Shelly, Author at SC Practical Solutions

Ransomware and hacking are the primary cyber-threats in health care. Over the past five years, there has been a 256% increase in large breaches reported to OCR involving hacking and a 264% increase in ransomware. In 2023, hacking accounted for 79% of the large breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022.

OCR recommends health care providers, health plans, clearinghouses, and business associates that are covered by HIPAA take the following best practices to mitigate or prevent cyber-threats:

Reviewing all vendor and contractor relationships to ensure business associate agreements are in place as appropriate and address breach/security incident obligations.
Integrating risk analysis and risk management into business processes and ensuring that they are conducted regularly, especially when new technologies and business operations are planned.
Ensuring audit controls are in place to record and examine information system activity.
Implementing regular review of information system activity.
Utilizing multi-factor authentication to ensure only authorized users are accessing protected health information.
Encrypting protected health information to guard against unauthorized access.
Incorporating lessons learned from previous incidents into the overall security management process.
Providing training specific to the organization and job responsibilities on a regular basis, and reinforcing workforce members’ critical role in protecting privacy and security.

The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/green-ridge-behavioral-health-ra-cap/index.html

The HHS Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information may be found at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

If you believe that your or another person’s health information privacy or civil rights have been violated, you can file a complaint with OCR at https://www.hhs.gov/ocr/complaints/index.html

HHS has developed guidance to help covered entities and business associates better understand and respond to the threat of ransomware. The fact sheet may be found here: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf?language=es – PDF

LEARN MORE – HHS

LEARN MORE – HCA

Don’t submit referrals for members with BCN point-of-service plans.

POS health plan referrals cannot be submitted via 3-referral

Blue Care Network POS health plans don’t require referrals. Beginning April 1, 2024, the e–referral system will reject all referrals submitted for BCN POS health plans.

Blue Care Network point-of-service health care plans allow members to receive covered services with any health care provider, in or out of network, with no referral required. Beginning in March 2024, the e-referral system will reject all referrals submitted for BCN POS health plans. How do you know which of your BCN patients don’t need a referral?

BCN point-of-service health plan plastic member ID cards feature the BCN logo as well as the health plan name, which includes “POS” (for example, Blue Elect Plus POS, Healthy Blue Choices POS).
The back of BCN point of service health plan plastic member ID cards have a statement saying the POS plan doesn’t require a referral.
When you check member eligibility and benefits in our provider portal, through an electronic transaction or by calling Provider Inquiry, you’ll receive a message stating that the member can self-refer to any provider for covered services with no referral required. Although referrals aren’t required, BCN POS health plan members will have lower out-of-pocket costs when they receive services from an in-network provider. Note: Some services are only covered when performed by in-network providers, and some services require authorization by BCN. More information is available on the Blue Elect Plus POS webpage and the Healthy Blue Choices POS webpage.

LEARN MORE

In February 2024, the Supreme Court of the United States clarified the standard for proving causation under the whistleblower protection provision of the Sarbanes-Oxley Act. This ruling eases the burden of proof that employees must meet to achieve protection under the Act. Previously, employees were required to show that their employer acted against them with “retaliatory intent.” However, the new standard only requires employees to demonstrate that their whistleblower activity was a contributing factor in their employer’s actions against them. As a result of this decision, employees alleging whistleblower status under the Act will find it easier to pursue retaliation claims against their employers ¹. Employers should exercise caution when taking adverse actions against employees engaged in activity protected by the law.

Additionally, leading whistleblower attorney Stephen M. Kohn outlines seven urgently needed reforms to U.S. whistleblower laws and policy ². Furthermore, companies subject to the Security Exchange Act should review their employment agreements, employee handbooks, separation agreements, and other confidentiality provisions to ensure compliance with Rule 21F-17(a), as there is little indication that the SEC intends to slow down its enforcement efforts in 2024 ³.

LEARN MORE – WHAT WHISTLEBLOWERS WILL NEED FROM CONGRESS IN 2024

LEARN MORE – WHAT IS A WHISTLEBLOWER

LEARN MORE – US DEPARTMENT OF LABOR

LEARN MORE – WHISTLEBLOWER PROGRAM STATUTES AND RULES

A federal judge has denied HCA Healthcare’s motion to dismiss antitrust litigation brought by North Carolina cities and counties related to the for-profit’s 2019 acquisition of Mission Health.

The ruling, signed Wednesday, February 21, 2024, relates to consolidated class-action complaints filed in 2022 by the city of Brevard, Buncombe County, the city of Asheville, and Madison County. HCA and Mission Health, both listed as defendants, filed motions to dismiss the complaint later that year.

LEARN MORE ON LAWSUIT

LEARN MORE ANTITRUST LAWS – FTC

LEARN MORE ANTITRUST LAW

Final rule modernizes the health care system and reduces patient and provider burden by streamlining the prior authorization process

As part of the Biden-Harris Administration’s ongoing commitment to increasing health data exchange and strengthening access to care, the Centers for Medicare & Medicaid Services (CMS) finalized the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F) today. The rule sets requirements for Medicare Advantage (MA) organizations, Medicaid and the Children’s Health Insurance Program (CHIP) fee-for-service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and issuers of Qualified Health Plans (QHPs) offered on the Federally-Facilitated Exchanges (FFEs), (collectively “impacted payers”), to improve the electronic exchange of health information and prior authorization processes for medical items and services. Together, these policies will improve prior authorization processes and reduce burden on patients, providers, and payers, resulting in approximately $15 billion of estimated savings over ten years.

LEARN MORE – HHS

LEARN MORE – CMS FACT SHEET

LEARN MORE – FEDERAL REGISTER