If you're a physician, you've spent many years training to achieve your career goals. You have gone to undergraduate school, and you have gone to medical school. You have done an internship, a residency, maybe a fellowship and you have reached a good point in your career.

Why risk all that education and knowledge and the livelihood that you have created when you can call on someone who has that kind of experience that you need?

I can go on WebMD and look up how to address a medical issue, but is that going to give me the knowledge I need to address the problem? Similarly, if you have a legal issue you should call in a specialized legal expert.

There are nuances to a medical board investigation that you may not be aware of. There are ways to deal with a board investigator. There is a way to deal with a board investigation. There really needs to be control of the information that's provided from the board on your behalf. Physicians think, I'm smart enough, I can figure this out, and I can tell them my story. That is often not a good approach because physicians are geared in a different way and it may be that there are legal nuances that you are not familiar with. Nuances that you will not find in a web posting or looking up how to deal with the licensing board. You need an experienced legal counsel who knows how to handle these cases and will provide you with best advise possible. Why risk all those years of education and the livelihood that you have created for yourself. You need to call somebody with experience. At Levy Pruett Cullen, we have 25 years of experience in representing both the prosecution on the prosecution end and defending doctors with regard to their medical licenses - in criminal actions, in civil cases and before professional organizations as well as credentials hearings. You need an experienced legal counsel who will make sure to protect your license and your livelihood.

I'm Fran Cullen at Levy Pruett Cullen. I can work to protect your license and your livelihood and protect all those years that you've put into to your career.

A stolen computer led to the North Memorial Health Care of Minnesota paying $1.55 million for a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

North Memorial Hospital was charged with two HIPAA Privacy and Security Rule violations subsequent to an U.S. Department of Health and Human Services Office of Civil Rights (OCR) investigation. The investigation was initiated after a laptop was stolen from a North Memorial Hospital employee's car.

Specifically, OCR alleged that North Memorial did not having a business associate agreement in place, and was not performing due diligence on risk analysis as required in HIPAA's Privacy and Security Rules.

In particular, OCR alleged that North Memorial did not have the proper agreements in place to let a third party handle payment and health care operations, and North Memorial allowed Accretive Health Inc. - a hospital debt collection company - to access North Memorial's hospital database. Accretive had access to electronic protected health information (ePHI) of 9,497 patients, as well as access to hard copies of protected health information.

Jocelyn Samuels, HHS's OCR director, said North Memorial did not meet two basic requirements of HIPAA. First, North Memorial did not have a business associate agreement in place with Accretive, and second, North Memorial did not have "an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure" as required by HIPAA.

The official announcement from HHS states, "The investigation further determined that North Memorial failed to complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure - including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes."

In addition to the payout, North Memorial has to develop a risk analysis and management plan that meets the requirements of HIPAA's security rules. North Memorial must also train its employees to use and follow the new plan.

Under the agreement, North Memorial and OCR stipulated that North Memorial did not commit any wrongdoing. The full resolution agreement may be read here.

How to Stay Compliant

To avoid a similar outcome from happening to you or your healthcare company, HHS offers a sample Business Associate Agreement, as well as a Risk Assessment guide. Sample business associate agreement here. Here is a risk assessment guide from HHS.

If you or your company are concerned about compliance, if you need assistance with compliance, or find yourself subject to an OCR audit, contact the Medicaid team at Levy Pruett Cullen today.

With two decades of experience defending practitioners and healthcare providers from allegations of Medicare and Medicaid fraud (linked to page), improper coding or billing, accepting kickbacks, false medical claims, overbilling, improper coding practices, unnecessary medical treatment, altered documents, Department of Audits and Accounts (DOAA) recoupment, improper insurance collections and duplicate billings, or Prescription Drug Crimes, Levy Pruett Cullen is a law firm uniquely tailored to your needs.

The federal Office of Civil Rights (OCR) is now in Phase 2 of a Health Insurance Portability and Accountability Act's (HIPAA) audit that will review policies and procedures adopted and employed by covered entities and their business associates.

OCR is a division of the Department of Health and Human Services tasked by the Health Information Technology for Economic and Clinical Health Act (HITECH) to audit covered individual and organizational providers of health services; health plans of all sizes and functions; health care clearinghouses; and a range of business associates of these entities for compliance with HIPAA's Privacy, Security, and Breach Notification Rules. OCR officials said the audit will help the federal agency find potential problems before they arise. OCR also hopes to refine its ability to advise healthcare organizations and contractors about handling confidentiality requirements of protected health information (PHI).

BACKGROUND

Periodic OCR audits are required by HITECH, which was passed in 2009. Covered healthcare companies, contractors and business associates that may have contact with secured records are subject to the audits to ensure compliance with the HIPAA Privacy, Security, and Breach Notification Rules.

Phase 1 audits occurred in 2011 and 2012. Phase 1 audits looked only at healthcare companies. Phase 2 will cover healthcare companies and business associates.

This round of audits is expected to consist of 200 desk and on-site audits. Most will be desk audits - audits focusing on document review. OCR anticipates that its desk audits should encompass two rounds, a first round for the healthcare agencies, and a second round for business associates. OCR notes that desk audits should be done by December, and on-site audits should begin later this year.

It is important to note that any healthcare company chosen for a desk audit may be selected for an on-site audit.

HOW THE AUDITS WORK

PRELIMINARY EMAIL

First, OCR will send an email to healthcare companies and business associates asking to verify contact information. This is referred to as a "pre-audit questionnaire." It will ask:

• Business size.
• Business type.
• Scope of operations.

OCR will use this information to create a pool of audit targets. The OCR plans to make the audit selections as representative as possible using size, sector and geographic location as criteria.

PHASE ONE - DESK AUDITS

Companies and business entities selected for the first round of desk audits will get an email from the OCR requesting documents and other information. The document request will focus on company HIPAA Privacy, Security, and Breach notification rules. Specific targets are:

• Risk analysis.
• Notice of privacy practices.
• Response to request for access to the PHI.
• HIPAA Security Rule risk analysis
• Implementing HIPAA policies and procedures.
• A breach notification process.
• Updated Notice of Privacy Practices that reflects HIPAA Final Rule modifications.
• Encryption on laptops and other devices with PHI.
• Updated inventory of devices with PHI and information system assets. This includes mobile devices.
• A physical security plan for every location with PHI.
• Regular staff training on PHI security, security and breach response policies.
• Patients' timely access to PHI.

Those selected for participation in Phase one have 10 business days to submit the requested documents through an audit-specific portal on the OCR website. OCR will review the submitted documents and come up with draft findings. These drafts will be shared with the audited entities, who will then have 10 days to respond to the initial report. Written replies will be included in the final audit, and the audited company will get a copy of the final report.

PHASE TWO - ON-SITE AUDITS

Those chosen for on-site audits will get an email notifying them of selection. The on-site audit will take three to five days, depending on the size of the entity. These audits will be more detailed and have a broader focus on compliance with specific HIPAA regulations.

A draft report will be sent to the audited entities, and they will have 10 days to respond with written comments. The audited company will get a copy of the final report.

If the audits find any serious issues, OCR may launch a compliance review.

OCR will not notify the audited entities when the reports are made generally available. However, a Freedom of Information Act (FOIA) request may require OCR to release audit notification letters and other audit information which could identify the audited health care companies and business associates.

GETTING READY FOR THE AUDITS

The protocols for the Phase 2 audits are listed on the Health and Human Services website linked here: on the OCR website.

Any entity and business associate that comes under HIPAA oversight needs to prepare for an audit.

Four Ways to Prepare for a Potential OCR Audit:

1) Make sure emails from OCR are not routed to the junk or trash folders. Emails will come from OSOCRAudit@hhs.gov. Have IT staff configure email protocols and filters to route emails from this address to the applicable inbox. Advise any business associates to do the same. OCR will, however, use public contact information for any selected entity that does not respond to the email request.

2) Prepare a list of business associates. OCR will ask for this. Every covered health care business and business associate should evaluate compliance with HIPAA's Privacy, Security, and Breach Notification Rules with a regular self-inspection covering:

3) Make sure the audit response team is ready. Any entity selected for the audit only has 10 days to reply to the request for information and 10 days to reply to any draft findings. The team has to be ready to go.

4) Have a data mapping exercise. Identify PHI storage and track data flow within the healthcare company and applicable business associate (or associates). This will help identify weak points in HIPAA compliance areas.

Even if a health care company is not chosen for an audit, these exercises are helpful. They show how prepared a health care company is and how well it complies with HIPAA regulations.

It is important to comply with HIPAA's guidelines, audits notwithstanding. If you need assistance, or find yourself subject to an OCR audit, contact the Medicaid team at Levy Pruett Cullen today.

With two decades of experience defending practitioners an healthcare providers from allegations of Medicare and Medicaid fraud (linked to page), improper coding or billing, accepting kickbacks, false medical claims, overbilling, improper coding practices, unnecessary medical treatment, altered documents, Department of Audits and Accounts (DOAA) recoupment, improper insurance collections and duplicate billings, or prescription drug claims, Levy Pruett Cullen is a law firm uniquely tailored to your needs.

A study published by JAMA Internal Medicine compares prescription painkiller data in Florida and Georgia from July 2010 to September 2012 to show a significant decrease in the prescribing of oxycodone. Before a 2010 law aimed at regulating pain management clinics, South Florida was a serious player in the nation black market for prescription painkillers. In 2010, Florida doctors sold almost 46 million oxycodone tablets. In 2011-after the law went into effect-that number dropped to 1.2 million pills, a 97% decrease.

Under the new law, clinics have to register with the state, and doctors can no longer dispense opioid prescription painkillers from their offices. Before the law, doctors in storefront clinics could sell drugs to walk-in patients carrying cash. In addition to tougher laws, Florida also implemented the Prescription Drug Monitoring Program to provide healthcare professionals with a more comprehensive look at patients' prescription drug histories.

Authors of the study believe that the data shows a promising drop after the state law went into effect. Dr. Lainie Rutkow, an associate professor at the John Hopkins School of Public Health told WLRN News, "the declines that we saw were equal to something in the range of 500,000 5 mg tabs of Vicodin per month."

The use of opioid prescription painkillers is a major public health concern. According to a July 2014 report from the Center for Disease Control, 46 people per day die from overdose of prescription painkillers in the Unites States.

Read more about the Florida opioid law and its effects here or contact one of the Atlanta Medicare Fraud Lawyers at Frances Cullen, P.C. so we work together to defend your right to practice medicine.

Prescription narcotic drug abuse is on the rise in Georgia. Sadly, three-quarters of the accidental drug-related deaths in Georgia were from prescription drug overdose, according to a report from The Georgia Bureau of Investigation's Medical Examiner Office. The narcotics are almost always obtained with a prescription.

Identifying patients that exhibit drug-seeking behavior has become a major issue for medical professionals. Likewise, prescription theft is also on the rise, and pharmacists should be vigilant for this method of drug acquisition.

Simply stated, a prescription does not mean a pharmacist is clear.

Federal law states that "The responsibility for the proper prescribing and dispensing of controlled substances is upon the practitioner, bit a corresponding responsibility rests with the pharmacist who fills the prescription." Title 21, Code of Federal Regulations, §1306.04(a)).

In short, you as a pharmacist are responsible. You could be charged with a felony count of "knowingly and intentionally distributing controlled substances" in an illegal manner.

To this end, it is important to know that you are not required to fill a prescription of "doubtful, questionable or suspicious origin." (DEA rule) The Texas pharmacy board has this brochure that explains your rights in more detail under federal regulation and law.

Also, here are a few tips to help you stay vigilant:

• Do you know the person getting the prescription? Do you know the person picking it up?
• Does the person request early refills?
• Is the person getting prescriptions from several medical care providers?
• Is the person getting the prescription local or from a long way off?
• Is the health care provider sending in an unusual number of narcotics prescriptions?
• Does the prescription come from a long distance from the pharmacy?

No doubt you can come up with some other telltale indicators of possible abuse.

As part of the education effort, the Georgia Pharmacy Foundation has joined forces with other groups to support the Medical Association of Georgia's Think About It Campaign at rxdrugabuse.org.

Advise your customers about approved disposal locations for expired medications. You can get a list of drop points at police and sheriff's departments across the state at http://www.stoprxabuseinga.org/.

The ramifications of prescription drug abuse are wide ranging and, as a pharmacist, you play an important role in preventing drug abuse. Also, as the state and federal government struggle to find ways to slow the flow of prescription drugs to abusers, it is important to stay abreast of current laws and regulation to ensure that you remain compliant.

A California doctor was handed 30 years to life in the death of three patients who overdosed and died. The overdoses happened when the three adults abused prescription medication while away from the doctor's office.

Dr. Hsiu-Ying "Lisa" Tseng was found guilty of second-degree murder by a Los Angeles jury last year.

Naturally, as a doctor, Dr. Tseng has a responsibility to her patients. This duty should not, however, exceed the scope of what a physician may control, and this decision may set an incredibly dangerous precedent.

This precedent, however, is what some family members of the deceased hoped for. "I really hope this sets a precedent that will allow other dirty doctors to be prosecuted," said April Rovero, mother of one of the three who died. "We feel that finally we have justice."

In the sentencing hearing on Friday, Feb. 12, 2016, Superior Court Judge George G. Lomeli said Dr. Tseng attempted to blame other people for what happened. "It seems to be an attempt to put the blame on someone else," he said. "Very irresponsible."

As the LA Times stories point out, this case is troublesome. "Tseng, 46, who was a general practitioner, is among a small but growing number of doctors charged with murder for prescribing painkillers that killed patients. A Florida doctor was acquitted of first-degree murder in September," wrote report Marisa Gerber.

It is certainly lamentable that these three people died, but holding a medical professional responsible for abuse of medications they prescribe may have wide-ranging, unintended consequences that may impact doctors who prescribe with the best of intentions.

The growing trend of trying to hold doctors accountable for patient behavior beyond the scope of the physician's control is quite serious. If you hold any professional license and you are charged with a crime linked to that license, you need to fight it.

Physicians and health care providers, in particular, must consider the implications of criminal allegations beyond just criminal court, as mere allegations of wrongdoing may give rise to issues with several state and federal licensing entities. Since the right to practice medicine hinges on state licensure, and the right to prescribe medications depends on DEA certification, it is crucial to consider criminal allegations from multiple angles. If you are charged with a crime contact an Atlanta healthcare attorney at Levy Pruett Cullen. We understand the unique demands of defending licensed health care professionals.

Physician Lawsuits Increase

Doctors who get sued once for malpractice are likely to be sued again. The more times a doctor is sued and the more times he pays out, the more likely it is to happen again. A vigorous and strong defense in a malpractice case is the only way to halt the financial hemorrhaging.

Strong defense is best protection in today's litigious society.

If a doctor is sued once and loses, his chances of being sued again go up. If he loses two cases, the chances rise yet again.

It gets worse. The more times a physician is sued for malpractice and loses, the more he's likely to face more challenges. The New England Journal of Medicine just published a comprehensive report studying the prevalence of malpractice lawsuits.

It's not encouraging news.

"Approximately 1% of all physicians accounted for 32% of paid claims. Among physicians with paid claims, 84% incurred only one during the study period (accounting for 68% of all paid claims), 16% had at least two paid claims (accounting for 32% of the claims), and 4% had at least three paid claims (accounting for 12% of the claims). In adjusted analyses, the risk of recurrence increased with the number of previous paid claims," the report's synopsis states.

A report in the New York Times puts it slightly differently: "A doctor who had two paid claims was twice as likely to have another as a doctor who had one, and a doctor who had six or more paid claims was 12 times as likely to have another."

The Times blog and the NEJM report point a finger at doctors. "...[D]octors who accumulate multiple claims are a problem, and a threat to the health care system. Identifying these high-risk doctors is a key first step toward doing something about the problem," said study co-author David M. Studdert.

Are doctors the problem or is the real problem opportunistic lawyers who see easy targets?

I believe doctors who don't mount an adequate defense against malpractice cases make the problem worse. The study says more lawsuits are likely when doctors have to pay out a settlement. If the same study was done and looked at doctors who were sued, but did not pay claims, I believe the results would show future malpractice claims dropped sharply.

Personal injury attorneys are not going to go after doctors if the lawsuit takes a lot of effort. No attorney likes to invest time without being compensated. Such attorneys will go after doctors with a history of paying claims. There are too many easy targets out there, as the NEJM study indicates.

The Times blog says as much: "...[A] doctor who had six or more paid claims was 12 times as likely to have another."

Doctors who mount a vigorous defense to challenge the malpractice claims are less likely to be sued in the future. If you are facing a malpractice case or a challenge to your practice, it is important to consider the ramifications on your state license to practice medicine.

Also, it is important to vigorously defend patient accusations that do not make it to courts of civil claims. If you are contacted by a state licensing board with allegations of any sort, you need someone who can help guide you through the process. With nearly 20 years of experience and countless successful results, contact one of the Atlanta Medicare Fraud Lawyers at Frances Cullen, P.C. so we work together to defend your right to practice medicine.

New DEA Painkiller Rules

A new set of federal rules on prescription narcotic painkillers has hit veterans hard. The new restrictions are also putting increased pressure on an already over-burdened Veterans Administration health care system. The net effect- veterans are not getting the care they need and VA doctors will take the blame.

Physicians feeling pressure from two sides after DEA ruling.

Rules created by the federal Drug Enforcement Agency (DEA) for prescription narcotics are making matters worse, instead of better, for some of the people who need these painkillers.

The complete DEA rule is here.

When the federal agency announced the new rules, then-DEA Administrator Michele Leonhart said, "These new regulations will expand the public's options to safely and responsibly dispose of unused or unwanted medications. The new rules will allow for around-the-clock, simple solutions to this ongoing problem. Now everyone can easily play a part in reducing the availability of these potentially dangerous drugs."

The DEA's intent was to slow the rate of prescription painkiller overdose and death in the United States, a nation that some sources report as the world leader in opioid prescription medication abuse. While well intentioned, the new DEA rules have the unintended effect of restricting prescription pain medications for those who suffer from chronic, debilitating pain and depend on narcotics to get through everyday life.

Veterans among those hit hard by new DEA rules

The Washington Post profiled a number of veterans who are being hit especially hard by the DEA rule in a story about the DEA rule. One of those veterans, Craig Schroeder, was seriously injured in Iraq. Since coming home, he relies on opioids to alleviate debilitating pain that would otherwise make it impossible for him to function day-to-day.

But, after the DEA ruling, he could not get his medications because the DEA rules require regular doctor appointments for refills. Delays and other problems at the VA meant it took Schroeder five months to get in to see a physician.

Wounded veterans are just one group of individuals adversely affected by unintended consequences following new DEA rules. Doctors may also face difficulties when attempting to provide medication to patients suffering with chronic pain, as new, shifting DEA requirements may cause prescribers to unintentionally violate DEA rules.

Vigilance is all the more important for medical professionals who base their livelihoods on their ability to prescribe medications. To ensure you comply with DEA regulations and other state and federal rules, or if you are looking for advice on how to comply with the law and your duty as a physician, contact a Healthcare Law Attorney Atlanta at Frances Cullen, P.C. for help.

Physician Health Programs (PHPs) are state-based plans for doctors with substance abuse or other mental health problems. Some of these programs are now coming under fire for lack of oversight and regulation, as well as unscrupulous billing and contracting. There are anecdotal reports that a number of physicians have had harrowing interactions with PHPs, leading some to become suicidal.

PHPs were initially established to help physicians struggling with substance abuse or mental health issues by providing them with access to confidential treatment while avoiding professional investigation and potential disciplinary action. However, some practitioners view Physician Health Programs as coercive and abusive of their power, particularly as there are rarely avenues for appeal of PHPs treatment recommendations.

Detractors of the Physician Health Programs system claim physicians who voluntarily disclose they have mental health or drug problem can be forced into treatment without recourse, face expensive contracts, and are frequently sent out of their home state to receive the prescribed therapy. In addition, critics assert that there is no real oversight and regulation of these programs.

The healthcare attorney Atlanta at Frances Cullen, P.C. represent physicians and other healthcare professionals before Physician Health Programs. Contact us immediately if you need assistance.

Read more about Physician Health Programs.

After an intense legal battle regarding the non-transparency of payments made to individual Medicare providers, Medicare data for physician and other healthcare provider payments was released to the public April 9, 2014. Payments to hospitals, institutions, clinical laboratories, and ambulance services, among others were not a part of the report.

The data revealed that the greatest percentage of fees overall were paid for routine office visits but the largest concentration of higher paid fees went to a very small fraction of the 80,000 physicians and healthcare providers enrolled in the Medicare program. These providers collected one quarter of the $77 billion dollars in fees paid under the federal program, with the largest percentage of payments made to ophthalmologists and oncologists.

In 2012, 100 doctors received a total of $160 million. The highest paid were ophthalmologists, mainly for treatment of macular degeneration. Approximately 3,300 ophthalmologists were paid a total of $3.3 billion from Medicare. One Florida ophthalmologist alone collected $21 million.

Analysts predict that fraud investigators and health care insurance plans will be poring over this data in the coming weeks to locate which doctors perform an unusually high volume of services to then determine whether every test or procedure was medically necessary.

Some physicians and medical institutions expressed concerns that some of the data would be misconstrued with regard to the treatment of severely ill patients who suffer, for example, from heart disease or cancer, and for physicians who direct large projects overseeing a substantial number of other doctors or patient populations. One example cited was a physician at the University of Michigan Health Systems who oversees 1,600 primary care physicians, who each receive a small payment each month.

Ophthalmologists also claim that their high representation in the figures quoted is misleading because a large percentage of the fees pad goes to the cost of drugs they administer for patient treatment, which, in turn, is paid to drug companies. Read more about the data behind Medicare’s payouts to physicians.

The Atlanta healthcare attorneys at Levy Pruett Cullen. represent physicians and other healthcare professionals with Medicare and Medicaid issues. Contact us if you believe you may be subject to an audit, appeal, or fraud prosecution.