Health Law Checkup
August 2009
 

 

In this issue…

October 1, 2009 Deadline Looming Prohibition of “Per Click” and Percentage Arrangements for Space and Equipment Lease

FTC’s Red Flags Rule Applies to Health Care Entities, Effective Date Postponed to November 1, 2009 (Postponed from August 1, 2009)

 

 

October 1, 2009 Deadline Looming Prohibition of “Per Click” and Percentage Arrangements for Space and Equipment Lease

As of October 1, 2009, physicians or their immediate family members will be prohibited from directly or indirectly being a party to any percentage-based or “per click” equipment or space lease with any provider to which the physicians refers “designated health services” (“DHS”).  Centers for Medicare and Medicaid Services (“CMS”) also noted that it considers “on demand” block leases to be the equivalent of per click leases.  In recent years, many transactions have been structured with the lease rental payment based on a percentage of revenue, billings, collections or profits, or a per click or usage basis.  If these ventures involve referring physicians and DHS, they will need to be restructured to fair market, fixed-rate arrangements before the October 1, 2009 deadline.

CMS made clear the prohibition on per-click or percentage payments applies regardless of whether the physician is personally the lessor or has an ownership or investment interest in an entity that is the lessor.  However, one bright spot for per-click providers is that CMS clarified that it will not prohibit per-click arrangements involving non-physician-owned lessors to the extent that these lessors do not refer patients for DHS.  CMS also clarified that it will not prohibit per-click payments to physician lessors for services rendered to patients who were not referred to the lessee by the physician lessors.  Some parties may want to investigate the feasibility of developing two separate compensation structures, one for patients referred by physician owners (such as a block lease arrangement) and one for patients referred from other sources.

CMS did not extend the prohibition against percentage-based fees to other arrangements (such as billing and management services agreements), though it previously stated that it intends to monitor all percentage-based fee arrangements, other than those for personally-performed services, and may choose to limit such arrangements in the future.

While the new rules reach only percentage based per-click and “on demand” rental agreements, CMS has also indicated that it will continue to study whether to propose additional rules regarding block time leasing arrangements.

Since the rules do not provide for a grandfathering of existing arrangements, any such existing arrangements that do not comply with the new rules must be restructured or unwound prior to the effective date of October 1, 2009. If you have any questions on the subject of this article, please contact the author or another Snell & Wilmer attorney at 602.382.6000.

 

FTC’s Red Flags Rule Applies to Health Care Entities, Effective Date Postponed to November 1, 2009 (Postponed from August 1, 2009)

The Federal Trade Commission’s Red Flags Rule is a federal rule requiring certain businesses that extend credit to consumers and maintain consumer accounts to develop and implement identity theft prevention programs.  The Rule applies to the health care sector and will take effect on November 1, 2009. 

The Rule applies to any “creditor” that maintains a “covered account.”  The Rule broadly defines a “creditor” as any business that extends, renews, or arranges for credit, including all entities that permit people to buy now and pay later—like physicians and hospitals.  The Rule defines a “covered account” as accounts maintained primarily for a consumer’s personal, family, or household purposes that involve or are designed to permit multiple transactions, or accounts in which there is a reasonable risk of identity theft.  If the Rule applies, the Rule requires that the business develop and implement a written program to prevent, identify, and mitigate identity theft evidenced by “Red Flags,” and to periodically monitor and update the program.  “Red Flags” include the following:

  • Notifications, alerts, or warning from others, such as consumer reporting agencies, patients, victims of identify theft, or law enforcement, about possible identity theft in connection with covered accounts.
  • Suspicious documents or personally identifying information, such as documents that appear to have been forged or altered, or that appear to be inconsistent with a patient’s appearance or other identifying information in the patient’s account.
  • Suspicious pattern of activity indicating possible identity theft, such as a complaint regarding receipt of a bill for another individual, a bill for services not received, or mail that is returned repeatedly as undeliverable.

Medical identity theft most often occurs when someone uses another person’s name or information to obtain medical services or to buy drugs.  It can also occur, however, when health care workers and physicians use stolen medical information to file and collect false claims.  Accordingly, health care providers must have identity theft prevention policies appropriate for the size and complexity of their practice that complement their existing procedures protecting the confidentiality of personal health information.  Best practices include verifying patient identity at the time of registration (by requesting photo ID, insurance card, and evidence of current residence) and immediately removing false information from a patient’s chart.  In addition, health care providers must periodically update their programs to reflect any changes in risks to covered accounts, such as perceived changes in the methods of identity theft, changes in the methods to detect, prevent, and mitigate identity theft, and changes in the types of accounts that are maintained.  If your business uses outside vendors, such as debt collection agencies, to perform activities in connection with covered accounts, you should ensure that such vendors have reasonable policies and procedures in place to detect, prevent, and mitigate identity theft.

Health care providers should act quickly to implement and refine written policies and procedures that ensure compliance with the Red Flags Rule before November 1, 2009.  If you have any questions on the subject of this article, please contact the author or another Snell & Wilmer attorney at 602.382.6000.

 

line
 
   
   

Sara Agne
602.382.6026
sagne@swlaw.com

line
 
line
 
 
Snell & Wilmer L.L.P.
Snell & Wilmer offices