The FDA, in conjunction with other administrative agencies, has released a new report that describes its strategic plan for regulating health IT devices. The report suggests three different categories of health IT, based on the risks associated with each type. The lowest-risk category is administrative health IT functions. This includes software for admissions, scheduling, and practice management. The FDA has indicated that health management health IT functions pose a slightly higher risk. These include clinical decision support and medication management tools. Finally, the FDA identified medical device health IT functions, such as robotic surgical control and computer-aided detection software, as high risk areas.
The FDA has indicated that it will focus its attention on medical device health IT functions, and does not see a need for further regulatory oversight over the other two areas at this time.
Microsoft’s recent announcement that it will stop providing support for its Windows XP operating system could cause an increased HIPAA risk to certain medical providers. HIPAA generally requires medical providers to adequately safeguard its protected health information. One effect of Microsoft’s decision is that it will no longer be helping to ensure that users of XP are secure from new forms of hacking and malware. Therefore, medical providers using XP are at an increased risk of being attacked and possibly violating HIPAA. To help prevent this, medical providers using Microsoft XP should ensure that their anti-virus software and firewalls are current while beginning to look into upgrading its operating systems.
The implementation deadline for ICD-10 has been delayed to at least October 1, 2015. Congress has previously pushed back the deadline several times, most recently to October 1st, 2014. The law provides that the implementation date may not be prior to October 1st, 2015, leaving open the possibility of it being further extended. President Obama signed the bill into law on April 1st, 2014.
How the Affordable Care Act will affect your business depends, in part, on the size of your business. If you are a business that has 50+ employees then you have certain requirements regarding proving health insurance or paying a penalty. If you are an employer who has less than 50 employees, there are some tax credit opportunities available to you if you do provide health insurance to your employees.
HIPAA was enacted to protect the privacy of an individual’s health information. The vast majority of HIPAA requirements apply to covered entities and business associates. A covered entity is an organization that transmits or produces protected health information. A business associate is an organization that carries out the functions of covered entities or otherwise receives health information from covered entities, for example, a billing company.
If you are a covered entity or business associate then you are subject to the HIPAA Privacy Rule which governs the use and disclosure of protected health information. You are also subject to the HIPAA Security Rule which governs how health information should be safeguarded.
Even if your company is not a covered entity or business associate there are certain aspects of HIPAA that you should be aware of. If your company offers employment benefit plans or health plans or otherwise has health information on your employees, then you should make sure that this information is not disclosed without the express permission of the employee. You should also make sure that this information is safeguarded and not allowed to be accessed by unauthorized personnel.
Finally, you should check state law as states are allowed to supersede certain parts of HIPAA and apply them towards your business.
The Centers for Medicare and Medicaid Services has recently released a website designed to help health care practice owners implement ICD-10. The website can be located at http://www.roadto10.org. The website provides a basic overview of ICD-10, an FAQ section, and sample form documents.
The compliance deadline for ICD-10 is currently slated for October 1, 2014.
The federal anti-kickback statute makes it a crime, punishable by going to jail and monetary penalties, for receiving a payment or kickback in exchange for referring someone for Medicare or Medicaid service. So, for example, if you start referring patients who are on Medicare to a physician, that physician can’t buy you meals, give you gift cards or write you a check in exchange for doing that. Often times this statute comes up as interplay between doctors and other doctors or hospital systems or therapists or other medical professionals but it really applies to everyone. There are a lot of exceptions and safe harbors to the anti-kickback statute that you need to read very carefully and make sure that you fully cover in your agreements and your operations to avoid doing something that seems simple but could be a felony.
A bipartisan Congressional group introduced a new bill that would drastically change physician compensation. The SGR Repeal and Medicare Provider Payment Modernization Act would repeal the SGR and provide for flat payment increases of .5% per year until 2018. At that point, payment would shift to an incentive-based structure.
The proposed incentive-based structure, called MIPS, consolidates the PQRS measures, Meaningful Use requirements, and the Value-Based Payment Modifier. By doing so, the bill hopes to enable an orderly transition to an alternative, value-based payment structure. However, the proposal does not address funding, which may be a difficult sticking point between the parties. Analysts estimate that the cost of repealing the SGR would be between $100 billion and $250 billion over the next ten years.
The Affordable Care Act requires covered health plans to offer certain features. However, under the Act, certain “excepted benefits” are exempt from those requirements. Under new proposed rules, the government seeks to expand the scope of excepted benefits.
The proposed rules make it easier for employers to offer limited dental or vision benefits. Previously, for these benefits to be excepted, an employer had to require employees to pay an additional premium. The proposed rules remove that requirement. They also make it easier for employers to offer “wrap around” coverage. This coverage gives employees who cannot afford their employer’s plan some additional coverage if they get insurance elsewhere. Finally, they would treat employee assistance programs as an excepted benefit, starting in 2015. This may make it easier for employers to offer additional health benefits to their employees.
In response to mounting pressure from Congress and trade groups, CMS has announced that it will delay the Meaningful Use Stage 2 deadline by one year. As a result, Stage 2 will be extended through 2016. Eligible professionals who have completed two years of Stage 2 by 2016 can attest to Stage 3 beginning in 2017. CMS plans to release proposed Stage 3 rules in 2014.
CMS has not yet released rules that explain how the Stage 2 delay works. However, this delay presents a variety of opportunities for providers. Eligible professionals may wish to use the extended timeline to explore alternative EHR providers. Additionally, the extended timeline may give eligible professionals the chance to decide on alternate menu objectives. However, eligible professionals who are already ready to attest to Stage 2 should stay on track with their current plans. This will enable them to attest to Stage 3 as early as possible.