| View this email online if it doesn't display correctly |
| |
|
|
| |
| Dear Friend,
A single laptop can cost you more than $1 million.
What's a laptop cost? How about $1,040,000? Nope, it's not the world's first quantum computing MacBook. It's just a regular old one. Heck, it's even used!
And therein lies the problem.
That's the price that Rhode Island based non-profit, Lifespan Health System Affiliated Covered Entity (“Lifespan”) agreed to pay the government as the penalty for the theft of a single stolen laptop that might have contained unencrypted PHI to which the thieves had access.
The story started out on a Saturday like many others. A hospital employee parked in a public lot. But then, thieves broke into the parked vehicle and stole, among other things, a MacBook laptop used by the employee for work. The laptop was never seen again. Neither were the thieves.
Now here comes the "might have, sort of” part, the part that should really scare you. There doesn't appear to be any actual evidence that anyone illegally accessed PHI. Nor, for purposes of HIPAA violation, does there have to be.
Upon investigation, it was determined that the employee's work emails might have been cached in a file on the device's hard drive, and that the thieves “had access to” patient names, medical record numbers, demographic information, including partial address information, and the name of one or more medications that were prescribed or administered to patients.
Despite all of those might haves, the loss of the laptop constituted a HIPAA breach because the PHI on that single MacBook was not encrypted.
According to a press release issued on July 27, 2020, by the U.S. Department of Health and Human Services’ agency charged with HIPAA enforcement, the Office for Civil Rights ("OCR"), upon investigation, it was determined that there was systematic noncompliance with the HIPAA Rules within Lifespan. Among the noncompliance was the failure to encrypt ePHI on laptops after Lifespan determined that it was reasonable and appropriate to do so. The investigation also revealed a lack of device and media controls.
Mobile devices, from laptops to cell phones, are stolen every day. Cars containing those devices, even ones locked “securely,” or so we think, in their trunks, are broken into or themselves stolen every day. Other such devices are simply misplaced.
That's why ePHA on those devices must be encrypted.
The settlement highlights the fact that simply having a HIPAA compliance plan, even one that requires encryption, is worthless, if it is not enforced, and it is less than worthless if you have a plan that you know if not being complied with and you do nothing about it.
The sad story also highlights the issue of the security of any PHI, electronic or on paper, that is exposed to theft, or even loss, in transit, whether the transit is via a car, a pocket, or a briefcase.
In addition to the $1,040,000 payment, Lifespan entered into an agreement with the government requiring a corrective action plan including two years of monitoring.
For help with both crafting your compliance plan and creating an actual working compliance program, email me now. I can guarantee that it will cost you less than $1,040,000, plus a corrective action plan, plus attorneys fees, plus bad publicity, plus exposure to other potential liability. |
| | | Business Life in the Time of Coronavirus Mini-Series
The coronavirus crisis caused a short term economic crisis for many medical groups. Our mini-series shows you the way out. Plus, many of the concepts discussed are applicable during both good times and bad.
[If you haven't already seen them, follow this link to watch our entire series.] |
| | Tuesday - Doc Daughter Settles Civilly, Parents Aren’t So Lucky
Watch Tuesday's video here, or just keep reading below for a revised, more polished transcript: |
| Here's an interesting kickback story for you.
I hope it keeps you out of the same type of mess.
The story involves a physician, Bibi Tasleyma Sattar, D.O., and her parents, Sultan Sattar and Bibi Zabeda Sattar, the owners of a phlebotomy service, Onsite Draw Station, Inc.
Earlier this month, Dr. Sattar entered into a $210,000 civil settlement with the U.S. Government pursuant to a False Claims Act lawsuit which alleged that she was paid kickbacks of $25 for each patient that she referred to Onsite in connection with diagnostic tests performed by True Health Diagnostics, LLC.
The Government alleged that Dr. Sattar received that remuneration from True Health disguised as "process and handling fees." Her parents were claimed to have facilitated that kickback via their entity, Onsite. After all, it doesn't appear as if Dr. Sattar did any "processing or handling" other than make referrals.
What's very interesting is that although the doctor daughter settled civilly, her parents have been indicted criminally. They are potentially taking a much harder fall. If convicted, the parents each face up to 5 years in federal prison.
Here are two things to think about:
1. If you receive processing/handling fees for not doing any processing or handling, you've got a kickback problem.
2. Ask yourself this: If somebody proposes some sort of kickback deal to you, will your parents be willing to take the fall?” Something tells me, they wouldn’t. |
| | How to Deploy the Secret Sauce of Opportunistic Strategy
Webinar On Demand
They say that COVID-19 has changed the world, creating the "new normal." Many of your colleagues and many hospital administrators are running scared.
Others, leaders like you, know that crisis means opportunity.
Let me provide you with the strategic tools and insights that you need in order to seize opportunities, whether they’re in the context of your current business relationships, the expansion of your business activities, or the creation of new ventures.
You will learn:
•Defense as a defective default: It’s necessary, but not sufficient.
•Exploiting weakness: Drop the guilt and identify opportunity.
•Flat line negotiation is fatal: Understand its myths and limitations.
•Negotiation reality: Learn to identify and deploy on multiple planes to affect the outcome.
•Maneuver: Harness the power of maneuver, both in overall strategy and in specific negotiation strategy.
Others see a crisis and freeze in fear. Learn how to see the opportunities and obtain the tools to increase your odds of obtaining them.
The price to attend is $479. The cost of not attending is astronomical. |
| | | Wednesday - Why the Lack of Power Corrupts Absolutely: Dealing With Petty Bureaucrats – Redux
Watch the video here, or just keep reading below for a slightly polished transcript:
Hey, have you heard this one?
What do you get when you cross a compliance officer with a whistleblower?
In the case of Sutter Health and Sacramento Cardiovascular Surgeons Medical Group, Inc. (“Sac Cardio”), you get an agreement to pay the United States a total of $46,123,516.36 to resolve allegations related to reimbursement claims they submitted to the Medicare program.
Laurie Hanvey was employed by Sutter as its compliance officer at Sutter Medical Center, Sacramento. When, as she alleges, Sutter entered into a string of noncompliant financial relationships with Sac Cardio and other medical groups in contravention of her oversight and of Stark and the federal Anti-Kickback Statute (“AKS”), she blew the whistle. That is, she became the relator in a False Claims Act lawsuit.
Of the various claims made, that lawsuit resulted in a $500,000 plus settlement by Sac Cardio and a $30 million plus settlement by Sutter in regard to their relationship.
The balance of the total settlement consists of an additional $15 million to be paid by Sutter for other self-disclosed compliance improprieties.
According to the press release issued by the U.S. Attorney’s office, those self-disclosed violations resulted from referrals by physicians to whom Sutter facilities “(1) paid compensation under personal services arrangements that exceeded the fair market value of the services provided; (2) leased office space at below-market rates; and (3) paid reimbursements of physician-recruitment expenses that exceeded the actual recruitment expenses at issue. Additionally, several Sutter ambulatory surgical centers double-billed the Medicare program by submitting claims that included radiological services for which Medicare separately paid another entity that had performed those services.”
The allegations brought by Ms. Hanley in regard to Sutter’s relationship with Sac Cardio are particularly instructive for physicians and medical groups.
Among the allegations were that Sutter "stacked" a series of agreements providing aggregate annual compensation exceeding $1.9 million to Sac Cardio, which amount was commercially unreasonable and grossly in excess of fair market value, all to reward the group for its high-volume referrals. As a result, the complaint claimed that the overall arrangement violated both Stark and the AKS.
Specifically, the elements of the arrangement included:
- A series of cardiovascular call coverage agreements paying up to $912,500 annually, an amount that increased drastically over the time period covered by the complaint. The complaint alleges that Sac Cardio received that deal to the exclusion of all other cardiovascular surgeons on staff at the hospital.
- A "Physician Assistants Agreement" that obligated Sutter to pay Sac Cardio for four PAs at the rate of $170,000 per FTE, a total of $680,000 per year. As part of the arrangement, Sac Cardio was not to bill for the PAs' services, yet it was alleged that Sac Cardio did in fact bill third party payers, including Medicare.
- A series of medical director agreements that paid Sac Cardio up to a total of $318,264 per year.
Here are some additional takeaways for you:
1. Just because a large entity, for example, a hospital or a surgery center management company, tells you that a deal’s been vetted by their lawyers and is “legal,” don’t bet on it. Vet it through your own counsel and assess your own risk. As in carpentry, measure (assess) twice, cut (do the deal) once. Or don't do the deal – you get the idea.
2. Whether or not you see a series of financial arrangements as related, in other words, as a total arrangement, whistleblowers and the government will. Make sure that the overall relationship passes muster. That includes the fact that overall compensation is within the range of fair market value. Sticking a wet finger in the air to see which way the valuation wind is blowing does not generate sufficient data to support your defense.
3. And, remember, as one of my early mentors was fond of saying, pigs get fat, hogs get slaughtered. |
| | Thursday - Don’t Let Models Dictate Your Business Structure |
| Listen to the podcast here, or just keep reading for the transcript.
There’s an old saying that a person doesn’t really want a drill, they want a hole. I actually think there's yet another level of thinking – why do they want the hole? Perhaps it's to hang a painting.
The same idea holds true with many healthcare structures, whether it's an IPA, a clinically integrated network (a "CIN" – which they might be if they’re not structured right!), and so on.
These really aren’t destinations. In our metaphor, they aren't the painting on the wall. In fact, they’re not even the hole.
What they are is the drill. They’re tools that describe a method of getting you to the business entity or outcome that you seek to create or achieve. They’re not ends in and of themselves.
On the one hand, you can view this as a mini-lecture on the fact that business structures are tools to achieve your desired end.
But my main point is somewhat different: What’s most important for you is to first decide what it is, on a business level, that you’re trying to achieve.
Forget for the moment (but only for the moment!) about legal structure and compliance and the fact that it's a "fill in the blank" such as a CIN.
Instead, simply concentrate on what it is, bottom line, that you want to achieve.
Then, and only then, should we ask the question of what tool or tools . . . the specific structure or structures . . . can be applied to get you there.
|
| | | Calibrate Your Compass
Read our exclusive RedPaper to guide you through this evolving situation.
The coronavirus crisis caused a short term economic crisis for many medical groups. Our RedPaper shows you the way out. Plus, many of the concepts discussed are applicable during both good times and bad.
|
| | Help Us Help You With Helpful Content
What tailored content would you most like to see during this time? How can we focus on solutions to your most pressing strategic concerns?
|
| | | | We all hear, and most of us say, that the pace of change in healthcare is quickening. That means that the pace of required decision-making is increasing, too. Unless, that is, you want to take the “default” route. That’s the one is which you let someone else make the decisions that impact you; you’re just along for the ride. Of course, playing a bit part in scripting your own future isn’t the smart route to stardom. But despite your own best intentions, perhaps it’s your medical group’s governance structure that’s holding you back
|
|
|
| In fact, it’s very likely that the problem is systemic. The Medical Group Governance Matrix introduces a simple four-quadrant diagnostic tool to help you find out. It then shows you how to use that tool to build your better, more profitable future. Get your free copy here.
|
| | | | | | Whenever you're ready, here are 4 ways I can help you and your business:
1. Download a copy of The Success Prescription. My book, The Success Prescription provides you with a framework for thinking about your success. Download a copy of The Success Prescription here.
2. Be a guest on “Wisdom. Applied. Podcast.” Although most of my podcasts involve me addressing an important point for your success, I’m always looking for guests who’d like to be interviewed about their personal and professional achievements and the lessons learned. Email me if you’re interested in participating.
3. Book me to speak to your group or organization. I’ve spoken at dozens of medical group, healthcare organization, university-sponsored, and private events on many topics such as The Impending Death of Hospitals, the strategic use of OIG Advisory Opinions, medical group governance, and succeeding at negotiations. For more information about a custom presentation for you, drop us a line.
4. If You’re Not Yet a Client, Engage Me to Represent You. If you’re interested in increasing your profit and managing your risk of loss, email me to connect directly. |
|
|
