The healthcare industry is constantly changing as lawmakers, payers, patients, and other stakeholders adapt to new realities. In health systems, it’s not just the governance, risk, and compliance (GRC) function’s job to stay on top of the law. Providers and support staff, too, must understand the changing legal landscape.
The added complexities of the COVID-19 pandemic, in particular, have had a great impact on laws affecting healthcare this year. Check out our rundown of seven legal issues that providers and administrators should be aware of in 2021.
1. Telehealth law
2020 was quite a year for telehealth law; the already growing area of law expanded exponentially, with waivers to decrease telehealth payment barriers, measures to protect patients, and audits to reduce fraud as stand-outs. In 2021, look for continued expansion of telehealth coverage. Starting with the Centers for Medicare & Medicaid Services (CMS) List of Medicare Telehealth Services, make sure your billing staff is up to date and aware of the codes, both permanent and temporary, that can be used to report telehealth services.
It’s also important to understand the multiple regulations regarding telehealth that have been instituted this year.
- Consult CMS’ COVID-19 Emergency Declaration Blanket Waivers for Health Care Providers, which give greater flexibility for Medicare telehealth services.
- The Public Readiness and Emergency Preparedness Act (PREP Act) contains declarations that authorize healthcare personnel to use telehealth across state lines to order or administer covered countermeasures and to provide telehealth providers immunity from liability for claims concerning those countermeasures.
- Look for increased state and federal measures that aim to protect the privacy of telehealth patients—but at the same time help to ensure an ease of reimbursement for telehealth providers including the necessary sharing of patient information for billing and treatment purposes.
All of these measures to decrease barriers to telehealth are happening at the same time that the Office of Inspector General (OIG) has increased the number of its audits in this area. Telehealth providers should take a proactive stance in reviewing their billed claims and the compliance of their telehealth programs to ensure they are in keeping with federal requirements.
2. HIPAA compliance and PHI
The last major update to the Health Insurance Portability and Accountability Act (HIPAA) occurred more than seven years ago. We should expect significant changes to the law, however, because the Office for Civil Rights (OCR) announced its new proposal in December 2020. The proposed updates center around a patient’s right to access protected health information (PHI) while also reducing barriers to healthcare operations and value-based reimbursement systems.
A major proposed update includes allowing patients access to inspect their PHI in person and to take notes or photographs of their PHI. Another significant proposed change shortens the time that a provider is allowed to respond to a patient’s request for their records. Other proposed PHI-related changes include:
- Allowing patients access to their electronic PHI at no charge in certain circumstances, and amending the permissible fee structure for record requests
- Reducing certain identity verification burdens regarding PHI in an electronic health record
- Excluding care coordination and case management uses and disclosures from the “minimum necessary” standard
- Replacing the “professional judgment” standard for PHI uses and disclosures with a standard based on the good faith belief that the use or disclosure is in the best interest of the individual
- Expanding the ability to disclose PHI to avert a threat to health or safety when a harm is “serious and reasonably foreseeable”
- Eliminating the requirement to obtain a patient’s written acknowledgement of a provider’s Notice of Privacy Practices (NPP) and modifying the content requirements of the NPP
Also related to HIPAA compliance: In 2021, expect a trend toward increased enforcement action by the OCR related to its HIPAA Right of Access Initiative. There have been 18 such enforcement actions since 2019. OCR states that it’s undertaking this initiative to “support individuals’ right to timely access of their health records at a reasonable cost under the HIPAA Privacy Rule.” OCR often investigates a provider for a single instance of alleged failure to respond timely to a patient’s records request. One recent action resulted in a settlement of $30,000, and for the 18 actions since 2019, the settlements have ranged from $3,500 to $160,000. When settling with the OCR, a healthcare provider must also agree to a corrective plan and two years of OCR-mandated monitoring.
It is important for every provider organization, large and small, to review their procedures for responding to patient record requests and to ensure that each request is responded to in a timely way. Currently, according to the Department of Health & Human Services (HHS), access to requested information should be provided within 30 days of receiving the request, unless there is a reason why it cannot be provided in that time frame and the patient is provided a written explanation. However, even if the provider has a valid reason for delay, the request must be fulfilled within 60 days of the initial request with only one extension allowed per patient.
3. Healthcare employers liability & ensuring safe work conditions
One question we will undoubtedly encounter more in 2021 than last year is: In what ways will healthcare employers be liable (and thus responsible for damages) for their employees’:
- Exposure to contracting COVID-19
- Labor issues related to the pandemic
Already, employees have filed hundreds of lawsuits and more than 100 class action suits, alleging their employers violated federal and state regulations regarding employee safety or labor issues.
Providing a safe working environment for healthcare workers has always been important, but it’s even more so now in the COVID-19 era. The Centers for Disease Control (CDC) and the Occupational Safety and Health Administration (OSHA) have extensive guidelines for healthcare settings that healthcare provider organizations should consult. According to OSHA, healthcare providers should develop and implement infection control and preparedness plans and communicate those plans to workers through effective training. In addition, employers need to assess the risks and follow the hierarchy of controls for worker protection.
Labor issues—especially allegations of retaliation, wrongful termination, or wrongful denial of leave—account for a significant percentage of the recent COVID-19-related lawsuits brought by employees. Healthcare employers must consult both federal and state sources for regulations regarding labor practices. In particular, two federal acts addressing the pandemic to be aware of are:
- Families First Coronavirus Response Act (FFCRA): Requires employers with fewer than 500 workers to provide employees with job-protected leave for reasons related to the COVID-19 pandemic, including if they need to care for a minor child or if the employee becomes ill. Employers must be aware of certain exclusions from leave entitlements for healthcare employees.
- Worker Adjustment and Retraining Notification Act (WARN): Requires employers of 100 or more employees to provide advance notice to employees when either permanently closing a job location or implementing a mass layoff. A recent court ruling declared that COVID-19 would not fall under the “unforeseeable business circumstance” exception to the notice requirement.
4. Long-term care and nursing homes
Long-term care (LTC) facilities, nursing homes, and skilled nursing facilities have been hit hard by the COVID-19 pandemic, and as a result there are new federal guidance and requirements to ensure quality of care for these entities. Since March 2020, nearly all nursing facilities have received a targeted inspection by CMS. These will continue throughout 2021, and providers need to understand the changing guidance from CMS. As noted above with telehealth providers, LTC and nursing facilities should consult the CMS COVID-19 Emergency Declaration Blanket Waivers for Health Care Providers. A number of the blanket waivers that excluded certain requirements for nursing homes have expired, and those requirements will now be enforced.
CMS recently updated its guidance for revised visitation recommendations and is now allowing responsible indoor visitation at all times and for all residents, regardless of vaccination status of the resident or visitor, except under certain circumstances that should limit visitation (e.g., confirmed COVID-19 status or quarantine).
Other significant changes include CDC’s requirements for LTC and nursing facilities to report COVID-19 data weekly on:
- Suspected and confirmed cases among residents and staff
- Total deaths and COVID-19 deaths among residents and staff
- Amount of PPE supplies and ventilator capacity in the facility
- Resident beds and census
- Access to COVID-19 testing for residents
- Staffing shortages
Nursing facilities also are required to provide information about suspected and confirmed COVID-19 cases among residents and staff to residents and their families, within certain time frames.
5. False Claims Act
The Department of Justice (DOJ) recovered more than $2.2 billion in settlements and judgments related to the False Claims Act (FCA) in 2020, $1.8 billion of it related to the healthcare industry. The FCA is the basis for combating healthcare fraud and is the civil tool for the DOJ to redress false claims for federal funds. The 2020 actions involved drug and medical device manufacturers, managed care providers, hospitals, pharmacies, hospice organizations, laboratories, and physicians. The following are trends in FCA settlements thus far this year, and are expected to continue:
- An increase in whistleblower lawsuits: Some $1.6 billion of the FCA cases this year were brought by a whistleblower, called qui tam lawsuits. Because whistleblowers have inside information that is critical to identifying potential fraud in an organization that the DOJ would not have otherwise, the whistleblower shares in the money the DOJ recovers. The government paid out $309 million in 2020 to whistleblowers.
- An increase in settlements holding individuals responsible: In several FCA examples in 2020, individual doctors from a medical practice agreed to pay large amounts (in one case $4.25 million) to resolve civil allegations related to illegal kickbacks.
- The largest recoveries were from drug manufacturers that funded co-payments of Medicare patients to protect high drug prices: Two pharmaceutical manufacturers paid more than $148 million each to resolve claims that they illegally paid patient copays for their own drugs.
- The most common fraud schemes were opioid-related fraud, followed by kickback schemes.
6. Patient safety and healthcare inequity
According to the experts, racial and ethnic disparities in healthcare are among the top patient safety issues for 2021. We’ve seen this reflected in discrepancies in medical care among minorities with regard to access to healthcare, testing, and vaccination throughout the COVID-19 pandemic. The following studies illustrate the problem:
- The CDC published that the Hispanic or Latinx population makes up 18.5% of the U.S. population, but comprises 32.5% of COVID-19 deaths.
- The Urban Institute’s Health Policy Center recently published a study that black patients experienced significantly worse quality of care compared to white patients in six of the 11 patient safety quality indicators that measure rates of adverse patient safety events, including five out of seven surgery-related safety indicators.
Healthcare organizations need to devote resources to improve health equity and can start by taking the following steps:
- Incorporate health equity into the strategy of the organization and educate employees on its importance.
- Assess the culture of the organization regarding health equity and develop goals to address weaknesses.
- Look to community resources and partner with them in their initiatives.
- Address any racism in the organization and develop a cultural competence strategy within the organization.
7. General access to healthcare
For many Americans, access to care has always been problematic, but a recent CDC study found that four in 10 U.S. adults have avoided access to care due to issues surrounding the COVID-19 pandemic. Further, 12% of adults have neglected emergency care during the pandemic, and 32% have gone without routine care. The study found that certain populations were more negatively affected than others, such as Black and Latinx patients, patients with chronic illness, and unpaid family caregivers.
Access to health services is also a key domain of the social determinants of health. Barriers to access to healthcare could be due to poor access to transportation or limited healthcare resources, but the most significant barrier is a lack of insurance coverage. The Affordable Care Act has worked to increase insurance coverage to a greater percentage of Americans. In addition, the Medicaid Expansion aspects of the Act have helped narrow disparities in health coverage and access to care. However, not all states have expanded Medicaid. In 2021, we will be watching to see if the remaining 12 states will adopt and implement the Medicaid expansion and also what steps the Biden administration will take legislatively to extend coverage to more Americans.
symplr Compliance offers legal and regulatory content in its risk assessment management module of our powerful and flexible platform. We provide the software, tools, and unique expert content you need to assess your regulatory compliance stance and discover the changes in healthcare laws that affect your organization. Learn more about symplr Compliance and our entire portfolio of GRC solutions.