Optometry in the Telemedicine World

Amanda Howard, Esq.

During COVID-19, many doctors and patients opted for telehealth/telemedicine appointments instead of in-person appointments. The trend has seemed to stick. Today, many patients and providers prefer telehealth/telemedicine appointments. The convenience and efficiency of such appointments is hard to beat, especially when certain providers have the capability to deliver the same or similar quality of in-person meetings through teletechnology. Patient/provider interactions that do not always require physical contact with a patient or equipment tend to be better suited for telemedicine. It’s not surprising then that mental health clinicians, gastroenterologists, neurologists, and radiologists used telemedicine the most during COVID-19 out of all major specialties.

It’s also not surprising that optometrists used telemedicine the least. The question permeating the optometry world is: are telemedicine appointments equivalent to in-person appointments? Are there technologies available that allow optometrists to conduct eye exams? Even if there are, do the technologies available meet federal and state standards of care? Whether a technology is available or suitable is two different things. While taking a patient’s history and examining pupils to a certain degree is doable, conducting refractive tests, retinoscopy’s and visual acuity tests have inherent limitations.

On the other hand, consider the situation in which an optometrist is out of town, and a patient has a swollen eyelid. The patient’s description of the problem alone may not be enough to distinguish between an allergy or a stye. That’s where telemedicine comes into play. Whereas in years past, the patient would have to wait for the doctor to return to the office, and then trek to the office on their appointment date, wait to see the doctor, and hope that he wasn’t sitting and waiting for hours, telemedicine can allow for an almost-instant visual inspection and advice on the best care of management.

There’s no denying the pros of using telemedicine in the optometry field. The issue is it allows for the required patient standard of care in all cases. In some cases, optometry telemedicine simply can’t. At least for now.

Get Help

As a boutique law firm dedicated to supporting the healthcare community, our goal is to help optometrists comply with all laws so that they can be safe in their profession and practices.If you would like to learn more about optometry as it relates to telemedicine and get advice on how to proceed, contact us at Florida Healthcare Law Firm to set up a consultation today.

Zoning & Use Issues For Healthcare Practices

Amanda Howard, Esq.

If you’re thinking about starting your healthcare practice from the ground up or purchasing an established practice and its real estate, zoning and use issues should be on your mind. It’s critical to understand what activities are allowed to be done, and perhaps more importantly, what activities are NOT allowed to be done on your soon-to-be property and the restrictions your building may be subject to. To figure these things out, you can research appropriate building codes and zoning information on your county’s property appraiser website and use interactive maps or obtain a zoning report or request a letter from your local planning and zoning office, which will summarize existing code requirements and highlight areas of potential non-compliance. In cases where a particular zone does not permit healthcare facilities, a zone change may be possible (but that’s a topic for another time).

Some questions that are important to ask in determining whether a particular property is suitable for your practice are as follows:

  1. Is zoning impacted by county or city regulations?
  2. What is your type of practice defined as under county or city zoning regulations?
  3. Which districts or areas permit your type of healthcare practice?
  4. Must your practice be outside of residential areas?
  5. Is your practice limited to a certain amount of square feet?
  6. Is your building subject to certain aesthetic requirements?
  7. Is there a setback requirement for your building?
  8. Can the services you provide only be provided during certain hours?
  9. How much parking is your practice allotted?

These questions may never cross a buyer’s mind. However, not knowing their answers and others may cause a major headache during the closing process and potentially even kill a deal to purchase a property. That’s why it’s important to get advice from a professional.

Get Help

As a boutique law firm dedicated to supporting the healthcare community, our goal is to help healthcare professionals comply with all laws so that they can be safe in their profession and practices.If you would like to learn more about zoning and use issues and get advice on how to proceed, contact us at Florida Healthcare Law Firm to set up a consultation today.

What Is a BAA Agreement?

direct primary care agreements

A BAA agreement is designed to protect the private identifying medical information that belongs to patients but may need to leave the office or clinic in which it was created. This agreement is drawn up between a medical provider’s business and/or hospital and other individuals or businesses who are not directly employed by that provider or hospital but may have cause to come into contact with these documents through the course of their work.

The goal is always to protect the patient, but these agreements can also serve to protect the healthcare providers who contract with outside businesses should there be an issue with medical privacy.

What Is a BAA Agreement?

A BAA agreement is not a simple document whereby the business associate in question agrees to be careful with all patient data. Rather, it is a lengthy and specific document that outlines exactly what it means to protect patient privacy, how the business associate is and is not to handle patient medical records, and what the penalties will be should they violate the agreement.

The following is included in a BAA agreement:

  • What PHI will be accessed by the business associate
  • The requirements for protecting each variety of PHI expected of the business associate
  • The explicit expectation that the business associate will not share any protected health information outside of the confines of the agreement
  • The outline of training required of the business associate and the log of completion of that training
  • The details of what penalties will occur if a data breach is identified
  • How the BAA agreement should be terminated, if appropriate
  • A detailed process for destroying or returning PHI, if appropriate to the process

Why Is a BAA Agreement Necessary?

Many healthcare businesses work with the assistance of outside businesses in order to efficiently run the backend of the business and provide care to patients. For example, a clinic may require an outside company to transport test specimens to or from a lab, to manage x-rays and scan and store them after they are taken, or to otherwise attend to some of the details of healthcare management.

Should that organization or one of its employees put the healthcare data they use at risk, the healthcare organization who employed them will be liable for any harm caused if there is not a BAA agreement in place that clearly outlines the expectations and responsibilities of the business associate.

How to Create a BAA Agreement

If you or your organization works with outside organizations or businesses, it is a good idea to create a BAA agreement that is specific to the business. Make sure you are covered and get the support of Florida Healthcare Law Firm in this process to make sure that the agreement is ironclad.

HITECH in Healthcare

creating a healthcare app

The Health Information Technology for Economic and Clinical Health (HITECH) Act is one part of the American Recovery and Reinvestment Act (ARRA), a piece of legislation designed to stimulate the economy. Additionally, its goal was to improve the management and protection of healthcare documents.

Since its inception in 2009, there have been a number of modifications, many of which include detailed explanations of what a violation of HITECH looks like and the penalties for those violations.

What Is HITECH in Healthcare?

HITECH in healthcare stands for Health Information Technology for Economic and Clinical Health. It aptly describes the original intent of the legislation, which was to create jobs and help to spread the use of technology in hospitals and other healthcare settings to manage patient records.

Before the inception of HITECH, only about 10 percent of healthcare facilities maintained patient records electronically. Instead, most had files packed full of medical records going back decades, all of which could be easily accessed by anyone behind the counter.

It was easy for professionals to get busy and leave files on desks, grab the wrong file when intaking a patient, or file a new document in the wrong file and thus put those records and the information they contained at risk.

With the implementation of healthcare technology, medical providers were able to access records via computer, input their notes directly into that file, making them immediately accessible (and legible!) to patients and the next provider to care for the patient within the healthcare complex.

How Has the HITECH Act Impacted Healthcare?

HITECH has helped to improve accountability when it comes to managing patient files. Computers can monitor who accesses which files and when as well as what actions were taken on those files, making it easier to identify those who were transferring files carelessly or otherwise exposing them or putting them at risk.

In response, four penalty tiers have been introduced along with specific minimum and maximum fines per violation. Currently, those penalty tiers include the following:

  • Tier 1: Lack of Knowledge
    These violations are incurred due to inexperience or lack of understanding of how a system works or what should be protected. Penalties are the least severe, ranging from a minimum of $120 to $30,113 per violation with a max penalty limit per year of $30,133.
  • Tier 2: Reasonable Cause
    These violations may have occurred because the individual or organization thought they had cause for sharing the information. Fines range from the minimum $1,205 to $60,226, with a max annual penalty limit of $120,452.
  • Tier 3: Willful Neglect
    Purposefully breaking privacy protection of patients or blocking them from access to files is punishable with a minimum fine of $12,045 and a max penalty of $60,226 per violation, with a max annual penalty list of $301,130.
  • Tier 4: Willful Neglect Not Corrected Within 30 Days
    Should the willful neglect go uncorrected for more than a month, penalties get severe. Minimum penalties per violation go to $60,226 and maximum penalties can be more than $1.8 million, with an annual penalty limit of $1,806,757.

HITECH Violation Support

If you are facing fines and litigation due to an alleged HITECH violation, reach out to Florida Healthcare Law Firm for assistance today.

Keeping Elective Services Under One Roof – Primary Care Meet MedSpa

Carlos H. Arce, Esq. / Chase E. Howard, Esq.

Sustaining a healthcare business in today’s medical industry calls for both ongoing innovation and quite a bit of ingenuity. The question of what can be done to enhance patient retention while keeping patients interested and loyal to a practice comes down to what is legally permissible from a compliance standpoint. A prime example of value add for an existing practice are the benefits that patients in the geriatric population are often offered, everything from cardiologists, chiropractors, physical therapists, dentists, orthopedic, pulmonologists and most recently, to med spa services.

Vendor Status

Allowing specialists to treat patients in a practice has always been a form of benefit to patients. Assuming the patients require a medical service which is medically necessary, they are treated. The obvious key is making sure it is done legally. Under the federal and state self-referral laws, it is imperative to comply with certain exceptions when entering a referral arrangement between providers. The most accurate away to ensure legal compliance when offering specialist services in apractice is via the “Rental of Office Space” exception. Space is leased to the specialist on a basis which accounts for the guidelines, the specialist provides services, the insurance pays them or the patient pays them, and the patient receives rounded care.

But can this be done for elective procedures, such as MedSpa’s? The answer is yes. Most patients 18 and over are seeking additional elective medical procedures, from IV hydration to Botox. Primary care providers may be able and qualified to perform some of these services, but consideration must be paid regarding taking on the risk of performing services which may be outside of one’s wheelhouse.

Bringing in a med spa vendor who can provide services to an existing patient base sounds like a wonderful patient retention tool. If the legal parameters surrounding this arrangement are followed, providers not only can be legally compliant, but can also add a retention benefit to their practice.

Mobile MedSpa

With the push in healthcare to make services mobile, medspa owners may be wondering how to transport the business to conduct services elsewhere. The short answer is finding the right relationship to support the opportunity. Which services could a medspa offer on a “mobile” basis? The answer is, it depends. Generally, services provided in home to patients are allowable but might require a home health agency license depending on the services. Services provided at another clinical location, such as a primary care practice, require very little in the way of licensure. Specifically, a Medspa could send its providers to another location on a limited basis to service that practice’s patients so long as the providers are properly “supervised” and the patients are properly billed. The providers could utilize the other clinic’s physician for supervision, eliminating the need for any specialty supervision as required by Florida law and could utilize extended staff for patient intake, room prep, and check out.

The biggest hurdle for this arrangement would be the compensation arrangement, which, as described above, would require strict compliance with the law to ensure no illegal referral schemes or fee-splitting occurs.

Summary

With multiple MedSpa’s and Aesthetic clinics popping up through out the country, why not considering subleasing space rather than adding that additional unnecessary overhead. Some MedSpa’s will inevitably be better off treating in their private space, but that doesn’t mean it’s the only way these added services can be accomplished.

Holistic Dentistry – What is it and what’s happening in the industry?

Holistic, or Biological, Dentistry is dentistry that takes a whole-body approach to oral healthcare. This type of dentistry emphasizes prevention and conservation through lifestyle changes and non-pharmaceutical treatments. It discourages early invasive surgeries, mercury, fluorides, and other “toxins”. Biological dentists may be members of the International Academy of Biological Dentistry and Medicine.

Biological dentistry focuses on a mouth-body connection, rather than just simply treating the explicit issue a patient may face. Biological dentistry focuses on reducing inflammation, stress, and non-natural products while emphasizing whole body wellness.

What principles identify biological dental practices?

  1. Mercury-free and mercury-safe
  2. Fluoride-free
  3. Focus on whole-body health
  4. Chemical free whitening
  5. Focus on prevention
  6. Most natural and least invasive
  7. Avoids root canals
  8. Biocompatibility testing for dental materials
  9. Emphasis on nutrition and nutritional counseling
  10. Ozone therapy

How does holistic dentistry differ from traditional dentistry as it pertains to the law? Not at all, in reality. The practice of holistic dentistry is governed by the Florida Board of Dentistry still and all such laws and regulations apply, including Florida’s prohibition on the corporate practice of dentistry (I.e., the ownership of a dental practice by a non-dentist).

The same applies to entity selection – licensed dentists can choose to operate under a “PA” or PLLC”.

You could also add on additional services to your dental practice that might be considered medical, so long as you engage the appropriate licensed providers to deliver those services. For example, While most medspas provide full body aesthetic treatments, Dentists are limited to providing treatments that are with her or his scope of practice. For example, Botulinum Toxin-A may be prescribed by a dentist, but is limited to the face and neck of patients. This also means that for nurse practitioners working under the supervision of a dentist, they too are limited in practice. While certain other treatments don’t require any specific medical license or training, dentists should evaluate the type of treatments they wish to provide or supervise to ensure it is within their scope of practice.

The growth and acceptance of biological dentistry is going to continue to expand and dentists should position themselves to incorporate these practices in into their practice as they look to grow and possibly sell in the future.

FDA Stem Cell

A big update in the stem cell industry last week as a California judge issued a favorable order on behalf of a California based stem cell treatment provider. California Stem Cell Treatment Center, Inc., is a California based medical company offering SVF surgical procedure and MSC Surgical procedures. A few years ago, the Food and Drug Administration (“FDA”) sought an injunction against the Company to prevent them from performing these procedures because the FDA claimed that the procedures included the adulteration of drugs which were then re-injected into the patient and thus were classified as “drugs” and therefore under the FDA purview. The Company argued, however, that the SVF procedure and MSC procedure are not “drugs” as defined by the FDA and there that the procedures don’t fall under the FDA’s definition/prohibition regarding adulteration and misbranding of products. The Court allowed the trial to move forward, and the Company provided support of their position which ultimately was successful. The Judge agreed that the procedures and the subsequent cells were not “drugs” and went on to further state that the SVF procedure qualifies for the “Same Surgical Exception” under the Food Drug and cosmetics Act (“FDCA”) even so.

The ruling in this case reinforces the Florida based company, US Stem Cell, position and is contrary to the ruling made in its case back in 2019. The Court also made it clear that the FDA does not have the ability to interfere with the practice of medicine of physicians, as limited by Congress and the FDCA. The Court, through its ruling, removed some of the power of the FDA in these types of cases, essentially saying that they do not have oversight on surgical procedures (which the Court believes these procedures constitute).

So, what does this mean? It certainly pushed back on the FDA and its reach big time. It means the FDA will either take a step back from stem cell regulation and allow these clinics to operate with less scrutiny, or it means the FDA will work with Congress to update their governing statutes and expand their purview. For the time being, it keeps the FDA at bay.

What Is Protected Health Information?

litigation lawyer in Florida

PHI in healthcare stands for protected health information, but it is a term that is both vague and general. As a result, it can cause understandable confusion for both patients and healthcare providers.

It is a term that is generally connected to conversations about the Health Insurance Portability and Accountability Act (HIPAA), a piece of legislation designed to protect the private healthcare and medical information of patients.

What Is PHI in Healthcare?

When it comes to the protected healthcare information protected by HIPAA, the following areas are covered:

  • Demographic information
  • Medical history
  • Results of medical testing
  • Health insurance information
  • Any identifying information that connects a patient to a healthcare service or healthcare coverage provider

Essentially, any information that connects a person to a medical issue through testing, treatment, doctors’ notes, or other areas must be protected.

This not only means that sharing that information with other sources is off limits without the consent of the patient, but also that great care must be taken when transmitting medical records lawfully over email or other means, so they are not lost, hacked, or inadvertently fall into hands that were not the intended recipients of that information.

It also means ensuring that the patient always has the ability to access these same records and the option to request revisions as appropriate.

How to Protect Healthcare Information Under HIPAA

Healthcare providers, health insurance providers, their business associates, and those responsible for the transportation of PHI are all accountable for the protection of this information.

In order to do this lawfully, it is necessary to do the following:

  • Get authorization to disclose protected health information from the patient, usually in the form of a consent contract or waiver.
  • Get permission from the patient to access privilege to protected health information that was generated in other offices, facilities, or organizations.
  • Avoid the destruction of protected health information that may stop the patient from having full and complete access to their medical records and healthcare information.
  • Gain authorization to use and disclose protected health information to anyone but the patient, including concerned family members. Even admitting that a patient is receiving treatment and has records to access at a medical facility is not allowed unless the individual person has been approved by the patient.

It is important to note a few things in regard to the protection of personal medical information.

All authorizations to share information needs to be in writing and kept on file. If the patient decides to revoke authorization at any point, they will need to update the information, even if it is a court decision, such as in the case of divorce or loss of legal child custody.

It may also be of interest to note that HIPAA laws no longer protect an individual once it has been 50 years since their death.

If you need assistance managing a HIPAA claim made against you or pending litigation, contact Florida Healthcare Law Firm for assistance today.

Florida’s Prohibition on the Corporate Practice of Optometry

Florida prohibits the corporate practice of optometry (CPOO). In contrast to the provisions of Florida’s Medical Practice Act, which governs medical doctors, Florida’s Optometry Practice Act, which governs optometrists, expressly prohibits any corporation or other business entity from engaging in the practice of optometry. Likewise, Florida’s Optometry Practice Act also prohibits any optometrist from engaging in the practice of optometry with any corporation or other business entity. The purpose of this law is to prevent non-optometrists from having authority over and controlling the professional judgment of optometrists.  

Florida, instead, allows optometrists to organize as a professional service corporation (PA) or a professional limited liability company (PLC). Under a PA or PLC, only an optometrist or multiple optometrists may be members of such entities. For example, physicians (MD or DO) may not form a PA or PLC with optometrists.

Despite the above, Florida law allows optometrists to “associate” with a multidisciplinary group of licensed healthcare professionals, the primary objective of which is the diagnosis and treatment of the human body. In other words, Florida law seemingly allows optometrists to be employed by, contract with, or be an owner of an entity composed of other licensed healthcare professionals. As there appears to be no law against whether other licensed healthcare professionals can form entities other than PAs or PLCs (except for optometrists, dentists and chiropractors), Florida law may allow an optometrist to join an entity comprised of a multidisciplinary group of licensed healthcare professionals, the primary objective of which is the diagnosis and treatment of the human body, whether that entity is an LLC, corporation, or another entity form.

Get Help

As a boutique law firm dedicated to supporting the healthcare community, our goal is to help healthcare professionals comply with all laws so that they can be safe in their profession and practices.If you would like to learn more about the corporate practice of optometry in Florida and get advice on how to proceed, contact us at Florida Healthcare Law Firm to set up a consultation today.

What Is the HIPAA Privacy Rule?

hipaa security

The HIPAA Privacy Rule was first proposed in 1999. Over the decades, it has seen a number of modifications as the interests of patients have evolved over time.

With the COVID-19 pandemic, HIPAA has faced new challenges due to the sometimes conflicting need to protect public health while also protecting the privacy of individual patients.

Often, healthcare providers are caught between maintaining legal standards and providing patients with the best care possible. Sometimes, their choices impact the greater good as well when the public may be at risk of exposure to a viral illness like COVID.

In these times, it is often valuable to go back to the primary source and reconnect with the wording and intent of laws like the HIPAA Privacy Rule rather than make potentially life-altering choices based on hearsay or social convention.

What Is the HIPAA Privacy Rule?

The HIPAA Privacy Rule protects the confidentiality of all medical records and health information that is individually identifiable. Essentially, the rule limits the use of these records without the consent of the patient, but it also requires the provision of access to all healthcare and medical records for the patient along with the ability of that patient to transmit those documents to a third party and to request corrections if appropriate.

Does COVID Impact the HIPAA Privacy Rule?

COVID does not necessarily change the protections provided by HIPAA because there are already provisions within HIPAA that allow for the sharing of medical information, including identification information, under certain circumstances.

Under HIPAA, the name and other identifying information of a patient who is diagnosed with COVID may be shared by the provider with law enforcement, first responders, and/or public health agencies without patient consent when the following is true:

  • It is necessary to provide treatment.
  • Notification is required by law.
  • Notification is required to prevent or control the spread of the illness.
  • First responders or other medical professionals may be at risk of exposure to the illness.
  • The individual is in custody of law enforcement or a correctional institution.

Essentially, if the care and treatment of the patient, protection of medical providers who are providing treatment to that patient, or the well-being of public health is at risk due to a patient’s diagnosis with any infection or disease, including COVID, sharing of personal information may legally be done by medical providers.

How Can Medical Providers Ensure HIPAA Compliance & Protection From Related Litigation?

Unfortunately, many patients do not understand the nature of HIPAA and/or its intent and bring lawsuits against medical providers who they feel have violated their rights by sharing their COVID diagnosis. If you are facing such litigation and would like help, Florida Healthcare Law Firm can assist you. Call now for a consultation.