Health Plans Should Prepare For Plan Fallout Of HHS Rule Requiring Manufacturers Disclose Drug Prices

May 9, 2019

On Wednesday, May 8, 2019, Health and Human Services(“HHS”) Secretary Alex Azar announced the adoption of a Medicare and Medicaid Programs; Regulation to Require Drug Pricing Transparency Final Rule (the “Rule”) by the Centers for Medicare & Medicaid Services (“CMS”) requiring direct-to-consumer television advertisements for prescription pharmaceuticals covered by Medicare or Medicaid to include the list price – the Wholesale Acquisition Cost – if that price is equal to or greater than $35 for a month’s supply or the usual course of therapy.

Part of President Trump’s American Patients First blueprint, the 102 page Rule seeks to increase transparency for patients and bring down overall drug costs both for patients and for the Medicare and Medicaid programs.

Effective 60 days after its official publication in the Federal Register on May 10, 2019, the Rule will require direct-to-consumer television advertisements for prescription drug and biological products covered by Medicare or Medicaid to include the list price – the Wholesale Acquisition Cost – if that price is equal to or greater than $35 for a month’s supply or the usual course of therapy, with the prices updated quarterly.

According to CMS, the 10 most commonly advertised drugs have list prices ranging from $488 to $16,938 per month or usual course of therapy. CMS believes patients should know what a drug costs as they discuss their options with their doctor.

While pharmaceutical drug manufactures generally must obtain approval from the FDA Office of Prescription Drug Promotion (ODPD) for advertising, OPDP does not review price information in prescription drug advertisements. Consequently, HHS says ODPD will not require a manufacturer that simply adds price information to a direct-to-consumer advertisement as required by § 403.1202 of the Rule unless the price information explicitly or implicitly incorporates safety or efficacy information about the drug, or makes express or implied claims about the safety or efficacy of the drug.

In addition to the Rule, HHS continues to review a number of other rules and proposals it hopes to further advance the American Patients First blueprint initiative to improve drug price transparency and inform consumer decision making by fixing opaque systems, changing incentives that drive costs or other undesirable behaviors by pharmaceutical companies, prescription benefit management (“PBM”) companies, health insurers and plans, providers and patients.

Health plan, their employer and other sponsors, insurers, PBM and other vendors and others should anticipate that the new Rule and other elements and initiatives of the Trump Administration American Patients First blueprint will impact plan design and administration both by directly impacting PBM and pharmaceutical costs, products, formularies and arrives and by fueling a host of new discussions by patients and their providers about pharmaceutical drug selection. In addition to impacting existing plan features and their administration, health plans, their fiduciaries, administrators and insurers should prepare for a predictable surge in scrutiny by plan

members about health plan prescription drug formularies that in many cases will fuel new appeals and challenges to the plan denials, formularies and other impacted features. Health plan fiduciaries, administrators, PBMs and other vendors, employer and other sponsors should anticipate and begin preparing both to handle these new health plan demands and ideally, to educate patients and their caregivers to use the new information to

make better health care choices.

If you have questions or would like more information about the new Rule or other developments impacting your health plan design or administration, please contact the author directly.

If you found this article of interest, Solutions Law Press, Inc. invites you to check out other Solutions Law Press, Inc. publications. We also invite you to share your own best practices ideas and resources and join the discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press HR & Benefits Update Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations; and other private and government organizations and their management leaders.

Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline; handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as the following:


  • Health Plans Should Prepare For Plan Fallout Of HHS Rule Requiring Manufacturers Disclose Drug Prices
  • Congress Moves To Enact Federal Paid Leave Rules
  • $3 Million OCR Touchstone Settlement Warns Health Plans of Perils of HIPAA Violations
  • Employer Faces 5 Years Imprisonment For Not Paying Employment & Income Tax Withholding To IRS
  • Health Plans Must Share PHI To Apps When Members Request, Responsible For Security On Plan-Sponsored Apps
  • NLRA Not Violated By Employers Termination of Union Dues Withholding In Response To Wisconsin Right To Work Law
  • Tell Employees, Plan Members About April 27 National Prescription Drug Take Back Day
  • Proposed FLSA Joint Employer Rule Would Reduce Business’ Joint Employer Wage & Hour Liability
  • Proposed FLSA Base Pay Rule Clarifies Overtime Treatment Of Perks
  • Federal Veterans Hiring Benchmark Resets 3/31 To 5.9%; Prepare For Audits & Other Enforcement
  • Consider Employee Recess In Your Employee Wellness Programs
  • Use 3/26 Diabetes Alert Day Resources To Jumpstart Your Diabetes Management & Cost Containment Efforts
  • NLRB Responds To House Democrats About Private Contractor Participation In Joint Employment Rule Comment Processing
  • Employee Transportation Deduction Rules Changed
  • 2019 Mileage Rates Adjusted; Employee Unreimbursed Mileage & Relocation Mileage Deductions Unavailable In 2018 and 2019
  • If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. We also invite you to join the discussion of these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.


    $3 Million OCR Touchstone Settlement Warns Health Plans of Perils of HIPAA Violations

    May 6, 2019

    Health plans, their sponsoring employers and unions, insurers, fiduciaries, administrators, insurers and other service providers should learn from the $3 million lesson a Franklin, Tennessee-based diagnostic medical imaging services provider is learning about the heavy penalties a health plan, health care provider, health care clearinghouse  or business associate  (“Covered Entity”) risks if a post-data breach investigation by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”)  shows  the Covered Entity breached the privacy, data security, business associate agreement and breach notificataion rules of the Health Insurance Portability and Accountability Act (HIPAA) Security and Breach Notification Rules before or after the breach.

    Under a new OCR Resolution Agreement and Corrective Action Plan announced May 6, 2019, Touchstone Medical Imaging (“Touchstone”) must pay $3,000,000 to OCR and adopt a corrective action plan to settle OCR charges it violated HIPAA arising from an OCR investigation of Touchstone’s handling of a 2014 breach.  Around May 9, 2014, the Federal Bureau of Investigation (“FBI”) and OCR notified Touchstone that one of its FTP servers allowed uncontrolled access to PHI that allowed search engines to index the PHI of more than 300,000 of Touchstone’s patients, which remained visible on the Internet even after the server was taken offline.   While Touchstone initially claimed that no patient PHI was exposed,  in the course of OCR’s investigation, Touchstone subsequently admitted PHI of more than 300,000 patients was exposed including, names, birth dates, social security numbers, and addresses.  As a result of its delayed acknowledgement of the occurrence of the breach on May 9, 2014, Touchstone did not provide notice of the breach until October, 2014, months after OCR and FBI notified it of the breach.   See here.

    OCR’s investigation found Touchstone breached HIPAA before and after the breach.  OCR’s investigation  found before the breach, Touchstone failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its electronic PHI (ePHI), and failed to have business associate agreements in place with its vendors, including their IT support vendor and a third-party data center provider as required by HIPAA.   OCR also found Touchstone did not thoroughly investigate the security incident until several months after notice of the breach from both the FBI and OCR.  Consequently, Touchstone’s notification to individuals affected by the breach also was untimely.

    To resolve OCR charges arising from these events, Touchstone agreed to pay OCR $3,000,000.  In addition to the monetary settlement, Touchstone will undertake a robust corrective action plan that includes the adoption of business associate agreements, completion of an enterprise-wide risk analysis, and comprehensive policies and procedures to comply with the HIPAA Rules.

    The Resolution Agreement illustrates the expensive price Covered Entities risk from failing to conduct risk assessments, obtain business associate agreements and fulfill other HIPAA requirements before a breach, then failing to promptly investigate, provide notification and redress a breach when discovered.  Covered Entities should learn from the painful lesson learned by Touchstone by reconfirming the adequacy of their current HIPAA  compliance and using care to timely and adequately investigate and provide notification if and when a breach occurs.

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third party administrative services organizations and other payer organizations;  billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompassess advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

    Ms. Stamer has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

    Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

    A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


    Court Ruling Obamacare Unconstitutional Leaves Obamacare Future Uncertain As Annual Enrollment Period Ends

    December 15, 2018

    A ruling by a Federal District judge on Friday (December 14, 2018) ruled unconstitutional the Patient Protection and Affordable Care Act (ACA) touches off a new wave of uncertainty about the future of the massive healthcare reform law commonly known as Obamacare just as the enrollment period for 2019 health coverage ended. While Federal District Judge Reed O’Connor finds in his ruling released on Friday that amendments passed by Congress last December robbed the ACA of its original constitutionality, only time will tell if the ruling actually will end the ACA reforms or the effect of such ruling on the hotly debated ACA reforms and other statutory and regulatory reforms Congress and the Trump Administration subsequently prospectively or retrospectively. Consequently, health plans, their employer and other sponsors, insurers, administrators, and fiduciaries; health care providers, consumers and others will need to watch developments closely.

    Justice O’Connor’s decision was released one day before the last day of the enrollment period for Americans to elect whether and what coverage, if any, to enroll in through the Obamacare exchanges for calendar 2019.

    In Texas v. US, Texas Governor Greg Abbott and other Republican governors challenged the constitutionality of the ACA following passage of the Tax Cuts and Jobs Act of 2017 (TCJA). The plaintiffS argued the TCJA rendered the ACA unconstitutional because it repealed the individual mandate of the ACA upon which the Supreme Court previously found the ACA constitutional.

    In the 2012 decision in Nat’l Fed’n of Indep. Businesses v. Sebelius (NFIB), 567 U.S. 519, 530–38 (2012) written by Chief Justice Roberts, the Supreme Court ruled that Congress could not rely upon the Commerce Clause for Constitutional authority to enact the ACA.  However, the Supreme Court nevertheless found the Individual Mandate provisions of the ACA preserved the constitutionality of the ACA as a constitutional exercise of Congress’ Taxing Power.

    In Texas v. US, the plaintiff governors argue that the repeal of the Individual Mandate as part of Congress’ passage of the TCJA last December robbed the ACA of its constitutionality.  They say it is no longer fairly readable as an exercise of Congress’s Tax Power and continues to be unsustainable under the Interstate Commerce Clause. They further urge that  if they are correct, the balance of the ACA is untenable as inseverable from the Invalid Mandate. Judge O’Connor agreed with the plaintiff’s in his ruling on Friday.  Now it remains to be seen if his ruling  will face and withstand the appeal and if so, what effect it will have on Obamacare overall and other subsequent statutory and regulatory reforms.

    While only time will tell whether the decision stands and its effect, the path to clarity promises to be filled with more drama and uncertainty.   Former US Attorney General Jeff Sessions previously had stated that the Justice Department under his leadership would not expend resources to defend the ACA.  It remains to be seen how the Justice Department will not respond in light of his recent resignation.  Even if the Justice Department does not step up to defend Obamacare, it is likely that states like California that have intervened in support of the ACA in the litigation will attempt to appeal the action.  Assuming that an appeal proceeds, a Court of Appeals would hear the appeal before an almost certain appeal by the losing side in that appeal to the United States Supreme Court, where President Trump’s new appointee would hear the action.  Along with the possibility that these Courts will uphold the trial court’s ruling, either of these appeals courts could overrule the trial court in whole or in part. Thus, subsequent appeals decisions could:

    • Reverse Judge O’Connor’s ruling entirely, leaving The ACA intact in its current form; or
    • Uphold part but not all of the decision, leaving some parts in place but not others.

    pending further decisions, it remains unclear if subsidies, prohibitions against preexisting conditions, guaranteed issue, cost regulations, benefit and coverage mandates and other insurance reforms, health care billing and other reforms will survive.

    Meanwhile, regardless of the outcome of the appeals, the decision and its fallout almost certainly will touch off more debate in Congress.  With health care reform already a hot topic, more Congressional battles were inevitable. However the decision adds a new and significant wrinkle to the politics of the health reform fight.

    In January November’s election will cause the leadership of the House of Representatives is set to transfer from Republicans to Democrats while leaving control over the Senate in the hands of Republications.  With leadership of the two legislative bodies split, Democrats are unlikely to be able to use their new control of the House to enact legislation that would overrule outright an adverse decision by the courts. Consequently, Democrats will have an uphill battle if the court decision stands unless and until they can regain Senate control. Instead they are likely to be related to the role occupied by the House the past 4 years in which bills to enact the Democrat vision will pass the House only to die a quick death in the Republican controlled Senate or face veto by the Republican President.

    On the other hand, Republicans also could not overcome a decision unfavorable to their agenda for the opposite reason: Despite control of the majority in the Senate and having a Republican President opposed to the ACA, Republicans can’t enact legislation without winning a majority of votes in the House.

    On the other hand, either party can and almost certainly will use its veto power over the other party’s agenda. The fight likely will spill over into budget, immigration, workforce and other jet legislation that otherwise might and should enjoy bipartisan support in Congress.

    As the litigation proceeds, concerned parties will want to keep a close eye of the Courts, the regulation and enforcement actions of the Trump Administration and the Congress.

    Meanwhile, it is important to keep in mind that implementation of Judge O’Connor’s decision is stayed pending appeal.

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of managed care and other health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Past Chair of the ABA Managed Care & Insurance Interest Group, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer is nationally recognized as a thoughtleader in health benefits and health care matters domestically and internationally.  She has been continuously involved the design, regulation, administration and defense of managed care and other health and employee benefit, health care, human resources and other staffing and workforce arrangements, contracts, systems, and processes.  As a continuous component of this work, Ms. Stamer has worked closely with these and other clients on the design, development, administration, defense, and breach and data recovery of health care, workforce, insurance and financial services, trade secret and other information technology, data and related process and systems development, policy and operations throughout her career.

    Scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues.

    Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

    Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

    Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

    A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about contracting, credentialing and quality assurance,  compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Author of works on Payer and Provider Contracting and many other managed care concerns, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


    $2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others

    May 10, 2017

    Healthcare providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) can’t disclose the name or other protected health care information about a patient in press releases or other announcements without prior authorization from the patient. That’s the clear lesson Covered Entities should learn from the $2.4 million payment to the U.S. Department of Health and Human Services (HHS) that the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS) is paying to settle charges it violated the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by issuing a press release with the name and other protected health information (PHI) about a patient without the patient’s prior HIPAA-compliant authorization under a Resolution Agreement and Corrective Action Plan (Resolution Agreement) announced May 10, 2017 by HHS Office of Civil Rights (OCR).

    The Resolution Agreement resolves OCR charges the operator of 13 hospitals, eight Cancer Centers, three Heart & Vascular Institutes, and 27 sports medicine and rehabilitation centers violated the Privacy Rule that resulted from an OCR compliance review of MHHS triggered by multiple media reports suggesting that MHHS improperly disclosed the name and other details about a patient arrested and charged with presenting an allegedly fraudulent identification card to office staff at an MHHS’s clinic after MHHS clinic staff alerted law enforcement of suspicions the patient was presenting false identification to the clinic. According to OCR, after law enforcement investigated and arrested the patient, MHHS published a press release concerning the incident in which MHHS senior management approved the impermissible disclosure of the patient’s PHI by adding the patient’s name in the title of the press release without securing prior authorization of the patient.

    While OCR concluded the report to law enforcement allowable under the Privacy Rule, OCR found MHHS violated the Privacy Rule by issuing the press release disclosing the patient’s name and other PHI without authorization from the patient and also by failing to timely document the sanctioning of its workforce members for impermissibly disclosing the patient’s information.

    To resolve and avoid the potential Civil Monetary Penalties that HIPAA could authorize OCR to impose for the alleged Privacy Rule violation, MHHS agrees in the Resolution Agreement to pay OCR a $2.4 million monetary settlement and implement a corrective action plan that obligates MHHS to update and train its workforce on its policies and procedures on safeguarding PHI from impermissible uses and disclosures including specific instructions and procedures to:

    • Address (a) Uses and disclosures for which an authorization is required, including to the media, to public officials, and on the internet; (b) Disclosures for law enforcement purposes; and (c) Uses and disclosures for health oversight activities;
    • Identify MHHS personnel or representatives whom workforce members, agents, or business associates may contact in the event of any inquiry or concern regarding compliance with HIPAA in relation to these activities;
    • Internal reporting procedures requiring all workforce members to report to the designated person or office at the earliest possible time any potential violations of the Privacy, Security or Breach Notification Rules or of MHHS’ privacy and security policies and procedures and MHHS promptly to investigate and address all received reports in a timely manner; and
    • Application and documentation of appropriate sanctions (which may include retraining or other instructive corrective action, depending on the circumstances) against members of MHHS’ workforce, including senior level management, who fail to comply with the Privacy, Security or Breach Notification Rules or MHHS’ privacy and security policies and procedures, including a description of the sanctions; a timeframe in which MHHS will apply and document sanctions for violations of the HIPAA Rules or of MHHS’ privacy, security or breach policies or procedures; the manner in which MHHS will document the sanctions; and where MHHS will store or retain such documentation (e.g., personnel file).

    The corrective action plan in the Resolution Agreement also requires all MHHS facilities to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media and others.

    Covered entities should keep in mind the MHHS Resolution Agreement is the latest in a series of OCR enforcement actions and resolution agreements highlighting the need for Covered Entities to adopt and use appropriate policies and procedures to prevent wrongful disclosures of PHI to the media or public. For instance, in June, 2013, OCR required Shasta Regional Medical Center (SRMC) to pay a $275,000 settlement payment and implement a comprehensive corrective action plan to resolve OCR charges stemming from SRMC’s disclosure of PHI about a patient to members of the media and its workforce in an effort to respond to accusations the patient made that SRMC engaged in fraud and other misconduct. See HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce.  In contrast, the $2.2 million resolution agreement that OCR required New York Presbyterian Hospital for improperly allowing a film crew to film hospital patients in violation of HIPAA was almost 10 times greater than the SRMC penalty and was accompanied by OCR’s publication OCR of specific additional guidance warning Covered Entities against improper disclosures to the media. See $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use.

    Following on the heels of this previous guidance and prior enforcement actions warning Covered Entities against wrongful disclosure to the media, the MHHS Resolution Agreement sends a strong message to Covered Entities that they should expect little sympathy if their organizations improperly share PHI with the media. OCR’s announcement of the MHHS Resolution Agreement, for instance quotes OCR Director Roger Severino with stating that “Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response.” The announcement goes on to quote Director Severino further as stating, “This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when making statements to the public and elsewhere.”

    Conduct Entity-Wide Risk Assessment & Review & Tighten Media Relations Policies, Processes & Training ASAP

    Covered entities should heed the warning by conducting a risk assessment of their organization’s susceptibility to potential improper disclosures to media or others and reviewing and implementing necessary written policies, procedures and training to prevent the improper disclosure of patient PHI to media or others unless the Covered Entity either secures prior HIPAA-compliant authorization from the patient or can prove the disclosure falls squarely under an exception to the Privacy Rule’s prohibition against disclosure of PHI without authorization except as allowed by the Privacy Rule.

    Taking these and other needed steps to evaluate, and strengthen and enforce as needed, risk assessments, policies, procedures, and training to prevent wrongful use, access or disclosure of PHI to the media or others is particularly critical in light of the ongoing tightening of expectations, and rising enforcement and sanctions for HIPAA violations since Congress amended HIPAA in 2009. See OCR Audit Program Kickoff Further Heats HIPAA Privacy RisksHIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website

    Based on experiences reported in the MHHS and other similar resolution agreements, Covered Entities also generally will want to ensure that their policies, procedures and training extend to all potential sources of communications that could involve patient information and make clear that the Privacy Rule restrictions must be followed even if the circumstances involve allegations of misconduct, special performance by healthcare providers or others that it would benefit the organization or certain individuals to have known to the public, or other circumstances likely to be of interest to the media or other parties.

    As part of this process, covered entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate training and clarification is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations.  Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

    In conducting this analysis and risk assessment, it will be important that Covered Entities include, but also look beyond the four corners of their Privacy Policies to ensure that their review and risk assessment identifies and assesses and addresses compliance risks on an entity wide basis. This entity-wide assessment should include both communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer.  For this reason, Covered Entities also generally will not only to adopt and implement specific policies, processes and training in these other departments to prohibit and prevent inappropriate disclosures of PHI in the course of those departments operations. It also may be advisable to pre-established processes for reviewing media or other communications for potential PHI content and require prior review of any proposed public relations and other internal or external communications containing patient PHI or other information by the privacy officer, legal counsel or another suitably qualified party.

    Because of the high risk that the preparation or review of media or other public communications reports will involve the use and disclosure of PHI, Covered Entities also generally should verify that all outside media or public relations, legal, or other outside service providers participating in the investigation, response or preparation or review of communications to the media or others both are covered by signed business associate agreements that fulfill the Privacy Rule and other requirements of HIPAA as well as possess detailed knowledge and understanding of the Privacy and Security Rules suitable to participate in and help safeguard the Covered Entity against violations of these and other Privacy Rules.  See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements.

    About The Author

    Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

    Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

    As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to manage and defend compliance, public policy, regulatory, staffing and other operations and risk management concerns. A core focus of this work includes work to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; dealings with JCHO and other accreditation and quality organizations; investigation and defense of private litigation and other federal and state health care industry investigations and enforcement; insurance or other liability management and allocation; process and product development; managed care, physician and other staffing, business associate and other contracting; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

    Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws.  Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on trade secret, HIPAA and other medical, consumer, insurance, tax, and other  privacy and data security, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

    In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

    Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

    In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

    The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked closely with a diverse range of physicians, hospitals and healthcare systems, DME, Pharma, clinics, health care providers, managed care, insurance and other health care payers, quality assurance, credentialing, technical, research, public and private social and community organizations, and other health industry organizations and their management deal with governance; credentialing, patient relations and care; staffing, peer review, human resources and workforce performance management; outsourcing; internal controls and regulatory compliance; billing and reimbursement; physician, employment, vendor, managed care, government and other contracting; business transactions; grants; tax-exemption and not-for-profit; licensure and accreditation; vendor selection and management; privacy and data security; training; risk and change management; regulatory affairs and public policy and other concerns.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health plans, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

    A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    ©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved. For information about republication or other use, please contact Ms. Stamer here.

     


    Confirm Health Plan Contraceptive & Colonoscopy Coverage Meets Latest FAQ ACA Preventive Care Guidance

    April 27, 2016

    Employer and other group health plan sponsors, fiduciaries and administrators and  individual and group health insurers should confirm their plan documents and practices comply with new additional guidance on when the Patient Protection and Affordable Care Act (ACA) preventive care mandates set forth in Public Health Services (PHS) Act section 2713, the Employee Retirement Income Security Act (ERISA) and the Internal Revenue Code (the Code) require non-grandfathered group health plans to cover colonoscopies and Food and Drug Administration (FDA)-approved contraceptives as preventive services without co-pays or deductibles in light of yet more guidance on the preventive care rule jointly published April 20, 2016 by the Departments of Labor (DOL), Health and Human Services (HHS), and the Treasury (collectively, the “Agencies”) in FAQs about Affordable Care Act Implementation (Part 31) (FAQ 31).

    Employer and other plan sponsors, group health plan fiduciaries and insurers alike should make compliance with the ACA preventive care mandates a priority because violations of the preventive coverage rule not only exposes group health plans and insurers to potential liability for wrongful denial of benefits, breach of fiduciary duty for ERISA covered arrangements and other similar insurance claims for insurers under state law, noncompliance with these mandates generally triggers liability for an employer to self-assess, self-report on Internal Revenue Service Form 8928 an excise penalty of $100 per participant per day for each day of uncorrected violation.  With most employers sponsoring plans facing a deadline to file Form 8928’s for any uncorrected disclosures soon, now is the time to review and correct any violations of the preventive care guidelines over the past year and preventing future deadlines.

    ACA Preventive Care Mandate Overview

    The preventive care mandates of ACA generally require that health insurance or plan coverage offered in the individual or group market cover the following items or services without imposing any cost-sharing requirements:

    • Evidence-based items or services that have in effect a rating of “A” or “B” in the current recommendations of the United States Preventive Services Task Force (USPSTF) with respect to the individual involved, except for the recommendations of the USPSTF regarding breast cancer screening, mammography, and prevention issued in or around November 2009, which are not considered in effect for this purpose;
    • Immunizations for routine use in children, adolescents, and adults that have in effect a recommendation from the Advisory Committee on Immunization Practices (ACIP) of the Centers for Disease Control and Prevention (CDC) with respect to the individual involved;
    • With respect to infants, children, and adolescents, evidence-informed preventive care and screenings provided for in comprehensive guidelines supported by the Health Resources and Services Administration (HRSA); and
    • For women, evidence-informed preventive care and screening provided for in comprehensive guidelines supported by HRSA, to the extent not included in certain recommendations of the USPSTF subject to special rules with respect to coverage of contraceptive services for group health plans and group health insurance coverage provided in connection with group health plans established or maintained by religious employers.

    See 1.26 CFR 54.9815-2713, 29 CFR 2590.715-2713, 45 CFR 147.130.

    If a recommendation or guideline does not specify the frequency, method, treatment, or setting for the provision of a recommended preventive service, then the plan or issuer may use reasonable medical management techniques to determine any such coverage limitations.  See 26 CFR 54.9815-2713(a)(4), 29 CFR 2590.715-2713(a)(4), 45 CFR 147.130(a)(4).

    FAQ 31 On Coverage of Colonoscopies Pursuant to USPSTF Recommendations

    Concerning colonoscopies, FAQ 31 states that because the Agencies view preparation for a preventive screening colonoscopy an integral part of the procedure, bowel preparation medications, when medically appropriate and prescribed by a health care provider, are an integral part of the preventive screening colonoscopy that group health plans and health insurers must cover without cost sharing, subject to reasonable medical management).

    Coverage of Food and Drug Administration (FDA)-approved Contraceptives

    FAQ 31 also supplements an already extensive list of Agency guidance concerning when group health plans and health insurers must cover contraceptives as preventive care without cost sharing under ACA stemming from the HRSA Guidelines’ inclusion of a recommendation of all FDA-approved contraceptive methods, sterilization procedures, and patient education and counseling for all women with reproductive capacity, as prescribed by a health care provider.

    FAQs about Affordable Care Act Implementation (Part XII), Q14  (FAQ 12) previously released in 2013 states the HRSA Guidelines ensure women’s access to the full range of FDA-approved contraceptive methods including, but not limited to, barrier methods, hormonal methods, and implanted devices, as well as patient education and counseling, as prescribed by a health care provider.   FAQ 12 also states group health plans and insurers may use reasonable medical management techniques to control costs and promote efficient delivery of care, such as covering a generic drug without cost sharing and imposing cost sharing for equivalent branded drugs provided that the plan or insurer accommodates any individual for whom a particular drug (generic or brand name) would be medically inappropriate, as determined by the individual’s health care provider, by having a mechanism for waiving the otherwise applicable cost sharing for the brand or non-preferred brand version.

    In FAQs about Affordable Care Act Implementation (Part XXVI), Q2 and Q3 (FAQ26) subsequently published on May 15, 2016, the Agencies clarified that group health plans and health insurers:

    • Must cover without cost sharing at least one form of contraception in each of the methods (currently 18) identified for women by the FDA;
    • To the extent plans and issuers use reasonable medical management techniques within a specified method of contraception, must have an easily accessible, transparent, and sufficiently expedient exceptions process that provides for making a determination on the claim according to a timeframe and in a manner that takes into account the nature of the claim (e.g., pre-service or post-service) and ensures the medical exigencies involved for a claim involving urgent care is not unduly burdensome on the individual or provider (or other individual acting as a patient’s authorized representative, including a provider) to ensure coverage without cost sharing of any service or FDA-approved item within the specified method of contraception;
    • Must defer to the determination of the attending provider and cover a service or item without cost sharing a particular service or FDA-approved item that the individual’s attending provider recommends based on a determination of medical necessity with respect to that individual, where medical necessity could include considerations such as severity of side effects, differences in permanence and reversibility of contraceptives, and ability to adhere to the appropriate use of the item or service, as determined by the attending provider; and
    • In the case of health insurers required to provide essential health benefits (EHB) under the ACA, must have an exceptions process that meets the standards in 45 CFR 156.122(c).

    FAQ 31 supplements this previous Agency guidance by confirming that group health plans and health insurers may develop a standard exception form with instructions that an attending provider may use to prescribe a particular service or FDA-approved item based on a determination of medical necessity with respect to the individual involved and suggests the Medicare Part D Coverage Determination Request Form as an appropriate model for the development of such forms.

    Act To Verify Compliance, Leverage Opportunities

    FAQ 31 and the other guidance presents a two-edged sword for health insurers and group health plans and their sponsors.  On one hand, failing to design and administer their health benefit programs to comply with these and other rules and interpretations about the preventive care and other federal health plan mandates imposed by the ACA or other laws can trigger significant liability for insurers as well as group health plans and theirsponsoring employers.  On the other hand, group health plans and insurers that carefully design and administer their arrangements to comply with the guidance also can take advantage of opportunities to manage utilization and costs using the narrow windows of opportunity offered within the guidance.

    In either case, careful, well-documented efforts to verify compliance in response to the evolving guidance is important to prevent unanticipated violations and position group health plans, their sponsoring employers and fiduciaries and insurers to mitigate potential exposures in the event of a violation of existing or subsequently published guidance.

    About The Author

    A practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C.,  Ms. Stamer’s more than 28 years’ of leading edge work as an practicing attorney, author, lecturer and industry and policy thought leader have resulted in her recognition as a “Top” attorney in employee benefits, labor and employment and health care law.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Cynthia Marcotte Stamer is a noted Texas-based management lawyer and consultant, author, lecturer and policy advocate, recognized as among the “Top Rated Labor & Employment Lawyers in Texas” by LexisNexis® Martindale-Hubbell® and as among the “Best Lawyers In Dallas” for her work in the field of “Tax: Erisa & Employee Benefits” and “Health Care” by D Magazine.

    Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

    Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer helps management manage. Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.  Well-known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.  Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.

    A Fellow in the American College of Employee Benefit Counsel, Ms. Stamer uses her deep and highly specialized knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others.  She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.  In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others. Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation, Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

    Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally.  A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings.  She also works as a policy advisor and advocate to many business, professional and civic organizations.

    Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

    Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by email here or by telephone at (469) 767-8872.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.

    ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press. All other rights reserved.


    Brace For Health Plan OCR HIPAA Audits

    March 22, 2016

    healthinsurance 10

    Employer and union sponsored health plans, their sponsors, fiduciaries, and business associates should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) follow OCR’s 2016 audit program on the heels of its announcement last week of two large HIPAA settlements last week.

    OCR confirmed today it is sending emails notifying health plans, healthcare providers, healthcare clearing houses (Covered Entities) and their business associates identified as part of the kickoff of its next phase of audits of Covered Entities.  In light of the  HIPAA verification rules  and the notorious spread of opportunistic identity theft and other fraud by opportunistic Cybercriminals following these types of announcements, Covered Entities and business associates should carefully verify the requests validity and manage the response to avoid violating HIPAA in responding and position for defensibility against potential penalties.

    Even if health plans or other Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.

    To catch up on this latest guidance, Solutions Law Press, Inc. ™ invites you to register to participate in a special WebEx briefing on “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” on Wednesday, March 30, 2016 beginning at Noon Central Time on Wednesday, March 30, 2016.

    2016 Audit Program 

    In its 2016 Phase 2 HIPAA Audit Program, OCR will review the policies and procedures adopted and employed by Covered Entities  and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. OCR says it will primarily conduct these audits as desk audits, although some on-site audits will be conducted.

    According to today’s announcement, the 2016 audit process begins with verification of an entity’s address and contact information. OCR is sending emails to Covered Entities and business associates requesting that contact information be provided to OCR on time. OCR will then send a pre-audit questionnaire to gather data about the size, type, and operations of potential audit targets.  OCR says this data will be used with other information to create potential audit subject pools.  Recipients should contact qualified legal counsel immediately for advice and assistance about proper procedures to verify the email is in fact from OCR and for assistance in responding.

    If an entity does not respond to OCR’s request to verify its contact information or pre-audit questionnaire, OCR will use publicly available information about the entity to create its audit subject pool. Therefore an entity that does not respond to OCR may still be selected for an audit or subject to a compliance review. Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity’s spam filtering and virus protection are automatically enabled, OCR expects entities to check their junk or spam email folder for emails from OCR.

    The announcement also reflects that OCR is still developing other aspects of the audit program. OCR will post updated audit protocols on its website closer to conducting the 2016 audits. The audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used as a tool by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities.

    OCR says its audits will enhance industry awareness of compliance obligations and enable OCR to better target technical assistance regarding problems identified through the audits. Through the information gleaned from the audits, OCR will develop tools and guidance to aid the industry in compliance self-evaluation and in preventing breaches. OCR plans to use results and procedures used in the phase 2 audits to develop its permanent HIPAA audit program.

    OCR Settlements Show Enforcement Risk

    The audit program announcement comes less than a week after OCR announced millions of dollars of new penalties under settlements with two Covered Entities:

    • A $1,555,000 settlement with North Memorial Health Care of Minnesota;
    • A $3.9 million settlement with Feinstein Institute for Medical Research.

    The two settlements drive home again the substantial liability that health care providers, health plans, health care clearinghouses and their business associates risk for violating HIPAA.

    Feinstein Settlement

    Feinstein is a biomedical research institute organized as a New York not-for-profit corporation sponsored by Northwell Health, Inc., formerly known as North Shore Long Island Jewish Health System, a large health system headquartered in Manhasset, New York comprised of 21 hospitals and over 450 patient facilities and physician practices.

    OCR’s investigation began after Feinstein filed a breach report indicating that on September 2, 2012, a laptop computer containing the electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI stored in the laptop included the names of research participants, dates of birth, addresses, social security numbers, diagnoses, laboratory results, medications, and medical information about potential participation in a research study.

    OCR’s investigation discovered that Feinstein’s security management process was limited in scope, incomplete, and insufficient to address potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the entity. Further, Feinstein lacked policies and procedures for authorizing access to ePHI by its workforce members, failed to implement safeguards to restrict access to unauthorized users, and lacked policies and procedures to govern the receipt and removal of laptops that contained ePHI into and out of its facilities. For electronic equipment procured outside of Feinstein’s standard acquisition process, Feinstein failed to implement proper mechanisms for safeguarding ePHI as required by the Security Rule.

    “Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities,” said OCR Director Jocelyn Samuels. “For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”

    The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/Feinstein/index.html.

    North Memorial

    The Feinstein settlement announcement follows yesterday’s announcement of a $1.5 million plus settlement with North Memorial to resolve HIPAA charges that it failed to implement a business associate agreement with a major contractor and failed to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information. North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities.

    The settlement highlights the importance for healthcare providers, health plans, healthcare clearinghouses and their business associates to comply with HIPAA’s business associate agreement and other HIPAA organizational, risk assessment, privacy and security, and other requirements.

    OCR’s announcement emphasizes the importance of meeting these requirements. “Two major cornerstones of the HIPAA Rules were overlooked by this entity,” said Director Samuels. “Organizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure.”

    The settlement comes from charges filed after OCR initiated its investigation of North Memorial following receipt of a breach report on September 27, 2011, which indicated that an unencrypted, password-protected laptop was stolen from a business associate’s workforce member’s locked vehicle, impacting the ePHI of 9,497 individuals.

    OCR’s investigation indicated that North Memorial failed to have in place a business associate agreement, as required under the HIPAA Privacy and Security Rules, so that its business associate could perform certain payment and health care operations activities on its behalf. North Memorial gave its business associate, Accretive, access to North Memorial’s hospital database, which stored the ePHI of 289,904 patients. Accretive also received access to non-electronic protected health information as it performed services on-site at North Memorial.

    The investigation further determined that North Memorial failed to complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure — including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes.

    In addition to the $1,550,000 payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan, as required under the Security Rule. North Memorial will also train appropriate workforce members on all policies and procedures newly developed or revised pursuant to this corrective action plan.

    The Resolution Agreement and Corrective Action Plan can be found on the HHS website at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/north-memorial-health-care/index.html.
    Settlement Latest Reminder To Manage HIPAA Risks.

    Following up on OCR’s imposition of its second-ever HIPAA Civil Monetary Penalty (CMP) and the latest in an ever-growing list of settlements by Covered Entities under HIPAA, these latest  settlements illustrate the substantial liability that Covered Entities face for violating HIPAA. To avoid these liabilities, Covered Entities must constantly be diligent to comply with the latest guidance of OCR about their obligations under HIPAA.

    As OCR continues to issue additional guidance as well as supplement this guidance through information shared in settlement agreements like the North Memorial settlement, even if Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.

    Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities face growing responsibilities and liability for maintaining the security of ePHI.

    In response to HITECH, OCR continues to use a carrot and stick approach to encouraging and enforcing compliance. As demonstrated by OCR’s imposition of the second-ever HIPAA Civil Monetary Penalty (CMP) of $239,000 against Lincare and the ever-growing list of Resolution Agreements OCR announces with other Covered Entities, OCR continues to step up enforcement against Covered Entities that breach the Privacy and Security Rules. See OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000.

    On the other hand, OCR also continues to encourage voluntary compliance by Covered Entities by sharing guidance and tools to aid Covered Entities to understand fulfill their HIPAA responsibilities such as the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016.The crosswalk that maps the HIPAA Security Rule to the standards of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) as well as mappings to certain other commonly used security frameworks.

    While stating that the HIPAA Security Rule does not require use of the NIST Cybersecurity Framework, OCR says it hopes the Crosswalk will provide “a helpful roadmap” for HIPAA Covered Entities and their business associates to understand the overlap between the NIST Cybersecurity Framework, the HIPAA Security Rule, and other security frameworks that can help Covered Entities safeguard health data in a time of increasing risks and help them to identify potential gaps in their programs.

    At the same time, OCR’s announcement of its release of the Crosswalk also cautions users that “use of the Framework does not guarantee HIPAA compliance.” Rather, OCR says “the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.

    With a USA Today report attributing more than 40 percent of data breaches to the healthcare industry over the last three years 91 percent of all health organizations having reporting breaches over the last two years, OCR has made clear that it intends to zealously investigate and enforce the Security Rules against Covered Entities that violate the Security Rules against Covered Entities that fail to take suitable steps to safeguard the security of PHI as required by the HIPAA Security Rule.

    To meet these requirements, the HIPAA Security Rule requires that Covered Entities conduct and be prepared to product documentation of their audit and other efforts to comply with the Security Rule Most Covered Entities will want to consider including an assessment of the adequacy of their existing practices under the Crosswalk and other requirements disclosed by OCR in these assessments to help position the Covered Entity to defend or mitigate HIPAA CMP and other liabilities in the event of a HIPAA breech or audit.

    Changing Rules Complicate Compliance

    In addition to maintaining adequate security, HIPAA also requires Covered Entities to provide individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans in accordance with the HIPAA Privacy Rule. In response to recurrent difficulties experienced by individuals in exercising these rights, OCR recently published supplemental guidance to clarify and promote better understanding and compliance with these rules by Covered Entities.   OCR started this process in January, 2015 by releasing a comprehensive fact sheet (Access fact sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient.

    Earlier this month, OCR followed up by publishing on March 1, 2016 a second set of FAQs addresses additional issues, including the fees individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they so choose.

    Covered entities and their business associates should expect OCR to ask about use of these tools in audits and investigations.  Accordingly, they should move quickly to review and update their business associate agreements and other practices to comply with this new guidance as well as watch for further guidance and enforcement about these practices from OCR.

    Other Key HIPAA Regulatory & Enforcement Changes Raise Responsibilities & Risks

    OCR’s new guidance on access to PHI follows a host of other regulatory and enforcement activities. While the particulars of each of these new actions and guidance vary, all send a very clear message: OCR expects Covered Entities and their business associates to comply with HIPAA and is offering tools and other guidance to aid them in that process. In the event of a breach or audit, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply.

    Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.

    Register For 3/30 Webex Briefing

    Solutions Law Press, Inc.™ invites to catch up on the latest guidance on the Covered Entities’ responsibility under HIPAA to provide access to patients to PHI by registering here to participate in the “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” Webex briefing by attorney Cynthia Marcotte Stamer that Solutions Law Press, Inc.™ will host beginning at Noon Central Time on Wednesday, March 30, 2016.

    About The Author

    Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
    Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.

    As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

    Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com  such as:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.  ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved.


    New EEOC Lawsuit Challenges Orion Energy Systems Employee Benefit Program Under ADA

    September 19, 2014

    Employers using or considering using health risk assessments or other wellness programs should carefully monitor a new Equal Employment Opportunity Commission (EEOC) lawsuit, EEOC v. Orion Energy Systems, Civil Action 1:14-cv-01019 (E.D.Wis.), which is the first time the EEOC has sued an employer under the Americans With Disabilities Act (ADA) based on the employer’s wellness program.

    Although the alleged facts in Orion reflect its practices might be much more aggressive than in common use by most employers, the principles argued by the EEOC in  Orion raise potential concerns for the growing number of employers relying on health risk assessment and other wellness programs to help manage health benefit costs, employee disabilities, and other concerns.

    According the Kaiser Family Foundation, health risk assessments and other wellness program use is increasingly common.  The majority of employers reportedly now offer some sort of wellness program — 94 percent of employers with over 200 workers, and 63 percent of smaller ones.

    Employers that use these arrangements generally believe their health risk assessment or other wellness benefit passes legal muster as long as it complies with standards established in final regulations amending the nondiscrimination requirements of the Health Insurance Portability Act (HIPAA). The sponsors of these arrangements often are unaware of or discount the likelihood that the EEOC might view these and other wellness benefit arrangements as violating the ADA prohibitions against medical inquiries that are not both job related and necessary to the job or other ADA disability discrimination prohibitions.

    In Orion, the EEOC contends that Orion instituted a wellness program that required medical examinations and made disability-related inquiries.  When employee Wendy Schobert declined to participate in the program, Orion shifted responsibility for payment of the entire premium for her employee health benefits from Orion to Schobert. Shortly thereafter, Orion fired Schobert.

    The EEOC charges Orion violated federal law by requiring an employee to submit to medical exams and inquiries that were not job-related and consistent with business necessity as part of a so-called “wellness program,” which the EEOC charges was not voluntary, and then by firing the employee when she objected to the program.

    The EEOC maintains that Orion’s wellness program violated the ADA as applied to Schobert.  Additionally, EEOC also charges Orion wrongfully retaliated against Schobert because of her good-faith objections to the wellness program. The EEOC further asserts that Orion interfered with Schobert’s exercise of her federally protected right to not be subjected to unlawful medical exams and disability-related inquiries.

    “Employers certainly may have voluntary wellness programs — there’s no dispute about that — and many see such programs as a positive development,” said John Hendrickson, regional attorney for the EEOC Chicago district. “But they have to actually be voluntary. They can’t compel participation by imposing enormous penalties such as shifting 100 percent of the premium cost for health benefits onto the back of the employee or by just firing the employee who chooses not to participate. Having to choose between responding to medical exams and inquiries — which are not job-related — in a wellness program, on the one hand, or being fired, on the other hand, is no choice at all.”

    The Orion litigation reminds businesses of the advisability or properly designing and managing wellness programs to comply with applicable legal requirements.

    Financial or other incentive and reward programs of course must be designed to comply with HIPAA’s nondiscrimination rules, the ADA and privacy rules.   Privacy requirements also can be a challenge under these laws unless information collected from screening and other wellness and disease management activities is carefully collected, routed and handled to comply with HIPAA, GINA and other privacy rules.  See, e.g,   EBSA Issues Guidance on Health PLan Wellness & Disease Management Programs Subject to HIPAA Nondiscrimination RulesADAAA Amendment Broader “Disability Definition Not Retroactive, Employer Action Needed To Manage Post 1/1/2009 RisksBusinesses Face Rising Disability Discrimination Enforcement Risks; EEOC Finalizes Updates To Disability Regulations In Response to ADA Amendments Act.

    Employers and health plans also should review the existing preventive care coverage provided in their health plans to ensure compliance with expanded federal mandates enacted as part of the sweeping new federal health care reform law. See e.g., Affordable Care To Require Health Plans Cover Contraception & Other Women’s Health Procedures.

    If you need assistance addressing the legal requirements of your wellness program or other workforce, employee benefit, compensation or risk management concern, contact the author of this update.  We also encourage you and others to help develop real meaningful improvements by joining Project COPE: Coalition for Patient Empowerment here by sharing ideas, tools and other solutions and other resources. TheCoalition For Responsible Health Care Policy provides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.You also can access information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here.

    About Author Cynthia Marcotte Stamer

    If you need help reviewing or updating your health benefit program for compliance with ACA or other laws or with any other employment, employee benefit, compensation or internal controls matter, please contact the author of this article, attorney Cynthia Marcotte Stamer.

    A 2011 inductee to the American College of Employee Benefits Council, immediate past-Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPPT Employee Benefits & Other Compensation Arrangements, an ABA Joint Committee on Employee Benefits Council Representative, the ABA TIPS Employee Benefit Plan Committee Vice Chair, former ABA Health Law Section Managed Care & Insurance Interest Group Chair, past Southwest Benefits Association Board Member, Employee Benefit News Editorial Advisory Board Member, and a widely published speaker and author,  Ms. Stamer has more than 24 years experience advising businesses, plans, fiduciaries, insurers. plan administrators and other services providers,  and governments on health care, retirement, employment, insurance, and tax program design, administration, defense and policy.   Nationally and internationally known for her creative and highly pragmatic knowledge and work on health benefit and insurance programs, Ms. Stamer’s  experience includes extensive involvement in advising and representing these and other clients on ACA and other health care legislation, regulation, enforcement and administration.

    Widely published on health benefit and other related matters, Ms. Stamer’s insights and articles have been published by the HealthLeaders, Modern Health Care, Managed Care Executive, the Bureau of National Affairs, Aspen Publishers, Business Insurance, Employee Benefit News, the Wall Street Journal, the American Bar Association, Aspen Publishers, World At Work, Spencer Publications, SHRM, the International Foundation, Solutions Law Press and many others.

    For additional information about Ms. Stamer and her experience, see www.CynthiaStamer.com.

    About Project COPE: The Coalition On Patient Empowerment & Its  Coalition on Responsible Health Policy

    Sharing and promoting the use of practical practices, tools, information and ideas that patients and their families, health care providers, employers, health plans, communities and policymakers can share and offer to help patients, their families and others in their care communities to understand and work together to better help the patients, their family and their professional and private care community plan for and manage these  needs is the purpose of Project COPE.

    The best opportunity to improve access to quality, affordable health care for all Americans is for every American, and every employer, insurer, and community organization to seize the opportunity to be good Samaritans.  The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch.  Americans can best improve health care by not waiting for someone else to step up:  Speak up, step up and help bridge the gap when you or your organization can do so by extending yourself a little bit.  Speak up to help communicate and facilitate when you can.  Building health care neighborhoods filled with good neighbors throughout the community is the key.

    The outcome of this latest health care reform push is only a small part of a continuing process.  Whether or not the Affordable Care Act makes financing care better or worse, the same challenges exist.  The real meaning of the enacted reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye.  Americans individually and collectively clearly should monitor and continue to provide input through this critical time to help shape constructive rather than obstructive policy. Regardless of how the policy ultimately evolves, however, Americans, American businesses, and American communities still will need to roll up their sleeves and work to deal with the realities of dealing with ill, aging and disabled people and their families.  While the reimbursement and coverage map will change and new government mandates will confine providers, payers and patients, the practical needs and challenges of patients and families will be the same and confusion about the new configuration will create new challenges as patients, providers and payers work through the changes.

    For Added Information and Other Resources

    If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

    For Help Or More Information

    If you need assistance in auditing or assessing, updating or defending your organization’s compliance, risk manage or other  internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

    Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping employers and other management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend union-management relations, wage and hour, discrimination and other labor and employment laws, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions.  The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, reengineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters.Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see hereor contact Ms. Stamer directly.

    About Solutions Law Press

    Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.com.

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.

    ©2011 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press.  All other rights reserved.