Jan 72016

Patient Access and Medicare Protection Act

Anna Spencer and Rina Mady
, , , ,

On December 28, 2015, President Obama signed into law S. 2425, the Patient Access and Medicare Protection Act (the “Act”).  In addition to provisions intended to ensure that Medicare reimbursement policies promote continued access to certain durable medical equipment, like wheelchair accessories, the Act includes provisions that affect adoption of Health Information Technology (“HIT”) and those that provide greater protection against medical identity theft.  Specifically, the Act recognizes various categories of hardship exceptions from meaningful use requirements for the 2015 reporting period and strengthens the penalties associated with medical identity theft.

Currently, the Centers for Medicare & Medicaid Services (“CMS”) may only approve hardship exceptions from the meaningful use requirements, which encourage eligible healthcare professionals and hospitals to adopt Electronic Health Record (“EHR”) technology, on a case-by-case basis.  The Act now gives CMS the ability to grant certain blanket exceptions for healthcare providers from Medicare penalties for failing to adopt EHRs under the Medicare Electronic Health Record Incentive Program.

According instructions found on the CMS website, eligible hospitals can apply for hardship exceptions in the following categories:

  • Infrastructure — Eligible hospitals must demonstrate that they are in an area without sufficient internet access or face insurmountable barriers to obtaining infrastructure (e.g., lack of broadband).
  • New Eligible Hospitals — Eligible hospitals with new CMS Certification Numbers (“CCNs”) that would not have had time to become meaningful users can apply for a limited exception to payment adjustments. The hardship exception is limited to one full-year cost reporting period.
  • Extreme and Uncontrollable Circumstances — Examples may include a natural disaster or other unforeseeable barrier.
    • EHR Vendor Issues – Examples may include switching vendors or products.

The blanket hardship exceptions are not automatically conferred to eligible professionals and hospitals.  Rather, eligible professionals have until March 15, 2016, and eligible hospitals until April 1, 2016, to apply to CMS for an exception.

The Act also strengthens penalties for illegal distribution of Medicare, Medicaid or CHIP beneficiary identification numbers or unique health identifiers for healthcare providers.  The knowing and willful purchase, sale, or distribution of a provider’s unique health identifier or a Medicare, Medicaid, or CHIP beneficiary identification number carries a prison sentence up to 10 years, or a fine up to $500,000 ($1 million in the case of a corporation), or both. The penalties established under the Act are intended to deter persons, including potential hackers, from stealing Medicare and other federal health plan identification numbers.

Anna Spencer

aspencer@sidley.com

Rina Mady

Chicago

rmady@sidley.com

You might also like
Biden Administration Announces National Cybersecurity Strategy

On March 1, 2023, the Biden administration announced its long-awaited National Cybersecurity Strategy. The strategy is part of the administration’s efforts to bolster and modernize public and private responses to cybersecurity threats.

FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

New FTC Guidance for Mobile Health Apps

Healthcare providers, health plans, and technology companies that use mobile health apps to access, collect, share, use, or maintain information related to an individual’s health should take note of the recently issued Federal Trade Commission (FTC) Mobile Health App Interactive Tool. The purpose of the tool is to help mobile health developers determine the federal regulatory, privacy, and security laws and regulations that may apply to the use of a consumer’s health information, such as information related to diagnosis, treatment, fitness, wellness, or addiction. While the tool should not be considered legal advice and cannot guarantee compliance with legal requirements, it can help healthcare providers, health plans, and technology companies issue-spot to manage risk in this heavily regulated space.