Skip Navigation LinksHome | Editors' Blog | Post

Stark waivers, HIPAA clemency featured in the latest batch of COVID-19-driven compliance tweaks

Take note of the regulation updates that roll back some Stark rules and allow business associates to release information to public health officials.
Stark waivers
Under normal circumstances, a doctor would need to respond with a firm “No, thank you,” if a hospital offered him space to examine patients at below fair market value or free childcare while he was treating patients who had been admitted. To accept the offers would likely put the doctor and the hospital out of compliance with the Stark physician self-referral law.
However, the current circumstances aren’t normal, which is why CMS issued a set of Stark waivers to help health care providers respond to the COVID-19 pandemic on March 30. In addition to allowing equipment and space rentals that are above or below fair market value and medical staff benefits that exceed the $36 annual cap -- “such as multiple daily meals, laundry service to launder soiled personal clothing or childcare services while the physicians are at the hospital and engaging in activities that benefit the hospital and its patients” -- the waivers include:
  • The ability to offer other providers financial support to help them maintain continuity of care.
  • Items and services that exceed the annual non-monetary compensation cap, which is currently set at $423. However, the items or services must be “solely related to COVID-19 purposes,” CMS said.
  • Relaxed restrictions “when a group practice can furnish medically necessary designated health services (DHS) in a patient’s home.”

New enforcement discretion is aimed at business associates

Your practice won’t be punished if a business associate releases data needed to control the COVID-19 pandemic to federal, state or local public health agencies. That’s the gist of the latest notice of enforcement discretion from the HHS Office for Civil Rights (OCR).
The flow of necessary information was being blocked because “some HIPAA business associates have been unable to timely participate in these efforts because their BAAs do not expressly permit them to make such uses and disclosures of PHI,” the OCR noted.

Practices should note that their business associates won’t have to ask their permission before the disclosure, but they do have to tell the practice within 10 calendar days of the disclosure. Practices can help by informing their business associates of the notice.
To comment, login here.
Reader Comments (0)


User Name:
Welcome to the new Part B News Online. If you are a returning user having trouble logging in, please click here.
Back to top