmissions, including those relating to acute myocardial infarction (AMI), heart failure (HF), pneumonia (PN), total hip arthroplasty (THA) and total knee arthroplasty (TKA). On October 1, 2014 (the beginning of the new fiscal year for the federal government), the total amount for which a hospital may be penalized increased to 3 percent (up from 2 percent in fiscal year 2014 and 1 percent in fiscal year 2013). In addition to the increased penalty, this year Medicare also introduced four new measures for inclusion in the Hospital RRP: (1) coronary artery bypass grafts (CABG) surgery; (2) chronic obstructive pulmonary disease (COPD); (3) percutaneous coronary intervention (PCI); and (4) other vascular conditions.

For 2015, the formula employed by CMS to calculate the readmissions penalty is:

Aggregate payments for excess readmissions =

[(sum of base operating DRG payments for AMI) x (Excess Readmission Ratio for AMI-1)] + [(sum of base operating DRG payments for HF) x (Excess Readmission Ratio for HF-1)] + [sum of base operating DRG payments for PN x (Excess Readmission Ratio for PN-1)] + [(sum of base operating DRG payments for COPD) x (Excess Readmissions Ratio for COPD-1)] + [(sum of base operating DRG payments for THA/TKA) x (Excess readmissions Ratio for THA/TKA-1)].

Aggregate payments for all discharges = sum of base operating DRG payments for all discharges. Ratio = 1 – (Aggregate payments for excess readmissions/Aggregate payments for all discharges.) Readmission Adjustment Factor for 2015 is the higher of the ratio or 0.9700, all of which is based on claims data from July 1, 2010 to June 30, 2013.

In California, 223 hospitals (64 percent) were penalized, with the average penalty being 0.41 percent. By comparison, 307 hospitals nationwide lost the maximum amount (1 percent) of their patient reimbursements in fiscal year 2013, and only 18 hospitals lost the maximum amount (2 percent) in fiscal year 2014. This year, 39 hospitals will receive the largest penalty (3 percent).  A complete listing of hospital results for fiscal year 2014–2015 is available at this link (courtesy of Kaiser Health News).

California’s Annual Data Breach Report0

statebarlogoThis November 7, 2014, e-Bulletin is from the Health Law Committee of the Business Law Section of the California State Bar.

In the October 2014 California Data Breach Report, Attorney General Kamala D. Harris offers a number of recommendations to protect the 38 million consumers in California, the same state where 17 percent of 2012 data breaches in the United States occurred and with a 28 percent increase in 2013. Some key findings from the AG’s report include:

  • In 2013 the AG’s Office received 167 data breach reports.
  • The retail industry reported the most breaches in 2013 (26 percent). Health care made up for 15 percent of statewide breaches in 2013.
  • More than half of the 2013 breaches (53 percent) were caused by computer intrusions (malware and hacking). The remaining breaches resulted from physical loss or theft of laptops or other devices containing unencrypted personal information (26 percent), unintentional errors (18 percent) and intentional misuse by insiders (4 percent).
  • Between 2012 and 2013, lost or stolen hardware or portable media containing unencrypted data made up the majority of breaches in the health care sector (70 percent).

Read more →