Monthly Archives: November 2015

November 10, 2015

TRICARE Claims Processing Suspension

by Ellen Bonner, Callaway Bonner Law LLC (Guest Author)

Warning: TRICARE Claims Processing Suspension May Occur During Health Care Fraud Investigations for Compounding Pharmacy Prescriptions

Yesterday, the Wall Street Journal (WSJ) reported on a significant federal investigation regarding compounding pharmacies and compound pharmaceutical prescriptions for TRICARE beneficiaries in at least four states. TRICARE, the federal health benefit program under the Defense Health Agency, provides health care benefits for more than 9.5 million current and retired members of the uniformed services and their families. TRICARE health care fraud allegations can result not only in civil and criminal sanctions, but also in TRICARE claims processing temporary suspensions, as well as provider exclusion and termination from TRICARE and other federal healthcare programs.

Health Care Fraud: Civil and Criminal Action

According to the WSJ there were four civil fraud settlements by Florida pharmacies last month that will soon be reported. These settlements – amounting to $12.8 million – are based upon allegations of falsely billing TRICARE for expensive pharmaceutical creams and gels to treat pain, scars, and other ailments. The WSJ reported that federal prosecutors are pursuing “numerous criminal investigations,” and the U.S. Attorney for the Middle District of Florida anticipates filing criminal charges in early 2016 against pharmacies, drug marketers, and physicians cited in the settlements. Separate Justice Department investigations on compounding pharmacies are ongoing in California, Mississippi, and Texas. Continue reading

November 9, 2015

Responding to HIPAA Breaches

by Kim C. Stanger, Holland & Hart LLP

HIPAA privacy and security breaches can result in fines of $100 to $50,000 to covered entities (including healthcare providers and health plans) and their business associates. (45 CFR 160.404). If the violation resulted from “willful neglect”, the Office for Civil Rights (“OCR”) must impose a mandatory fine of $10,000 to $50,000. (45 CFR 160.404). To make matters worse, covered entities and their business associates must self-report breaches of unsecured protected health information (“PHI”) to the affected individual and to HHS (45 CFR 164.400); failure to do so may constitute “willful neglect” resulting in additional fines. The good news is that the OCR may not impose a fine so long as the covered entity or business associate did not act with “willful neglect” and corrected the problem within 30 days. (45 CFR 160.410(b)).

Responding to Possible Breaches. Given the potential consequences, it is critical that covered entities and business associates respond appropriately to potential HIPAA breaches to avoid or minimize their liability. Below are steps that you may follow to help you identify and timely respond to HIPAA breaches. Continue reading