When Doctors and Lawyers Work Together Communities Benefit

You may recall a previous column [in the St. Louis Bar Journal] in which I wrote about the medical profession. That article focused on the failure of medical professionals to maintain control of their profession by assuring access to medical care. This was a companion piece to my column in the St. Louis Lawyer, published in the same month, and provided a different perspective on the need for support of pro bono legal services. Unfortunately, it would seem I may have made my point at the expense of further deterioration of medical-legal relations. Therefore, in the spirit of solidarity (and fence-mending), let us now discuss an issue which has strengthened that relationship, the Medical-Legal Partnership (MLP).

An MLP brings together health care and legal professionals who share a common goal: to promote the well-being of their patients and clients. These partnerships leverage the resources and expertise of two knowledgeable service professions in order to alleviate the social and environmental stressors that affect the health of our nation’s neediest individuals and families.

By working together to improve their patients and clients’ health, doctors and lawyers benefit communities in many ways. For example, keeping children healthy reduces school absences and reduces the amount of time employed parents spend taking their child to a doctor.

How do MLPs help? The concept of a Medical-Legal Partnership (MLP) is the brainchild of Barry Zuckerman, M.D., Chief of Pediatrics at Boston Medical Center. He came up with the concept after repeatedly seeing patients who failed to recover from ear infections because their apartments lacked heat, and patients who were unable to control their asthma because their residences contained mold. In working with these patients, Zuckerman came to understand that legal remedies can be used to lessen or even prevent his patients’ need for health care. Putting his idea into action, Zuckerman founded the Medical-Legal Partnership for Children at Boston Medical Center in 1993, and subsequently created the National Center for Medical-Legal Partnership. Over the past 17 years, MLPs have moved beyond Boston. They now exist in 37 of the 50 states and account for more than 80 programs at just over 180 sites across the country. All of the MLPs bring lawyers into the health care setting to help patients and their families navigate through the maze of regulations involving such health-related concerns as food-stamp eligibility, utility shutoffs, mold removal, and landlord-tenant issues.

An MLP is a health and legal services delivery model which recognizes that the legal system already holds solutions for many problems associated with social determinants of health. By integrating legal assistance into the medical setting, an MLP helps underserved communities.

Continue reading »

What Can Lawyers Learn About Their Profession from the Health Care Debate

This issue of the St. Louis Bar Journal focuses on personal injury law, a frequent flash point of contention between the medical and legal professions. Doctors blame professional dissatisfaction on lawyers and the public blames lawyers’ zealous advocacy for clients as a factor in increasing health care costs. The full discussion of these issues is both too controversial and too lengthy for this forum. However, there are important lessons lawyers can learn about their profession from doctors and the political debate over the provision of health care to low and moderate income individuals.

I am not simply referring to the recent federal health care reform debate. Rather, I am referring to the larger debate that has occurred over the last century. The principal question this raises in my mind is: Why, after more than 100 years of politically debating medical services, are we not facing similar questions about provision of legal services to low and moderate income people?

The answer is simple and straightforward: We already answered many of these questions. Unlike the medical profession, the legal profession has lead the debate about how to provide professional services to people who cannot afford them for centuries.

I point out frequently and with much pride that the Bar Association of Metropolitan St. Louis’s original 1874 charter declared the desire and need of our profession to make provisions for legal services to poor people. BAMSL began implementing this declaration in 1911, when it created a program to provide legal assistance to the poor of St. Louis. Eventually, BAMSL spun off this program into the independent entity now known as Legal Services of Eastern Missouri (LSEM). Almost 60 years after our association created this program for the provision of legal services to low and moderate income people, President Richard Nixon signed the act authorizing the creation and financing of the Legal Services Corporation.

While I’m proud of our local and national legal services programs, it is not the extent of our profession’s efforts to address the provision of legal services to the poor. Included in our professional oath, we each swear, or affirm, our individual obligation to address this issue. By comparison, the modern variations of the Hippocratic Oath do not address the issue of provision of free or low-cost medical care. The American Medical Association code of ethics does recognize the need for the medical profession to address this issue. However, I suggest a substantial difference exists between recognition of this concept as a broad inspirational goal for an entire profession and inclusion of the concept in the individual oath each practitioner takes. The latter assures the integrity of the profession as a whole through individual responsibility to address the issue.

Continue reading »

The New “Red Flags” Rule for Healthcare Providers

NOTE: After numerous postponements of implementation of the FTC Red Flags Rule, President Obama signed the Red Flags Program Clarification Act of 2010 (“Act”) on December 18, 2010, which was effective January 1, 2011. This Act limits the scope of the Red Flags Rule by narrowing the definition of a “creditor”, which the Federal Trade Commission had previously broadly interpreted to include all health care providers, among other service professionals.

The Act amends the definition of a creditor to mean any creditor that (i) in the ordinary course of business obtains or uses credit reports in connection with a credit transaction, (ii) furnishes information to a credit reporting agency in connection with a credit transaction, or (iii) advances funds to a person on the obligation of repayment. Under this new definition, typically physicians and attorneys will not be considered creditors for purposes of the Red Flags Rule.

Certain healthcare providers, however, that use or obtain consumer reports routinely in connection with credit transactions or that furnish information to consumer reporting agencies may still meet the definition and thus be subject to the Red Flags Rule. This potentially means that hospitals or physician groups that routinely submit information about non-paying patients to collection agencies, which in turn submit such information to credit reporting agencies, will need to be in compliance with the Red Flags Rule.

In the end, the underlying reason for implementing an identity theft program, such as the one required under the Red Flags Rule, is to help prevent identity theft. Therefore, whether or not a health care provider is directly affected by the Red Flags Rule by falling within the definition of creditor, providers should still be encouraged to implement an Identity Theft Prevention Program to detect warning signs, or “red flags”, that could indicate identity theft.

Identity theft is rampant in today’s society. As many as ten million individuals per year become victims of identity theft and the number of medical identity theft cases are on the rise. In response to this growing problem, several federal agencies jointly promulgated regulations that require certain entities to implement a plan to detect, prevent, and correct identity theft. The “Red Flags Rule” applies to various types of entities, including most healthcare providers. Thus, entities ranging from a small doctor’s office to a hospital must be in compliance with the new Red Flags Rule by the date on which the Federal Trade Commission (“FTC”) will begin enforcing the Rule.   After that date, an entity may be penalized up to $3,500 per violation. Thus, healthcare providers need to take steps to comply, including creating an Identity Theft Prevention Program.

Before understanding the Rule, a healthcare provider must determine whether it is subject to the Rule in the first place. Under the Red Flags Rule, any “creditor” that offers or maintains one or more “covered accounts” is required to develop and implement a written Identity Theft Prevention Program. A “creditor” is defined as any person who regularly extends, renews, or continues credit. Healthcare providers will be considered a “creditor” if they regularly bill patients after the completion of services, allow payment plans after services have been rendered, or aid patients in obtaining credit from other sources (see note).

Under the Rule, a “covered account” is defined as (1) an account a creditor offers or maintains that involves or is designed to permit multiple payments or transactions, and (2) any other account the creditor offers or maintains for which there is a reasonably foreseeable risk of identity theft. The second portion of the definition is very broad and may include records that an entity may not recognize as a “covered account.” For healthcare providers, this definition of “covered account” generally encompasses patient and employee records. Thus, the vast majority of healthcare providers are subject to the Red Flags Rule and must comply.

Continue reading »

The New Security Breach Notification Rule

On August 24, 2009, the Department of Health and Human Services (“HHS”) published in the Federal Register interim final regulations and accompanying commentary with regard to breach notification requirements for unsecured protected health information (“PHI”) under the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

This HHS publication triggers two key deadlines, one commencing September 23, 2009, when employers and health care providers (“covered entities”) will be required to comply with the Act’s security breach notification requirements; and, the other, is February 22, 2010, the 180 day enforcement grace period announced by HHS. Accordingly, during this 180 day grace period, covered entities need to digest the new requirements, revise existing HIPAA policies and procedures and develop new ones, put in place a security incident response plan, train employees, confer with business associates about security breach response and negotiate modifications to existing business associate agreements. Employers and health care providers who discover a security breach after that date and fail to provide the required notices may be targeted for an enforcement action.

A security breach notification will only apply to “unsecured PHI”. PHI that is not encrypted or completely destroyed is considered “unsecured” by HHS. The only way, generally, that HHS has said that PHI would be considered “secured” is if it encrypted or completely destroyed. If that is the case, then the covered entity does not need to develop internal procedures for notification of security breaches. In any event, those practices should review their existing Notice of Privacy Practices to update it with respect to the new notification rule.

Continue reading »

Kicking the Habit and Getting Fit Helps Employers’ Bottom Lines

Employee costs are the bottom line

The fact is that employee costs, and curbing those costs, are the “bottom line” for most employers. For years, employers have been struggling to control and minimize the rising costs of health care for their employees. Employers are increasingly forced to transfer health care costs to their employees through higher premiums, copayments and deductibles. Only in the past few years have employers realized that they can assist their employees in improving their overall wellness, while at the same time potentially reducing the employers’ health care costs. The methods that employers have begun experimenting with include implementing wellness programs, offering health risk assessments, and education.

Hard, Cruel Facts

Since 2000 U.S. healthcare cost increases have exceeded the overall inflation rate by a factor of two to five times. (National Coalition on Healthcare, Economic Cost Fact Sheets.)

Continue reading »

Missouri’s Cafeteria Plan Mandate: Effective January 1, 2008

As part of the “Missouri Health Insurance Portability and Accountability Act” (§§ 376.350 to 376.454), Missouri passed new legislation joining other states in requiring certain employers to establish cafeteria plans, meeting Section 125 of the Internal Revenue Code.

All cafeteria plans let employees pay for health coverage with pre-tax dollars, which effectively lowers the cost of coverage and may make it more affordable for employees.

Continue reading »

George Clooney and HIPAA

A recent entertainment news story involving celebrity medical records is an example of the problems associated with employee activities and reminds us of the need for continuous vigilance in protecting sensitive medical data. This story highlights that it is a good time for additional training of workforce members on these issues.

Following a motorcycle accident involving George Clooney and his girlfriend, they were seen at the Palisades Medical Center in New Jersey for their injuries. More than two dozen employees were suspended for a month, without pay, for allegedly accessing Clooney’s confidential medical records. A union representing seven of the suspended nurses said that the employees, although they looked at Clooney’s records, did not divulge any confidential information.

Continue reading »

Recent Cases Involving Patient Privacy—How Far Does the Duty Go for Employees?

On May 24, 2006, the Illinois Supreme Court granted an appeal for a defendant hospital’s petition for leave. A decision in this case concerns the extent of an employer’s liability for an employee’s off-site and off-duty breach of a patient’s privacy.

The case alleged that plaintiff was a patient at a particular medical group. Blood samples and/or records were sent to a hospital and examined by a phlebotomist. The phlebotomist revealed the results of those records at a public tavern to the plaintiff’s twin sister. The hospital admitted the phlebotomist had revealed one fact about the plaintiff, discovered from her medical records, to the plaintiff’s sister at a tavern, but also alleged that when the phlebotomist revealed the information, she was not acting within the scope of her employment with hospital. Although HIPAA does not provide a private cause of action, in Illinois a common-law right-of privacy cause of action existed for the doctor’s violation of plaintiff’s right to privacy.

Continue reading »

Physician Practices and Records Transfer in the HIPAA Era

In the current environment, it seems that businesses are constantly changing hands, merging or dissolving. The question then is what happens with a patient’s medical records when a medically-based business is bought, sold or dissolved? State laws and HIPAA inform the answer.

In Missouri, patient records under the care, custody and control of a medical licensee must be maintained for a minimum of seven years from the date of when the last professional service was provided. (R.S.Mo. § 334.097).

Continue reading »

Personnel Records: What Goes Where

Confusion abounds when it comes to deciding which employee personnel records go where, who can access which records and who cannot, and how records should be segregated. Human resource employees have long understood that an employee’s workers’ compensation records should be segregated from the employee’s typical personnel file containing such things as an application for employment, resume and salary change forms.

For the small employer, however, these kinds of decisions must be addressed by management, who may not always be experienced in the nuances of human resource law. In essence, three files should be maintained for each employee:

Continue reading »