Business Counsel Services

ObamaCare Health Reform Update


President Obama’s health care legislation was a major topic throughout 2009, and the beginning of 2010 has been no different. Just as 2009 was filled with confusion, debates, and general concerns, 2010 continues on this weaving path toward uncertainty. In fact, a comparison of this update with the previous update and supplement in the November 2009 issue will reveal the paradox used to describe the health care legislation both then and now: while Congress is no closer to approving revised healthcare legislation, many significant developments have taken place in the intervening months. This update will again attempt to provide an understanding of where the process currently stands and briefly touch on the status of some of the legislation provisions.

Status of Legislation

At the end of 2009, the House of Representatives ("House") and the Senate unveiled their respective versions of the health care bill. While the House bill was unveiled, submitted and passed by its members within a relatively short timeframe, the Senate bill was not approved until Christmas Eve.

Following approval, both bills were to be sent to a conference committee to begin the negotiations necessary to produce a single health care bill. Instead of a formal conference, private negotiations were conducted with key lawmakers to address issues relating to the merging of the bills. However, during these negotiations, a major roadblock descended from Massachusetts.

In the Massachusetts’ Special Election to replace the late Edward M. Kennedy in the Senate, Republican Scott Brown defeated Democrat Martha Coakley. This Republican victory resulted in the Democrats losing their 60 member Supermajority voting block; the same 60 member Supermajority voting block that narrowly approved theSenate bill version. Because there were not enough votes in the Senate to likely approve any bill version or prevent a Republican filibuster, new strategies are being examined to determine how health care legislation should move forward. On January 27, 2010, during his State of the Union Address, President Obama reiterated his commitment to the health care legislation, but also indicated that a cooling off period would take place while health care legislation is being reexamined.

Legislation Provisions

Even though the status and direction of the health care legislation as a whole is uncertain, a brief summary of the status of specific provisions within the legislation should be examined. Please note that the following summary is based simply on a comparison of the provisions within the House and Senate bill versions and does not comment on the level of support or disapproval from the Democratic or Republican parties.

It appears that there are several issues on which the House and Senate bill versions are in agreement. First, both bill versions are in agreement when it comes to immediate reforms (i.e. reforms that would become effective immediately upon passage of a final bill). The reforms would include such things as eliminating pre-existing condition exclusions. Second, there is general agreement for the creation of new health insurance marketplaces (i.e. exchanges) for individuals and small businesses to obtain health insurance. Sliding scale subsidies would be provided to make the premiums of the exchange plans affordable. Third, Medicaid eligibility levels would be expanded. Fourth, both bill versions contain individual and employer mandates resulting in tax penalties for the failure to purchase or offer coverage. Finally, there would be limitations on physician ownership in hospitals. Both bill versions would amend Section 1877 of the Social Security Act ("Stark Law") by imposing additional requirements to meet the hospital ownership exception.

While the House and Senate bill versions are in agreement on several issues, the three issues that are conflicting are the most contentious aspects of the legislation. The first issue the bills are in disagreement about is how the legislation will be funded. The House bill desires to impose taxes on high income individuals while the Senate bill aims higher taxes towards insurers and their "Cadillac" plans. The Senate bill additionally proposes a tax on elective cosmetic surgery. Another issue relates to the health insurance exchanges. While the bills agree that the exchanges should be created, there is a difference in the logistics. The House bill would establish a national exchange but allow for the formation of state exchanges in lieu of the national exchange. The Senate, on the other hand, would require each state to establish an exchange. The final issue involves the establishment of a government-run insurance plan. While the House bill aims to create a national insurance option that would be offered through the exchanges, the Senate bill would require the Office of Personnel management to contract with insurers and create at least two multi-state health plans that would be offered through the state exchanges.


When the country embarked on the road towards enacting comprehensive health care legislation the principal theme in any discussion was: wait for the process to become more complete before evaluating what the legislation will entail. As it currently stands at the end of January 2010, that theme has not changed. But given the impact of potential health care legislation, it is imperative to stay informed.

 By Michael S. Byrd and Bradford E. Adatto.

Business Counsel Services

It’s Not Just About the Money: How the New Stimulus Bill Expands HIPAA Privacy and Security Requirements



The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) developed four major health information standards: (1) Transaction and code standards; (2) Privacy standards; (3) Security
standards; and (4) National identifier standards. The privacy and security standards were developed to increase and/or protect the confidentiality and availability of a patient’s medical information.
HIPAA privacy and security rules set certain compliance standards for healthcare professionals.

2. Stimulus Bill

On February 17, 2009, House Resolution 1 became Public Law No. 111-005. Titled the “American Recovery and Reinvestment Act of 2009 (“Act”),” most will recognize it as the “Stimulus Bill” or “Stimulus Package.” While the primary purpose behind the Act was to stabilize the struggling economy by creating jobs and assisting those affected by the recession, other significant provisions were included that amended existing laws and regulations such as the HIPAA privacy and security rules. Unless otherwise specified, the requirements discussed below will take effect twelve months from the enactment of the Act.

HIPAA Changes

The following is an analysis of some of the changes from the Act as it relates to HIPAA.

1. Business Associates

Covered entities are required to protect any and all electronic protected health information (“PHI”) created, received, maintained, or transmitted. A “covered entity” includes hospitals, surgery centers, physicians, medical groups and other medical facilities. The rules require certain administrative, physical and technical safeguards, as well as the establishment of policies, procedures and documentation standards. Previously, the rules required covered entities to obtain satisfactory assurances of protection through written contracts or agreements from business associates in order to allow a business associate to create or receive PHI on its behalf. Business associates are people who, on behalf of covered entities, engage in a function or activity that involves the use or disclosure of personal identifiable health information. It also includes people who provide legal, actuarial, accounting, consulting, data aggregation, management,administrative, accreditation or financial services where the provision of those services involves the disclosure of individually identifiable health information to the person.

The Act now expands the rules applicable to covered entities requiring safeguards, policies, procedures and documentation standards to directly govern business associates. Business associates
can no longer implement their own defined reasonable and appropriate safeguards. As such, CPAs, lawyers and business consultants must implement the statutory safeguards, policies and procedures to protect the PHI they are receiving from covered entities. This expansion also results in business associates becoming subject to the civil and criminal penalties for security violations that were previously only applicable to covered entities.

In addition, it should be noted that the Act contains a statement that the “additional requirements of this title that relate to security and that are made applicable to covered entities shall also be
applicable to such a business associate.” It is unclear how broad the statement will be interpreted, especially given provisions within the bill which contain explicit references to business associates.
Therefore, it should be noted that provisions describing standards for covered entities regarding security may be applicable to business associates as well, including those discussed in this article.

2. Notification of Breaches

If an unauthorized acquisition, access, use or disclosure of “unsecured” PHI occurs, covered entities must notify all individuals whose PHI has been accessed, acquired or disclosed as a result
of the breach without unreasonable delay after discovery of the breach. Business associates must notify the covered entity of such breaches but are not required to notify all individuals. The notice
must contain certain information such as descriptions of what happened, the types of PHI involved, steps individuals should take to protect themselves, a description of what the covered entity is
doing to investigate, and contact procedures for additional information. Notice must also be submitted to the Secretary of Health and Human Services (“Secretary”). If the PHI involves more than 500 individuals, then notice must be provided immediately; otherwise, notice can be logged and submitted annually.

The above-described requirements will apply to breaches discovered on or after the date of publication of the interim final regulations to be promulgated by the Secretary within 180 days of the enactment of the Act.

3. Restrictions on Certain Disclosures of PHI

Currently, a covered entity must allow an individual to request a restriction on the use or disclosure of PHI to carry out treatment, payment, or health care operations. However, the covered entity
is not required to agree to a restriction. Now, the Act requires a covered entity to comply with the requested restriction if: (1) “the disclosure is to a health plan for purposes of carrying out payment
or health care operations (and is not for purposes of carrying out treatment)”; and (2) the PHI “pertains solely to a health care item or service for which the health care provider involved has
been paid out of pocket in full.” Compliance with these new restrictions may become an administrative nightmare for each individual request.

4. Disclosure Standards

The Act significantly alters the standard with which a covered entity must comply with the use, disclosure, or request of PHI by altering the existing “minimum necessary” standard. Previously, a covered entity would have to limit PHI to the “minimum necessary to accomplish the intended purpose of the use, disclosure, or request.” The covered entity was left to make this determination. The Act now requires a covered entity to limit PHI to the Limited Data Set. The Limited Data Set includes 16 individual identifiers such as name, address, phone number, email address, social security number and medical record numbers. Only if this requirement proves to be insufficient can the covered entity then rely on the old “minimum necessary” standard.

Just to add some confusion to the entire process, the Limited Data Set standard described above is only a temporary standard. The new Limited Data Set standard must be followed until the Secretary
has issued guidance on what constitutes “minimum necessary.” The Secretary is to issue this guidance within 18 months of the date of enactment of the Act. (Don’t be surprised if the Secretary requests an extension on the 18 months.) Upon the issuance of the guidance, the new Limited Data Set standard no longer applies and the new and Secretaryapproved “Minimum Necessary” standard will apply.

5. Accounting of Certain PHI

Individuals have a right to an accounting of disclosures of PHI made by a covered entity in the past six years prior to the date of the request. But an exception exists providing that a covered
entity is not required to account for disclosures made to carry out treatment, payment and health care operations.

The Act has now eliminated this exception for covered entities that use or maintain electronic health records with respect to PHI. The Act now gives individuals the right to an accounting of
disclosures through an electronic health record made by a covered entity during the previous three years even if made to carry out treatment, payment and health care operations. A covered entity
that receives the request may (1) provide an accounting for disclosures made by both the covered entity and their business associates, or (2) provide an accounting for disclosures made by the covered entity and provide the contact information of their business associates. If the latter is given and an individual makes a request upon the business associate, the business associate is required to provide an accounting of disclosures that he or she has made.

It is important to note that covered entities that have acquired electronic health records as of January 1, 2009 are not required to account for disclosures made before January 1, 2014. For covered
entities that acquire electronic health records after January 1, 2009, accountings must be made for disclosures made on or after the later of (1) January 1, 2011, or (2) the date it acquires an electronic health record. Please keep in mind that these dates may change, as the Secretary has authority to alter them.


As you can see, the American Recovery and Reinvestment Act of 2009 has changed some important provisions related to HIPAA. Healthcare providers, consultants, accountants and lawyers should all review their security procedures when handling PHI to ensure they are in compliance with the new rules.

By Michael S. Byrd and Bradford E. Adatto

Business Counsel Services

Health Law Update 2009: How the New Anti-Markup Rule Attempts to Make Things Simpler

Another year, another modification in a physician’s ability to bill and collect. As explained in last year’s news article, the government is attempting to limit ancillary income of physicians. With anti-referral and antikickback laws well established in prohibiting certain physician joint ventures, the new modified Anti-Markup Rule continues to add extra layers in confirming if a physician’s ancillary transaction will be profitable.

Introduction Section 1842(n)(1) of the Social Security Act prohibits a markup on the technical component of certain diagnostic tests if the test was not personally performed or supervised by the billing physician or another physician whom the billing physician “shares a practice with.” Over the past few years there have been changes made to the Anti-Markup Rule in an attempt to prevent the potential overutilization of the technical and professional componentsof diagnostic tests. The latest amendments are an attempt to address the potential overutilization while reducing the complexity associated with prior proposed rules.

Prior Version

In November 2007, Centers for Medicare and Medicaid Services (“CMS”) proposed a new Anti-Markup Rule aimed to be more restrictive. In general, the rule applied when a physician or other supplier billed for the technical or professional component of a diagnostic test that was ordered by the physician or other supplier (or related party),and the test was either 1) purchased from an outside supplier, or 2) performed at a site other than “offices of the billing physician or supplier.” As initially worded, the proposed rule was headed for a collision course with the federal anti-referral law (a.k.a. “Stark II”). Parties could be in compliance with Stark II but still unable to bill and collect federal payors without being in compliance with the Anti-Markup Rule.

Immediately CMS received feedback regarding concerns about the proposed rule. As a result, CMS delayed the effective date of the new rule until January 1, 2009.

New Version

In November 2008, CMS amended the Anti-Markup Rule to attempt to simplify its application and interpretation. The new rule basically has two alternative methods that, if met, will result in the Anti-Markup Rule not applying. Each alternative is independent of the other, meaning that each must be separately evaluated under the circumstances.

First, where the performing physician provides “substantially all” of his or her professional services for the billing physician or other supplier, the Anti-Markup Rule will not apply. The performing physician is one who supervises the technical component or performs the professional component. To meet the “substantially all” test, the physician must provide at least 75% of professional services for the billing physician or supplier.

Second, where the performing physician supervises or performs in the “same office building” as the billing physician, the performing physician is deemed to share a practice with the billing physician or other supplier, and the Anti-Markup Rule will not apply. The “same office building” is the same definition used under Stark II.

An arrangement must meet only one of the two alternatives. If an arrangement fails to meet either alternative, the Anti-Markup Rule will apply. If the Rule applies, payment to the billing physician or supplier for the technical or professional component must be the lowest of: 1) the performing supplier’s Net Charge to the billing physician or supplier; 2) the billing physician’s or supplier’s actual charge; or 3) the fee schedule amount for the test allowed if the performing supplier billed Medicare directly.

It is important to note that the amended Anti-Markup Rule is effective January 1, 2009, and there are no extensions or delays on its application. Beginning in 2009, arrangements must meet one of the two alternatives in order for the Anti-Markup Rule not to apply.

Independent Diagnostic Testing Facility

In July 2008, CMS proposed to require physicians and nonphysician practitioner (“NPP”) organizations furnishing diagnostic testing services to enroll as Independent Diagnostic Testing Facilities (“IDTF”) for each practice location furnishing these services. The concern was that certain physician entities could avoid the IDTF standards, resulting in beneficiaries receiving an inferior quality of care contemplated by the standards.

In November 2008, CMS delayed adopting the proposed requirement, citing the enactment of Section 135 of the Medicare Improvements for Patients and Providers Act of 2008 (“MIPPA”). Section 135 of MIPPA imposes upon the Secretary the task of establishing an accreditation process by January 1, 2012, for entities furnishing advanced diagnostic testing procedures. CMS does not indicate whether physicians or NPPs will have to follow the accreditation process. CMS will continue reviewing public comments and evaluating the situation in order to determine if their proposed requirement is necessary.


The Anti-Markup Rule is a billing and collection rule. Failing to satisfy either of the two alternatives will implicate the False Claims Act if the physician bills in violation of the new rules. This rule increases
exponentially the multiple regulations a physician must consider before entering into any business venture. Therefore, it is important that physicians and suppliers that work with diagnostic tests should examine their business arrangements to confirm that they meet one of the two alternatives.

By: Michael S. Byrd and Bradford E. Adatto