News briefs

Lawsuit helps push back therapy cap to Sept. 1

The Centers for Medicare & Medicaid Services (CMS) announced in a July 3 program memorandum that it would postpone implementation of the $1,590 cap on outpatient therapy services from July 1 to Sept. 1. The delay was granted after a lawsuit was filed in June against CMS in the District of Columbia District Court. (American Parkinson Disease Association, et al. v. Tommy G. Thompson, No. 03-1378.) Rehab advocates met with CMS in May to express concerns about adequate time for notifying beneficiaries of the change in benefits.

Starting in October, the Medicare Summary Notice will inform beneficiaries on a monthly basis about their progress toward the cap. For 2003, the cap only will apply to services rendered between Sept. 1 and Dec. 31.

The rehab coalition, which includes the American Occupational Therapy Association, the American Physical Therapy Association, the National Association for the Support of Long Term Care, and the American Medical Rehabilitation Providers Association, still is pushing for repeal of the cap.

Legislation introduced in the U.S. House of Representatives, the Prescription Drug and Medicare Modernization Act of 2003, contained a provision for a one-year moratorium on the cap to take effect in January 2004. But the Senate version of the bill did not include the moratorium. Rehab leaders still are urging providers to contact their representatives and senators to urge them to cosponsor legislation that would repeal the cap entirely. 

Insurance policy to cover violations of HIPAA rules

A San Francisco insurer is offering health care providers what it says may be a first in underwriting — a professional liability insurance policy specifically geared toward electronic-based and web-enabled transactions for health care operations. The policy might be especially useful in insuring against violations of the Health Insurance Portability and Accountability Act (HIPAA), the company says.

The insurance is offered by Healthcare First, a unit of the brokerage services division of Arthur J. Gallagher & Co. of Itasca, IL. Healthcare First president David Wynstra says that the insurance product was developed in response to the way many health care systems have become more dependent on electronic-based transactions via the Internet to carry out business basic functions.

"As a result, those organizations are now assessing their information technology risks and liability exposures," he says. "This corporate liability coverage will continue to indemnify electronic-based transactions that health care organizations use to manage, process, and disseminate information. Moreover, the coverage now helps indemnify corporate policyholders from damages resulting from HIPAA events, such as unauthorized disclosures of protected health information [PHI] arising out of computer security violations."

Wynstra says the intent of the policy is to cover organizations for inadvertent HIPAA violations and the policy would not cover any fraudulent activities. Health care providers would benefit in situations in which an unauthorized disclosure is made that results in damage to an individual or organization, and that party decides to sue for damages.

Though that may sound appealing to managers worried about violating the new HIPAA provisions, Wynstra notes that the coverage will not cover fines levied by the government for HIPAA violations. That is consistent with other forms of insurance that commonly cover civil liabilities but cannot pay fines imposed by government agencies or law enforcement.

The eHealth/Internet Liability Policy will be underwritten by Mt. Hawley Insurance Co., a subsidiary of RLI Corp. and will provide premium discounts to health care providers accredited by URAC, an accrediting body in Washington, DC. The policy covers more than just HIPAA violations, says Michael Lamprecht, national practice leader of e-Insurance with Arthur J. Gallagher & Co.

The policy provides worldwide cyber liability coverage for exposures such as privacy infringement arising out of computer security breaches and contingent bodily injury arising from web site content, he says. The policy provides coverage for media perils such as copyright and trademark infringement, libel, slander, defamation, and product disparagement.

Wynstra notes that the underwriter will expect your organization to take all appropriate precautions regarding HIPAA, including the implementation of policies and procedures.

"There’s a rather rigorous underwriting program," he says. "Certainly, a security audit is necessary. We expect to see that the insured has taken all necessary steps to comply with HIPAA."