Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

Exclusion Screening-OIG Screening: The New “Seventh Element” of Compliance.

 Exclusion Screening-OIG Screening(May 17, 2017): Exclusion screening-OIG screening duties are now more important than ever before!  The recently issued Resource Guide for Measuring Compliance Program Effectiveness,” a product of Office of Inspector General staff and compliance professionals roundtable discussions, reconfigures the traditional “Seven Elements of an Effective Compliance Program” by making the “Screening and Evaluation of Employees, Physicians, Vendors and other Agents” an element unto itself – or the new Seventh Element of Compliance! The Resource Guide, prepared under the auspices of the Health Care Compliance Association (HCCA), serves to once again underscore the critical role of exclusion screening-OIG screening, and background checks in compliance.

Paul Weidenfeld, Counsel at Liles Parker, has recently assessed this important change and provided an overview of the impact this change for the folks at Exclusion Screening.  For a detailed discussion of the statutory requirements of screening, the potential damages that may be assessed in the event of a violation AND your obligations as a provider participating in Medicare or Medicaid, we recommend you see the article on Exclusion Screening’s website.  This article may be accessed by clicking here.

Paul Weidenfeld is a Partner at Liles Parker, Attorneys & Counselors at Law.  Our attorneys are experienced and knowledgeable of your obligations under the law to conduct periodic “Exclusion Screening-OIG Screening” duties.  For a free consultation, please call: 1 (800) 475-1906.-

OIG And DOJ Issue Important New Compliance Guidance

Compliance Guidance

(April 14, 2017) Recently, the Office of Inspector General of the United States Department of Health and Human Services (OIG) and the Criminal Division of the Fraud Section at the United States Department of Justice (DOJ) have issued guidance on measuring the effectiveness of corporate compliance programs.  In February, DOJ placed on its website a document entitled “Evaluation of Corporate Compliance Programs.”  That document lists 119 sample questions that DOJ’s Fraud Section has in the past found relevant in its evaluation of the effectiveness of corporate compliance programs for the purpose of deciding whether to prosecute cases, and in recommending sentences for criminal violations.  These questions are separated into eleven (11) topic areas: analysis and remediation of underlying conduct, senior and middle management, autonomy and resources, policies and procedures, risk assessment, training and communication, confidential reporting and investigation, incentives and disciplinary measures, continuous improvement, periodic testing and review, third-party management, and mergers and acquisitions.  While not specifically addressing health care organizations, per se, the guidance is highly relevant to organizations and practices since they are questions that Federal prosecutors will be asking when evaluating compliance programs in any criminal investigation.  The guidance can be reviewed in its entirety at

Even more recently, on March 27 of this year, OIG published a parallel and more inclusive document focused specifically on the health care industry, “Measuring Compliance Program Utilization – A Resource Guide.” The Guide, which is 52 pages in length, sets out a checklist of questions broken down into seven standards based on the standard seven elements of an effective compliance programs, and further broken down into various subcategories under each element.  The guidance is the product of a round table on January 2017 that brought together a group of compliance professionals and staff from OIG “to discuss ways to measure the effectiveness of compliance programs.”  While the guidance is clear that it is not a “one size fits all,” it provides a number of ideas of “what to measure” and “how to measure” these programs, and should be mandatory reading for all compliance officers in organizations, whether a small physician’s office or a large hospital system or health care organization.  The guidance can be accessed at

Liles Parker attorneys, and frankly any knowledgeable attorney who specializes in health care, have for many years advised clients that is essential to establish a compliance program that is implemented effectively.  Among other things, an effective compliance program establishes the culture of compliance for an organization in following the law, that should demonstrate an ethos from the top down through every employee and professional.  It also provides management with the opportunity to detect and correct problems and potential issues before they either emerge or become widespread. Many, if not most, whistleblower lawsuits are the result of employees feeling that their concerns, when reported internally, were not investigated.

Moreover, Congress has mandated compliance plans for skilled nursing facilities and the revised requirements of participation require them for both nursing and skilled nursing facilities so that the effectiveness of these programs will become part of the survey process.  And, if an investigation arises, the conversation with enforcement agencies is dramatically different when an organization can demonstrate that it has an effective program as opposed to no program, or one that sits on a shelf.

One of the criteria that OIG has had for determining whether a compliance program is effective is whether the organization measures the effectiveness of its program, itself.  At a minimum, every organization should do this once per year.

Finally, in September 2015, DOJ issued a memorandum entitled “The Individual Accountability for Corporate Wrongdoing.”  Among other things, the memorandum, referred to as the Yates Memo,” instructs prosecutors and investigators to hold highly placed individuals within an organization accountable for the organization’s misconduct.  Prior to the issuance of the Yates memo, those of us involved as defense counsel in investigations were frequently able to obtain releases for individual members of an organization in settlements of civil and administrative investigations.  Since the issuance of the Memo, releases of individuals now occur on only the rarest of occasions.


For all of these reasons, it is imperative that every health care provider establish an effective compliance program and that it periodically measure the effectiveness of that program.  These guidances provide important and helpful information in how to accomplish that result.

Compliance GuidanceLiles Parker attorneys have extensive experience in developing compliance programs, providing compliance guidance, and working with clients in investigations.  Clients having questions related to these issues should contact Michael Cook at (202) 298-8750,


OIG Proposes New Anti-Kickback Law Safe Harbors

(November 10, 2014): The U.S. Department of Health and Human Services Office of Inspector General (“OIG”) recently published a Proposed Rule that would amend the safe harbor regulations under the Federal Anti-Kickback statute[1] (“AKS”) as well as add new safe harbors. The Proposed Rule would also establish new exceptions to the Civil Monetary Penalty (“CMP”) statute related to the beneficiary inducement CMP.[2] OIG will accept comments on the Proposed Rule by mail or electronically until December 2, 2014 at 5 p.m. (Eastern).

I.  The Anti-Kickback Statute and Safe Harbor Regulations:

The AKS provides criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward the referral of business reimbursable under Federal health care programs. The types of remuneration covered specifically include, but are not limited to, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. Additionally, prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients, but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program.

Due to the broad reach of the statute, interested parties expressed concern that some relatively innocuous commercial arrangements would be covered by the statute. This could, in turn, potentially subject entities to unwarranted criminal prosecution. As a result, Congress drafted certain “Safe Harbor” provisions. These regulations describe various payment and business practices that, although they potentially implicate the Federal AKS, are not treated as offenses under the statute.

II.  Changes to the Anti-Kickback Statute:

The Proposed Rule would modify certain existing safe harbors under the AKS as well as add new safe harbors that provide new protections or codify certain existing statutory protections. These changes include:

      • A technical correction to existing safe harbor for referral services;
      • Protection for certain cost-sharing waivers, including pharmacy waivers of cost-sharing for financially needy Medicare Part D beneficiaries and waivers for state- or municipality-owned emergency ambulance services;
      • Protection for certain remuneration between Medicare Advantage organizations and federally qualified health centers;
      • Protection for discounts by manufacturers on drugs furnished to beneficiaries under the Medicare Coverage Gap Discount Program; and
      • Protection for free or discounted local transportation services that meet specified criteria.

III.  Changes to the Beneficiary Inducement CMP:

The Beneficiary Inducement CMP statute generally prohibits any person or entity from offering remuneration to a Medicare or Medicaid beneficiary if that remuneration is likely to influence the beneficiary’s selection of a provider. The Proposed Rule would also amend and narrow the definition of “remuneration” to include certain exceptions for the following:

  • Copayment reductions for certain hospital outpatient department services
  • Certain remuneration that poses a low risk of harm and promotes access to care;
  • Coupons, rebates, or other retailer reward programs that meet specified requirements;
  • Certain remuneration to financially needy individuals; an
  • Copayment waivers for the first fill of generic drugs.

OIG also proposes to codify the gainsharing CMP[3]. The gainsharing CMP prohibits a hospital from knowingly paying, either directly or indirectly, a physician to induce the physician to reduce or limit the services provided to Medicare or Medicaid beneficiaries under the physician’s direct care. The Proposed Rule would narrow the prohibition in light of today’s health care landscape, which focuses on “accountability for providing high quality care at lower costs.”

IV.  Conclusion:

Health care providers should be interested in the Proposed Rule and make comments as necessary. The Proposed Rule makes pertinent changes to the AKS Safe Harbors and CMP laws that should give providers greater leeway to enter into beneficiary arrangements without fear that they will be subject to criminal penalties under the statutes. In a sense, the Proposed Rule follows OIG’s ongoing efforts to adopt regulations that promote lower costs and greater health care services while protecting patients and federal health care programs from fraud and abuse.

As a provider, if you have any questions about the current regulations found within the Anti-Kickback Statute or the proposed changes, please do not hesitate to give us a call today. We would be more than happy to assist you so that you remain compliant with all federal and statute regulations regarding potentially fraudulent activity.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by RACs, ZPICs and other CMS-engaged specialty contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

[1] 42 U.S.C. § 1320a-7b(b).

[2] 42 U.S.C. § 1320a-7a.

[3] 1128A(b)(1) of the Social Security Act.

HIPAA Risks of Breach: Windows XP Will No Longer be Supported by Microsoft

February 5, 2014 by  
Filed under Compliance

Overworked tired doctor at computer(February 5, 2014):  Has your practice addressed the latest HIPAA risks of breach that have been identified?  As discussed below, health care providers must take immediate remedial action if they are currently running Windows XP on one or more of their office computers. 

Why is this action necessary?  Because after April 8, 2014, Microsoft will no longer promulgate security updates or patches for this operating system. As a result, any computer running this outdated software system will effectively be non-compliant with HIPAA and HITECH regulations.

I.   Windows XP Support Ends April 2014:

Historically, Windows XP has been one of Microsoft’s most popular operating systems. It was first released in August 2001 and is still widely used on personal computers in both homes and business environments.  In fact, many health providers continue to use Windows XP on their workstations as part of a multi-faceted system that integrates electronic hardware, software, medical devices and the internet.

Unfortunately, as computers and the internet have become an integral part of the health care industry, Windows XP based computer systems and work stations have become a likely target for malicious activity. To combat these problems and protect users from cyber threats, Microsoft has customarily provided technical support for its software products for a period of years after the product’s release. Generally, this support comes in the form of a “service pack” and includes a collection of updates, fixes, or enhancements to a software program or operating system that is delivered in the form of a single installable package.

In the case of Windows XP, the software product has been out more than a decade and multiple newer versions of Windows have been released during period.  As a result, Microsoft has announced that after April 8, 2014, Windows XP will no longer be supported.   From a practical standpoint, this means that health care providers and other customers who still operate computers utilizing Windows XP will no longer receive new security updates, non-security hotfixes, free or paid support or online technical content updates. Any new vulnerabilities identified in the Windows XP operating system after April 8th will remain unaddressed by Microsoft.  Therefore, it will likely be easier for computer hackers to successfully infiltrate and exploit any Windows XP-based operating system via unpatched or non-secure vulnerabilities.

II. After April 2014, Providers Relying on Windows XP Systems will Have Another HIPAA Risk:

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress on August 21, 1996.  HIPAA regulates the availability and exchange of “Protected Health Information” (PHI) and helps prevent the unlawful release of patient medical information. The statute also helps to reduces instances of health care fraud, abuse, and sets standards for industry-wide billing procedures.  Under HIPAA, health care providers are obligated to take a wide range of steps designed to secure and protect PHI.

Both a “Privacy Rule” and a “Security Rule” are covered under HIPAA. These rules apply to “Covered Entities,” which include health plans, health care clearinghouses such as billing services, and health care providers that transmit health data in a way that is regulated by HIPAA. The Privacy Rule and the Security Rule have been designed to protect patient privacy and set standard procedures for the security of electronic PHI (e-PHI). Together, these two rules establish national standards for ensuring that a patient’s health information is kept confidential and secure.

Subsequent to the passage of HIPAA, Congress enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.  HITECH was created to encourage the adoption of electronic health records (EHR) and other support technology. Notably, the law also:

  • Expanded the obligations of physicians and other health care providers under HIPAA to protect patient’s PHI.
  • Extended the Privacy and Security Rules to business associates of the covered entities who have access to the PHI.
  • Increased the penalties for violations of those obligations under the rules. 

For health care providers who still utilize Windows XP-based computer systems, the decision by Microsoft to terminate its technical support of the software is very problematic.  Since Windows XP is no longer supported by Microsoft, any computer operating this system will be more susceptible to HIPAA risks of breach and / or other security risks.

III.  What Actions Should Health Care Providers Utilizing Windows XP Systems Take?

Many large health care provider organizations are already aware of this security concern and have implemented new operating systems.  However, many small to mid-sized health care providers have only recently learned of Microsoft’s support termination decision.  To the extent possible, these health care providers should examine their computer systems and determine whether their current Windows XP operating system can be upgraded to a more recent operating system, such as Windows 7 or Windows 8.  st now be realizing this monumental change. For these providers, they should immediately begin to transition their operating systems to more modern systems, such as Windows 7 or Windows 8.  Unfortunately, many older computer systems may not support an operating system upgrade. As a result, a health care provider may have to completely replace one or more of his office computer systems.  While replacement will be expensive, it will still be far cheaper than the monetary penalties that a provider may face if a HIPAA breach occurs due to the provider’s continued use of a computer running Windows XP.

Health care providers should immediately determine whether their practice’s Compliance Officer has conducted a review of the organization’s computers (and associated operating systems) to ensure that after April 8th the equipment will still be HIPAA / HITECH compliant.  If Windows XP based systems are still in use, a transition strategy should be identified and implemented.

IV.  Conclusion — Reducing the HIPAA Risks of Breach in Your Practice:

Importantly, the Windows XP operating system issue is merely one of many privacy concerns  that must be addressed by a practice’s Compliance Officer.  The failure of a health care provider recognize and address the Windows XP security risk can lead to a  breach of PHI and a possible privacy compliance audit by the Office for Civil Rights (OCR).  Depending on the facts, an OCR audit can lead to the imposition of civil monetary penalties (CMPs).

All health care providers should affirmatively review the mandatory requirements under the HIPAA and HITECH laws.  Frankly, there is no valid excuse for a covered entity not to have already conducted a proper risk assessment of its practice. Appropriate safeguards to protect individual patient PHI must be instituted to ensure that a breach does not occur.  Don’t let the theft of PHI through an obsolete operating system be the first time you assess the safety and security of your PHI. Taking measures to implement an effective compliance plan NOW is just your first step. In doing so, you can better ensure that your continuing obligation to fully comply with applicable statutory and regulatory requirements are being met.  Need help setting up your Compliance Plan or in conducting a HIPAA Omnibus Rule risk assessment?  Give us a call.

Robert W. Liles is a health care attorney experienced in handling prepayment reviews and audits.Robert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers and suppliers around the country in connection with Medicare audits by ZPICs and other CMS program integrity contractors.  The firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906.

Disability Discrimination Cases are Being Pursued by the Office of Civil Rights.

Disability Discrimination Cases are Being Pursued by OCR.

(July 19, 2013):  Health care providers choosing to participate in Medicare, Medicaid and other Federal health benefits programs are obligated to comply with a wide range of statutory and regulatory requirements.  The primary issues most cited in connection with these obligations include those involving questions of medical necessity and / or coverage, coding and billing requirements and documentation mandates.  Health care providers are also required to comply with applicable employment laws, OSHA safety requirements, and with the medical records privacy rules of HIPAA and HITECH.  Collectively, these laws and regulations represent a significant challenge for many small and mid-sized health care providers and organizations.  Nevertheless, it is essential that all health care providers also keep in mind that Federal law also prevents participating providers from engaging in disability discrimination.

 I.  Regulatory Requirements Governing Participating Providers:

Pursuant to Section 504 of the Rehabilitation Act of 1973, as amended (Act), and its implementing regulations, 45 C.F.R. Parts 81 and 84.1, health care providers participating in programs receiving Federal funding cannot refuse to treat a patient on the basis of the patient’s disability. At first blush, you may find it hard to imagine how (or why) a health care provider would ever even consider refusing to care or treat a disabled patient because of the patient’s disability.  The case outlined below provide a stark example of how disability discrimination can result in serious administrative sanctions being pursued against a health care provider.

II.         Overview of a Recent Case:

The following summarizes the allegeg acts which gave rise to an enforcement action by the Department of Health and Human Services (HHS), Office of Civil Rights (OCR):

  • A California physician who practices neurological surgery (surgeon) examined a patient covered by “MediCal,” California’s Medicaid program.  Medi-Cal is jointly financed by Federal and State funds.

  • The patient suffered from hip and back pain and was referred to this surgeon for evaluation and treatment by his primary care physician.

  • After examining the patient, the surgeon recommended that the patient undergo surgery. The patient then agreed to seek pre-authorization for the procedure by Medi-Cal.

  • The surgeon subsequently learned that the patient was reported to be HIV positive.

  • The patient was recalled by the surgeon and was asked if, in fact, he was HIV positive.  When the patient responded affirmatively, the neurological surgeon then reportedly advised the patient that he would be unable to perform the surgery and recommended that the patient seek to have the procedure performed at the county hospital.

  • The neurological surgeon then discharged the patient from his practice “and, in correspondence advising the referring physician that he had done so, specifically mentioned that the young man was HIV-positive.”

(For a more detailed discussion of the facts in this case, you may wish to review the decision of the HHS Departmental Appeals Board).

A discrimination complaint was subsequently filed against the surgeon by the patient with OCR.  Consistent with applicable regulations, OCR is documented as having tried “to the fullest extent practicable,” to obtain the surgeon’s cooperation.  See 45 C.F.R. § 80.6(a).

Once it concluded that an information resolution of this discrimination complaint would not be forthcoming, OCR recommended that the HHS take action to suspend or terminate the recipient’s federal financial assistance. See 45 C.F.R. § 80.8(c).

On or about August 2, 2012, that is precisely what occurred.  An Administrative Law Judge (ALJ) for the HHS’ Departmental Appeals Board determined that the surgeon’s:

“lack of cooperation establishes that he will not voluntarily comply with the Act and regulations and that OCR will not be able to assure his compliance by informal means. Termination of his federal financial participation is therefore an appropriate remedy for his refusal to comply voluntarily. 45 C.F.R. § 80.8(c).” 

In reaching this conclusion, the ALJ then ordered:

“I therefore order that the responsible HHS officials suspend, terminate, refuse to grant or continue [Surgeon’s] Federal financial assistance, until he satisfies those officials that he will comply with the Act and regulations. As a review of the record shows, it appears that OCR made multiple settlement overtures to resolve the complaint with the surgeon but that its efforts were ultimately unsuccessful.”

III.  Disability Discrimination Lessons Learned:

As a review of the Opinion issued by the Departmental Appeals Board will show, OCR diligently attempted to resolve this issue with the surgeon informally, prior to taking this case forward.  Now that the surgeon has been effectively suspended from receiving Federal funds, he is effectively barred from treating Medi-Cal patients.  While additionals sanctions involving Medicare and other Federal health benefits programs could later take place, no discussion of these programs is covered in the ALJ’s opinion.  Nevertheless, what are some of the potential actions that could conceivably take place in the future?

(1)    From a public relations standpoint, this action could be disastrous for a health care provider’s practice.  

(2)   Depending on how the action is worded and how it is perceived by State licensure officials, this action could result in an investigation and possible sanctions by a State Medical Board.

(3)   Most, if not all, private payors require that health care providers give them written notice of any adverse actions taken by another payor within 30 – 60 days.  This action could therefore result in the proposed de-credentialing of the surgeon from one or more private plans.   

(4)   Many hospitals require that a health care provider be a participating provider in the Medicare and / or Medicaid programs in order for them to receive admitting privileges in their institution.  An adverse action such as this against a provider’s Medicaid status could result in action being taken by hospitals where the provider is privileged. 

Notably, the decision in this case is not the same as an exclusion action.  In fact, the way it is worded almost implies that if the surgeon takes remedial action, his Medi-Cal eligibility will be reinstated.

As a final point, this case clearly illustrates OCR’s emergence as an enforcement agency to be reckoned with.  While prior administrative enforcement sanctions have focused on Civil Monetary Penalties (CMPs), this action effectively suspends a health care provider’s ability to participate in Medicaid, short of seeking a permissive exclusion action against the provider.

From a regulatory standpoint, this case can serve as a real-life example of the importance of developing and implementing a comprehensive, effective Compliance Program.

Robert W. Liles is a health care attorney experienced in handling prepayment reviews and audits.Robert W. Liles, J.D., M.B.A., M.S., serves as Managing Partner at Liles Parker PLLC, a boutique health law firm with offices in Washington, DC, Texas and Louisiana.  Liles Parker attorneys represent health care providers around the country in compliance, regulatory and peer review related actions.  Should you need assistance, feel free to give us a call.  Call Robert for complimentary initial consultation at:  1 (800) 475-1906.




ICD-10 Will be Here Soon. Is Your Practice Ready?

Is your practice prepared to make the transition to ICD-10?(June 14, 2013):  Despite experiencing a couple of false starts, it now appears that ICD-10 is here to stay, and there are expected to be further.  Why are providers being required to transition over from ICD 9?  Unfortunately, ICD-9 is considered to be outdated and some its categories are literally beyond their useful capacity.  Regardless of your feelings regarding transition, many experts believe that the move the ICD-10 will be one of the biggest changes in healthcare to occur in the last 30 years. Frankly, most practice managers and treating providers across the United States simply don’t know where to start with the ICD-10 implementation process. The clock is ticking. According to the CMS timeline, health care providers should already be conducting internal claims testing.  Have you taken this first step?  From our discussions with providers, it appears that the average practice today does not even know the first step to getting started with ICD-10 implementation.

I.     We Can Learn from the Mistakes of Early Adopters of ICD-10:

Notably, the United States and Italy are the only industrialized countries in the World not using ICD-10. Many countries have been using ICD- 10 for almost a decade.  Their experiences will prove invaluable as our providers move to ICD-10. Their advice?

  • Don’t wait to the last minute to begin your preparations. Prepare early.

  • Now is the time to examine your documentation practices.  Will they be sufficient to permit the detailed coding required by ICD-10?

  • The failure to fully prepare will directly hit your bottom line.  In 2014, ICD-10 will be one of the cornerstones for getting paid.

II.  How Long Does it Take to Transition Over to ICD-10?

An ICD-10 transition expert we work with, Lisa Asbell, R.N., estimates that it can take a practice up to 500 hours to transition properly. . Lisa is the President of TrainRX.  Her transition training website is located at: Notably, Lisa has estimated that If you were to start today and break that down over the next 16 months, chances are you will be okay with the clock runs out on October 1, 2014. If you don’t get serious about transition now, there is a chance that your practice won’t survive the transition.

III.  How Do You Get Started?

What are the first steps to get started:

  • The first thing you need to do is convert your most frequently used diagnosis codes from ICD-9 to ICD-10.

  • Next, perform chart reviews to see if all of the newly required documentation elements for ICD-10 are in the chart. Is there enough information for you to submit the correct ICD-10 code? If there is, great that is a good start. If you don’t have enough information, then you know that your providers will need more education.  While is only the first of many, many steps in transitioning over to ICD-10, it’s a solid start!

IV.   Can You Handle the ICD-10 Transition Without Help?

Depending on when you initiate your transition and level of coding expertise in your practice, you may or may not need outside assistance. On estimate has placed the overall cost of transition at $60,000-$80,000 for a five provider practice. That number includes training, lost productivity and the expenses associated with hiring part-time staff during the period of transition. It does not include any software upgrades or hiring a transition Project Manager. The sooner you begin the process, the lower your overall transition costs will be.

Robert W. Liles is a health care attorney experienced in handling prepayment reviews and audits.Robert W. Liles serves as Managing Partner at Liles Parker.  Liles Parker is a boutique health law firm with offices in Washington, DC, Baton Rouge, LA, Houston, TX and McAllen Texas.  Robert has extensive experience representing health care providers in the areas of regulatory compliance.  Should you need assistance or have questions regarding a health law regulatory issue, call Robert for complimentary consultation.  He can be reached at: 1 (800) 475-1906.   

Does One of Your Employees Suffer from a Chronic Illness or Medical Condition? Consider the ADA When Assessing Their Request for Additional Medical Leave

March 19, 2013 by  
Filed under Compliance

American with Disabilities Act -- ADA

(March 19, 2013):  It’s a fact of life – essentially all us will likely fall ill or develop a chronic medical condition at some point during our employment.  Employees working in physician offices, home health agencies and for Durable Medical Equipment (DME) suppliers are no exception.  When this occurs, owners and managers cannot forget their obligations under the American Disabilities Act (ADA) and its amendments under the Americans with Disabilities Act Amendments Act of 2008 (ADAAA).

I.  A Recent Decision by the EEOC Shows How Important ADA / ADAAA Compliance Can Be:

A recent decision in a Maryland case against a large physician practice illustrates the importance of considering each request for medical leave in a reasonable fashion.  In this case, an employee who suffered from Crohn’s Disease worked as an assistant for the practice, answering phones, scheduling appointments and conducting other administrative duties.  While undergoing treatment for her Crohn’s, she required two weeks of medical leave.  During this period, she went to the emergency room twice and was hospitalized at least once.  When she contacted the company to ask for an additional day (of unpaid leave), she was fired.  The fired employee filed a complaint with EEOC and the case ultimately resulted in a disability discrimination lawsuit being filed against the employer for alleged violations of the ADA Ultimately, the case was settled and the fired individual recovered $92,500.

II.  What Lessons Can You Learn from This ADA Case Settlement?

When assessing this case, the EEOC argued that the employer’s failure to provide a “reasonable accommodation” to the employee was a violation of the ADA.  As the EEOC specifically commented, the employer’s:

“. . . lateness and attendance policy violated the Americans with Disabilities Act, as amended (ADA), because it did not provide for exceptions or modifications to the attendance policy as a reasonable accommodation for individuals with disabilities.”

When it was unable to settle the case prior to filing suit, the EEOC brought an action against the employer for violations of the ADA and the ADAA.  When the case was subsequently settled, the District Director of EEOC’s Philadelphia District Office stated:

“It is not only a good business practice to provide reasonable and inexpensive accommodations that allow employees with disabilities to remain employed, it is required by federal law.”

In addition to the $92,500 settlement, the agreement reached requires that the employer modify its policies to permit the “reasonable accommodation for employees with disabilities.”  Additionally, the medical practice was also required to train all of its supervisory, managerial and human resources personnel on the ADA and post a notice regarding the resolution of the lawsuit at its facilities.  Ultimately, health care providers can avoid these problems entirely if they approach these situations in a reasonable fashion and recognize their obligations under the ADA.

III.   Conclusion.

Compliance with the ADA and other applicable statutes designed to prohibit and prevent employment discrimination of all of types should be an integral part of your Compliance Plan.  These obligations cannot be delegated or dispensed with contractually.  Therefore, we strongly recommend that you examine your personnel practice to help ensure that you are fully complying with the letter and the spirit of the law in this regard.

Robert W. Liles is a health care attorney experienced in handling prepayment reviews and audits.Robert W. Liles is the Managing Member at Liles Parker.  He has extensive experience working on health care employment issues, in both a unionized and a non-unionized environment.  Should you have questions in this regard, please feel free to call Robert for a free consultation.  He can be reached at: 1 (800) 475-1906.


Social Media and Healthcare: A Little More Complicated

(June 20, 2012): A few weeks ago, you may have heard our Firm present a webinar on “Healthcare Providers and Social Media: Risks to be Considered.”  Our article here summarizes some of the more important points of that presentation. As an update, we are detailing some new issues to be taken into account by providers when incorporating social media risk issues into your Compliance Plan. As we will discuss, different governmental regulatory bodies have recently released conflicting guidance that could make your social media compliance policy very difficult to implement and enforce.

I.  Social Media and Healthcare Recent Developments:

While each of you are well aware of the many privacy provisions set out under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), along with its obligations to secure and protect certain types of patient health information, this ongoing obligation has recently become significantly more complicated by the rise in social media use by patients, employees, competitors and referral sources. In fact, the intersection of social media and healthcare has perplexed many providers in terms of “best practices” for HIPAA compliance.

To make matters worse, other non-HHS governmental regulatory bodies are issuing guidance which (at first glance) appears to stand at odds with a number of HIPAA’s accepted practices, leaving many healthcare providers caught in the middle. For instance, the National Labor Relations Board (NLRB), under the authority of the National Labor Relations Act (NLRA) of 1935, recently issued guidance regarding what social media policies implemented and enforced by employers are lawful. Prior to this guidance, the simple answer for healthcare providers regarding social media was simply to limit access during work and inform employees that any confidential information regarding the company, its business, its patients, or the care it provided, could not be posted online.  In this way, the healthcare provider hoped to protect both its patients and the company itself from any wrongful or inadvertent breaches of protected information. Now, however, a healthcare provider’s Compliance Plan and policies and procedures must be adjusted to account for concerns raised by the NLRB.  As recent case holdings have held, employers are prohibited from restricting an employee’s comments regarding terms and conditions of employment.  Unfortunately, there have been cases where such disclosures were alleged to have ultimately resulted in the breach of a patient’s privacy. Keep in mind, there are 18 elements of Protected Health Information (PHI) and the 18th element is a catch-all category which basically covers any information that might disclose any individual’s identity.  As a result of the NLRB’s ruling, healthcare providers will need to take care when drafting their social media policy to better ensure that it hits that “sweet spot” in between limiting usage of social media for HIPAA and allowing usage of social media for NLRA purposes.

This is a delicate balance, and providers would be well cautioned to review their current policies for adherence to labor and employment issues, in addition to the regular compliance risks normally facing healthcare entities. The last thing you want is to be stuck with disgruntled employees who file a complaint with the NLRB.

II.  What Types of Policies Should I Avoid?

The relevant law regarding this issue is contained in Sections 7 and 8(a)(1) of the NLRA, which state:

Sec. 7 – Rights of Employees Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all such activities except to the extent that such right may be affected by an agreement requiring membership in a labor organization as a condition of employment as authorized in section 8(a)(3).

Sec. 8. – Unfair Labor Practices – (a) It shall be an unfair labor practice for an employer –

(1) to interfere with, restrain, or coerce employees in the exercise of the rights guaranteed in section 7 . . .

There are some takeaways from the NLRB guidance, however. Specifically, it is important to have a policy which does not infringe upon or “chill” the employee’s right to discuss their terms and conditions of employment both inside your company and with third-parties (i.e. their family, friends, or the NLRB). To do this, social media policies must not be overbroad or unduly restrictive, and should have limiting language and specific examples which put any social media restrictions in context. For instance, you might caution employees about the effects of HIPAA on social media usage, and the risks to an employee both personally and professionally for unauthorized disclosure of protected health information. As well, you might describe prior examples of social media usage that resulted in a HIPAA violation, so that employees would not reasonably think that the policy is intended to restrict their ability to discuss their terms and conditions of employment.Initially, the idea that an overly-restrictive social media policy would have anything to do with employees organizing  or collectively bargaining might be far-fetched or tangential. But think about the impact of social media tools in other types of protests around the world. For instance, in the “Arab Spring,” students and young people used social media tools to coordinate protests, recruit volunteers, and make their ideas known far and wide. While on the other side of the globe, this is exactly the same type of activity that protesters and picketers might utilize in the United States. And like it or not, that is the type of activity the NLRA and NLRB is designed to protect.

Admittedly, this has muddied the waters even further. Restrictions on what you can and can’t do as a healthcare provider are becoming more complex every day, and that is why it is important to have an effective compliance plan in your practice. It’s also important to seek advice regarding these issues from a qualified healthcare attorney who understands both these confusing questions and your business.  When in doubt, get assistance from your qualified healthcare counsel.

Robert Liles

Robert W. Liles is the managing member of Liles Parker PLLC, in our Washington, D.C. office. Robert  provides representation of healthcare providers in Medicare and Medicaid audits and appeals, trains healthcare professionals on compliance issues, and drafts and implements Compliance Plans for healthcare providers. For a complimentary consultation regarding your case, call Robert today at: 1 (800) 475-1906.

Medicaid Therapy Services in Texas Must Comply With HHSC Rules.

Medicaid Therapy Services Audit(May 2, 2012): Recognizing that many Medicaid therapy services in the state are not in compliance with fraud, waste, and abuse laws, Tom Suehs, the Executive Commissioner for the Texas Health and Human Services Commission (HHSC), issued a reminder last week. Specifically, the Commissioner identified several violations of Texas law in recent months, most notably in South Texas, which prompted such a response.

The Commissioner primarily identified the fact that Medicaid therapy services providers in South Texas were providing services to children without the presence or consent of the child’s parent or legal guardian. This practice violates a Texas law, which prohibits services provided to a child under the age of 15 unless a parent, legal guardian or other properly authorized adult accompanies the child.  The intent of the law is to make sure that an adult can verify that the services were, in fact, provided, and to ensure the safety of the child from medically unnecessary, or even dangerous, procedures.

In addition, transportation of children to and from medical procedures paid through Medicare or Medicaid by providers or those with which they have a business relationship may raise serious concerns, and may possibly implicate the Federal Anti-Kickback Statute, among other laws. Notably, this is a criminal statute. Because of the severity of punishments for non-compliance, it is imperative that Medicaid therapy services providers in Texas, especially South Texas, ensure that their practices fully comply with all applicable rule, regulations, and other guidance.

Implementing an effective compliance plan means more than simply downloading a model plan off of the Internet – instead, an effective compliance plan is one that is individualized to your practice, recognized by your employees, and followed on a daily basis. This may include the use of a gap analysis to assess your documentation practices and evaluate your business relationships for any signs of impropriety. Remember, the government is looking for these things, and they will most likely find them. You need to make sure that your practice can undergo and withstand an audit or other scrutiny.

Robert LilesLiles Parker is a full-service health law firm focusing on regulatory compliance and representing providers in health law and business matters. Our attorneys are highly skilled in designing and implementing effective Compliance Plans for all types of health care providers, including providers of Medicaid therapy services. Moreover, our attorneys are experienced in handling an array of complex health law matters, including the appeal of alleged overpayments to Medicaid. For more information on how we can assist your practice in developing an effective dental compliance plan, call Robert W. Liles, Esq. Robert is a Managing Partner at the Firm and can be reached at 1 (800) 475-1906. Call him today for a free consultation.

Conducting a Gap Analysis / Mock Audit: An Essential Compliance Tool for Your Practice.

Health Care Providers Should Conduct a GAP Analysis / Mock Audit of Their Claims. (November 15, 2011): Understandably, health care providers have grown weary of government audits, malpractice issues, peer reviews and private payor assessments.  In an effort to reduce their potential liability, many providers are now regularly utilizing Gap Analyses Mock Audits to test their preparedness for audit.  In doing so, they have been able to identify and correct potential problems before they result in more serious problems.  The purpose of this brief article is to discuss the process of conducting a preliminary or mock audit of your medical records, documentation, coding and / or billing practices so that remedial measures can be taken if deficits are identified.


I.     “How Much is Enough” When You Are Implementing an Effective Compliance Program?

Drafting and implementing an effective compliance plan, conducting a GAP Analysis and training your staff on compliance issues are essential steps toward the peace of mind compliance can bring. But the question remains — how do you know when you’ve done enough?

In the end, the answer is that you can never do enough to completely eliminate all the risks, but you can minimize those risks and limit your possible exposure through the implementation of, and adherance to, an effective compliance plan. Mock audits can be used as a way of “testing” your compliance initiatives.

II.     How is a Gap Analysis or Mock Audit Conducted?

In a mock audit, an individual or team acts as a government agency or contractor (such as a ZPIC, RAC or MAC), and visits the practice or facility unannounced.  The mock auditor would then pull a random set of records to conduct a documentation analysis (often including both medical records and business arrangement records). Once the records are pulled, an analysis of the relevant findings is completed. These results would then be discussed with practice management so that the relevant strengths and potential areas of concern can be addressed.

III.     What is the Goal of a Gap Analysis or Mock Audit?

The goal is to test both your staff’s reaction to the exercise, as well as their understanding of what may be expected in a real audit. Moreover, the documentation analysis may be invaluable, revealing weak points in the facility’s documentation activities.  You may also learn that some of your forms (such as your Encounter Form) are defective. Finally, you will likely learn more about the various training needs of your staff.  A mock audit may also ferret out problems that management didn’t know or didn’t realize existed.  You may learn that a business arrangement or relationship is questionable or that your staff has been relying on the wrong LCD or other guidance when documenting and billing for services.  Fundamental problems such as illegibility and missing signatures may also be identified.  In any event, the results of a mock audit can be used by the practice to bolster and support its compliance initiatives.

IV.     Sound Like a Good Idea?  So, what’s the First Step?

Sound like a good idea?  Before you embark on a mock audit, you should contact your attorney and discuss any privilege issues which may exist.  As a final point, keep in mind that should you identify an overpayment, it must be returned to the government within 60 days of identification and reconciliation.  Otherwise, the overpayment could constitute a violation of the False Claims Act.

robert_w_lile-150x150Robert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Robert and other attorneys at Liles Parker are experienced at conducting “gap analyses” and “mock audits” of physician practices, home health agencies, hospice agencies and other non-hospital provider entities.  Should you have any questions about conducting a mock audit or would like to learn more about having Liles Parker attorneys assist your practice, please call us for a free consultation.  Robert can be reached at:  1 (800) 475-1906.

Next Page »