Healthcare Law: What Every Provider Should Know
by Melesa Freerks, Esq.
Healthcare is an incredibly broad, diverse, and dynamic industry. Because of the breadth in the field, providers are surrounded by a wide array of legal issues relating to employment contracts, taxes, business structure, medical malpractice, non-profit organization, insurance, and reimbursement, to name a few. However, although the field is riddled with potential legal issues, there are several key healthcare laws that every provider should know.
Stark Law. The Stark Law is a federal self-referral statute that prohibits a provider from referring Medicare and Medicaid patients for designated health services if the provider (or an immediate family member) has a financial relationship with the entity to which the patient is referred, unless an exception is met.
Under the Stark Law, “financial relationship” is a broad term that includes ownership, investment interest, and compensation arrangements. Designated health services do not include all healthcare services, but do include the following: clinical laboratory tests; physical therapy services; occupational therapy services; radiology services including magnetic resonance imaging (MRI), computerized axial tomography scans, and ultrasound services; radiation therapy services and supplies; durable medical equipment (DME) and supplies; parenteral and enteral nutrients, equipment, and supplies; prosthetics, orthotics, and prosthetic devices; home health services and supplies; outpatient prescription drugs; and inpatient and outpatient hospital services. The Stark Law prohibits a provider from requesting that a patient receive any of these services or treatments from a facility with which the referring provider (or immediate family member) has a financial relationship or establishing a plan of care that includes a designated health service by a provider with which the referring provider has a financial relationship.
To get around the Stark Law, numerous exceptions are provided that protect a financial arrangement that includes a referral for a designated health service. Exceptions include, but are not limited to, the following: physician services, in-office ancillary services, rent of office space and equipment, and bona fide employment relationships. If a referral falls under one of the exceptions, the referral is not in violation of the Stark Law.
Anti-Kickback Law. The federal Anti-Kickback Statute is a criminal statute that prohibits the exchange of anything of value in an effort to induce the referral of Medicare or Medicaid business. The Anti-Kickback Statute is broadly drafted and establishes penalties for both the giving and the receiving individuals. Conviction of an Anti-Kickback Statute violation results in mandatory exclusion from participation in Medicare and Medicaid programs. Absent a conviction, individuals who violate the Anti-Kickback Statute may still face exclusion from federal health care programs at the discretion of the Secretary of Health and Human Services (HHS).
In recognition of the broad range of transactions potentially implicated by the Anti-Kickback Statute, certain types of payments are allowed under "safe harbors" established by HHS. Transactions not specifically excluded or granted safe harbor protection are not per se violations of the Anti-Kickback Statute, but are evaluated by the Office of Inspector General (OIG) on a case-by-case basis. Parties who are uncertain whether their arrangements qualify for exclusion or safe harbor protection may request an advisory opinion from the OIG.
False Claims Act. The False Claims Act imposes liability on persons and companies who defraud governmental programs. Common violations in healthcare include up-coding for medical procedures and performing or ordering of unnecessary procedures. The law includes a "qui tam" provision that allows people who are not affiliated with the government to file actions on behalf of the government (informally called "whistleblowing").
HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of individually identifiable health information about a patient that is transferred to or maintained by a healthcare provider, including email, electronic, fax, paper, oral, and voicemail records, as well as phone conversations. HIPAA rules protect the information itself, not the record in which the information appears. In other words, information does not lose its protection simply because it is stored in or printed from a computer. Additionally, the HIPAA Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information. And the confidentiality provisions of the Patient Safety Rule protect identifiable information being used to analyze patient safety events and improve patient safety.
Melesa Freerks, Esq., is a CHS guest blogger and an associate and healthcare business lawyer with Foley & Lardner LLP. She is experienced with advising healthcare clients regarding corporate transactions, compliance programs, fraud and abuse issues, physician employment agreements, privacy issues, and tax-exempt status.