Call:  (407) 331-6620 or (850) 439-1001
Toll-free:  (888) 331-6620 

e-book thumbnail

Seven Things To Know When You Receive A Notice Of Investigation From The Department Of Health

Health Law Update September 2009


September 15, 2009




George F. Indest III, J.D., M.P.A., LL.M.
Michael L. Smith, R.R.T., J.D.
Joanne Kenna, R.N., J.D.

1. FTC’s “Red Flag Rules” On Identity Theft Apply To You!

The Federal Trade Commission Red Flag Rules that require creditors to institute programs to prevent identity theft become effective on May 1, 2009.  A physician is a creditor if the physician defers patient payments by billing for services or if the physician accepts the patient’s co-pay and bills the insurance company.  Under the rules, physicians must implement and maintain identity theft prevention programs designed to detect, prevent and mitigate identify theft.

2. Physician Practices Must Have Plans For Handling Health Data Breaches

Whether you are a solo physician in a small rural setting or an employed physician in a large urban hospital, starting September 23, 2009, if patients’ personal health data are leaked, you have to let them know.  This could mean sending a letter to patients affected or taking out an ad in the local newspaper, depending on the type of breach.  Additionally, even if a breach never occurs, the new rules require practices to have a plan in place–just in case.  The new breach notification rules, sanctioned by the American Recovery and Reinvestment Act, were issued by the U.S. Dept. of Health and Human Services in August, 2009.

3. New Law Requires Insurers To Pay Out-Of-Network Doctors Directly

Governor Crist recently signed a new law that requires insurers to send payments directly to out-of-network doctors when the patient has assigned the right to receive payment to the doctor.  Out-of-network physicians have frequently gone unpaid when insurers sent payment directly to patients.  The amount of compensation due to out-of-network providers continues to be a source of debate.  The bill, which amends Section 627.638, Florida Statutes, is S.B. 1122, effective July 1, 2009.

4. Prescription Drug Electronic Database Established

On June 18, 2009, Governor Christ also signed Senate Bill 462, which establishes an electronic database system to monitor prescriptions for controlled substances.  The new law is intended to reduce the black market in prescription medications originating in South Florida and to help reduce narcotics abuse.  The database should also make it easier for healthcare providers and law enforcement to identify patients who “doctor shop”.  Additionally, the new law will place limitations or prohibitions on some doctors from practicing in pain clinics.

5. Senate Bill 1986 Makes Significant Changes In Licensing Relating To Fraud, Medicaid Sanctions, Drug-related Offenses And Others

Passage of Florida Senate Bill 1986, effective July 1, 2009, makes sweeping changes to licensure laws, reporting laws, etc. for all licensed health providers.

6. Physicians Must Keep Charts On Family, Friends And Employees

Number 5 on the Board of Medicine’s Top 10 Laws and Rules Every Physician Should Know:  Physicians must keep charts on everyone they treat including family, friends and employees.  Board of Medicine Rules and Florida Laws require this.  A prescription creates a physician-patient relationship that, by law, requires a medical adequate record.  A copy of the prescription (even if it is called in) must be kept in the patient’s record.  Don’t lose your license over a simple matter like this.


The Florida Medical Association (FMA) has developed this checklist for physician practices.  Although no two practices are exactly alike, this checklist that can be used as a starting point for compliance with the Red Flag Rules.

____ Recognize that HIPAA is no longer the only federal law that requires your office to protect sensitive data and appoint a person to review the FTC’s Red Flag Rules and lead your compliance efforts.

____ Identify employees who are involved in verifying the identity of patients and “admitting” them to the practice as they arrive.  Involve these employees in the review of the red flags and development of a compliance plan.

____ Create a procedure for detecting when red flags occur in your practice.

____ Develop a policy that outlines how your practice will respond when red flags are detected.

____ The policy and procedure should be appropriate to the size and complexity of the practice of the practice and its activities.

____ Set an internal deadline for reviewing the policy and procedure to ensure that the program is updated periodically to reflect changes in risks.

 ____ Document approval of your new red flags policy and procedure by your Board of Directors, your officers or a committee of the Board.

 ____ Train staff, as necessary, to effectively implement your policy and procedure.