As you’ve likely discovered, owning your own practice includes challenges far beyond what you learned in medical school. You’re running a business saddled with all the rules and regulations any company faces, plus many more related to the practice of medicine. Here’s a look at some of these physician office regulations.
HIPAA—the Health Insurance Portability and Accountability Act of 1996—was enacted to protect the confidentiality of an individual’s health information. It prohibits the release of personal health information without the individual’s authorization unless the information is related to treatment, payment or health plan operations.
Books have been written on the many components of HIPAA, so instead of digging into the details here, consider these examples of HIPAA violations of which you may be unaware—and which could have direct implications on how you run your practice. These real-life examples come from the National Law Review and Innovations in Clinical Neuroscience:
- Disclosing identifiable patient information on social media—specifically, responding to patient reviews on the practice’s Yelp page.
- Allowing pharmaceutical sales representatives access to patient charts.
- Failing to terminate a former employee’s access to patient health information—in this case, the web-based scheduling calendar.
Anti-Kickback Statute and Physician Self-Referral Law
Two similar laws are often discussed in tandem: The Anti-Kickback Statute prohibits remuneration, which includes anything of value, for product or service referrals, while the Physician Self-Referral Law (commonly referred to as the Stark Law) prohibits certain referrals where a financial interest is involved, according to the Office of Inspector General (OIG).
Both apply to any item or service covered by federal healthcare programs like Medicare or Medicaid. Both of these laws have evolved since first being enacted.
The Anti-Kickback Statute covers both parties that offer or pay remuneration and those that solicit or receive it. According to the OIG, intentions are a factor in determining liability under this law.
The Stark Law bars a physician from referring program beneficiaries (patients) of federal healthcare programs to any entity with which that physician (or family member) has a financial relationship. Examples include lab and imaging services, physical and occupational therapy, and inpatient and outpatient hospital services. Here, intent doesn’t matter.
Both laws may soon change. In 2019, the U.S. Department of Health & Human Services proposed updates that will, in theory, make it easier for providers to better coordinate care and, more broadly, embrace value-based models.
False Claims Act
The False Claims Act is what it sounds like. You are liable for penalties if you submit a fraudulent claim for payment to any U.S. government agency. Typical violations include upcoding and performing or ordering unnecessary procedures. Criminal penalties for submitting false claims include fines and imprisonment.
Be sure to note that:
- Billing below the correct level of service—for instance, consistently waiving Medicare copays—could constitute fraud.
- Simple clerical errors can get you in trouble—no proof of intent is required.
- Associates have an incentive to report you: Whistleblowers are allowed to collect a share of the penalties.
Telemedicine is relatively new, so regulatory, licensing and reimbursement issues remain unsettled. In fact, no two states define or regulate telemedicine the same way. Even at the federal level, legal and regulatory changes are underway. For instance, the Centers for Medicare & Medicaid Services (CMS) continues to update its rules regarding which telemedicine encounters are reimbursable.
But it’s still paying attention: In 2018, the OIG issued a report with a self-explanatory title: “CMS Paid Practitioners for Telehealth Services That Did Not Meet Medicare Requirements.” The OIG reviewed a sample of 100 claims, of which 31 did not meet Medicare requirements. No one was penalized, however.
CMS has posted a list of services payable under the Medicare Physician Fee Schedule for FY2020.
Physician office requirements
Many physician office regulations relate to what goes on inside your physical practice, from managing medical waste to hiring and firing employees. Here are three:
- Waste disposal – Various agencies have regulations regarding medical waste, including the Occupational Safety and Health Administration (OSHA), the Centers for Disease Control and Prevention (CDC) and the U.S. Food and Drug Administration (FDA). Surprisingly, the U.S. Environmental Protection Agency (EPA) does not. Moreover, according to the EPA, medical waste is largely regulated by the states. (The EPA provides a list of relevant agencies to get you moving in the right direction.)
- Prescriptions – Again, here you face an array of rules and regulations. For instance, state law governs who, besides doctors, can write prescriptions, while the FDA regulates interactions with pharmaceutical reps. To focus on just one area—storage of controlled substances—the Drug Enforcement Administration’s Diversion Control Division is clear: “Controlled substances must be stored in a securely locked cabinet of substantial construction.” Expect new laws and regulations to emerge to govern how you manage and prescribe controlled substances.
- Employees – From the tax code to the Americans with Disabilities Act, assorted rules and regulations at the federal and state level govern how you treat employees. In fact, the U.S. Department of Labor alone enforces more than 180 federal laws.
Navigating health laws
Feeling overwhelmed? That’s the logical response. You’re a physician, not a lawyer. You can’t be expected to manage this alone. A health law professional can help you navigate these regulatory complexities.