Interstate Medical Licensure Compact Commission proposes licensure process

The medical licensing tool aimed at expediting the process through which physicians can obtain licenses to practice in multiple states is one step closer to becoming a reality as more details of the process come into focus. Once it’s up and running, the Interstate Medical Licensure Compact will allow physicians licensed in one participating state to gain licensure in other participating states without having to repeat the entire licensing process in each state.

The Interstate Medical Licensure Compact Commission, which is responsible for the compact’s governing rules and administration, recently released a proposed process for expedited licensure through the compact and opened the period for public comments. The commission will consider the proposed rule at its meeting in early October.

The expedited licensure process

The basic process is the same as the one outlined in model legislation released two years ago, says Ian Marquand, chair of the Interstate Medical Licensure Compact Commission. Under the newly proposed process, a physician applies for expedited licensure via the compact through the state where he or she claims principal licensure. The state of principal licensure is where the physician resides, practices, is employed, or files a federal tax return.

"The physician will have to provide some information so that we can make sure that state is legitimately the state of principal license. A physician can’t willy-nilly pick a state in the compact," Marquand says. The applying physician will also have to pay the commission a service fee and submit to a criminal background check through a law enforcement agency, including providing fingerprints or other biometric data.

"There are no heavy applications at this point. The point of this is to make it much easier for a physician to get licensed in additional states and for much less time and energy expended," he says.

The principal licensure state would then review the applicant’s qualifications to determine if he or she is eligible for expedited licensure, perform a criminal background check, and issue a letter to the applicant and the compact commission verifying or denying the physician’s eligibility. Once the applicant receives that letter, he or she can then select from which member states to request expedited licensure and pay those states’ licensure fees. The relevant member boards would then issue full and unrestricted licenses to the applicant. Those licenses would be valid for as long as any other full and unrestricted license normally issued by that state board.

Application turnaround time

There is not a set amount of time to process the application for licensure through the compact due to several variables, Marquand says. These variables include how quickly the physician goes to a law enforcement agency to get fingerprinted, the amount of time necessary to complete the criminal background check and deliver the results to the medical board at the state of principal licensure, and how long it takes that state of principal licensure to review the criminal background check and the applicant’s other details (e.g., board certification and medical education).

A few test runs of the process have been performed in Marquand’s home state of Montana. "We find that it only really takes a matter of hours but it’s not the only thing our people have to do. So where it falls in the queue depends on how long it’s going to take for our people to actually get to do the work. That’s a variable. The communication between a state of principal license to compact commission and then compact commission to receiving state, I don’t think those should take very long at all."

In contrast, the applicant’s responsiveness will be a factor in the turnaround time. Marquand provides a hypothetical scenario to illustrate this point: Dr. Smith, whose state of principal licensure is Montana, applies for licensure in three additional states through the commission. He is prompt about providing his fingerprints and submitting to the criminal background check, which allows the staff in Montana to process his application fairly quickly. In a matter of days Dr. Smith is certified by the commission but then puts off paying the licensure fees.

"We can’t do anything until the fees have been paid. So if the physician is slow about paying fees, that’s on them, not on us," Marquand says. "But once the fees are paid and delivered to the receiving states, we don’t expect [the states] to take very long in issuing the license."

To help motivate physicians to stay on track with their applications, the proposed rule sets a 60-day limit for the applicant to submit all requested materials.

"With every application in the professional licensing world, there’s an expiration date on the application. It doesn’t sit there forever waiting for you to finish. If you don’t get it done, it expires. Putting a 60-day limit on that seems pretty reasonable to me," he says.

Returning to the example of Dr. Smith, Marquand says if the physician applies through the compact commission, pays the initial processing fee but then doesn’t have his fingerprints taken and is unresponsive to the commission’s requests for information for more than 60 days, the application is withdrawn.

"It put some onus on the physician to take some action. But will it take 60 days for processing? No, that’s just the time we give the physician to get any information that we need. But I can’t imagine that happening very often, if at all." Marquand says.

Once a physician is certified through the commission, that certification is valid for one year. This means that if Dr. Smith initially selects one compact state for licensure, such as Wyoming, and then decides six months later that he wants a license for Idaho as well, he will not have to reapply, Marquand says. Dr. Smith will simply need to inform his state of principal licensure?Montana?that he’d like to practice Idaho. The board in Montana will notify the commission and then Idaho will issue the license fairly quickly.

"The only thing that would preclude that would be if Dr. Smith gets in trouble with either the Montana or the Wyoming board and his license is suspended. Then his compact eligibility goes out the window," he says.

When a physician’s license is suspended, it is the responsibility of the member state in which the disciplinary action occurred to notify the commission, which in turn, would notify all the states in the compact. At that point, it would be up to each individual state to decide what to do.

"It’s presumed that reciprocal discipline will happen very quickly. So if Dr. Smith gets in trouble in Wyoming, Wyoming reports him to the commission and Montana would probably take very swift action to suspend his license there, Marquand says. "And if he’s licensed anywhere else in the compact, those states would have the option of doing the same. We want to at least make it possible for very swift action in all the states.

He adds that there are circumstances where reciprocal discipline is automatic, such as when a license from a state of principal licensure is revoked, suspended, or surrendered. In such cases, states can change that automatic action to something else, if they choose. So while states would have some discretion, it may come after an initial action.

Physicians who retain clean records and maintain their qualifications would be able to obtain licenses in as many compact states as they want within a year of achieving certification from the commission, as long as they’re willing to pay the fees.

Work to be done

Some details of this process have yet to be finalized. For example, the amount of the commission’s processing fee has yet to be determined. The commission will likely take up this issue by the end of the year.

"Each individual state within the compact also needs to have its own discussion of whether it wants to charge an application fee to cover the cost of reviewing the physician’s qualifications," Marquand says. In Montana there is a proposal put forth for a $ 100 fee. That proposal still needs to go through a public comment period and receive final approval from the state medical board.

After considering the provisions of the proposed rule, the commission will have several options: Adopt the rule as-is, adopt it with amendments, send it back to the committee for more work, or scrap it completely.

"I’m certainly optimistic that the commission will adopt these. And whether there are any changes suggested to them through comments, we’ll deal with them. I think the commission is anxious to get these rules in place and move on to the next topic," Marquand says.

If the commission decides that the proposal requires significant changes, the rule could be brought back to the commission as early as December.

Work on the application portal for expedited licensure is also underway but an open date has not been announced, Marquand says. However, the commission has set January 2017 as the target date for the first licenses to be issued by a member state using the compact process.

To assist with all the work that remains to be done, the U.S. Health Resources and Services Administration (HRSA) recently announced a $ 250,000 annual grant for three years to help the commission get up and running. The grant, which was requested by the Federation of State Medical Board, underwrites the cost of the commission.

"That takes a huge load off on us as commissioners. We know that through that grant there will be money available to cover technical costs, meeting costs, and maybe even staff costs for the next three years," Marquand says. He forecasts that after the three years, the commission should be able to stand on its own financially and operate on the service fees it collects.

Telemedicine

Often the Interstate Medical Licensure Compact is discussed in the same breath as telemedicine but Marquand emphasizes the distinction between the two. The compact relates exclusively to licensing and therefore does not provide any rules, regulations, or even any guidelines on the use of telemedicine. Although physicians or health organizations may want to use it to allow their own practice or corporate practice to expand into more states, they will still need to follow the regulations of those states once licensed.

"I understand that there may be benefits of the compact for physicians who want to do telemedicine in more places, but that’s not specifically why the compact exists. The compact exists for licensed physicians to get licenses in other states quickly and efficiently, regardless of what kind of practice they want to do," Marquand says.

He recalls this topic came up at a press event in Washington, D.C., designed to promote the compact to members of Congress and major healthcare organizations. When the question was posed of who would be the major user of the compact?large healthcare organizations that want to use telemedicine, or individual physicians who want to expand a practice across state lines either in person or by telemedicine?the answer that came back was it would likely be both.

"Here’s how I look at this: Think of two parallel highways. On one, there are physicians using telemedicine. The compact is on the other, with ramps between them," he explains. "The folks on the telemedicine highway may take a ramp over to the compact highway to get additional licensure, but then they’ll get back on the telemedicine highway."

Moving forward

As this issue of CPRLI went to print, 17 states have enacted compact legislation and nine others have introduced it. Marquand is optimistic more will adopt legislation.

"There are a couple that haven’t quite got to the finish line and we understand there are going to be states that are on the sidelines, waiting to see what the commission does and see how the compact really works," he says.

That’s why Marquand says the work the commission is doing to get the compact up and running is so important. The successful operation of the compact will be the commission’s biggest promotional tool for convincing additional states to participate. The hope is to bolster the case for joining once the commission has concrete figures on time frames and the number of licenses issued.

Protecting your facility from successful plaintiff litigation

Identifying red flags within credentialing applications can be the first step to protecting yourself and your facility from a successful plaintiff litigation. In the on-demand webcast, Negligent Credentialing: Best Practices to Prevent Successful Plaintiff Litigation, expert Mark A. Smith, MD, MBA, FACS, discusses ways to recognize issues within a credentialing application that require immediate action or additional questioning. Smith also provides best practices an organization should adopt to prevent credentialing-based lawsuits.

At the end of this on-demand program, participants will be able to:

Identify at least three red flags in credentialing applications that require action or explanation

Know what a negligent credentialing claim entails

Assemble the necessary documentation to help combat negligent credentialing

For more information or to order this webcast on demand, visit http://hcmarketplace.com/negligent-credentialing-best-practices-to-prevent-successful-plaintiff-litigation.

OCR ramps up HIPAA enforcement efforts

The Office for Civil Rights (OCR) stepped up HIPAA enforcement in a big way this year. The agency handed down more than $ 5 million in HIPAA settlement fines in one week in March, and in July reached a HIPAA violation settlement with Advocate Health Care in Illinois that carried a $ 5.55 million payment. OCR kicked off phase two of its HIPAA Audit Program and will likely complete desk audits of covered entities (CE) and business associates (BA) by the end of the year. Comprehensive on-site audits may occur early in 2017.

However, breaches continue to come at a relentless pace and questions have arisen about OCR’s handling of HIPAA violations, particularly repeat HIPAA offenders. And a truly permanent HIPAA audit program may not yet be in sight: OCR states that phase two audits will help the agency plan for a permanent audit program but doesn’t state when that might launch.

In a September 2015 report (https://oig.hhs.gov/oei/reports/oei-09-10-00510.pdf), the Office of Inspector General (OIG) said OCR?and the U.S. Department of Health and Human Services (HHS) as a whole?should strengthen its oversight of CEs and be proactive rather than reactive in its approach to HIPAA enforcement. The report found that in 26% of closed privacy cases, OCR did not have complete documentation of corrective actions taken by CEs. In addition, OCR’s case tracking system has significant limitations and makes it difficult for the agency’s staff to check if a CE under investigation has been the subject of previous investigations.

All of this may make some CEs and BAs feel that HIPAA compliance is merely optional, and that leads to a weaker privacy and security culture throughout the industry. Although OCR does take action to make its presence felt, it could do more, Frank Ruelas, MBA, principal of HIPAA College in Casa Grande, Arizona, says.

"I do believe that OCR is trying to let people know that it considers HIPAA compliance an important objective," he says. "With its guidance and ongoing alerts about the occasional enforcement actions here and there, I see OCR’s enforcement a small step above being a paper tiger in terms of how seriously people take it."

The waiting game

The OIG’s September 2015 report wasn’t the first time that agency has found fault with HHS and OCR’s methods, Kate Borten, CISSP, CISM, HCISSP, founder of The Marblehead Group in Marblehead, Massachusetts, says.

"OIG has published a number of reports over the years, identifying problems with HHS’ oversight and enforcement of these HIPAA rules," she says. "I know of no one in the profession who reads the OIG reports and disagrees."

But HHS and OCR have been slow to take action. More than five years passed between the end of phase one of the HIPAA Audit Program and the announcement of phase two, and OCR still has obligations it’s failed to fulfill. The agency’s slow pace may lead some to take it, and HIPAA, less seriously.

"Since the latest round of rule changes back in 2010, over six years ago, there are still outstanding rules and unmet commitments by HHS and OCR," Ruelas says. "In the end, it not only erodes credibility but also questions just how seriously is OCR taking its enforcement duties."

Another day, another fine

HHS and OCR regularly announce breach settlements, but 2016 saw a flurry of high-profile and costly settlements. OCR took the opportunity to make examples of a number of CEs and BAs in its statements, calling attention to the particular violations that tipped the settlements into the hundreds of thousands, or even millions, of dollars.

Although the settlements grab attention and headlines, it may be difficult to determine their positive impact. Some of the HIPAA violations in question date back years. Staff who worked at the organization, and may have been involved in the breach, are likely gone. Even administrators, executive leaders, and owners may change in that time. Some organizations may see OCR’s enforcement actions as too little, too late, Mac McMillan, FHIMSS, CISSM, cofounder and CEO of CynergisTek, Inc., in Austin, Texas, says.

"We all want the same thing: to see our industry do better," he says. "This is just more of the same old, same old. Same issues, different players."

A HIPAA settlement fine might be a crushing blow to a physician practice or small home health or physical therapy organization, but even the largest fines might not make an appreciable impact on larger organizations, McMillan says.

"To be really impactful, there will probably need to be more, they will need to happen closer to the actual event they’re related to, and possibly the fines will need to be bigger," he says. "The fines levied were really not substantial fiscally, and there was no accountability for those responsible for making security decisions, so they pay and move on."

Borten agrees that the long period of time between when a breach is reported and when OCR takes action lessens the impact. "The response or punishment must rapidly follow the event to have a significant impact on future behavior," she says.

Although some find California’s short breach notification timelines and black and white faxing rules burdensome, these measures have caused CEs and BAs to change their behavior and improved privacy and security, McMillan says.

Some CEs and BAs may be willing to take the chance they won’t be caught, Ruelas says. "I truly think that people see enforcement a lot like getting hit by lightning. However, if it does occur, it tends to be a game changer and does make for an interesting day."

But whether the change is meaningful or widespread may be difficult to determine, and any alteration to OCR’s HIPAA enforcement practices would likely be an improvement, he adds.

Learning from others’ mistakes

However, CEs and BAs can get something out of HIPAA settlements. Conscientious entities will fulfill the terms of the corrective action plan and even improve on it. And other CEs and BAs can take valuable lessons from OCR’s breach announcements. The agency often draws attention to specific issues that led to the breach, levies a pricey fine, and points out how the organization could have avoided the problem in the first place.

"HIPAA enforcement actions are important teaching tools," Borten says. "Workforce members can be asked if the same problem could arise in their organization, and how individuals can avoid the same fate."

Many privacy or security failures that lead to breaches are the result of human error and are still relevant regardless of when the breach occurred, she adds.

Although the security landscape has expanded beyond missing laptops and smartphones, Ruelas says there’s still a lot CEs and BAs can learn from these enforcement actions. Organizations may see ransomware, phishing, and privacy and security breaches on social media as the biggest threats?and rightly so. Yet many breaches still come down to 10-year-old HIPAA basics: misdirected faxes, incorrectly addressed emails, or handing the wrong documents to a patient.

While human error is still a concern, McMillan is most worried about the increasing number of breaches due to hacking, particularly the greater loss of data due to hacking and the effects such breaches have on the industry. "Human errors are still an issue, but the relative impact of those incidents compared to the impacts we see from hacking recently pales in comparison. Many of those attacks were the result of misconfigured or poor administration of systems resulting in serious outages and millions of lost records," McMillan says. "This is where OCR needs to focus attention."

Phase two

The launch of phase two of the HIPAA Audit Program may promise some positive change. The audits are intended to help the agency improve HIPAA guidance and tools and pinpoint common problems and challenges CEs and BAs face. Desk audits of CEs began in July, with BAs scheduled to follow in the fall. However, it may take 90 days after submitting documents for CEs to receive a draft audit report. Until then, it will be difficult to predict what OCR’s response to the audits might be.

The audit reports will not be made public, although OCR representatives indicated they will likely be available through a Freedom of Information Act request. Sharing some data might help CEs and BAs.

"I do think that if audit results can somehow be summarized and shared, just by their detailed nature, the audits can be wonderful sources of information for the HIPAA community," Ruelas says.

It took three years for the agency to update the audit protocols to reflect changes made by the HIPAA omnibus rule, he adds. It’s too soon to tell how long it might take the agency to revise or refocus its guidance based on the results of the phase two audits, but it would no doubt be beneficial for all CEs and BAs to see results sooner rather than later.

Establishing a permanent audit program is one of OCR’s responsibilities under HIPAA, and the agency’s failure to develop one has drawn criticism from the industry and from other regulatory agencies such as the OIG. OCR agreed with the OIG’s latest call for a permanent audit program. Phase two is an encouraging step in that direction, but still not quite enough.

"It has been very vocal on its commitment to establishing an effective and permanent auditing program," Ruelas says. "Let’s see if it really is going to walk the talk."

Legal and regulatory news roundup

Find out what’s happening in the world of federal healthcare regulations by reviewing some recent headlines from across the country.

EMTALA violations declining

The number of U.S. hospitals cited for violating the Emergency Medical Treatment and Active Labor Act (EMTALA) has decreased over a 10-year period, according to a study published in the Annals of Emergency Medicine. Researchers analyzed a list from CMS of EMTALA investigations conducted from 2005?2014 and found that the percentage of U.S. hospitals cited for violations citations decreased from 5.3% to 3.2%. The percentage of hospitals investigated also declined during this period from 10.8% to 7.2%.

EMTALA aims to prevent the practice of discharging or transferring patients to other hospitals before stabilizing treatment is provided for emergency medical conditions. It requires hospital emergency departments to provide medical screening examinations to patients seeking medical treatment regardless of their ability to pay, citizenship, or legal status.

Stark Law, EMTALA violation penalty amounts increase

Due to several years of inflation, the U.S. Department of Health and Human Services recently issued an interim final rule that calls for steeper maximum penalties for violating federal regulations, including EMTALA and the Stark Law.

For hospitals with more than 100 beds, the maximum penalty for an EMTALA violation is $ 103,139, up from the previous maximum of $ 50,000 set in 1987. For hospitals with less than 100 beds, the maximum penalty is $ 51,570, up from $ 25,000.

Circumventing the Stark Law’s self-referral restriction can now result in a maximum penalty of more than $ 159,000, up from previous maximum of $ 100,000 set in 1994. Submitting claims in violation of the Stark Law can result in a penalty of nearly $ 24,000, up from $ 15,000.

Home health agency owner sentenced for healthcare fraud, kickbacks

Khaled Elbeblawy, the former owner and manager of three home health agencies in the Miami area, will spend 20 years in prison for his role in a scheme that fraudulently billed Medicare for millions of dollars.

Elbeblawy was sentenced to prison and ordered to pay more than $ 36 million in restitutions following his conviction in January of one count of conspiracy to commit healthcare fraud and wire fraud and one count of conspiracy to defraud the United States and pay healthcare kickbacks. According to evidence presented at trial, from 2006?2013, Elbeblawy and his co-conspirators claimed to have provided medically necessary home health services to Medicare beneficiaries through the three agencies: Willsand Home Health Agency Inc., JEM Home Health Care LLC, and Healthy Choice Home Services Inc. In reality, those services were either medically unnecessary or never provided. The conspirators also paid kickbacks to physicians, patient recruiters, and staffing groups for referrals of beneficiaries.

In all, Elbeblawy and his co-conspirators submitted $ 57 million in false or fraudulent claims and received approximately $ 40 million in payments. In 2012, Eulises Escalona, a former owner of Willsand and JEM, pled guilty to one count of conspiracy to commit healthcare fraud and was sentenced to 10 years in prison. Cynthia Vilches, former co-owner of Healthy Choice, also pled guilty to one count of conspiracy to commit healthcare fraud and is awaiting sentencing.

Healthcare systems calls for dismissal of antitrust lawsuit

Carolinas HealthCare System (CHS) has argued that the joint antitrust lawsuit filed against it by the U.S. Justice Department and the North Carolina Attorney General’s office has no basis. According to the Charlotte Observer, the lawsuit alleges CHS uses its size to drive up prices to prevent competition. CHS operates 10 hospitals in the Charlotte area. Its closest competitor, Novant Health, operates five.

The lawsuit alleges CHS uses its clout to encourage health insurers to steer patients away from other lower-priced hospitals and toward CHS hospitals.

In asking for a dismissal, CHS has said the lawsuit has failed to allege any actual competitive harm to the marketplace.

Exciting updates: More content, tools, and news at your fingertips!

The challenges healthcare professionals tackle each day don’t wait for solutions, and neither should you. That’s why Credentialing & Peer Review Legal Insider (CPRLI) is transitioning to a more frequent and robust publishing model this fall by combining with the Credentialing Resource Center (CRC)’s flagship publication, Credentialing Resource Center Journal (CRCJ), to create a single source for all your credentialing, privileging, peer review, and legal news, tools, and best practice strategies.

Your updated member benefits gain you access to expanded content and tools on CRC?with new resources added weekly to the website (www.credential-ingresourcecenter.com). Plus, as a CRC member you gain instant access to over 300 clinical privilege white papers, core privileging forms, Medical Staff Talk, and Credentialing Resource Center Daily (CRCD), CRC’s daily e-newsletter for medical staff leaders and MSPs. If you are already a CRC member, you will continue to receive the news and analysis you’ve come to rely on, plus expanded member benefits this fall.

To help readers keep tabs on available content, we will announce new articles in CRCD. At the end of each month, we’ll roll the corresponding weekly articles into a digital issue of the newly expanded 16-page CRCJ that mirrors the current digital format.

As a member of CRC, you can continue to download and print high-quality PDFs of the current issue, as well as several years of back issues of CRCJ and CPRLI, directly from CRC’s website. We’re looking forward to delivering your peer review and credentialing guidance in a timelier, efficient, and more convenient manner.

Stay tuned for additional details as we near implementation. In the meantime, feel free to contact Editor Son Hoang at [email protected] with any questions.

HCPro.com – Credentialing and Peer Review Legal Insider