Sterilize Your Potential Liability

Is your business compliant with OSHA’s Bloodborne Pathogens Standard?

If you operate a business with employees that are exposed to blood or other potentially infectious materials (OPIM), your business is subject to OSHA’s Bloodborne Pathogens Standard (BPS) under the Code of Federal Regulations. In spite of its attempt to simplify these requirements on its online fact sheet, OSHA imposes a minefield of regulations for small to midsize businesses to navigate. This post provides a brief overview of the Bloodborne Pathogens Standard and what it means to your business.

Have an Updated Plan

All good businesses have a plan right? Well, OSHA adds to your plans by requiring an “exposure control plan.” 29 C.F.R. 1910.1030 (c)(1). Under this plan, employers must create a catalogue that classifies the employee positions in the company by the level of blood and OPIM exposure. 29 C.F.R. 1910.1030 (c)(2)(i)(A). Also, this plan must detail the tasks and procedures performed by each classification of employee that causes their exposure. 29 C.F.R. 1910.1030 (c)(2)(i)(C).

The Bloodborne Pathogens Standard not only requires the employer to have an exposure control plan but also requires that it be updated annually “to reflect changes in tasks, procedures, and positions that affect occupational exposure, and also technological changes that eliminate or reduce occupational exposure.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet.

In order to make these updates to the satisfaction of OSHA, the employer must also document in their plan that they both considered and begun using safer medical devices to minimize occupational exposure and engage with their employees “in identifying, evaluating, and selecting effective engineering and work practice controls.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet,  And we’re just getting started.

Don’t Discriminate

It is imperative under the Bloodborne Pathogen Standard that the precautions used to prevent an exposure incident are universal. 29 C.F.R. 1910.1030 (b). As OSHA explains, this means “treating all human blood and OPIM as if known to be infectious for bloodborne pathogens.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet.

Be Well Stocked With the Right Equipment

The Bloodborne Pathogen Standard requires the examination, maintenance, and routine replacement of “engineering controls.” 29 C.F.R. 1910.1030 (d)(2)(ii). What are engineering controls you ask? They are “controls . . . that isolate or remove the bloodborne pathogens hazard from the workplace” such as sharps disposal cleaners and self-sheathing needles among others. 29 C.F.R. 1910.1030 (b). In other words, take the garbage out on a regular basis. Employers must also provide appropriate personal protective equipment (PPEs) for employees with occupational exposure such as “gloves, gowns, laboratory coats, face shields or masks and eye protection, and mouthpieces, resuscitation bags, pocket masks, or other ventilation devices.” 29 C.F.R. 1910.1030 (d)(3)(i). These PPEs must be provided by the employer at no cost to its employees. Id.

Take Preventative and Remedial Measures

Hepatitis B vaccinations must be made available to all employees with occupational exposure after they have received training and within 10 working days of their initial assignment. 29 C.F.R. 1910.1030 (f)(2)(i). Should there be an exposure incident, you must “make available post-exposure evaluation and follow-up to any occupationally exposed worker who experiences an exposure incident.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet. The procedures the employer must follow after an exposure incident can become complicated with consent and health-related confidentiality issues regarding investigations of the source individual and the employee.

The requirements surrounding warning labels and signs communicating hazards are lengthy enough to warrant their own blog post. The main takeaway from the BPS requirements for labels and signs is this: Anything that comes into contact in any way with blood or OPIM must have a label or sign that warns against the dangers of exposure. As the Code of Federal Regulations states, warning labels must be affixed to “containers of regulated waste, refrigerators and freezers containing blood or other potentially infectious material; and other containers used to store, transport or ship blood or other potentially infectious materials. 29 C.F. R. 1910.1030 (g)(1)(i). There are also specific regulations relating to warning signs for all entry ways in HIV and HBV research laboratories and production facilities. See 29 C.F.R. 1910.1030 (g)(1)(ii).

This post only scratches the surface of OSHA’s Bloodborne Pathogens Standard. If you run a business that exposes its employees to blood and other potentially infectious materials, you must comply with these regulations under federal law. Operating a healthcare facility is no simple task even before considering regulations such as the Bloodborne Pathogens Standard. Protect your business and ensure you are complying with these detailed requirements.

For any questions, contact Matt Kinley.

California Physicians May Be Asked to Help with Assisted Suicide

PHYSICIANS CAN OPT OUT OF ASSISTED SUICIDE LAW

California was the most recent state to adopt the End of Life Option Act, codified at Health & Safety Code section 443. It basically allows a competent patient who has been diagnosed with a terminal illness to seek and obtain a prescription for the necessary drugs to be self administered.  The law is effective on June 9, 2016.

Aid-in-dying legislation has passed in Oregon, Washington, Vermont, and Montana.   Doctors in those states are permitted to prescribe drugs to terminal patients that they will use to end their lives.  The patients must meet certain requirements and undergo a set process to receive the medication.

California’s procedures, like the other states, seek to protect terminal patients from rash decisions or over-anxious relatives.  While patients may designate agents to make all sorts of health care decisions on the patient’s behalf, an agent is not able to request aid-in-dying drugs on behalf of a patient, and therefore these drugs cannot be requested through an advanced healthcare directive.

The  Act allows doctors, medical groups and hospitals to opt out of the law.    Most, if not all, religious hospitals are expected to reject the law.  Physicians are not required to prescribe life ending drugs to patients.  The California Medical Association dropped it’s opposition to the bill.  According to news reports, the state of California will pay for the costs of the drugs to be utilized.

According to the Act, the “aid-in-dying drug” means a “drug determined and prescribed by a physician for a qualified individual, which the qualified individual may choose to self-administer to bring about his or her death due to a terminal disease.”  The Act does not describe what the appropriate drug might be.

Health and Safety Code section 443.22 provides the physician with a checklist to be used if a patient seeks the end of life drug.  See, AttendingPhysicianChecklist

To summarize the requirements, in order for a person to seek aid-in-dying drugs, they must meet the following criteria:

  • The patient must be at least 18 years old
  • They must have capacity to make medical decisions
  • Diagnosed with a terminal illness by an attending AND consulting physician
  • The individual must voluntarily express the wish to receive the aid-in-dying drug
  • They must request the drug twice orally—such requests should be made 15 days apart
  • Must request by written request which is signed/dated and witnessed by two adults
  • Must be California resident (and provide proof of such residency)
  • Must have physical and mental ability to self-administer the drug
  • The decision must be confirmed that it is not due to coercion or undue influence
  • The attending physician must offer the qualified individual to withdraw or rescind the request

Upon filling the aid-in-dying prescription, the patient must complete a “Final Attestation for an Aid-in-Dying drug to End My Life in a Humane and Dignified Manner” form 48 hours prior to self-administering the drug.

Developments in the law should be closely monitored as it is likely that that state regulators may develop more detailed and specific standards when facing a terminal patient seeking end of life drugs.

By Matt Kinley, Esq.

COVERED CALIFORNIA TRANSITIONING TO VALUE PAYMENTS

HEALTHCARE PROVIDERS SHOULD PREPARE FOR END OF FEE FOR SERVICE PAYMENTS

Introduction

Medicare reimbursement has slowly changed from a system primarily based on fee for service to a system paying for treatment of a population.  Physicians and other providers who have relied on Medicare have seen payments reduced and general income levels decline as a result.

Covered California and Value Payments

Reinforcing the view that medical care can be less expensive if incentives are put in place for providers, Covered California has always promoted the utilization of value payments over fee for service for physicians and other healthcare providers.  They view it as a method to reward quality care and patient satisfaction, even though it is having the effect of reducing payments to providers, making medicine more corporate medicine and driving smaller practices out of business.  This has happened with similar Medicare reforms.

The Model QHP Contract

The Covered California Board has been considering its contract with Qualified Health Plans (“QHP”) for the coming years.  A review of the 2017 Qualified Health Plan Contract and Attachments shows that the Covered California Board is continuing its advance to reform payment models under the Healthcare Exchange.

The Qualified Health Plan Model Contract (“Model Contract”) is the agreement entered into between the Qualified Health Plans (“QHP”) and Covered California. The contract sets the terms for the QHP  operate under in order to participate in California’s healthcare exchange.  These contracts have become the major method by which Covered California promotes its major policy initiatives, such as appropriate healthcare networks and payment reform to healthcare providers.

The Model Contract specifically references federal policy on incentivizing quality by tying payments to providers by measuring performance. When providers meet specific quality indicators or enrollees make certain choices or exhibit behaviors associated with improved health, providers receive a higher level of payment.    Such policy requires quality reporting, care coordination; chronic disease management, patient-centered care, evidence based medicine and health information technology. (Quality Improvement Strategy: Technical Guidance and User Guide for the 2017 Coverage Year.)

Attachment 7 to the QHP Model Contract

Attachment 7 to Covered California 2017 Model Contract provides the meat of the policy.  According to Attachment 7, QHPs are to work with Covered California to create healthcare networks that are based on value.   By working with Covered California, all QHPs will share data which they have received from providers across the state.  The plan also contemplates meetings where best practices are discussed.

QHPs Must Select Healthcare Providers Who Are Utilizing Quality Measurements

Under Attachment 7, all plans must include “quality” measurements in the selection and utilization of providers, including “clinical quality, patient safety and patient experience and cost.” Covered California will carefully monitor the plans to assure that that  QHPs only contract with providers and hospitals that demonstrate quality care.

QHPs are to ensure that providers which are serving enrollees with conditions that require highly specialized management have “documented special experience and proficiency based on volume and outcome data.”   Attachment 7 further specifically requires the submission of the Consumer Assessment of Healthcare Providers and Systems, developed by the Agency for Healthcare Research and Quality.  The CAHPS requests information from the consumer experience, including:

  Asking about aspects of care for which a patient or enrollee is the best or only source of information.

  Asking about the aspects of care that patients say are most important.

  Asking patients to report on the health care they receive.

  Reflecting input from a broad spectrum of stakeholders, including patients, clinicians, administrators, accrediting bodies and policymakers.

Finally, Attachment 7 promotes the use of Patient-Centered Medical Homes as well as integrated care models, with quality and patient satisfaction as key data points; population-based care, including integrated care; utilization of electronic health record technology, including utilization of data for results management and clinical decision support and patient support.

2017 continues the trend toward value added care.  Physicians and other providers should start preparing practices for this new payment models if they intend to continue in medicine.

By Matt Kinley, Esq., a healthcare attorney in Long Beach, California.

 

 

INSURANCE COMPANIES SEEK TO DEFEAT THE SURGERY CENTERS

Various news organizations (for example, Law360) reported on Aetna’s jury verdict against Northern California surgery centers for over-billing the insurer for out-of-network procedures. The jury determined that the surgery center should pay $37.4 million in damages.  The complaint by Aetna included allegations that surgery centers waived patient co-pays and other fees, sales of shares to physicians (who received substantial ROI) in addition to the physician’s own fee for service and other “fraud.”

Other lawsuits with similar allegations are pending. United Healthcare Services has a complaint against several Bay Area ASC’s claiming the ASCs’ bills are artificially inflated, that the providers utilizes different charges for different patients (out-of-network charges being the highest), that the ASCs failed to disclose waiver of co-pays, and inappropriate incentives to physicians for referring patients to the ASC.

The insurers in these cases are attempting to utilize the courts to stop out-of-network billings, especially for ASCs.   The conduct they are complaining about is a common issue of our medical landscape.  Surgery centers are typically physician owned and tend not to have insurance with the typical plans that exist.  Physicians will often promote the ASC as providing superior service, especially compared with alternative medical centers and hospitals.  In order to encourage the patient to have procedures at a facility which does not accept their insurance, the physician and the ASCs will often assure the patient that they will seek reimbursement from the out-of-network insurance provider and that any service received will be at no cost to the patient.  Freed from in-network contracts, these facilities seek their “reasonable fees” from the insurer.

The current litigation will certainly lead to appeals and opinions by courts that will alter the legal landscape. The facts in the Aetna case appear to include evidence of communications between physicians encouraging referrals to the surgery centers, which would appear inflammatory to the jury.

 

However existing law does not appear to support the insurers claims.  For instance, the Accountable Care Act actually requires discounting co-payments for out-of-network emergencies. (“Any cost-sharing requirement expressed as a copayment or coinsurance rate imposed with respect to a participant, beneficiary, or enrollee for out-of-network emergency services cannot exceed the cost-sharing requirement imposed with respect to a patient, beneficiary or enrollee if the services were provided in network.” 45 C.F.R. 147.138.)  The California Attorney General that waiver of copayments for out-of-network insurance companies was appropriate.  (Dentists routine waiver of co-pay appropriate. 64 Ops. Cal. Atty. Gen. 782 (1981).) Discounts to encourage patient referrals is not impermissible. (People v. Duz-Mor Diagnostic Laboratory, Inc. (1998) 68 Cal. App. 4th 654.)  Likewise, it is legal for physicians to refer to surgery centers where they have a financial interest. (California Business Code section 650(d).)

Providers who routinely bill to out-of-network providers should monitor these cases closely. The Courts will be making ground-making decisions in this area in coming months.

By Matt Kinley, Esq, LL.M.  Mr. Kinley represents health care clients in Southern California.

Federal Court Rules CGL Policies Cover Data Breach

Insurance companies issuing commercial general liability (CGL) policies are undoubtedly taking note of a recent noteworthy, though unpublished, federal appeals court decision. In April 2016, a federal appeals court in Virginia upheld a lower court’s ruling that a CGL policy may cover a data breach. The decision centered on the interpretation of policy language that the court said should be construed broadly. The ruling will likely cause insurers to scrutinize coverage language more closely and revise future policy definitions.  For insureds, the decision should prompt a second look at policy language to determine whether a data breach arguably falls within the scope of coverage. The case, Travelers Indemnity Company of America v. Portal Healthcare Solutions, L.L.C. (https://www.scribd.com/doc/308033367/Travelers-v-Portal-Healthcare-Fourth-Circuit-Court-of-Appeals) (hereinafter referred to as “Portal Healthcare“), is at odds with other recent state court decisions.

 

The factual prompt for the suit was a class-action lawsuit brought by a patients of a hospital whose confidential medical records were publicly posted online by the hospital’s electronic record-keeping service, Portal Healthcare Solutions (“Portal”). Portal tendered the matter under the two separate but substantially identical CGL policies issued by Travelers.  In a declaratory relief action, Travelers argued data breach was not covered under the policies, but the District Court for the Eastern District of Virginia in Alexandria ruled that Travelers had a defense obligation under its Personal and Advertising Injury coverage section of the policies. The policies language obligated coverage because of an advertising or website injury arising from the “electronic publication of material that…gives unreasonable publicity to a person’s private life” or “the electronic publication of material that discloses information about a person’s private life.”

 

Travelers argued that the action of posting the medical records online was not a “publication” within the meaning of the policy because it could not be proven that the records were actually viewed by a third-party. The lower court and appellate court rejected this narrow and “pars[ing]” definition of publication.  The appellate court also held that the class-action complaint by the patients, “at least potentially or arguably alleges a publication of private medical information” and that the conduct if proven, would have given unreasonable publicity to and disclosed information about the patients’ private lives.  The court determined that any doubt in the meaning of the word “publication” should be interpreted in a manner that grants coverage rather than withholds it.

 

The lower court’s opinion distinguished a Connecticut case which ruled that a CGL policy did not cover the loss of computer tapes that contained personal information. See Recall Total Info. Mgmt. Inc. v. Fed. Ins. Co., 83 A.3d 664 (Ct. App. Conn. 2013).  In that case, computer tapes fell out of the back of a van, were taken by an unknown person, and never recovered. Id. at 667.  This fact pattern was distinguished because it involved a single thief and no allegation that the stolen information had been placed on the internet.  In the Portal Healthcare case, the court stressed that the facts alleged “potentially or arguably” constituted “publication.”

 

While insurers offer policies specifically addressing cyber liability and data breach, these policies can often be cost-prohibitive and/or scarce. Business owners should consult with their legal counsel to look closely at the terms of the business’ CGL policies to determine whether they may potentially or arguably cover data breaches. The exorbitant cost of defending a data breach lawsuit, especially a class-action suit, may justify a declaratory relief action against a CGL carrier to determine the claims trigger a defense obligation. All companies should evaluate their cyber risks and exposures to make an informed decision about whether cyber liability insurance coverage is worth it.  Despite the holding in Portal Healthcare, securing coverage for data breach incidents under a CGL policy is still an uphill battle.

 

Michael Hellbusch is a privacy and cyber liability attorney at TLDlaw. He is a member of the Sedona Conference’s Working Group 11 on Data Security and Privacy Liability and International Association of Privacy Professionals.

Los Angeles Medical Association: Navigating the Hornet’s Nest of Reimbursement

Matt Kinley Speaks to Los Angeles County Medical Association on March 23, 2016.  Contact Mr. Kinley at mkinley@tldlaw.com if your interested in attending.

photo

HHS TO CREATE NEW CYBERSECURITY REGULATIONS FOR HEALTH CARE

CONGRESS DIRECTS ACTION IN HEALTHCARE CYBERSECURITY

In December of 2015 Congress passed a 2000-page spending bill which was enacted into law. Included in the text was the Cybersecurity Information Sharing Act of 2015 (CISA). While that legislation received most of the headlines, the spending bill also implemented some major developments in the field of privacy for the healthcare industry. Section 405 of Title IV directs the Department of Health and Human Services (HHS) to develop best practices for organizations in the healthcare industry.

The legislation mandates HHS to report to Congress regarding the preparedness of the health care industry in responding to cybersecurity threats. This includes identifying the HHS official responsible for coordinating threat efforts and including plans on how HHS divisions communicate with one another regarding threats. Congress also mandated a one-year task force to plan a threat reporting system in real time, and to prepare a cybersecurity preparedness information for dissemination in the healthcare industry. Most notably, HHS has been directed to collaborate with other governmental entities and experts to establish a best practices standards specific to healthcare cybersecurity. The intent is to create an industry standard and cost-effective method to reduce cybersecurity risks for healthcare organizations.

Inclusion of Section 405 of the Cybersecurity Act of 2015 reinforces the federal government’s well-established priority of protecting personal health information. Protection is necessary because of the high value of personal health information on the black market. According to the The Insurance Journal, a complete health record containing a patient’s entire health profile can fetch as much as $500. The value is based on the ability of lawbreakers to fraudulently bill insurers for medical services. Compared to industries like the credit card payment industry—which has implemented its own cybersecurity standards—the healthcare industry is woefully behind in its efforts to protect valuable private information.

Healthcare facilities, both public and private, should stay ahead of HHS and develop their own internal policies, security measures, and best practices to protect confidential information of their patients. While guidance form HHS in the future will help establish industry standard best practices, healthcare providers should evaluate their cybersecurity needs and work with experts—attorneys, technologists, and governmental agencies—to stay ahead of the curve. Undoubtedly the attention given to healthcare cybersecurity in the next years will increase the scrutiny on healthcare providers who fail to meet industry standards.

TLD Law regularly advises healthcare industry clients in all aspects of their business practices. Questions regarding the healthcare industry and cybersecurity can be addressed to Matt Kinley and/or Michael Hellbusch.

PHYSICIAN ALIGNMENT WITH HEALTH CARE SYSTEMS

HEALTH CARE SYSTEMS SHOULD UTILIZE REAL ESTATE TO CAPITALIZE ON PHYSICIAN ALIGNMENT

Health care systems have recently increased acquisitions and joint ventures with physician groups in order to increase hospital exposure and revenue.  While regulations which limit referrals should be carefully considered and followed, some of the following real estate assets that hospital systems have can be utilized to attract new physicians.

Office Condo Projects:  Allows physicians to invest in projects on or near campus.

New Construction: Building new office buildings with an eye toward comprehensive care and alignment of patient experience.

Hosting New Clinics and facilities which promote the hospital community.

Key to complying with regulations is fair market value agreements and documentation. Both the hospital and physician should have appropriate legal representation to assure compliance.

By:  Matt Kinley, Esq.

 

 

OSHA GUNNING FOR MEDICAL PRACTICES

NEW GUIDE LINES BRING NEW RESPONSIBILITIES

The Occupational Safety and Health Act of 1970 requires employers to provide their employees with working conditions that are free from known dangers.  There are thousands of pages interpreting the meaning of that simple statement, including primarily what is a “known danger.”

For medical facilities, OSHA has attempted to provide guidelines for protecting healthcare workers from violence in the work place.  In OSHA: Guidelines for Preventing Workplace Violence for Healthcare Workers (2015) OSHA explores its expectations for organizations in complying with the obligation to provide a safe workplace and to prevent violence.  Many of the obligations are structural, that is, they provide for a system to protect against violence:  polices, training, work place evaluation, and documentation of an organizations efforts to complete these tasks.  Like HIPAA and Compliance, the solution to medical office problems are a new policy, a committee and training.

Along with this new resource comes a new obligation.  In an OSHA Instruction, OSHA reviews the inherent dangers in the healthcare setting and the higher rates of violence and injury in the healthcare setting.  It instructs it’s investigators to pay more attention to the healthcare setting utilizing its 2015 guidelines.

If you are a healthcare company, it makes sense to pay attention to these OSHA materials.  Even if you are not investigated by OSHA itself, it does set up a standard for behavior and a potential negligence suit should your facility suffer violence.

By Matt Kinley, Esq.

Fraud Alert Issued by OIG Puts Medical Directorships Under Suspicion

Make Sure Your Medical Directorship is Legal

HHS’s Office of Inspector General’s Fraud Alert issued in June of this year  puts an often-used tool for compensating physicians in the regulatory cross hairs. “Medical directorships,” or the payment of a physician for overseeing clinics or other medical services, will violate the Federal and state Anti-Kickback statutes if “even one purpose of the arrangement is to compensate a physician for his or her past or future referrals.”

Compensation arrangements between hospitals, physician groups and other medical providers that contemplate management or directorships by a physician should be carefully evaluated by competent counsel. OIG has said that it will be reviewing such arrangements with particular interest. If a violation is found, the result could include criminal, civil and regulatory fines, and exclusion from federal health care payment systems.

Some of the elements of an appropriate directorship or management position for a physician might include a written contract for at least a year with a salary that constitutes a fair market value for services actually provided. Such an agreement should be backed up by salary surveys or other documentation that the compensation is based on similar positions within the community.

By Matt Kinley, Esq.