The end of 2018 saw major developments in some of health care's key areas, from cybersecurity to medical cannabis. As another year begins, here are some of the significant developments over the past year that are likely to impact health care providers in 2019.

Missouri medical cannabis legislation

On November 6, 2018, Missouri voters passed a ballot measure legalizing the manufacture, sale, and use of medical cannabis products. The measure amended the Missouri Constitution to allow state-licensed physicians to recommend medical cannabis to patients who have a "qualifying medical condition" which includes cancer, glaucoma, HIV/AIDS, any terminal illness, and "any other chronic, debilitating or other medical condition" as determined by a physician. The Missouri Department of Health and Senior Services will oversee granting licenses to operate cannabis product manufacturers, cultivators, and retail businesses and has yet to release implementing regulations. Missouri joins more than 30 states that have passed medical cannabis laws.

Revisions to Medicare supervision requirements

In its 2019 Medicare Physician Fee Schedule (MPFS) Final Rule and subsequent guidance, CMS has loosened the supervision requirement for diagnostic tests performed by a certified Registered Radiologist Assistant or Radiology Practitioner Assistant from personal physician supervision to direct physician supervision to the extent permitted by state scope of practice law for such practitioners. This rule applies to all Medicare beneficiaries who are not hospital inpatients and is effective January 1, 2019. Providers will need to check their state scope of practice laws to determine if the reduced supervision requirements apply.

Clinic visits and the 2019 OPPS Rule

In the 2019 Hospital Outpatient Prospective Payment System (OPPS) final rule, CMS eliminated the exception allowing certain off-campus PBDs to bill for clinic visits under the OPPS. In this change, CMS will pay all clinic visits provided at PBDs at the lower MPFS rate. CMS will implement this change over a two-year period, with payments in 2019 at approximately 70% of the OPPS rate and payments in 2020 at approximately 40% of the OPPS rate.

Anthem data breach debacle settles for millions

In October 2018, Anthem agreed to pay $16 million to the U.S. Office of Civil Rights (OCR) to settle alleged HIPAA violations stemming from a 2015 data breach affecting nearly 79 million individuals. Hackers first accessed the protected health information (PHI) through spear phishing emails sent to an Anthem subsidiary. A single employee responded to the attacks which caused further targeted attacks using access inadvertently granted by that employee. OCR also determined Anthem failed to mitigate the damage by not conducting an enterprise-wide risk analysis, failed to identify and respond to security incidents, and did not maintain sufficient procedures to monitor information system activity and access to PHI. The agreement marks the largest settlement reached with OCR over potential HIPAA violations and subjects Anthem to a HIPAA corrective action plan. This is the largest HIPAA settlement in OCR's history.

Illinois Supreme Court protects nonprofit hospital tax exemption

In a September 20, 2018 ruling, the Illinois Supreme Court in Oswald v. Hamer upheld a tax exemption for nonprofit hospitals when the value of charity care provided annually by a hospital equals or exceeds that hospital's estimated property tax liability. The Plaintiff argued that the exemption, codified at Section 15-86 of the Illinois Property Tax Code, was unconstitutional because the law does not require hospitals to be used exclusively for charitable purposes. The Illinois Supreme Court disagreed and upheld the exemption, helping Illinois nonprofit hospitals avoid a potentially sizable increase in their tax liabilities. Cases like this have appeared in other states and is a trend to follow in the coming year.

Kalispell fraud and abuse case ends in multi-million settlement

In September of 2018, Montana-based Kalispell Regional Healthcare System and six subsidiaries (KRH) agreed to a $24 million settlement to resolve allegations they violated the False Claims Act (FCA). The FCA action stemmed from allegations claiming KRH entered into arrangements with physicians that violated the Stark Law and Anti-Kickback Statute in which KRH compensated physicians in excess of fair market value and tracked the volume and value of referrals in "contribution margin" reports to determine base compensation and bonus levels for employed physicians. Additionally, the relator alleged that KRH sought to induce physician referrals by providing administrative services at below fair market value to an entity with physician investors.The case reflects the government's continued emphasis on noncompliant arrangements between hospitals and physicians, particularly when using "contribution margin" reports to determine physician compensation and provides another example of the risks associated with such noncompliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.