[ Wednesday, October 20, 2004 ]
Ask the HIPAAcrat:
Michael from Coral Gables asks: "When a hospital submits a cost report and they certify that they are in compliance with "laws and regulations regarding the provision of health care services" are they certifying that they comply with HIPAA? In addition, would a violation of HIPAA reduce or limit Medicare payments?"
My assumption regarding the language Michael quotes has always been that it is an attempt by the government to get a "Mother Hubbard" type of general affirmation that the hospital has complied with all laws. It's sort of like being sworn to tell not just the truth, but the whole truth and nothing but the truth. So help you God. I've never heard of any hospital being sanctioned specifically for violating that certification, since they're usually sanctioned for the actual violation of the law or regulations that makes the certification false, but I guess it could make a false claims action easier (since part of the claim is the certification, and if the certification is false the claim is false).
I think the certification is supposed to be all-encompassing, so HIPAA would be included in the certification. That said, I don't think a HIPAA violation in itself would likely be used to reduce or limit Medicare payments, for a couple of reasons. First, HIPAA has its own sanctions, which (if the violation is egregious) can be substantial. Secondly, payment refusal usually happens in a false claim action, and given the "reasonableness" and "scalability" attributes of HIPAA, it wouldn't make that convincing a claim to incorporate into a false claims action, certainly not as convincing as a Stark violation (where there isn't even a scienter requirement) or a Fraud and Abuse violation. HIPAA is still new, and it's amorphous, both of which make it a suboptimal candidate for the government to use for reducing or denying a Medicare payment.
Not to say that it couldn't happen. But I think the violation would have to be egregious, and/or the government would have to think that it wouldn't be able to levy or collect the fines specifically included in HIPAA for HIPAA violations, for the violation to result in payment denial.
Jeff [1:56 PM]
Blogger: HIPAA Blog - Edit your Template