California tightens law on carelessness with patient records

The Los Angeles Times’ Patrick McGreevy reports on the California Legislature’s response to multiple reports throughout 2008 of unauthorized access to medical records. According to some reports, Governor Schwarzenegger has taken a personal interest in the new legislation after his wife, Maria, was among several celebrity patients whose records were accessed, leaving little doubt that the bills will be signed into law and will take effect as planned in January 2009.

One of the bills, A.B. 211, establishes a new agency, the Office of Health Information Integrity (OHII), and empowers it to levy administrative penalties against healthcare providers (individuals and entities) for violations of new Health & Safety Code § 130203, which requires “[e]very provider of health care” to “implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient’s medical information” and to “reasonably safeguard confidential medical information from any authorized access or unlawful access, use or disclosure.” OHII is authorized to impose penalties established in the Confidentiality of Medical Information Act (Civil Code § 56 et seq.) for violations. OHII is also authorized to send recommendations and evidence to the Medical Board (or other appropriate licensing entity) for “further investigation or discipline,” which transmissions will be deemed “investigative communications,” protected under Government Code § 6254.

The other bill, S.B. 541, creates a new administrative penalty for hospitals, home health agencies, hospices and licensed clinics that fail to “prevent unlawful or unauthorized access to, and use or disclosure of, patients’ medical information.” The penalty for violation is $25,000 per patient, with a cap of $250,000 “per reported event.” The fine is to be levied by the Department of Health Care Services (DHCS), which must consider a number of factors, including the provider’s history of compliance, the extent to which the provider detected violations and took steps to immediately correct and prevent past violations from reoccurring, and factors beyond the provider’s immediate control that restricted the facility’s ability to comply with the law. In addition, once the provider determines that a violation has occurred, the provider must notify both DHS and the patient(s) whose medical information was unlawfully accessed, used or disclosed within five days following the provider’s discovery of the access, use or disclosure. Failure to notify the patient in a timely manner can result in penalties of $100 per day until notification (up to the cap of $250,000).

Recommended Action: Providers need to ensure that safeguards are in place to prevent breaches to patient confidentiality. Until the UCLA Medical Center cases, snooping into medical records had failed to attract serious attention. In light of the sustained public interest and resulting governmental attention to the issue of invasions of patient privacy, it is reasonable to expect a surge in patient complaints and in investigations and enforcement actions by the newly created OHII, the Medical Board, and other licensing agencies. Providers need to ensure that they are in strict compliance with the requirements of HIPAA and the CMIA.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson counsels healthcare providers on HIPAA, CMIA, and other compliance issues. For additional information, please contact Fenton & Nelson at harry@fentonnelson.com

©Harry Nelson 2008

FDA Conservatism in Drug Approval Process Constrains Physicians

In the aftermath of “high-profile drug scares” such as Vioxx in recent years, the Food and Drug Admininistration (FDA) has become increasingly conservative in its approval of new drugs. (“Sick Patients Need Cutting-Edge Drugs,” Wall Street Journal 8/23/2008) . Gregory Conko, senior fellow at the Competitive Enterprise Institute, describes the difficulty faced by patients unable to gain admission to clinical testing programs for experimental drugs in obtaining “compassionate-use” exemptions to receive unapproved medicines.

With a drop in FDA drug approvals (53 in 1996 and 39 in 1997, only 16 in 2007 and 18 expected in 2008), access to new drugs seems to be getting worse as a result of increased fear that serious drug risks may not become apparent until additional rounds of testing. A proposed federal statute, the Access, Compassion, Care, and Ethics for Seriously Ill Patients Act (“ACCESS”), H.R. 6270, would make beneficial new drugs earlier once they pass Phase I of FDA approval and have preliminary evidence of their effectiveness, may significantly increase physician access to experimental drugs.

Recommended Action: In light of more active FDA enforcement, providers need to take care that they are not placing themselves at risk of FDA action through the use of unapproved drugs. Prescription or dispensation of unapproved drugs, barring a change in federal law, exposes providers to criminal liability. Even if ACCESS or other changes in the law ultimately afford greater access to new drugs through a preliminary approval process, providers should always take care to ensure that full informed consent is obtained and documented carefully for all drug usage, and that informed consents call attention to the status of the drug and any off-label usage.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson counsels healthcare providers on FDA and other compliance issues. For additional information, please contact Fenton & Nelson at harry@fentonnelson.com

©Harry Nelson 2008

Making Good Decisions About When to Settle Lawsuits

A recent New York Times article reports the results of an interesting study that every healthcare provider (and every person) eager to go to trial — and reluctant to consider negotiated resolution of litigation — should read. According to an article by Jonathan Glater, most parties to civil lawsuits make objectively wrong decisions when they decline to settle cases.

The study reviewed over 2,000 cases that went to trial between 2002 and 2005. Reviewing the quality of decisionmaking by plaintiffs, the study found that, in the vast majority of cases where plaintiffs decline settlement offers and proceed to trial (61% of the time), they end up with less money than they had been offered in settlement. While defendants erred in going to trial less frequently (24% of the time), the results in those cases were far worse: $1.1 million in additional costs for defendants, as opposed to $43,000 in lesser gains for plaintiffs. When the additional costs of attorneys’ fees are factored in, these numbers may understate the extent of erroneous decisions.

Recommended Action: Although the study raises questions about the quality of attorney advice and client decision making, it is frequently the case that considerations other than accurate forecasting of outcome play into decisions about whether to go to trial. Often, the emotional aspects of disputes lead clients to overvalue their own cases or to be reluctant to acknowledge the position of the other side. The study highlights the importance for attorneys to advise clients carefully about the risks of litigation and for clients to listen when their attorneys counsel conservatism. Any healthcare provider reluctant to settle a case, whether as plaintiff or defendant, ought to think twice in light of this study.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson represents healthcare providers in healthcare and business-related litigation. For additional information, please contact him at harry@fentonnelson.com

©Harry Nelson 2008

Is Advising Patients to Stop Smoking Becoming Standard of Care?

TheNew York Times reports on the trend of plastic and cosmetic surgeons refusing to operate on patients who smoke based on reduced blood supply to the skin and related complications. According to the article, the trend has accelerated over the past five to ten years to the extent that Dr. Patrick McMenamin, the president-elect of the American Academy of Cosmetic Surgery, claims that, although it may have been acceptable 25 years ago, today many surgeons would deem it malpractice to perform flap surgery on a known smoker. The article describes how some physicians are even going to the extreme of obtaining urine tests to verify cessation, rather than relying on checking skin condition and smell to detect nicotine.

Recommended Action: The trend of refusing to operate on smokers raises a question of how standard of care is defined and how it evolves. The question is relevant both for malpractice purposes (where plaintiffs must establish that the standard of care has been breached in a particular case) and disciplinary licensing actions (where, in California, a single gross departure from standard of care or repeated simple departures will support a disciplinary action by a licensing board).

Generally, standard of care is defined as the prevailing understanding among similarly qualified, reasonably prudent practitioners in a given community as to how patients in similar circumstances should be treated. It can be difficult to ascertain what the standard of care is without identifying how practitioners in a particular community are treating patients. In many cases, there may be a range of acceptable options from which to choose that are within the standard of care. Applying this standard to the issue of smoking cessation, plastic and cosmetic surgeons should consider whether and, if so, how the standard of care on this issue may have evolved or be evolving.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson counsels healthcare providers on regulatory compliance and business matters. For additional information, please contact him at harry@fentonnelson.com

©Harry Nelson 2008

California Assembly passes the Donda West Law

Assembly Bill 2968, known as the Donda West Law, passed the California Legislature on August 14, 2008 by wide margins (37-1 in the Senate and 73-0 in the Assembly). The new law, which applies to both dentists (Business & Professions Code §1638.2) and physicians (Business & Professions Code §2259.8), awaits signature by Governor Schwarzenegger.

Until now, most plastic surgeons and cosmetic dermatologists required their patients to obtain physical exams and clearance as a prerequisite to performing a procedure. Under the Donda West Law, the law now reflects this standard. The law permits the physician performing the procedure to perform the exam, although many plastic surgeons and other cosmetic doctors opt to have the patient’s primary care physician or another doctor perform the exam. The law was amended in the Senate to permit the physical exam to be conducted by a certified nurse practitioner or licensed physician assistant.

Recommended Action: Physicians (and dentists) should take care to ensure that the documentation of a physical exam, including a complete medical history, is part of every patient’s file prior to performing any cosmetic procedure. .

Harry Nelson is a partner in Fenton & Nelson, LLP. Harry conducts audits and training programs for plastic surgeons and cosmetic healthcare providers to ensure effective risk management and compliance in medical practice. For additional information, please contact him at harry@fentonnelson.com

©Harry Nelson 2008

Providers Need to Exercise Caution with Healthcare Marketers

Recent accusations of Medi-Cal fraud at three hospitals in Southern California have attracted national attention. At the heart of these Medi-Cal fraud charges are healthcare marketers who allegedly recruited homeless patients with Medi-Cal beneficiary cards for unnecessary medical services and then “dumped” the patients.

Recommended Action: Notwithstanding the sensational nature of the charges, the lesson that all providers should draw from the experience of the hospitals and administrators at issue is the danger inherent in working with unscrupulous healthcare marketers. Providers need to be careful in ensuring that their marketing avoids the use of personnel or activities that could remotely be construed as “capping” or “running” (i.e. recruitment or solicitation of patients without regard to medical need). In addition to the risk of criminal liability, Medi-Cal, Medicare, and other payors will ultimately hold providers financially responsible for repayment of the costs (and risk of potential fines) for any unnecessary services rendered.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson counsels healthcare providers on issues related to healthcare marketing. For additional information, please contact Fenton & Nelson at harry@fentonnelson.com

©Harry Nelson 2008

Violations of patient privacy spur legislative action

The Los Angeles Times’ Charles Ornstein has been reporting for months on an ever broadening discovery of unauthorized access to patient medical records at UCLA Medical Center. The problem initially came to light with reports of unauthorized review of Britney Spears’ psychiatric hospitalization records, for which numerous employees were terminated and medical staff members were disciplined. Next came reports of unauthorized review of Farrah Fawcett’s medical records during treatment for cancer. If the public interest in this issue was not sufficiently high already, the matter has become a focal point of government attention following recent disclosures that Governor Schwarzenegger’s wife, Maria Shriver, is the latest victim.

In light of these developments and the ongoing attention being paid to these serious problems, it should not come as a surprise that the California legislature is review proposed new laws, including creation of a new state governmental agency, to enforce patient privacy rights with respect to medical records.

Recommended Action: Providers need to review their compliance with existing medical records privacy requirements, both under federal (HIPAA) and state (CMIA) requirements. Although confidentiality of medical records has received historically relatively little attention from regulators over the past two decades (CMIA was enacted in 1981), it can no longer be deemed a low priority. In the current environment, providers cannot afford to attract attention from government regulators with lax privacy safeguards.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson counsels healthcare providers on HIPAA, CMIA, and other compliance issues. For additional information, please contact Fenton & Nelson at harry@fentonnelson.com

©Harry Nelson 2008