Running a small business can be challenging enough. Running a healthcare business or a medical practice in Idaho is even more difficult. Each healthcare business must follow state and federal healthcare compliance laws and regulations. Though enacted to positively shape the healthcare landscape and protect patients, healthcare compliance requirements can be difficult to adhere to, in part because they are numerous and ever-evolving.
Understanding the compliance issues in healthcare is critical to protecting your business. Adopting regulations is often expensive, and noncompliance can have serious legal ramifications, including civil lawsuits, criminal charges, license loss, and jail time.
Below, we discuss five major regulatory compliance issues to be aware of. If you are running a healthcare business, working with an experienced attorney familiar with healthcare compliance issues can help you proactively navigate the laws and protect your business interests.
Key Healthcare Compliance Laws and Regulations
The following regulations are some of the main federal and state laws to be aware of and remain compliant with.
1. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law enacted to protect sensitive and personal patient health information and establish standards for its electronic transmission. Healthcare providers, electronic medical record companies, healthcare organizations, health plans, and their affiliates and subcontractors must comply with HIPAA.
The three main components of HIPAA are the privacy rule, security rule, and the breach notification rule. Healthcare providers must implement policies and procedures to protect the security and privacy of patient information.
Although it has been enacted for nearly three decades, HIPAA continues to create significant compliance issues in healthcare due to its many nuances and frequent updates to meet healthcare industry and technological changes. Data breaches, improper disposal of health information, lack of encryption measures, and failure to manage security risks are just a few examples of many compliance issues common in healthcare.
Despite these long-standing rules and regulations, it can be challenging for healthcare centers and hospital systems to stay in compliance due to new guidance being routinely distributed regarding specific parts of HIPAA. It is critical to stay in the know, but many healthcare systems struggle to do so.
Violations of HIPAA can result in thousands of dollars in fines, civil penalties, and criminal penalties. Some violations can even lead to jail time depending on the severity of the offense, the amount of harm caused, the degree of willful neglect, and prior compliance history.
Having knowledgable healthcare attorneys to help you stay abreast of HIPAA updates and work with clients to help ensure that their practices are compliant can be essential to the continued success of running and healthcare business.
2. Anti-Kickback Statutes
The federal Anti-Kickback Statute (AKS) prohibits exchanging any remuneration to incentivize or reward referrals connected to services or items reimbursable by federal healthcare programs, such as Medicare and Medicaid. The law aims to stop fraud and abuse and ensure medical decision-making is not improperly financially motivated. Examples of illegal kickbacks include cash payments, gifts, free or discounted supplies or services, or travel. Violating the AKS can be a felony and has severe penalties, including up to ten years in jail and fines up to $100,000.
Idaho has its own anti-kickback statute which prohibits either paying or receiving a payment in exchange for referrals for healthcare services, or providing services with the knowledge that the patient was referred in exchange for a payment. While the Idaho anti-kickback statute only carries the threat of a civil fine of up to $5,000, its reach is broader than even the federal statute, extending to kickbacks made for the referral of any healthcare service and not just those payable by federal programs such as Medicare or Medicaid
3. Stark Law
The Stark Law, also known as the Physician Self-Referral Law, is a federal law which generally prohibits a physician from referring patients to get designated health services payable by Medicare or Medicaid from entities the physician or an immediate member has a financial relationship with. The law also prevents an entity from billing Medicare for services rendered with an improper referral unless there is an exception. A financial relationship may be an ownership or investment interest in the entity or a compensation arrangement with the entity. Violations of the statute may result in heavy civil fines and exclusion from participation in federal healthcare programs.
4. The HITECH Act
The Health Information Technology for Economic and Clinical Health (HITECH) Act (2009) bolsters HIPAA by including penalties for data breaches and promoting the adoption of electronic health records (EHRs). HITECH focuses on the secure exchange of electronic health information and data protection through the adoption and use of health information technology. Violations of the Act can lead to civil and criminal penalties. A few examples of violations include disclosing protected health information (PHI) to an unauthorized third party, using or accessing PHI for unauthorized purposes, and failing to provide compliance reports or report breaches.
The HITECH Act brought with it tougher penalties for HIPAA violations, increasing the maximum financial penalty for a HIPAA violation to $1.5 million and adjusting the HIPAA violation fines annually to account for inflation.
5. Idaho Patient Act
The Idaho Patient Act (IPA) is a state law designed to increase transparency in medical billing practices. Under the IPA, Idaho healthcare providers must follow set procedures within specific timeframes before resorting to litigation against patients to collect unpaid medical bills. Penalties for non-compliance can be steep. If a medical provider is found to have willfully or knowingly violated the statute, the court can award up to three times the amount of the patient’s actual damages or $3,000, whichever is greater, plus the patient can recover their costs and reasonable attorney’s fees.
Avoiding Noncompliance and Penalties
Some ways to help ensure compliance with the various state and federal laws and regulations in the healthcare industry include:
- Policies—create and implement policies, procedures, and safeguards to support compliance;
- Employee agreements—execute agreements with employees to ensure they understand their responsibilities to uphold compliance;
- Training—train your employees and personnel on how to remain compliant and what to do in the event of noncompliance (and document all training);
- Quick response—if noncompliance occurs, respond immediately to mitigate and correct any violation; and
- Timely reporting—if there is a breach, report it timely and complete proper documentation.
While it is not required to hire an attorney, engaging an experienced healthcare attorney may increase your chances of mitigating risks and maintaining compliance with complicated state and federal healthcare laws.
Every Idaho medical provider is subject to some or all of the state and federal healthcare compliance requirements. With rapid changes in the healthcare industry and the relevant laws, it is essential to stay up-to-date to avoid possible violations, fines, and penalties. The success of your business may depend on the success of your regulatory compliance. Smith + Malek’s team of experienced healthcare attorneys are well-versed in the nuances of Idaho and federal healthcare laws and regulations. Since 2015, we have helped hundreds of clients successfully navigate the complex lattice of healthcare regulations. Let us partner with you to ensure your healthcare business is compliant and your interests are protected.
Resources:
Physician Self-Referral Law (Stark Law), 42 U.S.C. § 1395nn, link.
Idaho Patient Act, link.