Life Science Compliance Update

« December 2012 | Main | February 2013 »

25 posts from January 2013

January 31, 2013

HHS Unveils Final HIPPA Omnibus Rule

In late January, the U.S. Department of Health & Human Services (HHS) issued four final rules, combined to create an omnibus final rule addressing several aspects of patient privacy under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The rules were combined—563 pages—to “reduce the impact and number of times certain compliance activities need to be undertaken by regulated entities.”  The new rule will be effective March 26, with a compliance date of Sept. 21.  As reported by FierceHealthIT, the rules include: 

  • Modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health Act, and certain other modifications to improve the rules, which were issued as a proposed rule on July 14, 2010.
  • Changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act, originally published as an interim final rule on Oct. 30, 2009.
  • A final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule’s “harm” threshold with a more objective standard and supplants an interim final rule published on Aug. 24, 2009.
  • A final rule modifying the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes, which was published as a proposed rule on Oct. 7, 2009. 

“Much has changed in healthcare since HIPAA was enacted over 15 years ago," HHS Secretary Kathleen Sebelius said in a statement. "The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age."

According to HHS, contractors, subcontractors and other business associates of healthcare entities that process health insurance claims now will be liable for the protection of private patient information under the updated rule.  In addition, monetary penalties for noncompliance with the rule have increased, with a maximum penalty of $1.5 million per violation. 

Individual rights are expanded in important ways.  Patients can ask for a copy of their electronic medical record in an electronic form.  When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan.  The final omnibus rule sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of an individuals’ health information without their permission.   

The FDA Law Blog posted an interesting analysis explaining that the new rule places dramatic revisions to marketing practices and research authorizations.   For example, previously, “pharmaceutical companies could pay pharmacies to communicate with their patients for the purpose of either reminding patients to refill their prescription (“refill reminders”), or to recommend switching to alternative therapies (“switch communications”).”

The final rule “now requires patient authorization before using protected health information for all paid communications that recommend a product or service to the patient, regardless of whether the purpose is treatment or health care operations.”  There are several exceptions, however for: 

  • Refill reminders,
  • Adherence communications, and
  • Other communications about a drug or biologic that is currently prescribed for the individual do not require authorization, provided that the payment received by the covered entity is “reasonably related to the covered entity’s cost of making the communication.”   

The post explained that “reasonably related” most likely “means the covered entity cannot profit from the communication.  If the covered entity receives a financial incentive beyond their cost, they must obtain the patient’s authorization.”   

“HHS also clarified that communications about a drug or biologic currently prescribed includes communications about generic equivalents.  They also clarified that for self-administered drugs or biologics, communications about the entire drug delivery system, such as an insulin pump are considered communications about the drug itself.” 

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” HHS Office for Civil Rights Director Leon Rodriguez said in a statement.  “These changes not only greatly enhance a patient's privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.” 

The final rule was accepted for review by the Office of Management and Budget last March and had been dubbed as moving to its final clearance hurdle by Susan McAndrew, Deputy Director for Health Information Privacy at OCR at that time.  It had been anticipated that the rule would be published last summer. 

Executing the New Rules 

In response to the new rules, several healthcare stakeholders expressed concern about the challenges executing them.  Todd Richardson , vice president and CIO of Wausau, Wis.-based non-profit health system Aspirus, Inc., told FierceHealthIT that “providers and vendors that use and create electronic health record systems already walk a tight balance between complying with HIPAA and meeting the requirements of the HITECH Act and Meaningful Use regulations.” 

“On one hand we have 'protect, protect, protect' and on the other hand we have 'share, share, share,” Richardson said to FireceHealthIT.  “While the balance is ‘protect and share,’ the devil is always in the details.  The reality is that all of the information is not under the tight control of the covered entity.” 

Richardson added that “while all healthcare professionals understand the responsibility to protect patient information, as more systems come online with information, inevitably, there will be more opportunity for data breaches.”   Donna Staton, CIO at Warrenton, Va.-based Fauquier Health, noted that the rules “may require a lot of payers and vendors to rethink their positions under reform, where there is already a lot of momentum.”  “Patients will definitely see this as an improvement, though, giving them increased control, which supports the goal of improved patient engagement under reform,” she said. 

Joseph Kvedar, director of Partners HealthCare's Center for Connected Health in Boston, noted that while privacy is important, “the more privacy we have, the less data liquidity--and that could be a challenge.” 

Angela Rose, MHA, RHIA, CHPS, director of health information management practice excellence at the American Health Information Management Association (AHIMA), told Medpage Today that the health information management industry is “breathing a sigh of relief” after the final rule was released, noting that final rules have been anticipated since 2009. 

“The final rule ... strengthens patient privacy and security protections that were established under [HIPAA],” said Renae Moch, practice management strategist at the American Academy of Family Physicians in an email.  “This rule is presumed to increase workability and flexibility, decrease burden, and better standardize the requirements of the rule for covered entities such as healthcare providers, health plans, or healthcare clearinghouses.” 

Impact on Clinical Trials 

Analyzing the final rules, RAPs noted that clinical trial sites “will also be exempted from certain requirements, such as those limiting the use of single authorizations ("compound authorizations") for the release of PHI. (Page 175 of the rule).”

“Permitting the use of protected health information is part of the decision to receive care through a clinical trial, and health care providers conducting such trials are able to condition research-related treatment on the individual’s willingness to authorize the use or disclosure of protected health information for research associated with the trial,” DHHS explained in its rule. 

These exemptions could prove crucial to companies hoping to use collected data for “corollary research activity,” such as for research databases or repositories used to find common genetic markers or other information used to generate new information on therapies.  “However, trial sites will still be prohibited from using compound authorizations for tissue banking purposes, though they can ask for such samples in a separate authorization form or in the same package so long as it is unconditional,” RAPs writes.  DHHS suggested the use of separate check boxes and authorization signature lines for entities that wish to simplify the enrollment process. 

Impact on EHRs, HIT 

FierceHealthIT also noted that the final omnibus rule has a number of important provisions that directly affect electronic health records (EHRs) and related health information technology (HIT), including: 

  • Health information exchanges (which the rule calls health information organizations) and electronic prescribing gateways will be considered business associates and thus directly subject to many of HIPAA's privacy and security provisions. The obligation applies upon creation of the business associate relationship, not when a business associate agreement is signed. A personal health record vendor may or may not be a business associate, depending on the services that the vendor is providing to the covered entity.
  • Business associate agreements are necessary despite this new direct liability [i.e. EHR vendors that qualify as business associates need to sign these contracts]
  • A provider does not have to use an EHR to comply with the new rule, but if the provider does use an EHR, patients have the right to obtain copies of their records in electronic format, in a form requested by the patient. If that format is not available, then the format provided shall be as agreed upon by the provider and the patient. The provider can only charge the patient the labor costs involved.
  • The final rule sets 30 days (down from 60) for providers to provide patients with access to their records, but "encourages" providers to take advantage of their technologies and provide them sooner, considering that the Meaningful Use program contemplates much faster access than 30 days. 

“If a covered entity belongs to a HIE, and the HIE suffers a breach, the covered entity is the one obligated to notify patients.  However, since multiple covered entities may be involved due the data sharing inherent in an HIE, the covered entities may delegate to the HIE the notification obligation since that way a patient will only receive one notice.”


January 30, 2013

HHS OIG Solicits Input on Safe Harbor Provisions

Safe harbor 2
The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) recently released a Notice in the Federal Register of it intent to develop regulations for new Safe Harbor provisions under the Federal anti-kickback statute (section 1128B(b) of the Social Security Act, as well as developing new OIG Special Fraud Alerts

Comments are due no later than February 26, 2013 and should reference OIG–121–N 


Section 1128B(b) of the Social Security Act (the Act) (42 U.S.C. 1320a–7b(b)) provides criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration to induce or reward business reimbursable under the Federal health care programs.  The offense is classified as a felony and is punishable by fines of up to $25,000 and imprisonment for up to 5 years. 

OIG may also impose civil money penalties, in accordance with section 1128A(a)(7) of the Act (42 U.S.C. 1320a–7a(a)(7)), or exclusion from the Federal health care programs, in accordance with section 1128(b)(7) of the Act (42 U.S.C. 1320a– 7(b)(7)). 

“Since the statute on its face is so broad,” OIG wrote, concern has been expressed for many years that some relatively innocuous commercial arrangements may be subject to criminal prosecution or administrative sanction. In response to the above concern, section 14 of the Medicare and Medicaid Patient and Program Protection Act of 1987, specifically required the development and promulgation of regulations, the so-called “safe harbor” provisions, specifying various payment and business practices that, although potentially capable of inducing referrals of business reimbursable under the Federal health care programs, would not be treated as criminal offenses under the anti-kickback statute and would not serve as a basis for administrative sanctions.  

OIG safe harbor provisions have been developed “to limit the reach of the statute somewhat by permitting certain non-abusive arrangements, while encouraging beneficial and innocuous arrangements” (56 FR 35952, July 29, 1991). Health care providers and others may voluntarily seek to comply with these provisions so that they have the assurance that their business practices will not be subject to liability under the anti-kickback statute or related administrative authorities.  The OIG safe harbor regulations are found at 42 CFR part 1001. 

OIG Special Fraud Alerts 

OIG has also periodically issued Special Fraud Alerts to give continuing guidance to health care providers with respect to practices OIG finds potentially fraudulent or abusive.  The Special Fraud Alerts encourage industry compliance by giving providers

guidance that can be applied to their own practices.  OIG Special Fraud Alerts are intended for extensive distribution directly to the health care provider community, as well as to those charged with administering the Federal health care programs.

In developing Special Fraud Alerts, OIG has relied on a number of sources and has consulted directly with experts in the subject field, including those within OIG, other agencies of the Department, other Federal and State agencies, and those in the health care industry. 

Section 205 of the Health Insurance Portability and Accountability Act of 1996 

Section 205 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), requires the Department to develop and publish an annual notice in the Federal Register formally soliciting proposals for modifying existing safe harbors to the anti-kickback statute and for developing new safe harbors and Special Fraud Alerts. 

In developing safe harbors for a criminal statute, OIG is required to engage in a thorough review of the range of factual circumstances that may fall within the proposed safe harbor subject area so as to uncover potential opportunities for fraud and abuse. Only then can OIG determine, in consultation with the Department of Justice, whether it can effectively develop regulatory limitations and controls that will permit beneficial and innocuous arrangements within a subject area while, at the same time, protecting the Federal health care programs and their beneficiaries from abusive practices. 

Solicitation of Additional New Recommendations and Proposals 

In accordance with the requirements of section 205 of HIPAA, OIG last published a Federal Register solicitation notice for developing new safe harbors and Special Fraud Alerts on December 29, 2011 (76 FR 89104).  OIG is not seeking additional public comment on the proposals listed in Appendix F at this time.  

Rather, this notice seeks additional recommendations regarding the development of new or modified safe harbor regulations and new Special Fraud Alerts beyond those summarized in Appendix F.  A detailed explanation of justifications for, or empirical data supporting, a suggestion for a safe harbor or Special Fraud Alert would be helpful and should, if possible, be included in any response to this solicitation. 

A. Criteria for Modifying and Establishing Safe Harbor Provisions 

In accordance with section 205 of HIPAA, OIG will consider a number of factors in reviewing proposals for new or modified safe harbor provisions, such as the extent to which the proposals would affect an increase or decrease in: 

  • Access to health care services,
  • The quality of health care services,
  • Patient freedom of choice among health care providers,
  • Competition among health care providers,
  • The cost to Federal health care programs,
  • The potential overutilization of health care services, and
  • The ability of health care facilities to provide services in medically underserved areas or to medically underserved populations. 

In addition, OIG will also take into consideration other factors, including, for example, the existence (or nonexistence) of any potential financial benefit to health care professionals or providers that may take into account their decisions whether to (1) order a health care item or service or (2) arrange for a referral of health care items or services to a particular practitioner or provider. 

B. Criteria for Developing Special Fraud Alerts 

In determining whether to issue additional Special Fraud Alerts, OIG will consider whether, and to what extent, the practices that would be identified in a new Special Fraud Alert may result in any of the consequences set forth above, as well as the volume and frequency of the conduct that would be identified in the Special Fraud Alert. 

ACCME Updates December and January

The Accreditation Council for Continuing Medical Education (ACCME) recently discussed several important announcements in its December 2012 and January 2013 newsletters.  The newsletters noted that to meet year-end reporting deadlines, ACCME-accredited providers must complete entering data for 2012 activities and complete 2012 program summary by Friday, March 29, 2013. 

The Program and Activity Reporting System (PARS) is always open and providers can enter basic information about an activity before it has taken place and complete the entry after the activity.  So far, 414 ACCME-accredited providers have entered more than 24,340 activities into PARS.  For more information about reporting, ACCME has several web pages for assistance. 

ACCME Clarifies Management of Payments to Reserve Space for CME Activities Held in Conjunction with Other Organizations’ Meetings 

In response to questions and input from accredited providers, the ACCME has issued a clarification concerning the management and reporting of payments to reserve space for accredited CME activities (sometimes called satellite symposia) held in conjunction with other organizations’ meetings. 

  • All funds that originate from an ACCME-defined commercial interest and are paid to reserve space to hold accredited CME activities are considered commercial support.
  • As with all commercial support, these funds must be paid directly to the accredited provider responsible for the activity or to a designated nonaccredited joint sponsor. 

The accredited provider responsible for the activity that is held in the reserved space must manage and report the funds as commercial support, in accordance with ACCME commercial support requirements (Standards for Commercial Support and related policies). 

Accredited providers are expected to comply with this clarification when planning and implementing future activities.  ACCME does not expect accredited providers to comply with this clarification retroactively.  Accredited providers do not have to revise agreements or plans that are already underway or resubmit or re-categorize financial information that has already been submitted into the Program and Activity Reporting System (PARS).  ACCME has provided a Q&A in support of this clarification.  

Executive Summary of November 2012 ACCME Board of Directors 

At the November 2012 Board of Directors meeting, the ACCME ratified 54 accreditation and reaccreditation decisions, including 14 providers (26%) that received Accreditation with Commendation.  The Board ratified 28 progress report decisions.  Of those, 20 (71%) progress reports demonstrated compliance with all ACCME requirements previously found in noncompliance.  Eight progress reports (29%) did not yet demonstrate compliance in all requirements and the providers are required to submit another progress report.  

The ACCME ratified decisions for two providers receiving joint accreditation: Creative Educational Concepts, LLC; and Duke University Health System.  The decisions have also been ratified by the Accreditation Council for Pharmacy Education (ACPE) and the American Nurses Credentialing Center (ANCC).  

As of November 2012, there are 701 ACCME-accredited providers.  This number includes 16 initial applicants that successfully achieved Provisional Accreditation from the ACCME in 2012.  There are 1,330 providers accredited by ACCME Recognized Accreditors (state or territory medical societies that accredit local organizations offering CME). 

The ACCME elected James Burke, MD, and Carlyle Chan, MD, as the 2013 Chair and Vice-Chair of the ACCME at the annual meeting of its Board of Directors, held November 29-30, 2012, in Chicago.  The ACCME also elected the following new Board members: 

  • Shannon K. Bolon, MD, MPH, Primary Care Medical Education Branch Chief, Health Resources and Services Administration, Rockville, MD
  • Galicano F. Inguito, Jr., MD, MBA, Associate Residency Program Director, Family Practice Residency Program, St. Francis Hospital, Wilmington, DE
  • Victor I. Reus, MD, Professor in Residence, Department of Psychiatry, University of California, San Francisco
  • Michael Romano, MD, MHA, Vice-President of Medical Affairs, Jennie Edmundson Memorial Hospital, Council Bluffs, IA
  • David A. Swankin, JD, President and CEO, Citizen Advocacy Center, Washington, DC 

Video Interviews: Improving Your CME Professional Practice 

The ACCME produced two video interviews providing practical strategies for improving CME professional practice. 

  • Empowering Staff to Facilitate Content Planning—Marilyn Peterson, MA, CCMEP, Director, CME, Texas Health Research & Education Institute, discusses how her staff became curriculum development specialists, enhancing their engagement with faculty, clinical content planning committees, and health system leadership, and improving the quality and value of the CME program.
  • From the Ground Up: Creating Your CME Program—Jane Nester, DrPH, Executive Director, Medical Education/AHEC at Moses Cone Hospital, shares the strategic approaches she used to create a transformative CME program. 

The ACCME also produced a video interview series focusing on the strategic value CME brings to graduate medical education. 

The CME Accreditation Statement: What It Means for You 

The ACCME has published a new Web page, The CME Accreditation Statement: What It Means for You, which explains the value and benefit of the accreditation system.  The Web page is part of ACCME’s ongoing efforts to communicate the value of accredited CME to health professionals and other stakeholders. Accredited providers are welcome to use this content to support their communications with stakeholders. 

ACCME Convenes Discussions on Interprofessional Education 

The ACCME Board of Directors convened discussions with invited guests about advancing interprofessional continuing education in support of interprofessional collaborative practice.   

James M. Galloway, MD, Assistant US Surgeon General, US Public Health Service, and Regional Health Administrator, US Department of Health & Human Services, Region V, discussed his experience working with the Indian Health Service and the National Native American CVD Prevention Program as an example of how interprofessional education and team-based care can address health care disparities. 

Kathleen Mudd, MBA, Vice-President for Product Delivery, National Committee for Quality Assurance; and Rowan K. Zetterman, MD, Dean, Creighton University School of Medicine, discussed their experience as jointly accredited providers, describing successful examples of interprofessional continuing education. 

Karen Drenkard, PhD, RN, Executive Director, American Nurses Credentialing Center; and Peter H. Vlasses, PharmD, DSc (Hon.), Executive Director, Accreditation Council for Pharmacy Education, joined with Murray Kopelow, MD, MS(Comm), ACCME President and CEO, to discuss their experience modeling interprofessional collaborative practice through the joint accreditation initiative. 

Registration Now Open for April 2013 CME as a Bridge to Quality™ Accreditation Workshop 

Registration is now open for the ACCME’s 2013 CME as a Bridge to Quality™ Accreditation Workshop scheduled for April 24-26 in Chicago. A second workshop will be held July 31-August 2.  

ACCME Presents at CME Provider Meetings in New Mexico, South Carolina, Washington State 

The ACCME participated in several CME events in New Mexico, South Carolina, and Washington State during the last few months: 

ACCME Participates in ABMS, AHA, CMSS Meetings 

The ACCME participated in the following meetings during the past few months as part of its ongoing collaboration with member organizations.  

  • Carlyle Chan, MD, member, ACCME Board of Directors, attended the Fall 2012 ABMS Board Congress, held by the American Board of Medical Specialties in September in Chicago. Kate Regnier, MA, MBA, ACCME Deputy Chief Executive and COO, participated in an American Board of Medical Specialties Maintenance of Certification® Committee meeting held in December in Chicago.
  • Kate Regnier, MA, MBA, ACCME Deputy Chief Executive and COO, participated in a meeting of the Lifelong Physician Development Stakeholder Workgroup convened by the American Hospital Association (AHA) in October in Chicago.
  • Ms. Regnier also participated in the Council of Medical Specialty Societies (CMSS) 2012 Annual Meeting, held in November in Washington, DC. The CMSS is an ACCME member organization. 

CE Accreditors Meeting Focuses on Interprofessional Education, Joint Accreditation 

The ACCME and its colleague accreditors, the (ACPE) and the (ANCC), held a meeting to discuss interprofessional education and the joint accreditation process developed by the three organizations.  The meeting focused on how accreditors could advance interprofessional continuing education in support of interprofessional collaborative practice 

In February 2013, the three accreditors will host a meeting at the ACCME’s offices in Chicago, Interprofessional Accreditation in Support of Interprofessional Education: An Exploratory Meeting of Accreditors. The inaugural meeting will bring together continuing education accreditors from a variety of health professions to identify areas of alignment among the accreditation systems and opportunities to support interprofessional collaborative practice.  Representatives from the ACCME, ACPE, and ANCC will describe how the joint accreditation process supports interprofessional education and collaborative practice. 

European CME Forum Includes ACCME Presentation 

Murray Kopelow, MD, participated in a panel discussion at the Fifth Annual Meeting of the European CME Forum, held in November in London.  Joining him on the panel were Dr. Edwin Borman, Secretary-General, European Union of Medical Specialists (UEMS)–European Accreditation Council for Continuing Medical Education (EACCME), and Pam Montgomery, PhD, Director, Fellowship & Standards and Deputy CEO, Royal Australasian College of Surgeons.  

The panelists discussed their visions and perspectives of accreditation and CME, based on their experience in their respective countries. Engaging with the audience, they discussed issues including the importance of rigorous accreditation standards, strategies for managing commercial support and conflicts of interest, cross-border recognition of CME, and how to raise the quality of CME.  The ACCME participated in the European CME Forum as part of its ongoing efforts to support collaboration in the global CME community

ACCME-Accredited Providers: 2013– 2014 Fee Schedule Posted 

The 2013–2014 fee schedule for ACCME-accredited providers is now available here. Accredited providers should note the following: 

2013 Fee Increases: The ACCME Board of Directors approved 2013 fee increases for services including pre-applications, progress reports, extensions, and conference call accreditation surveys. 

2014 Fee Structure Change: As we previously announced, in 2014, the ACCME is eliminating the reaccreditation fee.  In 2014, the ACCME-accredited provider annual accreditation fee will increase from $3,300 to $5,300. We will continue to assess separate fees for one-time and as-needed services, including pre-applications, initial accreditation, joint accreditation, survey team expenses, extensions, and progress reports. 

2012 ACCME State/Territory Medical Society Conference Concludes a Year of Engagement and Collaboration

The 2012 ACCME State/Territory Medical Society Conference: A Conference of Leaders, held December 12-13 in Chicago, was the culmination of a year of engagement and collaboration between the ACCME and Recognized Accreditors.

The conference addressed strategic opportunities for participants to reposition their CME enterprise as an educational home that provides the resources to support the continuing professional development of their physicians—in alignment with the expectations of physician licensure, certification, and health care reform.  Sessions also provided hands-on training to support state medical society CME accreditation, interpretation, and decision-making under the ACCME Markers of Equivalency and Accreditation Criteria

ACCME Participates in Coalition for Physician Accountability Meeting 

Members of the ACCME Board of Directors and executive staff participated in a meeting of the Coalition for Physician Accountability held January 7–8 in Dallas. James F. Burke, MD, Chair, and Carlyle Chan, MD, Vice-Chair, ACCME Board of Directors; and Murray Kopelow, MD, ACCME President and Chief Executive, participated in the meeting, which was hosted by the Federation of State Medical Boards (FSMB). 

The Coalition for Physician Accountability comprises members from the national organizations responsible for the oversight, education, and assessment of medical students and physicians throughout their medical careers. Its purpose is to strengthen the professional self-regulation system through continuous improvement of medical education, assessment, and practice.


Preview | Powered by FeedBlitz


February 2018
Sun Mon Tue Wed Thu Fri Sat
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28