Krieg · Devault - Attorneys At Law - Solutions, not obstacles® A Track Record of Legal And Business Solutions For Over 130 Years


Inside Krieg Devault
Professional Services
Meet Our Professionals
Careers at Krieg Devault
Diversity at Krieg Devault
Summer Associate Program
Firm News
Resource Center
Office Locations


Meritas Law Firms Worldwide
An alliance of business law firms offiering you the ability to access high quality legal service worldwide.

Krieg DeVault LLP
One Indiana Square, Suite 2800
Indianapolis IN 46204

(317) 636-4341
 Newsletters

Health Care Newsletter Header w/Line

October 2006

Dear Clients and Friends:  Several changes regarding health care regulation have occurred at the national and state level that should be brought to your attention.  Examples are:  CMS adopted a National Provider Identifier and standardized the 855 enrollment form, and Indiana implemented new legislation regarding computer security issues.  Below is a summary of recent changes in the laws and rules affecting providers.
 
Articles at a Glance
                                               
1)  DRA Requires Compliance by January 1, 2007 for Continued Medicaid Reimbursement
2)  CMS Standardizes the 855 Enrollment Form
3)  HHS Publishes Final Stark and Anti-kickback Rules Governing Hospital Technology Donations
4)  Proposed Amendments to Medicare Reassignment and Stark Regulations
5)  CMS Adopts National Provider Identifier Standard
6)  New State Laws Regarding Personal Information Stored in Computers


DRA Requires Compliance by January 1, 2007 for Continued Medicaid Reimbursement

On February 8, 2006, President Bush signed into law the Deficit Reduction Act of 2005 (“DRA”).  The DRA contains a specific provision that we believe is applicable to your organization.  Section 6032 of the DRA, entitled “Employee Education About False Claims Recovery,” makes compliance and education programs mandatory for entities that receive $5 million or more per year in Medicaid funds. 
 
Some of the education measures required under the DRA include establishing written policies regarding:  (a) The federal False Claims Act; (b) Administrative remedies for false claims and statements under the United States Code; (c) Indiana laws pertaining to civil or criminal penalties for false claims and statements; and (d) Whistleblower protections under Federal and Indiana law.  In addition, these policies and procedures must include the manner in which entities detect and prevent fraud, waste, and abuse.
 
Under the DRA, entities must be in compliance with the specific education measures by January 1, 2007.  According to Indiana’s approved State Plan under the Social Security Act, if an entity is not in compliance by this date, Medicaid and SCHIP reimbursement can be withheld until compliance is achieved.  Because of the broad nature of the new compliance mandates contained in the DRA, the compliance process can be time consuming.  If you have questions on such compliance matters, you may call Leah Mannweiler at (317) 238-6222 or Kristen Gentry at (317) 238-6288 for further information.


CMS Standardizes the 855 Enrollment Form

The Centers for Medicare and Medicaid Services (“CMS”) has issued a final rule on the 855 enrollment form to standardize enrollment requirements.  The final rule codifies the requirements for provider enrollment and continued participation in the Medicare program.  The effective date of the final rule is June 20, 2006.   
 
The final rule requires that upon initial enrollment, a provider or supplier must submit an appropriately completed CMS 855 enrollment form based on the type of provider or supplier enrolling.  Providers that have been participating in the Medicare program long enough to have never completed an 855 form would also be required to submit a completed 855 form.  The final rule also requires that the providers notify CMS of any changes to their enrollment information by filing the proper 855 form within 90 days of the change.   When a provider or supplier undergoes a change in ownership, the final rule also requires that an enrollment application be completed and submitted by both the current owner and the new owner prior to the completion of the ownership change. 
 
In addition, the final rule establishes a new revalidation process that will require every provider to resubmit an 855 form at least once every five years.  This revalidation process will ensure that CMS has complete, current information on file for all Medicare providers.  CMS also reserves the right to conduct on-site investigations as part of its enrollment validation and oversight activities for all providers.  Finally, as part of new signatory requirements, the 855 forms must be signed by an individual who has the authority to bind the provider, both legally and financially to all requirements.  For more information on the 855 requirements, you can call Andrea Brashear at.


HHS Publishes Final Stark and Anti-kickback Rules Governing Hospital Technology Donations

The Department of Health and Human Services (“HHS”) published a final rules on August 8, 2006 that will create new exceptions and safe harbors under Stark and the Anti-Kickback Statute.    You can view the final rule on the HHS Office Of Inspector Website at http://oig.hhs.gov/authorities/regulatory.html
 
The first rule establishes two (2) new exceptions under Stark which are considerably broader than the proposed rule published in October 2005.  The first exception establishes conditions under which hospitals (and other specified entities) may donate certain hardware, software or information technology and training services used for electronic prescribing to physicians.  The second exception establishes conditions under which entities may donate interoperable electronic health record (EHR) software, information technology and training services to physicians.  The second rule establishes two (2) new safe harbors under the Anti-Kickback Statute that permit the donation of certain technology and services related to electronic prescribing and EHR.
 
The Stark exception and Anti-kickback safe harbor regarding EHR donations provides protection for the donation of EHR software or technology and training services related to the creation, transmission, or receipt of EHR.  These protections do have limitations.  Some of the limitations include:  (1) the donated software must be certified as interoperable at the time of donation and must be able to perform e-prescribing functions; (2) the physician recipient cannot already possess software that has the ability to perform the same types of functions as the donated software; and (3) the physician recipient is required to pay fifteen (15) percent of the donor’s costs.     
 
Under the Stark exception and Anti-kickback safe harbor regarding e-prescribing donations, a hospital (or other specified entity) may donate hardware, software, internet connectivity, and training and support services directly related to the transmission and receipt of e-prescribing.  E-prescribing is not limited to prescription drugs, but it also includes other items and services normally ordered through a written prescription, such as durable medical equipment.
 
For more information on these new Stark exceptions and Anti-kickback safe harbors, please contact Thomas Hutchinson at (317) 238-6254.


Proposed Amendments to Medicare Reassignment and Stark Regulations
 
The Centers for Medicare & Medicaid Services (“CMS”) published the proposed 2007 Medicare Part B Fee Schedule [CMS-1321-P] on August 8, 2006.  You can access these materials on the CMS website at http://www.cms.hhs.gov/center/physician.asp.  The comment period ended October 10, 2006. 
 
There are two (2) important changes to the Medicare regulations buried within the proposed regulations:
 
1. To amend the contract arrangement exception to the reassignment prohibition, by including existing program integrity safeguards for both the “purchased test” and the “purchased test interpretation” exception; and
 
2. To amend the Stark regulations, specifically the “centralized building” definition, to include a minimum square footage requirement of 350 square feet, for purposes of the “in-office ancillary services” and “physician services” exceptions. 
 
If you have questions regarding the proposed amendments, please contact Tom Neal at (317) 238-6221 or Susan Ziel at (317) 238-6224.

CMS Adopts National Provider Identifier Standard
 
Effective May 23, 2007 (May 23, 2008 for small health plans), the National Provider Identifier (“NPI”) will be the only health care identifier that can be used in standard health care transactions by covered entities, including physicians and hospitals.  The NPI is a new, single identifier for use in standard electronic health care transactions, such as health care claims.  The NPI will replace different provider numbers currently used for different health plans. 
 
When the NPI system and national standards are in place, health care providers will be able to submit electronic health care transactions to any health plan in the United States using the NPI, thus eliminating the need to use different identification numbers with multiple health plans.  Health care providers, with the exception of organ procurement organizations, must obtain an NPI prior to enrolling in Medicare or before submitting a change to an existing enrollment application.  A health care provider may apply through a web-based application process, available at https://nppes.cms.hhs.gov.  Additional information regarding the NPI is available on the CMS NPI website, available at: http://www.cms.hhs.gov/nationalProvIdentStand/.  For more information on this program, call Susan Ziel at (317) 238-6224.


New State Laws Regarding Personal Information Stored in Computers
 
On July 6, 2006, two Indiana laws regarding security of personal information became effective.  These laws protect personal information by (1) imposing certain requirements upon any individual, company or other legal entity when discarding personal information and (2) requiring disclosure of any security breach of a computer containing personal information.  Because of the breadth of the application of the laws, most health care providers who maintain patient information in a computer database are affected by these laws. 
 
The laws define personal information as:  (1) Social Security number that is not redacted; (2) individual’s first and last names or first initial and last name; (3) driver’s license number; (4) state identification card number; (5) credit card number; (6) a financial account number or debit card number in combination with a security code, password, or access code that permits access to a persons’ account.
 
Under these laws, unencrypted or unredacted personal information must be disposed by shredding, incinerating, mutilating, erasing or otherwise rendering the information illegible or unusable.  The laws also require an entity to disclose a breach of the security of a system without unreasonable delay to any Indiana resident whose personal information was the subject of the breach.  Breach of the security of the system is defined as any unauthorized acquisition of computerized data (even if transferred to another medium – paper, microfilm, etc.) that compromised the security, confidentiality, or integrity of personal information.
 
Violation of these laws may result in an injunction, civil money penalties, or a civil infraction.
 

Krieg DeVault LLP Health Care Practice Group Members
 
Thomas R. Neal, Chair - (317) 238-6221 -  tneal@kdlegal.com
 
William R. Neale - (317) 238-6209 -  wneale@kdlegal.com
 
Paul F. Lindemann - (317) 238-6210 -  plindemann@kdlegal.com
 
Leah S. Mannweiler - (317) 238-6222 -  lmannweiler@kdlegal.com
 
Mark P. Canada - (317) 238-6229 -  mcanada@kdlegal.com
 
Elizabeth G. Russell - (317) 238-6236 -  erussell@kdlegal.com
 
Randall R. Fearnow - (317) 238-6279 -  rfearnow@kdlegal.com
 
John E. Chevigny - (317) 238-6214 -  jchevigny@kdlegal.com
 
Glenn T. Troyer - (317) 238-6223 -  gtroyer@kdlegal.com
 
W. Patrick Downes - (317) 238-6251 -  wdownes@kdlegal.com
 
David E. Jose - (317) 238-6211 -  djose@kdlegal.com
 
Robert A. Anderson - (317) 238-6255 -  randerson@kdlegal.com
 
Thomas N. Hutchinson - (317) 238-6254 -  thutchinson@kdlegal.com
 
James G. McIntire - (317) 238-6285 -  jmcintire@kdlegal.com
 
Susan E. Ziel - (317) 238-6244 -  sziel@kdlegal.com
 
Charles S. Coleman - (317) 238-6258 -  ccoleman@kdlegal.com
 
Julie A. Rosenwinkel - (317) 238-6291 -  jrosenwinkel@kdlegal.com
 
Jeffrey M. Monberg - (317) 238-6293 -  jmonberg@kdlegal.com
 
Kristen L. Gentry - (317) 238-6288 -  kgentry@kdlegal.com
 
Rebecca Biller Elmore - (317) 238-6352 -  relmore@kdlegal.com
 
Leeanne R. Coons - (317) 238-6269 -  lcoons@kdlegal.com
 
Leigh Ann Lauth O'Neill - (317) 238-6346 -  llauth@kdlegal.com


This newsletter is published by the law firm of Krieg DeVault LLP as part of our commitment to our clients.  Material contained herein is not to be considered legal advice to any particular person.  Each person's circumstances are unique and must be evaluated individually.  Competent legal counsel should be sought before taking any action in reliance upon the information contained in this newsletter.  The contents of this newsletter may not be reproduced, transmitted or distributed without the express written consent of Krieg DeVault LLP.

© 2006, Krieg DeVault LLP


Copyright 2008 Krieg Devault. All Rights Reserved. Disclaimer | Site Map