Advice from consultant or vendor can result in suit

There are several disparate areas in which following a vendor or consultant's recommendations could lead to liability for a provider or facility, warns Henry C. Fader, JD, an attorney at Pepper Hamilton in Philadelphia. Here are some scenarios that carry risks:

• A consultant hired to assist your surgical practice in becoming more efficient might recommend a new approach for obtaining consent.

For example, the consultant might suggest asking patients to indicate "I Agree" on a tablet computer as they are wheeled into surgery. "This device saves much time and effort in obtaining informed consent, but one of your patients sues for medical malpractice, and you have to testify that you provided the patient with informed consent," says Fader.

In this situation, he says, the plaintiff is likely to move for a directed verdict in favor of the patient since the physician is unable to testify that adequate informed consent was obtained.

• You might fail to meet criteria for the Centers for Medicare & Medicaid Services' (CMS') "meaningful use" payments.

One of the Obama administration's initiatives is to expand the number of providers who use electronic medical records (EMRs) with incentive payments, but several criteria must be satisfied, notes Fader.

If you hire an information technology vendor to put the EMR into service, and the EMR does not meet the appropriate certification criteria or doesn't perform particular functions in accordance with the required criteria, you might inadvertently make a false claim to the Medicare or Medicaid program when requesting "meaningful use" payments, warns Fader.

• A consultant might arrange for your facility to share de-identified patient information with a pharmaceutical company to examine prescribing practices with respect to a particular diagnosis.

When you provide access to your EMR records to the consultant, all of the patient-identifying data is loaded on the consultant's laptop. "The laptop is stolen from the consultant's vehicle. Your practice has now suffered a breach under Health Insurance Portability and Accountability Act [HIPAA] and the HITECH [Health Information Technology for Economic and Clinical Health] laws," says Fader.

While the consultant has joint responsibility under HITECH for the breach as a "business associate," your practice has to explain to patients how the breach occurred, says Fader. This situation results in loss of reputation as well as potential fines from the Office of Civil Rights, he says.

• If you are part of an accountable care organization (ACO) which requires you to follow clinical guidelines and report patient satisfaction, you might hire a consultant to assist in the provision of appropriate clinical guidelines for your patients.

"But the consultant is providing advice and recording results that unfortunately enhance the practice's statistics. These are then used to qualify your patient population for gain-sharing payments," says Fader.

As a result of using these enhanced statistics due to the consultant's advice, you might have filed a false claim and would need to return the savings to the ACO and the Medicare program, he explains.

• You decide to outsource your human resources (HR) function to a consultant, who handles interviews and completion of employment and benefits paperwork. The consultant is supposed to verify credentials, verify references, and perform a criminal background check.

Fader gives the following scenario: An employee embezzles funds from the practice's bank account, and when you notify the police of the loss, they advise you that the employee had been convicted of theft previously.

"When you confirm the situation with the HR consultant, you get the bad news that they never performed the required criminal background check on the employee, costing the practice thousands of dollars in losses," says Fader.