HHS Proposed Rule – electronic transactions and privacy rule enforcement action.
For horse racing aficionados, the phrase, “and they’re off” should ring a bell! One week into 2023 and attention is being placed on HIPAA and the HITECH Act.
First, on January 3, 2023, HHS-OCR announced another settlement under its Right of Access Initiative bringing the total resolutions to 43. There are three aspects of this $16,500 settlement for not providing patients their medical records in a timely manner which are notable:
Second, comments are being sought until March 21, 2023 regarding the Centers for Medicare & Medicaid Services (CMS)-issued proposed rule, Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard (CMS-0053-P). (87 Fed. Reg. 78438 (Dec. 22, 2022)). Although the primary purpose of this proposed is to implement requirements related to HIPAA and the Affordable Care Act (ACA), one area to note it the potential impact on Stark Law, Anti-Kickback Statute, and False Claims Act scrutiny because it proposes the adoption of“a modification to the standard for the referral certification and authorization transaction (X12 278) to move from Version 5010 to Version 6020.” Referrals are the sine qua non of scrutiny under the Stark Law, AKS, and FCA. Importantly, not all referrals are impermissible. Also, as stated on CMS’ website, “[a]ny provider who accepts payment from any health plan or other insurance company must comply with HIPAA if they conduct the adopted transactions electronically.”
Other key provisions of the proposed rule include the following:
HIPAA, cybersecurity, as well as enforcement of fraud, waste, and abuse laws, will remain a priority for HHS, the Department of Justice, and other government agencies in 2023. Compliance and risk management are essential to avoiding potential government investigations, adverse actions, and legal proceedings.
Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases.