Does Medicaid Act provide a private right of action for Medicaid providers?

Medicaid Act

Under the Medicaid Act, Medicaid agencies must give consideration to provider costs when setting rates. However, is there any recourse for private health care providers in instances in which Medicaid rates are deemed to be too low? In other words, does the Medicaid Act provide a private right of action for Medicaid providers?  That right was recently tested in the case of Armstrong vs Exceptional Child Center Inc.


Medicaid is a federal health insurance program that is administered by the each state, and is aimed at low-income people. Medicaid reimburses costs for institutional care, but the federal government gives states some discretion when setting rates under the Medicaid program.

Armstrong vs Exceptional Child Center Inc.

Recently,medical providers in Idaho sued Medicaid in order to get them to comply with federal payment requirements. The suit was in relation to rates set for people with developmental disabilities.

They argued that low rates would deter new medical providers from agreeing to participate in Medicaid, and also cause existing providers to reconsider their participation. The overall result would be reduced access to health care for Medicaid patients. However, Idaho Medicaid officials argued that the private right of action was not authorized by Congress.

The US Supreme Court ruled in favor of the state of Idaho. Therefore the Medicaid Act does not provide a private right of action for Medicaid providers. This ruling means that health care providers have no recourse in cases where Medicaid rates are not in keeping with costs, as they can’t sue Medicaid to raise the rates (learn more).

Contact Nelson Hardiman, Los Angeles, CA, for more information on Medi-Cal and other matters. Call 310.203.2800 to speak to an attorney.

Why you should be as concerned about California’s Confidentiality of Medical Information Act (CMIA) as HIPAA

Under the federal Health Insurance Portability and Accountability Act (HIPAA), failure to secure protected medical information (PHI), can result in serious consequences. However there are some state privacy laws, like those in California, that also carry severe penalties.  This explains why you should be as concerned about California’s Confidentiality of Medical Information Act (CMIA), as you are with HIPAA (learn moer).

While many health providers are aware of the risks under HIPAA, they don’t’ realize that breaching CMIA’s data laws may be even riskier.  Under CMIA any private party can bring a lawsuit claiming monetary damages. However, under HIPAA investigations are carried out by the government.

CMIA strictly prohibits the disclosure of medical information, without prior approval of the patient.  A violation is considered so serious that if your medical records are compromised, you are entitled to $1,000 even if the disclosure does not adversely affect you in any way.

In the case of Sutter Health v. Superior Court (227 Cal.App.4th 1546 (July 21, 2014)), a class action suit was brought against Sutter Health Medical based on their violation CMIA. This arose because of the theft of Sutter Health’s desktop computer, which held medical records belonging to about 40mil patients. Although there was no evidence that the medical records were actually viewed by unauthorized persons, the suit was filed by a party of interest, alleging breach of confidentiality.

Although the Appeals Court held that Sutter Health should not be held accountable, the argument regarding strict liability has not been settled. This case underscores the reason why health care providers should be as concerned about CMIA, as they are about HIPAA. It is therefore vital that health data compliance policies are appropriately administered. Contact Nelson Hardiman, LLP, Los Angeles at 310-203-2800 for more information.

Legal nuances private practice physicians should be aware of

Under the federal health care programs, certain types of referrals are not allowed. The self-referral prohibitions were put in place to prevent physicians or their immediate families, from benefiting from certain transactions. These are some of the legal nuances or distinctions that private practice physicians should be aware of, if they are to operate effectively, and remain complaint.

Although specific referrals are expressly prohibited under the federal Stark Law, ‘safe harbors’ do exist that would allow exceptions. However, most health practitioners are often confused about these provisions. The situation is often compounded when there are also state laws regulating self-referrals. This is the case in California with the Speier Act.

In-Office Ancillary Services
Exceptions to the state and federal compensation relationships exist under the ‘in-office Ancillary Services’ (IOAS). IOAS does provide some protection under the law, but again there are legal nuances that private practice physicians should be aware of.

IOAS was instituted to allow physicians to provide ancillary services in their practices that would be reimbursed by Medicare. These services include radiology and physical therapy. Some physicians mistakenly assume that if they co-own a company that provides ancillary services, and the company is situated in their office building, they automatically qualify for IOAS exemption.

However, this is not the case; therefore some of them are in violation of the laws prohibiting self-referrals. Unfortunately they are often not aware of this until they are audited by Medicare, or Medi-Cal, (in the case of California).

If you are a private practice physician and would like to ensure that your in-office ancillary services arrangements meet Medicare requirements, contact us at Nelson Hardiman, LLP, in Los Angeles. You can call us at 310-203-2800 to set up a consultation.

What You Need to Know When Forming a Med Spa

Medicaid Act

More physicians are venturing into the lucrative area of aesthetic medicine, and taking hold of the business opportunities presented by medical spas. However, physicians need to be aware of the relevant legal and regulatory considerations, and should therefore seek legal advice from attorneys experienced in medical spa industry matters (click here).

Medical spas must be established with due consideration to federal and state laws governing medical practices. Accordingly, there are a host of business and regulatory laws that need to be considered. These relate to areas such as  professional licensure, supervision of delegated health professionals, anti-kickback issues, fee-splitting,  and HIPAA privacy regulations, among others.

Attorneys can provide expert advice in relation to several issues including:

•    Business arrangements relating to the legal structure of the med spa, the type of facility, as well as considerations of ownership and control.
•    Professional licensure required for the services that are going to be offered. There is also the issue of credentialing for medical assistants and other allied health professionals based on state requirements.
•    Areas of physician responsibility with regards to patient safety, patient consent, and advertising.
•    Supervisory obligations and responsibilities, as it relates to delegating duties to other health care professionals in the spa.
•    Medical malpractice insurance, as well as methods to mitigate the risk of professional liability, including a well-framed informed consent.
•    Proper use of drugs and medications.
•    How to ensure compliance with Medicare and Medi-Cal.

The law offices of Nelson Hardiman, Los Angeles, CA has extensive experience in representing aesthetic medical professionals. We can provide the legal and regulatory information you need to know when forming a med spa, so that you safely negotiate the regulatory minefield. Contact our offices at 310-203-2800 or on the web at

How to beat a HIPAA investigation

Forming physician-hospital agreements

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established federal standards for the security of electronic protected health information (e-PHI). In instances where violations are deemed to have occurred, a HIPAA investigation is initiated. For this reason, health providers are advised to retain legal counsel with expert knowledge of healthcare laws, so that they can determine how to beat a HIPAA investigation.

Under HIPAA health care providers and other ‘covered entities’ are required to safeguard the integrity of healthcare information. This requires setting up a tailor made compliance plan. However, there are times when gaps in privacy practices exist, and these could become the basis of an investigation into HIPAA procedures by state and government regulators.

Dealing with HIPAA Investigations

Ensure that you are HIPAA Compliant: Organizations that have the necessary administrative and technical safeguards in place, as well as appropriately trained personnel, are better equipped to handle a random audit or HIPAA investigation (learn more).
Review Policies Periodically and Conduct an annual risk assessment: Regular review of privacy and security policies should be carried out, to ensure that they are adequate in light of the changing statues. Making the appropriate investment in HIPAA compliance will pay huge dividends should there ever be an investigation.
Retain experienced legal counsel: Attorneys can help covered entities substantiate that they are HIPAA compliant. They can also monitor the organization’s conduct during an HIPAA investigation, provide guidance in interpreting the regulations, and respond to HIPAA enforcers on your behalf.

At Nelson Hardiman, Los Angeles, CA, our attorneys are specialists in healthcare matters.  We know what it takes for you to be HIPAA compliant, as well as how to beat a HIPAA investigation into your business data and records. Call us today at 310-203-2800 for an appointment.