Healthcare is an incredibly broad, diverse and dynamic industry. Because of the breadth in the field, providers are surrounded by a wide array of legal issues relating to: employment contracts, taxes, business structure, medical malpractice, nonprofit organization, insurance, and reimbursement to name a few. However, although the field is riddled with potential legal issues, there are several key healthcare laws that every provider should know.
The Stark Law is a federal self-referral statute which prohibits a physician from referring Medicare and Medicaid patients for designated health services if the physician (or an immediate family member) has a financial relationship with the entity to which the patient is referred, unless an exception is met.
Under the Stark Law, a “financial relationship” is a broad term which includes ownership, investment interest, and compensation arrangements. Designated health services do not include all health care services, but do include the following: clinical laboratory tests, physical-therapy services, occupational-therapy services, radiology services, including magnetic resonance imaging, computerized axial tomography scans, and ultrasound services, radiation-therapy services and supplies, durable medical equipment and supplies, parenteral and enteral nutrients, equipment, and supplies, prosthetics, orthotics, and prosthetic devices, home health services and supplies; outpatient prescription drugs, and inpatient and outpatient hospital services. The Stark Law prohibits a physician from requesting that a patient receive any of these services or treatments from a facility with which the referring physician (or immediate family member) has a financial relationship or establishing a plan of care that includes a designated health service by a physician with which the referring physician has a financial relationship.
To get around the Stark Law, numerous exceptions are provided under law that protect a financial arrangement that includes a referral for a designated health service. Exceptions include, but are not lited to the following: (i) physician services, (ii) in-office ancillary services, (iii) rent of office space and equipment, and (iv) bona fide employment relationships. If a referral falls under one of the exceptions the referral is not in violation of the Stark Law.
The federal Anti-Kickback Statute (Anti-Kickback Statute) is a criminal statute that prohibits the exchange, of anything of value, in an effort to induce the referral of Medicare or Medicaid business. The Anti-Kickback Statute is broadly drafted and establishes penalties for both the giving and the receiving individuals. Conviction of an Anti-Kickback Statute violation results in mandatory exclusion from participation in Medicare and Medicaid programs. Absent a conviction, individuals who violate the Anti-Kickback Statute may still face exclusion from federal health care programs at the discretion of the Secretary of Health and Human Services (HHS).
In recognition of the broad range of transactions potentially implicated by the Anti-Kickback Statute, certain types of payments are allowed under “safe harbors” established by HHS. Transactions not specifically excluded or granted safe harbor protection are not per se violations of the Anti-Kickback Statute but are evaluated by the Office of Inspector General (OIG) on a case-by-case basis. Parties who are uncertain whether their arrangements qualify for exclusion or safe harbor protection may request an advisory opinion from the OIG.
The False Claims Act imposes liability on persons and companies who defraud governmental programs. Common violations in healthcare include up-coding for medical procedures and performing or ordering of unnecessary procedures. The law includes a “qui tam“ provision that allows people who are not affiliated with the government to file actions on behalf of the government (informally called “whistleblowing“).
The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of individually identifiable health information about a patient that is transferred to or maintained by a healthcare provider, including email, electronic, fax, paper, oral, and voice mail records, as well as phone conversations. HIPAA rules protect the information itself, not the record in which the information appears. In other words, information does not lose its protection simply because it is stored in or printed from a computer. Additionally, the HIPAA Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, protect identifiable information being used to analyze patient safety events and improve patient safety.