Compliance Mentor - January 2016

Hospital Access Management - Hospital Case Management - Hospital Employee Health
Hospital Infection Control - Hospital Peer Review - Healthcare Risk Management
Case Management Advisor - IRB Advisor - Medical Ethics Advisor - Same-Day Surgery

CMS and the Revised Pharmacy Standards: What Every Hospital Should Know

CMS has issued a 45-page advance survey memo, which revises the hospital pharmacy conditions of participation (CoPs) in 2016.

The changes were made to bring the pharmacy interpretive guidelines into alignment with accepted standards of practice, such as the U.S. Pharmacopeia/National Formulary (USP/NF). CMS also recommends hospitals follow prescribed best practices, such as those from the American Society of Health System Pharmacists (ASHP) and the Institute for Safe Medication Practices (ISMP).

This CMS memo also amends Appendix A, which is the manual for larger hospitals, as well as provide for changes to 10 tag numbers or sections: 489, 490, 491, 492, 500, 501, 502, 505, 507, and 510.

These new interpretive guidelines address compounding medication, especially compounded sterile preparations (CSP).

Additionally, the CMS memo includes determining beyond-use dates (BUDs), changes regarding safe and appropriate storage and use of medications, and addresses tag number 405, which is located in the nursing section.

AHC Media is hosting a webinar to cover the revised pharmacy interpretive guidelines from 3:30-5:30 PM EST on Jan. 28. For more information about this event, please visit here.

The CMS Memo is available at: https://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Downloads/Survey-and-Cert-Letter-16-01.pdf.

The OIG Memo on Medicare’s Oversight of Compounded Pharmaceuticals Used in Hospitals, January 2015 OEI-01-13-00400, is available at: http://oig.hhs.gov/oei/reports/oei-01-13-00400.pdf.

---

FDA Cracks Down on Lab Tests That Lead to Bad Outcomes

The FDA issued a 39-page report in November, titled “The Public Health Evidence for FDA Oversight of Laboratory Developed Tests: 20 Case Studies,” which addresses bad outcomes that result from certain laboratory-developed tests (LDTs), which are increasingly important, considering their use can lead to a patient’s diagnosis and surgery.

Most laboratories that offer LDTs follow the Clinical Laboratory Improvement Amendments (CLIA) as well as the Food, Drug, and Cosmetic (FD&C) Act. However, the FDA generally has not used the FD&C Act to exercise enforcement.

Most laboratories that offer LDTs follow only the regulatory requirements of CLIA, which are intended to regulate the operations of laboratories, but are not specifically intended to regulate in vitro diagnostic devices. Some argue CLIA is sufficient enough, but the 20 tests the FDA identified as problematic were all laboratories that were in compliance with the CLIA regulations.

The FDA says the 20 LDTs it examined show, in the absence of compliance with FDA requirements, such products may have caused or have caused harm. False-positive tests led patients to believe they had non-existent conditions, resulting in unnecessary stress and unneeded treatment. Conversely, other LDTs were prone to false-negative results, in which patients did not receive proper diagnoses nor proper treatments to combat life-threatening diseases.

In the future, physicians can expect more FDA oversight for lab tests that are designed to examine tissue samples. This will further efforts to prevent using tests that can lead to adverse outcomes in patients, including misdiagnosis and unnecessary treatment. This may be crucial to ensuring patient safety.

The Public Health Evidence for FDA Oversight of Laboratory Developed Tests: 20 Case Studies, is available at: www.fda.gov/AboutFDA/ReportsManualsForms/Reports/ucm472773.htm.

The full report is available at: www.fda.gov/downloads/AboutFDA/ReportsManualsForms/Reports/UCM472777.pdf.

---

---

Guilty Pleas in Spinal Surgery Kickback Scheme

Five people, including the CFO of a Long Beach, CA, hospital, have been charged in connection to a long-running kickback scheme that involved thousands of illegal referrals and millions of dollars in fraudulent billings.

“Operation Spinal Cap” was a scheme to pay doctors kickbacks for referrals of orthopedic spinal procedures. Surgeons received $15,000 for each lumbar fusion surgery and $10,000 for each cervical fusion surgery. The hospital then billed worker compensation insurers. The alleged perpetrators racked up nearly $600 million dollars in fraudulent claims.

Federal prosecutors filed charges against Joseph Canedo, the CFO of Pacific Hospital in Long Beach, and two surgeons. Canedo was allegedly responsible for tracking the payments to the clinicians as well as calculating the number of patients and the amount of money received from the referrals.

One surgeon, Dr. Mitchell Cohen, agreed to plead guilty to filing a false tax return since he did not include the kickbacks as income. Dr. Phillip Sobol, an orthopedic surgeon, and chiropractor Alan Ivar have agreed to plead guilty after receiving monthly retainers for a decade to refer patients to Pacific Hospital. Sobol faces a federal prison term of up to 10 years while Cohen, Canedo, and Ivar face up to 5 years under their plea agreements.

The Justice Department has recovered billions of dollars in healthcare fraud cases and shows no signs of slowing down. The Pacific Hospital case illustrates the importance of employing an effective compliance department and compliance officer, as well as the fact that individuals accused of participating in illegal schemes may be held criminally responsible and sent to prison for violation of the false claims provision.

For more information about this case, please visit: http://www.justice.gov/usao-cdca/pr/five-people-including-two-doctors-charged-kickback-schemes-involving-nearly-600-million.

---

HIPAA Settlement Reinforces Lessons for Users of Medical Devices

It is safe to say that the government has taken off the kid gloves regarding HIPAA penalties. One only has to review the Office of Civil Rights (OCR) press releases and website to see the substantial fines levied for HIPAA violations over the last two years.

For example, Lahey Hospital and Medical Center in Burlington, MA, has agreed to pay $850,000 for such a violation. The hospital has also agreed to a resolution agreement and risk management plan.

The violation involves a laptop that was stolen from an unlocked treatment room. The laptop was on a stand by the portable CT scanner where it was used to produce images for viewing through the Radiology Department’s Information System and Picture Archiving System. The laptop contained the information of 599 patients.

The hospital did not conduct a risk analysis of all its electronic-protected health information (ePHI), nor did it physically safeguard a work station.

The OCR also noted Lahey’s failure to implement adequate policies and procedures, including a policy on how to safeguard ePHI that exists on all workstations used with diagnostic equipment.

This case comes on the heels of another HIPAA breach in which Triple-S Management Corporation agreed to a $3.5 million settlement and to enter into a robust corrective plan.

These cases illustrate recent trends in which violations of HIPAA have resulted in substantial fines. All hospitals and healthcare facilities should be in compliance with HIPAA. Hospitals should ensure that they have a trained and effective HIPAA compliance officer to oversee the program. Staff should be well trained and understand the HIPAA law.

OCR offers a number of free resources. These include a document on how to protect and secure information when using mobile devices. It discusses what to do if a mobile device is stolen. Hospitals and other facilities should conduct an assessment of mobile devices such as laptops and phones. Technology exists that can remotely wipe anything off a mobile device should a theft occur.

For more information, please visit: https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security.

The Resolution Agreement and Corrective Action Plan can be found on the OCR website at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/lahey.html.

To read the press release, please visit: http://www.hhs.gov/about/news/2015/11/25/hipaa-settlement-reinforces-lessons-users-medical-devices.html.

---

---

UPCOMING COMPLIANCE WEBINARS