Rapid Fire
-
Upload
derek-finch -
Category
Documents
-
view
46 -
download
0
description
Transcript of Rapid Fire
Rapid FireAffordable Care Act and
HIPAA – Are You In Compliance?
Erik P. Crep Stuart T. O’Neal Wicker, Smith, O’Hara, McCoy & Ford, P.A. Burns White Miami, Florida Philadelphia, Pennsylvania
New Approaches to Attacking Damages Affordable Care Act
What is ACA? Adopted by Congress on March 23, 2010 Held constitutional by U.S. Supreme Court in National
Federations of Independent Business v. Sebelius, 132 S.Ct. 2566 (2012)
Provides that all persons in the U.S. be afforded health insurance, regardless of their health or financial situation
Act contains 5 essential components designed to improve access to health care and health care insurance benefits:
1. The individual mandate2. Minimum essential benefits3. Guaranteed issue requirement 4. The employer mandate5. Tax credits and subsidies
Individual Mandate Requires every applicable individual to obtain minimum coverage or
pay a penalty. 26 USC § 500 A(a) – (e). Supreme Court upheld the law, calling it a tax (but the challenges continue) Therefore, argument is that it is not a collateral source because it is a tax Limitations on deductibles by federal law. In 2014 that maximum amount if
$6,350.00 for individuals, $12,700 for families. 26 USC § 1302(b) Plaintiffs have a duty to mitigate their damages Duty to mitigate combined with the individual mandate means the Plaintiff
by law must buy insurance and by case law has a duty to mitigate damages.
Defense argument is that the Defendant can pay for the health insurance to allow the Plaintiff to A. Comply with the law B. Get insurance C. Get insurance with a limitation per year of $6,350.00. D. Pre-existing conditions are covered – no policy exclusions
Defense argument is to be liable for the out of pocket deductible, the annual premium and any increase in the premium and co-payments.
Essential Health CoverageAll qualified plans are required to provide minimum
essential coverage and must include:
26 USC § 1302(b) Ambulatory patient services Emergency Room Hospitalization Maternity and Newborn Care Mental Health and Substance Abuse Prescription Drugs Lab Services Preventable Wellness Care and Chronic Disease Management Pediatric Services
Guaranteed Issue Requirement
Under Act – no pre-existing exclusion No lifetime caps Can be limitations but depends on plan selected. In Florida we
have Catastrophic Florida Blue Platinum 90% of actuarial level Gold 80% of actuarial level Silver 70% of actuarial level Bronze 60% of actuarial level
Each State offers a blend of services, goods and coverage depending on the premium cost. Physical therapy, occupational therapy and speech and rehab are examples of covered services. Must check each State’s exchange for delineated services covered. Cheaper to buy insurance, calculate the out of pocket maximum and increase in premium than to pay for life care plan.
Collateral Source RuleTraditional application to prohibit reference to “collateral
sources” such as Insurance, Medicare and MedicaidThis Rule is the biggest obstacle to reducing damages
for future medical costs for private health insuranceChallenges to Collateral Source Rule Application under
ACA1. Future payments have to be “reasonable and necessary.”
Introduction goes to “reasonableness” and refutes life care plan/economic estimates.
2. Individual mandate premised on a tax via Supreme Court3. ACA will apply to future payments – not past amounts.4. Any award will enable Plaintiff to purchase health insurance
which is “affordable”.
Collateral Source Rule continued
General Justification for No Offset vs. ACAEnforced principle that tortfeasor pays for the
consequences of their actionsTortfeasors should not receive windfall of less or
no damages based on benefits paid by a 3rd party
In the past, courts were reluctant to “reward” tortfeasors because of plaintiff’s foresight to purchase insurance – this foresight has been replaced with legal obligation to obtain insurance
Mitigation of DamagesPlaintiff not entitled to recover damages for
harm that he/she could have avoided by use of reasonable effort or expense
Precludes recovery of unreasonably excessive expenses incurred in response to a tort
All plaintiffs must take reasonable measures/effort to minimize damages
Expert Witnesses for the DefenseNeed experts on available plans and services
implemented by each State and available to patientNeed expert to opine on the annual increase of the
premium and the set out of pocket maximumAttach plaintiff’s life care plan with this alternative and
demonstrate many services are provided by insuranceExperts to consider:
Economist Insurance person Life expectancy expert
Experts to explain the benefits of the ACA to the Plaintiff
Billed vs. Negotiated Insurance Rate
Large difference between what is billed vs. what insurance carriers actually pay
As much as 8-10 x’s higher
Prior to ACA, less that 5% of patients paid a provider’s “billed” rates.
“Attack” on DefenseDefine damages, assessment of future medical
damages.Defendants must ensure Plaintiffs establish
future damages (burden of proof) Future damages need be reasonably certain to be
sustained or occur in the futureFuture medical costs are “medically reasonable
and necessary”Damages to compensate the patient or “make
them whole” – not to punish the defendant
Cases: The Good, the Bad and the Ugly
Good Cases
Bad/Ugly Cases Leung v. Verdugo Hills Hospital, 2013 WL 221654 (CA. Ct. App.
2013) Med. Mal case with future medical expenses Hospital argued on appeal that it should have been permitted to
introduce evidence of Plaintiff health insurance to rebut plaintiff’s future medical expenses in part due to ACA, “the availability of such federally mandated available insurance options makes the prospect of future health insurance coverage for plaintiff anything but speculative”
Court NOT persuaded, holding “such evidence, standing along, is irrelevant to prove reasonably certain insurance coverage … because it has no tendency in reason to prove that specific items of future care and treatment will be covered, the amount that coverage, or the duration of that coverage.”
Defense Counter to Leung v. Verdugo Hills Hospital, 2013 WL 221654 (CA. Ct. App. 2013)----------------------------------------------------------------
Leung court failed to take into account ACA’s minimum coverage requirementsUnder ACA, all plans will be required to meet
certain minimum coverage standardWhile there will be future variations above the
minimum, all plan policies will maintain a certain required baseline
Jury should be able to consider an attack on life care plan that fails to take into account ACA’s minimum coverage
Halsne v. Avera Health, 2014 WL 1153504 (D. Minn. 2014)
Issue: whether plaintiff’s future medical expense damage should be limited to projected payments of premiums and deductibles under ACA
Under Minn. collateral source doctrine, plaintiff can recover full damage regardless of whether plaintiff can recover some or all of his damages from a collateral source of payment, such as insurance
District Court held that any benefits received through the ACA do not provide a basis for reducing the potential award to plaintiff
Issue: Each State’s Collateral Source Doctrine --- ex. FLORIDA
No known case discussing ACA in FloridaHowever, collateral source/Medicare cases shed lightState Farm v. Joerg, 2013 WL 3107207 (Fla. 2d DCA 2013)• Earned (paid) vs. unearned (free) benefits• While it is true that the introduction of potential future
Medicare benefits may be speculative to an injured plaintiff, Florida Supreme Court rejected this point.
• Holding: admission of evidence of disabled person’s receipt of medical services under Medicare program in determining future damages would not violate common law collateral source rule
State Farm v. Joerg, 2013 WL 3107207 (Fla. 2d DCA 2013) continued …
The availability of services under the [Medicare] program (including the risk of unavailability), as well as the costs and quality of such services, are relevant to the determination of the amount of future damages and relevant to assist jury in determining the reasonable cost of the plaintiff’s future care. The jury remains free to find that the publicly available services do not meet the plaintiff’s future needs.
ACA ConclusionArgue Mitigation, collateral sources and discovery of cost of
careRetain expertsNeed to do more than just point to ACA – this strategy has
already been rejectedUse ACA at mediation. Show which services/care are covered
by ACA. Evidence should show that future insurance coverage is
reasonably certain Link covered services with items/costs listed in plaintiff’s life
care plan Present reasonable basis that plaintiff reasonably certain to have
coverage Present grounds to establish with reasonable certainty the time
period the ACA coverage will exist
HIPAA – Are You in Compliance
HIPAA – What is it?Sets standards for confidentiality and privacy of
individually identifiable health informationApplies to Covered Entities
Health plansHealth care clearinghousesHealth care providers that transmit health
information electronically
Protected Health Information “PHI”
is health information from an individual that is created by: Health care providers and clearinghousesHealth plansPublic health authorities Employers Life insurersSchools or universities
The Security Rule applies only to PHI that is
transmitted or maintained electronically Requires administrative, physical and technical
safeguards to ensure confidentiality, integrity and security of PHI
--------------------------------------------------------------------------------The Privacy Rule applies to PHI that is transmitted
electronically, verbally or in written formRequires safeguards to protect the privacy of PHI and
set limits and conditions on the use and disclosure made without patient authorizationCan’t leave voicemail with patient’s familyCan’t discuss patient condition in waiting roomComputers of physician office visible to other patients in
waiting room
Allowed DisclosuresCovered entities are permitted to disclose
PHI without authorizations for the purposes of: Treatment: management of healthcarePayment: reimbursement and benefitsHealthcare Operations: medical reviews,
contracts, compliance, business planning, financial, and legal activities
(45 CFR 164.501)
States and HIPAAHIPAA is a federal floor for patient protections
and industry standards, each individual state maintains the ability to enforce laws which exceed those federal boundaries.
HIPPA requires the states to self-determine: Which agencies meet the federal definition of a
covered entityWhether those entities are governed by state law,
HIPAA, or other federal privacy laws.
MYTHHIPAA does NOT apply to attorneys and law firms
FACTAll attorneys who work with PHI must comply with HIPAA and HITECH rules and must ensure that their subcontractors comply as well
(45 CFR 160.102)
Attorneys Representing Covered Entities
Attorneys are responsible for ensuring that others hired to assist in providing legal services to the covered entity will also safeguard the privacy of the PHI. Includes joint counsel, jury consultants, experts,
investigators, litigation support, etc. ** Not responsible for opposing counsel even if PHI
was disclosed to them because they are not assisting in representing the covered entity
(45 CFR 164.504(e))
Attorneys Representing Covered Entities
Business Associate Agreements are signed to provide that the attorney will ensure the “minimum necessary” standard of disclosure of PHI are consistent with those of the covered entity’s
Law firms must now have all subcontractors (ex. Experts) sign Business Associate Agreements when representing Covered Entities.
Health Information Technology for Economic and Clinical Health
(HITECH) Affects Privacy:Covered entities and business associates will have to
notify individuals of any security breach – sometimes the media will need to be notified as well. Vendors of personal health records and other non-HIPAA
covered entities will have to report security breachesDetermination of “unsecured” will be made by feds. Encryption of electronic information and destruction of
PHI will render is “unusable, unreadable, or indecipherable to unauthorized individuals” and will relieve the covered entity of the need to notify individuals in case of a breach
HIPAA & HITECHLaw firms representing covered
entities must comply with the Administrative, Technical and Physical Safeguards required by the Security Rule.
SafeguardsRisk Analysis and Risk Management: assess potential
risks to the confidentiality, integrity and availability of electronic PHI
Sanction Policy: against workforce members who fail to comply with security procedures
Security Awareness: training, incident responses & reporting
Contingency Plans, Data Backup Plan, Disaster Recovery Plans and Emergency Mode Operation Plans are required to protect electronic PHI from vandalism, natural disasters and other security incidents
(45 CFR 164.308)
Technical SafeguardsElectronic Access Integrity and Control
Unique user ID with time-outs and automatic log-off
Person or entity authenticationEmergency access procedureMonitor I.T. systems containing PHITransmission security must include encryption
and decryption
Cloud Storage Compliant? Dropbox – not HIPAA compliant/secureiCloud – not HIPAA compliant/secureAmazon S3 – not HIPAA compliant/secure --------------------------------------------------------------------Google Drive – yesEgnyte – yes Symform - yes
EnforcementThe Department of Health and Human Services
(HHS) established rules for investigating, prosecuting, and imposing penalties for HIPAA Privacy Rule violations.Tiered ranges of increasing minimum penalty
amounts, with a maximum penalty of $1.5 million for all violations of an identical provision
Criminal violations fined up to $250,000 and up to 10 years in prison (enforced by Dept. of Justice)
HHS hired auditing firms to randomly audit covered entities and business associates for compliance
Examples of Violations Not verifying individuals by phone/person/writing Faxing information to wrong fax number in error Sending information to wrong email in error Leaving detailed PHI on answering machine Loss/theft of unencrypted drives/computers Careless handling of user name and password Sale of PHI to any source Failure to secure confidential information Allowing unauthorized person to enter area where PHI could
have been viewed Stolen laptop/records from backseat of car
Violations and Enforcement
HIPAA Violation Minimum Penalty Maximum PenaltyIndividual did not know (and by exercise of reasonable diligence would not have known) that he violated HIPAA
$100/violation, annual maximum $25,000
$50,000/violation, annual max of $1.5 million
Violation due to reasonable cause and not due to willful neglect
$1,000/violation, annual maximum $100,000 for repeat violation
$50,000/violation, annual max of $1.5 million
Violation due to willful neglect but violation corrected w/in required time
$10,000/violation, annual maximum $250,000 for repeat violation
$50,000/violation, annual max of $1.5 million
Violation due to willful neglect and not corrected
$50,000/violation, annual maximum of $1.5 million
$50,000/violation, annual max of $1.5 million
Examples
From 2009 – 2011, records breached for over 18 million patients
BCBS Fined $1.5 million for loss of 57 unencrypted drives containing data of 1 million patients
Mass. General Hospital fined $1 million for loss of portable data on subway
Value on Black Market Credit Card #: $6I.D. (SS# and
D.O.B.): $15Medical
Chart/Records: $50
Questions? Comments?Erik P. Crep
Wicker, Smith, O’Hara, McCoy & Ford, P.A.
2800 Ponce de Leon Blvd, Suite 800
Coral Gables (Miami), FL 33134
(305) 448-3939
Stuart T. O’Neal, III Burns White
100 Four Falls, Suite 515
1001 Conshohocken State Road
West Conshohocken (Philadelphia), PA 19428
(484) 567-5700