AG: I wrote a recent edit memo about the idea that with government money comes oversight and having to live up to expectations set by others. My question is, what do you think the government will require in terms of oversight of these programs? Hospitals and physicians will have to prove meaningful use, but will that be a yearly event? Will there be snap inspections like JCAHO does on the pure clinical side? Will the government ever attempt to recover some of its money if an organization falls out of compliance?
ES: The law says that a meaningful user has to be able to document meaningful use. And while I hate to bring it up, if you falsify your documentation to the government, it triggers all of those program-integrity aspects of dealing with government health programs. I don’t think that funds which are offered as incentive payments will be exempt from the False Claims Act, fraud and abuse laws, you name it.
SF: We think the regulations are going to specify whether it’s by an affidavit or what kind of proof there has to be, but I don’t think that’s going to be a big issue.
ES: I can almost assure you that there will be a certification at some level, and a false certification submitted to the government creates big problems.
AG: JCAHO, at this point, comes in and checks that hospitals meet certain standards. I believe there are surprise visits, they come in and make sure everything is clinically proper. Do you picture a program like that, where there would be random inspections?
ES: I do not. I didn’t see anything in the law that suggested the government is going to do site surveys or inspections or anything like that. I mean, they simply don’t have the resources to do it.
AG: Do you think they have resources to run this program, as much as we know of it now?
ES: Yes, I do. In terms of what it is that has to be done. I mean they’ve got to staff up in the Office of the National Coordinator, but they’re going to run it out of that office, and they have appropriated funds for that office in amounts that exceed anything that has been done in the past. And CMS is going to clearly play a big role on the payment side. CMS has – that’s a big bureaucracy there, they’ve got a lot of people. I suspect that they’ll be a part of it.
SF: I think they’re going to be very busy; they’ve got a lot of regulations to write over the next 10 months, so they’re going to be pretty busy during that time.
AG: We’ve seen cases before with the Stark relaxation, where the guidance was not sufficient to get people to move. They were concerned about their nonprofit status, and it was only about six months later that the OIG clarified it to the point that there was some movement. Is it possible that the guidelines which come out will have some holes in them that cause people not to move forward, and we may see some deadline sliding as we’ve see in other cases?
ES: I think that’s always a risk. I mean the Stark exception, to which you referred, was an unusual set of circumstances because you had exempt organizations who had to account to the Internal Revenue Service, essentially making resources available to physicians who are not exempt, and there’s that whole body of law with that. What you described unquestionably happened, and it took the IRS a while to get caught up with everybody else in that process. I don’t see that happening here because, if you will, the funds flow is much more precise, it’s much more vertical, it’s money to hospitals, it’s money to physicians and those types of pathways for the flow of money have been well established under the Medicare program for many, many years. They do know how to get money to providers.
AG: Is there anything else that I’m missing that you want to touch on?
SF: I would say there are a couple of important issues that hospitals still need to think about that are major changes. One is the breach notification rules, because now, for the first time, there are federal breach notification rules that govern what happens if PHI that’s held in an electronic health record is breached in some way. That’s brand new. Some states have had that, but now there are federal rules that govern that and they talk in very great detail about who has to be notified, what the form of the notification is, what the timing of the notification is. So hospitals are going to need to develop policies and procedures, if they don’t already have them, that govern that whole area of breach.