Government’s Emerging Triple Play–Why Every Doctor Should be Concerned

Government’s Emerging Triple Play–Why Every Doctor Should be Concerned


The reach of the government in recovering payments under the False ClaimsAct (FCA) seems to be entering into a new era based on a number of seemingly disparate developments working their way through U.S. Attorney’s offices, the federal trial courts and courts of appeals as well as a currently pending case in front of the U.S. Supreme Court. The individual and collective implications of these developments amount to a greater likelihood of FCA actions being brought, particularly, against individuals or entities that might have gone unnoticed in the past, as well as the likelihood of obtaining larger fines.


While there are many broad medical related industries whose constituent members can be subject to the FCA (considering the fact that 17% of GDP lands in the medical arena), and thereare many millions of invoices that are submitted to Medicaid and Medicare on a monthly basis, I believe that in reading this post it is important to view the implications of the developments discussed with a particular eye towards the individual and collective medical billing that reaches Medicare and Medicaid.


By way of introduction, the FCA in very simplistic terms is a statute which allows the government to seek recourse against individuals or entities that billed the government improperly (hence the term “false claims”). The penalties under the statute can be extremely onerous because it allows for $5,500 – $11,000 per incident as well as treble (triple) damages for what the government paid. To be clear, to the extent that a series of false invoices are submitted to the government, each invoice would qualify as a separate claim which would require the defendant to pay a mandatory penalty for each false claim.


To illustrate the scope of how onerous FCA claims can be, I will list a few recent settlements and set forth the amounts for which they were settled:

  • Pfizer and its subsidiary Wyeth agreed to pay $785 million to the federal government and state Medicaid programs to settle FCA claims that they failed to report to Medicaid certain drug rebates that were given to hospitals.
  • Dignity Health, which operates hospitals and ancillary care facilities, agreed to pay $37 million to the government settle FCA claims that it submitted false claims to Medicare and Tricare by admitting patients who could have been treated on a less costly, outpatient basis.
  • DaVita Healthcare Partners, Inc., the largest provider of dialysis services in the U.S., agreed to pay $450 million to settle FCA claims that itcreated unnecessary waste in administering the drugs Zemplar and Venofer to dialysis patients, and then billed the federal government for the avoidable waste.


Historically, FCA claims were primarily brought on behalf of the government by whistleblowers.  The cases are commonly called qui tamactions, and the whistleblower is known as the “relator”.  A thumbnail sketch of the qui tam action is that an individual can initiate a lawsuit against a person or entity who they suspect is violating the FCA. The case is initially filed under seal, and the government has a chance to intervene and take over the case. If the government declines to take over the case the individual has the ability to maintain the case (essentially in the name of the government).   The whistleblower is rewarded by receiving a certain percentage of the government’s ultimate recovery. The percentage varies and depends on whether the government intervened and the extent to which the whistleblower contributed to the prosecution of the case.  In more simple terms, the government has essentially deputized and incentivized anyone with knowledge of a false claim to come forward and blow the whistle.


Three New Developments


Moving past the introduction to the FCA (which many of you may have been aware of, and if so, I apologize for not starting at this point), there are a number of developments that have very far-reaching implications.


First Development    An Assistant U.S. Attorney for the District of Maryland, Thomas F. Corcoran, recently stated the government’s displeasure with the fact that to a large extent it is in the reactive position with respect to FCA claims, because the government is in large-part dependent on whistleblowers initiating a claim or otherwise relating false claims. Mr. Corcoran said the district was tired of having whistleblowers “determine the direction of our FCA cases”. In an effort to take a more proactive stance, the U.S. Attorney’s office in Maryland has begun to data mine various available public records using algorithms to flag anomalies with respect to various bills submitted to the government. While at first glance this may appear to be nothing more than a question of role reversal, and in-fact one might argue that the government itself might not even be more aggressive than the many individuals who can potentially obtain commissions for ultimate government recoveries, there is an additional facet through which this development can be viewed. Essentially, there may be numerous cases in which an individual or investigator might not otherwise be able to isolate any suspected or actual wrongdoing, but an algorithm can red-flag certain circumstances, which will lead to an investigation and a provider or entity facing the challenges and rigor of government scrutiny either because of their misdeeds or because they were flagged through an automated data mining process.


Let’s face it, data mining will unearth top billers of Medicare merely because in every category that can be reviewed someone has to be at the top.  And, if we were to imagine billing and reimbursement as a bell curve, there are always going to be the outliers, irrespective of any wrongdoing.  These top billers and outliers are likely to be flagged and investigated.  The take away from this development is that the government’s reach can rise to a higher order of magnitude, and the potential burdens on providers will increase, irrespective of the accuracy of a “false claim” allegation.


Second Development: The second development relates to the government’s or a whistleblower’s ability to assemble a randomand relatively small but statistically relevantdata sample of all of the claims raised in a pending FCA case, and prove liabilitywith respect to all of the claims based on thatrandom and small statistical sampling.


In June of 2015 afederal district court in South Carolina held, in the case of United States ex rel. Michaels v. Agape Senior Community, Inc., et al., No. 15-238 (L) (0:12-cv-03466-JFA), that establishing liability under the FCA cannot be made by proving the falsity of a relatively small portion of the claims through statistical sampling. Instead, the whistleblower must provide an analysis of all individual claims.  The net effect is that the cost of bringing the case is increased as every single false claim alleged in the FCAcase must be documented and prosecuted with the proofs that the random small sample would require. The whistleblower estimated that the cost of an expert review of all of the claims alone would be between $16.2 million – $36.5 million.


The Court of Appeals for the Fourth Circuit (which covers South Carolina, North Carolina, Maryland, Virginia and West Virginia) will be addressing this case and use of sampling in FCA cases.  Several federal district courts have ruled both ways on the issue of sampling; however, the pending Court of Appeals case could result in the first federal appeals court decision directly addressing the issue.


If sampling is ultimately allowed, obviously this can reasonably lead to very large settlements if the potential downside is either not worth the fight or the potential loss is too great for the organization to bear.


Third Development: The third development relates to one of the elements of an FCA claim. Essentially, the FCA requires that the claim being submitted be “false” or “fraudulent”. The question that has arisen is what makes a claim actually “false” or “fraudulent”.Obviously, if someone works 100 hours and bills for 200 hours, or submits an invoice for goods or services that were never provided, the majority of people would concur that the claim was false or fraudulent.


However, the question becomes much more nuanced when claims are submitted that could be the result of oversight, accident, miscommunication, or a long list of other situations that result in a mistake but would not necessarily reach the level of “false” or “fraudulent” within the meaning of the FCA.


The question of the falsity of claims arose in Universal Health Services, Inc. v. United States ex rel. Escobar, a case that was brought in the federal district court inMassachusetts.  The district court’s decision was appealed to the Court of Appeals for the First Circuit(which covers the states of Massachusetts, Rhode Island, New Hampshire, and Maine).  The basic holding of the Court of Appeals was that if and to the extent a claim for payment is submitted to the government, it inherently means that the providerhas impliedlycertified that it is in compliance with all rules and regulations that are a condition of payment.  Accordingly, the provider has violated the FCA if it has not actually complied with those rules and regulations which are a condition of payment


There is a split in the Circuit Courts of Appeal regarding thevalidity of the implied certification theory, and the U.S. Supreme Court granted certiorari to review the decision of the First Circuitin Universal Health Services, Inc. v. United States ex rel. Escobar.  Oral argument before the Supreme Court was held on April 19, 2016.

In addition to the First Circuit, the Second, Third, Fourth, Sixth, Ninth, Tenth, Eleventh, and D.C. circuits have accepted the implied certification theory in some fashion.The Fifth and Seventh circuits have found that implied certification is not a valid theory.


Because of the unfortunate passing of Supreme Court Justice Antonin Scalia there are three possibilities. The first is that the Court of Appeals’ decision will be upheld by a majority of the sitting justices in which case the implied certification theory will become the law of the land (thus expanding the reach of the FCA). The second possibility is that a majority of the justices will overturn the Court of Appeals in which case, subject to the particulars of the Supreme Court’s written opinion, the implied certification will be partially or totally limited.  The third possibility is that there will be a four – four tie decision in which case the circuits will remain split until another case reaches the Supreme Court. If the third scenario plays out,the location of where the FCA cases are initiated might be outcome determinative. The First, Second, Third, Fourth, Sixth, Ninth, Tenth, Eleventh, and D.C. circuits, which have accepted the implied certification theory in some fashion may permit a broader scope of liability by recognizing that claims may be false when a party impliedly represents compliance with a precondition to payment. The Fifth and Seventhmay limit the scope of the FCAby finding liability only when the party submitting a claim for payment expressly certifies compliance with a precondition of payment. For a list of which states fall under which circuits please see



In conclusion, as many of the readers of this post may be directly or indirectly involved in the vast medical world, it is self-evident that every time a doctor sees a Medicare or Medicaid patient there is a bill being submitted to the government. Over time, because of the quantum of incidents of billing as well as the aggregate amount being billed to Medicare or Medicaid, the FCA becomes a real issue.

This issue is particularly relevant if and to the extent that medical providers or similarly situated entities rely on office managers, frontline employees, or billing companies.

Please follow and like us:

Precluding a HIPAA Breach is not enough



A recent settlement between a Minnesota hospital system, North Memorial Health Care, and the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is highly instructive with respect to the liability of CE’s (covered entities), BA’s (business associates) and both the liability and interplay between them. Furthermore, it underscores the fact that although the HIPAA Omnibus Rule is a set of federal regulations, covered entities and business associates face further vulnerabilities because state attorneys general have in effect been deputized to prosecute claims for violations of HIPAA and HITECH.


Now for the story: In March 2011,North Memorial Health Care, a Minnesota hospital system, hired Accretive Health, Inc. to provide revenue cycle operations.In July 2011, an employee of Accretive, left an unencrypted laptop containing PHI in the back seat of a rental car parked in a bar and restaurant district in Minneapolis. The laptop was stolen. For those of you that follow current news about HIPAA breaches, the lost laptop saga and resulting HIPAA breach is all too common. However, it is important to remember that in the old days (2011) the lost laptop, HIPAA breach, need for encryption, and resulting consequences were not as well-known as they are today.


  1. In 2012, the Minnesota Attorney General brought an action against Accretive for the HIPAA breach, together with state law claims. The Minnesota Attorney General initiated the civil action pursuant to her authority under HITECH to bring claims on behalf of the state residents for violations of HIPAA. Ultimately, Accretive settled the case with the Minnesota Attorney General for $2.5 million.

This appears to be the first time an action was brought against a business associate under the provisions of HITECH that made business associates directly and statutorily liable for violations of HIPAA.

  1. In addition to the Minnesota Attorney General, the Federal Trade Commission brought an action against Accretive asserting that it had inadequate data security. In late 2013, a final consent order was entered which forced Accretive to establish a comprehensive information security programthat will be evaluated every two years by a third party for the next 20 years.
  1. Furthermore, OCR initiated an investigation of North Memorial Health Care following receipt of the breach report in September 2011. OCR’s investigation found that the hospital system failed to have in place a business associate agreement with Accretive and that it failed to perform a risk analysis to address all potential risks and vulnerabilities. This month, (March 2016) well over four years after OCR received the breach report, North Memorial Health Care agreed to pay a $1.55 million settlement


It is of particular interest that bythe time of Accretive’s breach in 2011, the HIPAA Omnibus Rulehad not been issued, therefore, although covered entities had to enter into a BAA(business associate agreement) with its business associates and take certain steps once a breach by the associate occurred, it could not be held directly liable for a breach by its business associate except for the contractual liability created by the BAA. Under the HIPAA Omnibus Rule issued in 2013, a covered entity may be directly liable based on both the stature and contract law.


Therefore, technically,North Memorial Health Care could not be held directly liable for the 2011 breach by its BA, Accretive. Nevertheless, by sheer virtue of the fact that the hospital system did not enter into a business BAA with Accretive and/or have a risk analysis, they will pay $1.55 million.


Post 2013, a CE may be held directly liable for breaches by its BA’s, in addition to liability for any other failure, including lack of risk analysis or business associate agreements.


In closing, we are not living in the olden days when HIPAA compliance was viewed as abstract, theoretical or aspirational- we have come a long way from 2011. But, the reality is that:


  1. Many CE’s and their respective BA’s do not recognize the ever increasing resources that the government is devoting to HIPAA audits and compliance, and the ease of any patient or whistleblower to report a breach. Let’s face it, we live in a digital world, and there are almost daily news reports of data breaches.
  2. CE’s and BA’s are not enclosed in a protected zone or cocoon;much to the contrary, healthcare information is of great value to computer hackers or a wrongdoer that finds a lost laptop.
  3. The importance of conducting a proper and robust risk analysis and entering into business associate agreements is ever increasing. If nothing else this case indicates that separate and apart from the liability of a data breach, CE’s and/or BA’s can be fined for failure to have a risk analysis or proper BAA’s
  4. There are numerous governmental agencies that can enforce HIPAA, HITECH and state statutes and regulations


Please follow and like us:

Texas Expands and Redefines HIPAA

The fact that HIPAA traces its origins back to 1996, seems almost insignificant. In fact, in the various presentations I have seen or participated in that begin with the history of HIPAA, my general reaction is – why bother, who cares about its origins.

However, I can identify one particular point about HIPAA’s origins that is of current interest.

The origins of HIPAA and the privacy of patient records began at a time when the digital world was relatively in its infancy, and the general focus of the law was on paper records.  The HITECH component was later added in an attempt to catch up with the then emerging digital technology.

However, HIPAA legislation starts with and focuses on information that is in the possession of a covered entity.

The HIPAA definition of a Covered entity is:

  1. A health plan.
  2. A health care clearinghouse.
  3. A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter of the Omnibus rule.

Typically, this straightforward definition is meant to mean a doctor or healthcare provider, or the entities referenced in (1) and (2) that by their nature receive or transmit health information. However, there are many other individuals and/or entities that are provided with an individual’s medical records. Obviously, the privacy and HIPAA coverage is extended to Business Associates and subcontractors with the caveat that they are downstream from Covered Entities. Medical information that does not flow from a Covered Entity may be covered by laws regarding the privacy of information, but they would not necessarily be covered by HIPAA, HITECH or the Omnibus Rule.

This gap seems to be mostly attributable to the genesis and development of HIPAA.

Based on the general understanding of HIPAA and its definition of a “Covered Entity” a plaintiff’s personal injury law firm that came into possession of its client’s medical records would not be subject to HIPAA. While the attorney might be subject to other restrictions on the privacy of legal records, as a general proposition those rules are not as restrictive as HIPAA, do not require a risk analysis, do not require privacy security and breach protocols and do not necessarily have the fines associated with HIPAA violations.

Texas recently passed revisions to the Texas Medical Records Privacy Act which in section 181 incorporates HIPAA but broadens the definition of a covered entity as follows:

“Covered entity” means any person who:

(A) for commercial, financial, or professional gain, monetary fees, or dues, or on a cooperative, nonprofit, or pro bono basis, engages, in whole or in part, and with real or constructive knowledge, in the practice of assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health information. The term includes a business associate, health care payer, governmental unit, information or computer management entity, school, health researcher, health care facility, clinic, health care provider, or person who maintains an Internet site;

(B) comes into possession of protected health information;

(C) obtains or stores protected health information under this chapter; or

(D) is an employee, agent, or contractor of a person described by Paragraph (A), (B), or (C) insofar as the employee, agent, or contractor creates, receives, obtains, maintains, uses, or transmits protected health information.

It seems that based on the expanded definition, Texas plaintiff’s personal injury attorneys would be subject to the additional requirements and/or restrictions and increased fines. Obviously, this expanded definition goes well beyond plaintiff’s personal injury attorneys. Examples might be cloud-based storage companies that become subject to the Texas law, software applications that store and/or utilize an individual’s medical records supplied directly by the individual, and the list goes on.

There may be other state laws which further expand the requirements of individuals or entities that possess ePHI, however these additional states are beyond the scope of this post.

Obviously, it is important to carefully read the Texas statute in its entirety, and understand its applicability on a case specific basis. However there is very little doubt that it dramatically expands the people and/or entities that are subject to HIPAA equivalent analysis, safeguards, and protection of ePHI and ePHI.

In addition, the importance of reviewing individual state laws is becoming more important and raises the question if the federal government will broaden the applicability of the current Omnibus Rule.

What do you think?


DISCLAIMER – This post and the analysis submitted are not a legal conclusion and should not be construed as such but are presented for discussion and informational purposes.

I am not admitted to practice in the state of Texas, I am not certain that my analysis is correct under Texas law, and invite any practitioners who disagree with my analysis to comment and explain why this analysis is incorrect. As always, legal advice and training should be obtained from licensed professionals within the jurisdiction. This post and the analysis submitted are not legal conclusions and should not be construed as such but are presented for discussion and informational purposes.


Please follow and like us:

While some entities are busy with HIPAA and cybersecurity — others are frolicking at patient’s expense



Nursing home workers have been posting abusive photos of elderly on social media


Ornstein is a senior reporter at ProPublica,, a nonprofit news organization in New York.

Please follow and like us:

There’s No Such Thing As a Free Lunch Do you think we can run this as is

Free Lunch

There’s No Such Thing As a Free Lunch – Especially from your Pharma Rep.

While the first part of this title was popularized by the 1975 book authored by economist and Nobel prize winner Milton Friedman, the totality of the title should leave a chilling and lasting impression in light of the following recent release.

Department of Justice
U.S. Attorney’s Office
District of Massachusetts
Thursday, October 22, 2015

Springfield Doctor Indicted in Anti-Kickback Case

BOSTON – A Springfield gynecologist was arrested today in connection with allegedly accepting free meals and speaker fees from a pharmaceutical company in return for prescribing its osteoporosis drugs, allowing pharmaceutical sales representatives to access patient records and lying to federal investigators.

Rita Luthra, M.D., 64, of Longmeadow, was indicted on one count of violating the Anti-Kickback Statute, one count of wrongful disclosure of individually identifiable health information and one count of obstructing a criminal health care investigation by lying to federal agents and directing an employee to do the same. The indictment also seeks $23,500 in criminal forfeiture.

According to court documents, from October 2010 through November 2011, Warner Chilcott, a pharmaceutical company based in Rockaway, N.J., allegedly paid Luthra $23,500 to prescribe its osteoporosis drugs, Actonel® and Atelvia®. On 31 occasions, a Warner Chilcott sales representative allegedly brought food to Luthra’s medical office for her and her staff, and paid Luthra $750 to talk with her for 25-30 minutes while she ate. On another occasion, Warner Chilcott paid to cater a barbeque that Luthra hosted at her home for her friends. Warner Chilcott also paid Luthra $250 for speaker training, despite the fact that she never spoke to any other physicians. It is alleged that Luthra’s prescriptions of Warner Chilcott’s osteoporosis drugs increased during the time that she was paid by the company, and precipitously declined once she stopped being paid. Luthra also allowed a Warner Chilcott sales representative to access protected health information in her patients’ medical files. She further provided false information to federal agents when interviewed about her relationship with Warner Chilcott, and allegedly directed one of her employees to also lie.

The charge of violating the Anti-Kickback Statute provides a sentence of no greater than five years in prison, three years of supervised release and a fine of $25,000. The charge of disclosure of individually identifiable health information provides a sentence of no greater than one year in prison and/or a fine of $50,000 and one year of supervised release. The charge of obstructing a criminal health care investigation provides a sentence of no greater than five years in prison, three years of supervised release and a fine of $250,000. Actual sentences for federal crimes are typically less than the maximum penalties. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and other statutory factors.

United States Attorney Carmen M. Ortiz and Phillip Coyne, Special Agent in Charge of the U.S. Department of Health and Human Services, Office of the Inspector General, Office of Investigations, made the announcement today. The case is being prosecuted by Assistant United States Attorneys Miranda Hooker and David S. Schumacher of Ortiz’s Health Care Fraud Unit.

The details contained in the indictment are allegations. The defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

Please follow and like us:

Cost of Stolen Laptop Hits record High

Laptop Theft

Massachusetts Lahey Hospital has agreed to pay $850K over a stolen laptop containing the ePHI of 599 individuals. That works out to over $1,400.00 per individual. It goes without saying that the 2011 incident led to an investigation that found numerous instances of noncompliance with HIPAA rules throughout Lahey Hospital, including a failure to conduct a risk analysis on all electronic protected health information (PHI) as well as a failure to safeguard a workstation that had access to ePHI. Equally unremarkable is the fact that the hospital also agreed to implement a corrective action plan that includes a full risk analysis as well as a risk management plan.

The risk of losing mobile devices is real, the lack of encryption is tragic, the apparent norm of a failure to have a proper risk analysis is almost the expected result of an investigation/audit, and the corrective action plan is to be expected.

However this incident traces back to 2011 – before there was heightened awareness of these issues and consequences.

The real issue is the current reality where many small, medium and relatively large Covered Entities think that breaches only happen to others, that they will never have a breach, that the likelihood of a random audit is too remote to worry about, and that they will never have to consider the cost of being wrong. The penalties seem to be rising, the associated legal expense, and ultimately the cost of a compliance agreement as well as reputational cost, may be more than many Covered Entities can sustain.

Please follow and like us:

Gene therapies offer dramatic promise but shocking costs from The Washington Post

Gene therapies


The Possibilities are Awesome

The Benefits are Incalculable

The Cost is Staggering

While Consistent with Outcome Based Reimbursement

Insurers taking on long term mortgages is Sobering and Transformative

Please follow and like us:

Big Pharma embraces Ticket Scalping



Apparently valuable vouchers for expedited drug approval are being traded/sold by and between Pharma companies.  The game is the same but the prices are staggering.


Please follow and like us:

Long Term Care Insurance – What You Don’t Know Can Hurt You

Long Term Care Insurance

It is readily evident that with the current advances in medical treatment, life is often prolonged and, unfortunately, quality-of-life does not necessarily keep pace with the medical advances. More simply stated, as our population grows older, the need for long-term care seems to be increasing, and therefore, considering Long-Term Care insurance becomes more important. There are cases, however, when Long-Term Care insurance (LTC) may come into play at a younger age.  A few examples that come to mind are auto accidents, chronic diseases, or disabling accidents.

Not all LTC policies are created equal, and it is important to understand the differences and deal with an experienced and ethical broker or a qualified consultant. In my experience, most people do not deal with consultants, thus dealing with the right broker is of paramount importance.

I will list a few (but not all) of the considerations in choosing an LTC policy.

  1. Most, if not all, policies have a lifetime cap, which means that the totality of benefits the insured is eligible for will be for a preset and limited amount of money and/or time. The difference between the two can be significant.
  2. Daily (or per diem) eligibility- this means that even if you are eligible to receive payment, there is a maximum payment that you will (or in certain cases, CAN) receive per day.
  3. Triggering events – different companies have different eligibility standards for an insured to be eligible for payment. Generally, they revolve around Activities of Daily Living (ADL) and include Dressing, Bathing, Transferring (moving in and out of a chair or bed), Toileting, Eating and Continence. The list of factors and number of factors that must be present can differ based on the policy. It is important to note that different companies and/or their field agents can interpret the ADL requirements differently. Is the ability to shower in a handicap outfitted shower enough even though the insured cannot lift his/her leg/maintain balance getting into a bathtub? My firm has dealt with issues like this on behalf of claimants. More simply stated a person may qualify for Long-Term Care under one policy but not under another.
  4. As opposed to life insurance and disability insurance, the rates for Long-Term Care insurance can be increased during the term of the policy. Rate increases are generally expected with  property, casualty and liability policies when they renew, I think it is important to at least try to mitigate a rate increase in LTC policies by understanding the financial strength/ratings of the company from which one seeks to purchase insurance. At a practical level, a person could theoretically have Long-Term Care insurance for a very long time, be hit with a significant rate increase, and find himself/herself neither able to afford the increased premium nor be able to purchase insurance from another company because of his/her age or (then) health status.
  5. Long-Term Care insurance is not disability insurance and the policies can vary dramatically. Very simply, if a person cannot work, or in other cases work in the areas in which he/she has training and experience, he/she may be eligible for disability insurance. That does not mean that he/she will not be able to take care of himself/herself. In addition, virtually every disability policy that is currently being sold does not pay benefits past the insured’s age of 65 or, in some cases, 67. The very basic understanding of Long-Term Care insurance is that the benefits should be available at whatever time or age they are needed as long as the policy is in force.
  6. Reimbursement depends on incurring any, some, or all of the expense. Depending on the policy, you may purchase an LTC Indemnity, Reimbursement or Disability type policy. A Reimbursement type policy, often referred to as an expense incurred policy will allow for payment based on allowed benefits the insured receives. The benefits paid are the lower of your daily or monthly allowable amount and the amount of expense incurred. For example, if the daily maximum is $300 and a spouse takes care of the other spouse without incurring expense is he/she eligible for payment? If the spouse spends $40 a day to hire someone for two hours, he/she will arguably recover $40 (the amount spent).

Unlike an expense incurred policy, in the event of a covered event with an Indemnity policy, the insured will receive the maximum per day as long as he/she incurred an expense for an allowed benefit or arguably, in the example set forth above, the $40 daily expense incurred will entitle him/her to the $300 daily maximum.

A Disability type LTC policy will entitle the insured to receive the maximum amount for any day he/she deemed to be eligible to receive benefits under the policy – irrespective of any expenses actually incurred.

Accordingly, there may be a significant difference if the cap (total) benefits are measured in dollars or time.

  1. LTC often allows people a nest egg to retain their wealth (as opposed to transferring wealth to trusts over which they have limited control or ability to derive economic benefit) reducing their concern that they will have to fund their medical care out of pocket – to the extent that other means are not available, e.g. Medicaid, Medicare or private insurance. (This point in and of itself should be discussed with attorneys who focus on this complex area of law. My firm does not generally focus on Elder Law but rather refer most cases to other firms.)


Taking all these factors into account, as well as the different prices for different policies creates a very complicated decision-making process, which may be mystifying or confusing to the uninitiated.  There are qualified brokers, however, who are ethical and honest in selling Long-Term Care, disability and life insurance policies. I know because in my practice I deal with brokers who pretty much run the full continuum. I am not here to advertise for or promote a particular broker, but would advise anyone looking for Long-Term Care or disability insurance to conduct some due diligence into the broker or advisor. My rule of thumb is that what separates the pros from the people seeking a “quick commission” can be easily seen when gathering information as to the time, effort and energy the broker is willing to devote when there is a claim years after the policies were sold.  Obviously, my law firm is not an insurance brokerage, and therefore, we refer inquiries to brokers who have the knowledge and ethics to place the client’s needs before their commissions.

This article is for informational purposes only, is not meant to dispense any legal advice, may be considered attorney advertising in certain jurisdictions, and is written to illustrate the various differences that there may be in varying policies as well as the importance to make a well-informed decision considering the many variables that should be explained by the insurance broker.


Please follow and like us:

HIPPA Interferes with Parental Rights – a HIPAA Train Wreck


A few months ago, I came across a number of articles regarding Washington state schools placing IUDs in girls as young as the sixth grade without their parents’ knowledge through a Medicaid program known as “Take Charge.” The story received considerable media play. I do not wish to get into either the necessity or the propriety of this story, although it is ironic that Middle and High school students can’t get a Coca Cola or candy bar at local public schools. My interest was (and still is) how this situation plays out with respect to both the Federal and State laws.

I believe that in the final analysis, based on prevailing law, not only was the IUD placement without parental knowledge or consent within the law, the startling part is that if this issue was disclosed to a parent without the consent of the minor (child) it might very well be in violation of the law. The analysis is somewhat complicated but I will try to break it down into human bites.

The first step is the Federal law regarding the privacy of patient records. Typically, Federal law supersedes State law, and therefore, we would only have to address the Federal law. The Omnibus Rule, however, allows for the stricter of Federal or State law with respect to patient privacy.

Under § 160.203 (“General rule and exceptions”), the protections afforded under the HIPAA Privacy Rule preempt the provisions of State law, except if certain conditions are met.  One of those conditions, as set forth in § 160.203(b), is that “[t]he provision of State law relates to the privacy of individually identifiable health information and is more stringent than a standard, requirement, or implementation specification adopted under [the Privacy Rule]”.

Under § 160.202 (“Definitions”), the term “more stringent” means, in comparing the State law and a provision of the Privacy Rule, a State law that meets one or more of certain criteria, which includes, a State law that, “[w]ith respect to any other matter, provides greater privacy protection for the individual who is the subject of the individually identifiable health information.  (See, § 160.202(6)).

We have established that to the extent that State law is more stringent with respect to protecting the privacy rights of the patient, the State law of Washington comes into play.

The general age of  majority in the state of Washington is 18 (as set forth in RCW 26.28.010), however there are specific exceptions, one of which is birth control services in which case, a minor’s consent is sufficient for confidential care, and the parent/guardian’s consent is not required, nor must the parent/guardian be notified. In fact, this rule holds true at any age. (RCW9.02.100(2)

It is apparent that Washington State law (at least as understood by the schools) interprets the reproductive privacy law to mean that anyone, including the child, has a fundamental right to choose or refuse birth control.

To round out the picture totally, the law further states that “if the patient is a minor and is authorized to consent to healthcare without parental consent under Federal and State law, only the minor may exercise the rights of the patient under this chapter as the information pertaining to healthcare to which the minor lawfully consented.” (RCW 70.02.130 (1))

The sum total of all of this information is that arguably in the state of Washington, a child of any age can allow for the placement of an IUD without parental knowledge or consent, and it is only the child that can consent to the release of that information from the medical practitioner to the parent/guardian. Presumably, a parent might ask for the child’s medical records, or the child might be brought to the doctor because of bleeding or any other symptom that is a consequence of an IUD, and the medical practice is prohibited from releasing this information to the parent without the consent of the child.  One can only wonder what the medical staff is supposed to tell the parents of an 11-year- old.

It would logically follow that if the medical provider, or his/her staff, in fact communicated the fact that the child had an IUD, it would be a breach under HIPAA.

I will leave it to the readers to decide if this situation makes any sense, what goals are achieved, and if this is just another example of the effects of unintended consequences.

Irrespective of anyone’s personal belief, this situation, at a minimum, underscores the fact that even when emphasis is placed on compliance with HIPAA, individual State laws must be complied with and both doctors and their staffs (as well as business associates) must be aware of operative State laws.


What do you think?


DISCLAIMER – This post and the analysis submitted are not a legal conclusion and should not be construed as such but are presented for discussion and informational purposes.

I am not admitted to practice in the state of Washington, I am not certain that my analysis is correct under Washington law, and invite any practitioners who disagree with my analysis to comment and explain why this analysis is incorrect. As always, legal advice and training should be obtained from licensed professionals within the jurisdiction. This post and the analysis submitted are not legal conclusions and should not be construed as such but are presented for discussion and informational purposes.

Please follow and like us:
« Older posts

© 2016

Theme by Anders NorenUp ↑