6 Compliance Trends That Will Affect Physician Practices in 2015

January 5, 2015 – In The News
Medical Practice Compliance Alert
Michael Kline and Elizabeth Litten were quoted in the Medical Practice Compliance Alert article, “6 Compliance Trends That Will Affect Physician Practices in 2015.” Full text can be found in the January 5, 2015, issue, but a synopsis is below.

Your medical practice faces several compliance challenges this year, with a greater emphasis on issues relating to newer treatment models and billing error rates, and no let up on HIPAA. Here's a rundown of what you can expect in 2015:

Expect even more HIPAA and related enforcement activities in 2015.

Providers will not see a reprieve in this area. Breaches of patient and consumer data continue to proliferate; the tremendous publicity that some breaches have received, such as the hacking of Home Depot and Sony, will create more pressure on HHS' Office for Civil Rights (OCR) to enforce HIPAA breaches, says Michael Kline. "It's very personal to people when their health data is filched; it's creepy," he points out. Practices also should expect increased enforcement from the Federal Trade Commission enforcing consumer protection laws and the Food and Drug Administration protecting the integrity of medical devices, even though those agencies don't have the same standards and clear regulations that OCR does to enforce HIPAA, warns Elizabeth Litten.
Additionally, expect more private litigation using HIPAA compliance as the standard of care, even though HIPAA does not give patients the right to sue for violations. The November 2014 ruling in the Connecticut Supreme Court allowing HIPAA's requirements as the standard of care in a state breach of privacy lawsuit will spawn copycat lawsuits using HIPAA the same way for state breach of privacy, negligence and other causes of action (MPCA 12/8/14). "HIPAA won't preempt these state claims," warns Kline.

Practices and business associates will refine their agreements, all as they come under more scrutiny.

Many practices and their business associates scrambled to sign business associate agreements, often using model forms from OCR and professional societies, to ensure that they had them in place by the September 2013 effective date — and for those who needed only to update an existing agreement, September 2014. But covered entities and business associates now are negotiating the language in those agreements and customizing them to their individual needs, such as choice of law and indemnification requirements, says Kline.

One provision that practices may see more of in newer business associate agreements is one that would allow a business associate that deals with large amounts of data — such as a cloud electronic health records vendor — to use the practice's de-identified patient data for the business associates' own uses. An industry is developing around the aggregation of data for purposes such as research or predicting patient outcomes, and some business associates are moving to capitalize on that data and use it or market it to others. Practices will need to determine whether they want to grant business associates such permission to use the data that way, says Litten. The business associate activities also will be under the microscope. The permanent HIPAA audit program, slated to begin in 2015, is expected to audit business associates as well as covered entities. Business associates' use of subcontractors also will be examined more carefully, especially those who use off-shore subcontractors, says Litten.

Regulators will start reviewing accountable care organizations (ACOs) as they become more operational and more patients obtain treatment through them.

For instance, while ACOs in CMS' Medicare Shared Savings Program don't have to comply with all of the Stark, anti-kickback and antitrust rules, they still need to comply with some of them and they have to comply with the program's own requirements, such as governance structure. State regulators also will look at ACOs, many of which don't participate in the Medicare Shared Savings Program, to determine how they're structured and whether they are an insurance risk or a payment risk, which can affect their licensing and compliance with state laws. "This will be on a state-by-state basis. There is inconsistency among states, and this area is rife with uncertainty," says Kline.

Telemedicine will take a jump forward.

More practices will use telemedicine as an adjunct to their operations to treat patients that can't come to the office, for translation services, to bring more specialized services into a setting and other uses. "The technology is getting better, and the National Association of Medical Boards has sent out guidance" that practices can use, says Litten. Payers also are grappling with how to reimburse for telemedicine. But be prepared for some road bumps, such as abuse of the service and quality-of-care issues.