While no top ten list from the desk of a health lawyer could be complete given the ever-changing nature of the health care industry, here are a few significant legal issues to think about this year.

1. Federal Health Reform

Passed in March 2010, federal health reform has dominated much of the health care administrative work of federal and state government agencies. A 2012 presidential election and a possible Supreme Court decision could keep the debate over federal reform interesting, to say the least.

2. State Health Reform

In the wake of federal reform, states too are trying to manage the cost of state-run Medicaid programs while grappling with budget deficits. States like Oregon and Washington are looking for ways to keep providing services within tighter budgets. The anticipated expansion of the Medicaid program in 2014 also will present significant administrative and financial challenges. Some states could see as many as 1 in 4 residents become eligible for enrollment in Medicaid.

3. HIPAA Breaches

The first few multi-million dollar fines for Health Insurance Portability and Accountability Act (HIPAA) breaches levied by the oversight arm of Health and Human Services, the Office for Civil Rights (OCR), achieved their intended trickle down effect and instilled fear in health care privacy officers and experts who advise providers. Most providers are still figuring out how to standardize responses to breach situations and will need to keep up the due diligence when breaches are suspected. In many instances, the alleged breach is not a breach, but will require the same initial review as actual breach situations.

4. HIPAA Audits

As of November 2011, covered entities could be subjected to HIPAA audits as part of a pilot audit program being conducted by OCR. The pilot program is scheduled to be completed by December 2012. Future HIPAA audits are anticipated to include business associates in addition to covered entities. Providers will need to weave HIPAA reviews into their general compliance efforts, and be prepared to respond to audits in a timely manner.

5. Payor Audits

Providers are becoming used to audits by Medicare and Medicaid contractors such as Recovery Audit Contractors (RACs) and state Medicaid auditors. Commercial payors are increasing their audit activity too. The old compliance mantra “if it is not documented, it did not happen” is once again an auditor’s rule of thumb. Providers need to respond appropriately to audits, do so cost-effectively, and be careful not to miss administrative deadlines.

6. Payment Models

Put simply, the cost side of the health care equation is going to be about getting services provided for less money. As a result, traditional fee for service payments likely will give way to global budgets and other fixed payment models. The new payment model game will be about who controls the purse strings. Front line providers such as physicians likely could bear the brunt of payment reductions if they are not at the design table as new payment models get worked out.

7. Medicare Overpayments

In February 2012, the Centers for Medicare and Medicaid Services (CMS) issued a proposed regulation intended to implement statutory language from federal health reform requiring providers to return identified Medicare or Medicaid overpayments within 60 days. The general consensus in the health care industry is that the proposed rule is unfair and could create significant liability for innocent providers. Simple billing mistakes could turn into false claims between day 60 and 61. So a mistake of even $1 on a claim, overnight, could become an $11,000 liability. Further, CMS is now saying it can look back ten years to collect on identified overpayments. This result is wrong and CMS should to listen intently to industry comments or Congress needs to step in and restore some sanity to this part of health reform.

8. Medicare Claims Processing

CMS is in the early stages of shifting from a pay and chase enforcement model, after payments are made to providers, to a prevent and detect model, before payments are made. This shift will not be without problems for providers. Massive databases of claims now are being data-mined by computer programs and analysts. Potentially problem providers, or outliers, will be reviewed closely to look for improper billings. If providers are not adhering to defendable billing practices, the risk of being called out by CMS data mining efforts simply will increase with time.

9. Access to Clinical Data

Unlike managed care programs of twenty years ago that focused more on cost-reduction by not providing services, today’s programs hold up the ideal that coordinated care among providers who care for a particular patient will yield both cost-savings and improved health. To achieve the ideal, providers will need access to relevant clinical data in as close to real time as possible as well as access to payment data from payors to analyze the cost piece of the puzzle. Patient data, whether clinical or financial, generally is considered proprietary as well as subject to privacy and security laws (i.e., think HIPAA). Providers, payors, and even patients, will continue to struggle to equitably gain access to this information.

10. Compliance Plans

Federal health reform also called for the mandatory implementation of compliance programs by providers. CMS is charged with developing rules to enforce this provision, and there is no indication yet of when rulemaking is expected to be completed.