Firm News & Legal Alerts

Thursday, February 5, 2015

CMS Makes Changes to its Overpayment Recovery Process

Physicians in New York are all too familiar with Medicare and Medicaid audits, which can result in millions of dollars in recoupment by the Centers for Medicare & Medicaid Services (“CMS”). CMS recoups money that it believes was overpaid to providers as a result of improper billing practices, among other reasons. For far too long, providers have complained that the process is tipped in CMS’ favor and deeply flawed. For example, CMS retains Recovery Audit Contractors (“RACs”) to audit Medicare claims submitted by health care providers, including physicians and hospitals, on a contingency fee basis. Thus, some would argue, improperly incentivizing the RACs.

Due to the ongoing issues with the process, CMS suspended new RAC audit activities in February 2014, until new contracts could be awarded. RACs are still permitted to conclude ongoing investigations during that time.

Read more . . .

Sunday, February 1, 2015

Dealing With Deceased Patients’ Medical Records

Unless involved in performing autopsies, most physicians generally do not consider the liability that exists from the way patients are treated after they die. However, at a time when many different areas of law can apply to the same issue, it is important to understand how to deal with a patient’s medical records, once he passes away.

The main body of law that governs patient records is the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule, which requires a covered entity (which includes a physician and/or medical practice) to protect the medical records, or “Protected Health Information” (“PHI”), of a patient. This obligation continues even post-mortem, and is quite similar to the obligation that exists when a patient is still alive. The primary, and obvious, distinction is that authority over records can no longer belong to a deceased patient.
Read more . . .

Sunday, February 1, 2015


Why do you need a compliance plan? There is no state or federal law or regulation explicitly requiring a compliance plan for physician practices. But, before you decide you’re not going to implement one, consider how others may be reviewing your practice, e.g., through a Medicare audit, a Medical Board complaint, or a private insurer’s Fraud Prevention and Detection Plan, any of which could also lead to prosecution under the state’s Health Care Claims Fraud Act.

Read more . . .

Monday, June 30, 2014

OPMC to Take Action Against Physicians with Outdated Profiles

The Medical Society of State of New York (“MSSNY”) has issued an alert advising physicians that the Department of Health’s Office of Professional Medical Conduct (“OPMC”) intends to take action against those physicians who have failed to update their New York State Physician Profiles. The Department of Health (“DOH”) requires physicians to maintain accurate profiles. Every physician licensed to practice medicine in New York State has a legal obligation to ensure that their Physician Profile is updated at least six months prior to the expiration of their registration period, and in some instances, within a short period of time following adverse developments, such as a privileging impairment or license restriction, for example.

Read more . . .

Wednesday, April 9, 2014

NYS Budget Agreement Takes Aim at Out-of-Network Reimbursement

The New York State budget agreement, announced last week, signaled important changes for out-of-network healthcare providers in New York. The changes, which will not be implemented until at least next year, are aimed at increasing transparency and avoiding “surprise medical bills.” The budget incorporates numerous amendments and new provisions to the New York Insurance Law and Public Health Law, including requirements that out-of-network providers disclose their fee schedules prior to rendering medical services. However, the addition of Article Six of the Financial Services Law will likely be the most controversial.

Read more . . .

Saturday, March 1, 2014

FSA’s, HSA’s and Over-the-Counter Reimbursement: New Rules and New Requirements

As part of the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act of 2010, patients can now seek reimbursement for the cost of certain over‐ the‐counter (OTC) medicines and drugs. The rule affects reimbursements under employer‐ sponsored health plans, health flexible spending arrangements (health FSAs), and health reimbursement arrangements (HRAs), as well as health savings accounts (HSAs) and Archer medical savings accounts (Archer MSAs).

Presently, the cost of OTC medicines and drugs are deemed “medical expenses” that are eligible for reimbursement from group health plans (and are “qualified medical expenses” eligible for distribution from HSAs and Archer MSAs). However, these new changes amend the definition of what is considered a “medical expense” and restrict the reimbursement of funds used to purchase OTC medicine and drugs going forward after December 31, 2010.

As of January 1, 2011, reimbursement for medicines and drugs as permissible medical expenses can only be obtained if the medicine or drug requires a prescription; is available without a prescription (i.
Read more . . .

Tuesday, January 21, 2014

Principles For Physician Advertising and Social Media

Social media has become a popular and prevalent form of marketing among various professionals, including physicians.  Whether a website, Facebook page or LinkedIn profile, there are, however, a series of federal and state legal requirements and prohibitions that must be taken into account. While each type of social media use must be assessed on a particularized basis, some broad stroke concepts are as follows:

Read more . . .

Tuesday, January 14, 2014

DOH Takes Action to Tighten Regulations of Urgent Care Centers and Other Ambulatory Care Facilities

The New York State Department of Health’s Public Health and Health Planning Council (“PHHPC”) has issued new recommendations addressing legal and regulatory changes for a variety of ambulatory care facilities, including urgent care centers, office-based surgery providers, freestanding emergency departments, and a new category of facility to be known as a limited services clinic. While these proposals are not yet law, healthcare providers should be mindful of the potential changes to existing ambulatory care models.

While ambulatory care is not a new concept, there has been an increase in the past decade in the scope of ambulatory care services being provided, as well as a more recent evolution in how ambulatory care services are provided to patients, especially in New York State.  The PHHPC is now taking steps to further regulate the growing number of ambulatory care facilities in New York and their operations.  In addition to heightened reporting and accreditation requirements, the proposals, according to the PHHPC, are aimed at encouraging primary care, while also restricting the universe of services that may be offered by ambulatory care providers.  Below is a brief summary of some of the new proposals.

Read more . . .

Tuesday, October 22, 2013

Koch v. Sheehan

On October 22, 2013, the New York State Court of Appeals decided the case, Koch v. Sheehan, 2013 NY Slip Op 06804 (N.Y. Oct. 22, 2013).   In Koch, the Court of Appeals held that the Office of the Medicaid Inspector General (OMIG) was legally permitted to automatically exclude a physician from the Medicaid program, based solely upon a Consent Order entered into between the physician and the New York state medical licensing board (OPMC), regardless of whether or not the Consent Order provided that the physician’s license be suspended or revoked.
Read more . . .

Monday, October 7, 2013

Certificate of Public Advantage (COPA) Regulations

As integration and collaboration among healthcare providers, payors and other healthcare entities increase due to state and federal healthcare reform initiatives, so too have significant concerns arisen among market participants relating to antitrust liability.   Examples of such collaborations could include: (1) the sharing, allocation or referral of patients, personnel, instructional programs, resources, facilities and equipment; (2) the implementation of clinical integration programs and payment mechanisms; (3) asset or stock acquisitions, mergers and joint ventures; and (4) joint negotiation efforts by providers against payors.  Depending on the facts, circumstances and relationship among the parties to such agreements, the participants may be susceptible to claims of anticompetitive conduct and/or violations of federal antitrust laws.

Read more . . .

Thursday, August 1, 2013


Physician practices are frequently advised to know the requirements for obtaining reimbursement from a payor for services rendered and to have necessary documentation in place to withstand an audit. But do you know the same holds true to withstand a HIPAA audit of your practice conducted by the U.S. Office for Civil Rights? In other words, every physician practice should know the minimum requirements of the HIPAA Privacy, Security and Data Breach Notification rules and be prepared to prove compliance should OCR come calling. OCR’s audit protocol is extremely comprehensive but, as a starting point, you should make sure you have forms, policies and procedures in place to implement the following:


Privacy Rule requirements:

Notice of Privacy Practices

Revised Notice required as of September 23, 2013

Patient rights to request restrictions on disclosure of PHI

Certain restriction requests must be granted

Patient rights to access their PHI

Special rules apply for EHR

Uses and disclosures of PHI

Special authorizations apply for certain disclosures

Accounting of disclosures

Accountings differ when an EHR is involved

Amendment of PHI

Protocol required for responding to patient requests to amend

Business Associate Agreements

Revised agreements to reflect new definitions and subcontractors

Training of personnel, including physicians

Documented training must occur upon hire and at least annually


Security Rule requirements:

Administrative safeguards

Mandatory security risk assessment

Workforce security and training

Contingency plan

Security awareness and training

Physical safeguards

Facility access control

Workstation use and security

Device and media controls

Technical safeguards

Access control

Transmission security

Encryption analysis

Secure patient portals


Breach Notification Rule requirements:

Protocol for responding to a security incident

Data Breach Notification Policy and Procedures required

State laws must be addressed

Risk assessment to determine whether a breach has occurred

New factors must be applied

Steps to take when a breach has occurred

Documentation of the investigation must be maintained

Notification of affected individuals, HHS and the media

Timeframes must be met


If you are missing any of the above in your HIPAA Compliance Program, your practice will be at risk come September 23, 2013.
Read more . . .

Archived Posts


© 2019 Weiss Zarett Brofman Sonnenklar & Levy, P.C. | Disclaimer
3333 New Hyde Park Road, #211, New Hyde Park, NY 11042
| Phone: 516.627.7000

Healthcare Law | Business Law | Our Team | Publications | Contact Us

Law Firm Website Design by
Amicus Creative