Any practice (whether medical, dental or orthodontic) that provides patients with the opportunity to log-on to the practice’s website for scheduling, bill payment or other information should note that, as of July 1, 2019, the patient’s login credentials (i.e., username/email address in combination with a password or answer to a security question) will be considered “personal data” under New Jersey law. The new amendment to the definition of “personal data” can be accessed here: Amendment to NJ Personal Data Law
As with other “personal data” of residents in New Jersey (such as social security numbers, driver’s license numbers, or credit card numbers in combination with a security code), any business storing such information has an obligation to inform the affected person when unauthorized access to electronic files containing such information has occurred that would compromise the security, confidentiality or integrity of the information. This obligation to inform also applies in instances where the business reasonably believes that unauthorized access of the information occurred (even if it cannot be confirmed).
In the event of an unauthorized disclosure (or “breach of security”), the business must notify the patient in “the most expedient possible and without unreasonable delay.” [N.J.S.A. 56:8-163(12)(a)].
This new amendment to the law is a reminder that practices should consider the privacy and security of health information and personal information to be a critical component of practice administration. Proper policies and procedures should be in place, staff should be properly trained, and the practice should address the security of its electronic systems and obtain meaningful cybersecurity insurance coverage.
With the rise of cybersecurity threats, it will continue to become more important for practices to properly, thoroughly and actively address the privacy and security of the health and personal data that they collect and store. Seek out experienced legal counsel to guide you and your practice through this process, including, but not limited to, implementing adequate safeguards and plans to limit the unauthorized disclosure of personal information.
The New Jersey Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act (the “Law”), New Jersey’s “surprise” medical billing law, went into effect on August 30, 2018. Among other things, it requires licensed health care professionals in New Jersey (including, but not limited to, physicians, physician assistants and nurse practitioners) that bill health benefits plans issued or delivered in New Jersey (“NJ Health Plans”) to make certain patient disclosures regarding participation in such plans. Additional patient disclosures are required for health care professionals who are out-of-network with a patient’s NJ Health Plan.
The Law also sets forth a “baseball-style” arbitration procedure to resolve disputes between health care professionals and NJ Health Plans over claims for reimbursement for (1) out-of-network emergency or urgent care services, and (2) “inadvertent” out-of-network services (such as on-call, radiology and anesthesiology services).
Please see our recently issued Health Law Alert on this matter for details on compliance with the Law, including the patient disclosure requirements and the arbitration process.
Pennsylvania’s Patient Test Result Information Act, which is set to take effect December 23, 2018, requires diagnostic imaging services providers that identify a “significant abnormality” in their test results to directly notify the patient or his/her designee within 20 days of the completed test, its review and its delivery to the ordering health care practitioner. The new law defines the circumstances under which a patient notice is mandatory, as well as required information and language that must be included in any applicable notice.
For more information regarding the specific requirements of the Act and its applicability to health care providers, you can visit our Fox Rothschild Health Law Alert. The full text of the Act can be accessed at this link.
On October 24, 2018, Congress enacted a new anti-kickback law that applies to many commercial health insurance plans, as well as Medicare and Medicaid. The law, known as the “Eliminating Kickbacks in Recovery Act of 2018” (the “Law”), was passed as part of the SUPPORT for Patients and Communities Act, which generally targets the national opioid crisis.
The Law makes it a criminal offense to do any of the following:
Solicit or receive any remuneration (including any kickback, bribe or rebate), directly or indirectly, in return for referring a patient or patronage to a recovery home, clinical treatment facility or clinical laboratory; or
Offer or pay a kickback to “induce” a referral of an individual to a recovery home, clinical treatment facility or clinical laboratory, or in exchange for an individual using the services of a recovery home, clinical treatment facility or clinical laboratory.
A “Clinical treatment facility” is broadly defined under the Law as essentially any non-hospital licensed facility that provides treatment for substance use. Penalties for each violation can include a fine of up to $200,000 and imprisonment of up to 10 years.
The Law has seven “safe harbors”, some of which are similar to the safe harbors under the federal Anti-Kickback Statute that is generally applicable to Medicare and Medicaid services. However, in contrast to the Anti-Kickback Statute, the safe harbor for employees and independent contractors under the Law expressly excludes from safe harbor protection any payment made to an employee or independent contractor that is determined or varies by: (1) the number of individuals referred to one of the above facilities; (2) the number of tests or procedures performed; or (3) the amount billed to or received from the individual’s health insurance plan.
Although the Anti-Kickback Statute prohibits conduct similar to that prohibited by the Law in the context of Medicare and Medicaid, the Law casts a wider net in the context of referrals to recovery homes, clinical treatment facilities and clinical laboratories, as it applies to many commercial insurance plans.
It remains to be seen whether and how this Law may be narrowed down in application. The U.S. Attorney General has the authority to issue additional safe harbor regulations under the Law, which could be used to clarify existing safe harbors. The Law may also be amended by Congress in the future.
In addition to having a significant impact on the clinical laboratory industry, the Law could affect physicians employed or engaged by recovery homes or clinical treatment facilities, or participating in an arrangement directly or indirectly involving referrals to such homes or facilities.
The New Jersey Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act takes effect today, August 30, 2018, and requires all licensed health care professionals in New Jersey (including physicians, nurse practitioners and physician assistants, among others) who bill health benefits plans issued or delivered in New Jersey to provide certain disclosures to patients enrolled in such Plans.
The Act also contains additional obligations for physicians, including with respect to billing certain out-of-network services. For more information regarding the Act’s impact on health care professionals and their employers, please see our Fox Rothschild Health Law Alert.