As physicians, you face enormous pressure that goes well beyond just the practice of medicine. Where in the past you only needed to be concerned about protecting yourself and your own reputation, now you must also make sure that your practice and your employees are protected. Today, you need to view your practice as a business—something you were probably never taught in medical school—and ensure that you are adequately guarded against the mounting risks.
Aside from the threat of litigation from alleged medical malpractice, there are a rising number of lawsuits involving employment practices, medical practice administration regulations and privacy and data security. The scenarios below in all three areas illustrate the importance of taking steps to protect yourself and your practice against potentially devastating financial outcomes.
I. Employment Practices
Any business that hires employees—especially medical providers—needs to be extra careful to protect against a myriad of employment practices claims. These include situations related to termination of employment, violation of employment discrimination laws, sexual harassment, and invasion of privacy. Lawsuits relating to employment practices have been increasingly generating large awards, and the defense of these claims can be costly. Yet, many medical practices are operating without any protection against this risk. Think about the following scenarios, and the likelihood that a similar situation could arise in your practice.
Sexual harassment charge from nurse practitioner who allegedly “stole” patients
A male private-practice OB/GYN employed a nurse practitioner for several years before she left to open her own practice. Claiming she was “stealing” his patients, he sent her a cease and desist letter—to which she responded with graphic allegations of sexual discrimination and harassment, including facts that indicated he had terminated her when she refused his advances.
Front-office worker charges discrimination
An employee alleged that a medical practice had discriminated against her on the basis of gender, pregnancy and disability, and that she had suffered harassment and retaliation. These charges were detailed in a demand letter, which was followed by a Department of Fair Employment and Housing charge, and finally a lawsuit from the former employee. The litigation became more complicated when one of the medical practice’s partners appeared to be taking the side of the ex-employee.
II. Medical Practice Administration
Medical practice administrators are required to comply with some complex regulations and requirements, including proper billing, coding and documentation, the Stark and Anti-kickback Laws, HIPAA and FTC “Red Flags.” On top of that, Regulatory Audit Contractors (RACs) are now auditing physicians to recover Medicare dollars for overpayments and/or “medically unnecessary” care, with the RACs receiving a percentage of any provider overpayments. If you have not yet prepared yourself for an audit, now is the time, even if you feel “it couldn’t happen to my practice.” All practices that submit claims to government programs are likely to be reviewed at some point by a RAC.
If one of the following scenarios happened at your practice, are you prepared to cover the fines, penalties and defense costs?
No over-utilization found, but hefty attorney’s fees
A physician who allegedly over-utilized certain procedure codes was requested to pay more than $750,000 in reimbursements by Medicare. This alleged over-utilization was discovered in the doctor’s routine post-payment review conducted by a fiscal agent of the Federal Medicare Program, which focused on the appropriateness of Medicare payments made to specific providers over a selected time period.
The physician retained an attorney to challenge the allegations, and two years later, Medicare recalculated the amount to about $636,000. Then, after another two years of additional appeals and an appearance before an administrative law judge, the review findings were dismissed and Medicare was ordered to reimburse money to the doctor. Still, the physician wound up paying $75,000 in attorney’s fees plus the fees of an independent consultant to review the records.
Free football game costs pulmonologists
Two pulmonologists who accepted tickets to a professional football game and meals in exchange for referring their patients to a durable medical equipment supplier were charged with violating the Anti-Kickback Law. The physicians entered into a three-year Integrity Agreement to resolve their liability and paid $182,000 in fines.
Physician fined for alleged remunerations for MRI/CRT referrals
A physician allegedly solicited and received remuneration in exchange for referring beneficiaries to an imaging center for MRIs and CRT scans. The doctor entered into a five-year Integrity Agreement to resolve the alleged violation of the Stark Law and paid $275,000 in fines.
III. Privacy and Data Security
Because of the explosion of the Internet and transportable devices such as laptops, flash drives, Blackberrys and iPhones, the threat of confidential information winding up in the wrong places has skyrocketed. Reports of data breaches and accidental releases of sensitive medical and financial information have soared in just the past year alone.
Consider the following scenarios, keeping in mind the fact that if your practice experiences a data breach, you may be required to notify your patient population of the occurrence, and you may need to provide credit monitoring for each patient potentially impacted.
Unsecured website costs provider
A provider contracted with a software vendor to develop and maintain an online system to capture demographic and other patient health information—to help with scheduling appointments. However, the website was not properly secured by the vendor, and anyone visiting the site could view patient information. One of the patients filed a regulatory complaint against the provider, after which the regulatory agency immediately contacted the provider about the proprietary information available to unauthorized users, requesting that the site be immediately shut down. The provider then contacted the software vendor, which promptly corrected the defects in the program—but wound up paying $25,000 in notification costs and $42,000 in attorney’s fees.
Patient information stolen from orthopaedic practice
As many as 100,000 patients at a large orthopedic practice were warned to protect themselves against identity theft after tapes containing patient information were stolen while in transport to an off-site storage facility. Patients’ personal information, including social security numbers, employer information and health insurance plan numbers were among the information stolen. Patients were told to place 90-day fraud alerts on their accounts at the three major credit bureaus.
Rehabilitation center exposed sensitive information
Investigators with the Office of the Attorney General discovered that a local rehabilitation center exposed more than 4,000 pieces of its customers’ sensitive information, including social security numbers. The state’s investigation was launched after reports from the local police department indicated that bulk customer records were dumped in garbage containers behind a local building. The records also included credit and debit card information.
With the myriad of laws and regulations and the growing scrutiny by Medicare, Medicaid and regulatory agencies—not to mention our litigious society—even the most well-intentioned physicians need protection from the cost of fines and legal fees.
And as with any other type of insurance, all coverage is not created equal. While standard insurance packages may be available for coverages like employment practices liability, there may be coverage that has been customized to your specific needs as a physician. Many times, these types of medical practice coverages can be obtained at reasonable rates, making the security and peace of mind that comes from adequate protection well worth the investment.
Take the time to learn what types of coverage are available, and what is needed at your specific practice. Your broker can be a valuable resource, as he or she will be knowledgeable about the types of coverage available in New Jersey. Your broker can also help identify which providers can offer meaningful risk management services that will help you minimize the risks of claims and incidents from occurring. In these times of increasingly complex healthcare requirements and regulations, protecting your practice against business risks for employment practices, medical administration and data privacy makes good business sense.
Patricia Costante is the Chairman and CEO of MDAdvantage Insurance Company of New Jersey in Lawrenceville. For more information, visit www.MDAdvantageonline.com.