Today the United States Court of Appeals for the 4th Circuit affirmed a ruling by the district court in West Virginia which sustained a disallowance of federal funding by the Centers for Medicare & Medicaid Services (CMS) against the West Virginia Medicaid Program.
The 4th Circuit Decision in West Virginia Department of Health and Human Resources, Bureau for Medical Services vs. Kathleen Sebelius, et al. ruled that CMS acted within its authority when it withheld from the West Virginia Department of Health and Human Resources, Bureau of Medical Services, West Virginia'a Medicaid Program (DHHR) approximately $634,000 (which was reduced to approximately $446,000)in Medicaid funding, which represented it share of overpayment made to providers as a result of Dey, Inc., a pharmaceutical company, alleged fraud. CMS notified DHHR of the disallowance after Dey entered into an $850,000 settlement of claims brought by the West Virginia Attorney General on behalf of West Virginia under West Virginia's Consumer Credit and Protection Act.
The disallowance by CMS was calculated by multiplying the state's estimated damages allocable to Medicaid, approximately 67% by the settlement amount adn then multiplied this figure by West Virginia's FMAP rate of 78.14% to arrive at the $446,000 amount. The HHS Department of Appeals Board concluded that this allocation methodology was reasonable.
I have only done an initial review of the decision and won't go into the merits of the arguments at this time. Read the full decision for a more complete understanding of the decision and check out today's article in the Charleston Daily Mail.
Showing posts with label attorney general. Show all posts
Showing posts with label attorney general. Show all posts
Wednesday, July 06, 2011
Friday, January 15, 2010
State Attorney General HIPAA HITECH Enforcement
My health law colleague, David Harlow, covers the news today on the first HIPAA enforcement action taken by a state attorney general under the new HITECH provision of American Recovery and Reinvestment Act of 2009 (ARRA).
David's post, HIPAA enforcement by state attorney general: The shape of things to come, provides a good summary of the announcement by the Connecticut Attorney General. More information via the Connecticut Attorney General press release.
The lawsuit filed by the Connecticut Attorney General Richard Blumenthal (coincidentally brother of David Blumenthal, National Coordinator of Health Information Technology) alleges that a health insurer, Health Net of Connecticut, Inc., failed to promptly notify the AG and other officials of a missing portable computer disk drive that contained unencrypted protected health information, Social Security numbers and bank accounts for approximately 446,000 individuals. The lawsuit also named UnitedHealth Group Inc. and Oxford Health Plans, LLC who acquired ownership of Health Net of Connecticut. The action also seeks a court order against Health Net to encrypt all information held on electronic devices.
Since the early days of HIPAA implementation and compliance there has largely been a lack of real enforcement efforts. The new provisions under HITECH allowing state attorney generals to file HIPAA enforcement actions on behalf of the public bring a new era of enforcement against health care providers who are unfortunate to have a health data breach and fail to properly respond to such breach in a timely manner.
David offers some good advice and takeaway points to health care providers and others who regularly handle health information. It is not enough to have policies and procedures in place but to regularly monitor whether they are being followed. Today's health data is liquid and it can flow in many directions. Providers need to understand where and how data is stored, used and transferred.
David's post, HIPAA enforcement by state attorney general: The shape of things to come, provides a good summary of the announcement by the Connecticut Attorney General. More information via the Connecticut Attorney General press release.
The lawsuit filed by the Connecticut Attorney General Richard Blumenthal (coincidentally brother of David Blumenthal, National Coordinator of Health Information Technology) alleges that a health insurer, Health Net of Connecticut, Inc., failed to promptly notify the AG and other officials of a missing portable computer disk drive that contained unencrypted protected health information, Social Security numbers and bank accounts for approximately 446,000 individuals. The lawsuit also named UnitedHealth Group Inc. and Oxford Health Plans, LLC who acquired ownership of Health Net of Connecticut. The action also seeks a court order against Health Net to encrypt all information held on electronic devices.
Since the early days of HIPAA implementation and compliance there has largely been a lack of real enforcement efforts. The new provisions under HITECH allowing state attorney generals to file HIPAA enforcement actions on behalf of the public bring a new era of enforcement against health care providers who are unfortunate to have a health data breach and fail to properly respond to such breach in a timely manner.
David offers some good advice and takeaway points to health care providers and others who regularly handle health information. It is not enough to have policies and procedures in place but to regularly monitor whether they are being followed. Today's health data is liquid and it can flow in many directions. Providers need to understand where and how data is stored, used and transferred.
Subscribe to:
Posts (Atom)