The Centers for Medicare and Medicaid Services (CMS) published a final rule that will require hospitals, including critical access hospitals, to document by March 2020 that they have an antibiotic stewardship program (ASP) that adheres to nationally recognized guidelines. CMS encourages multi-hospital systems to have an integrated ASP plan with a single governing body that ensures compliance throughout the system.

According to the Center for Infectious Disease Research and Policy at the University of Minnesota, while the number of hospitals in the U.S. with ASPs has increased, many still lack such a program. Hospitals without ASPs tend to be small, rural hospitals with fewer resources.

In the new rule, CMS emphasized that the agency is not requiring that ASPs meet a specific guideline for infection prevention control and antibiotic resistance, in an effort to offer hospitals more flexibility. However, CMS references guidelines available from the Centers for Disease Control and Prevention, the Association for Professionals in Infection Control and Epidemiology, the Society for Healthcare Epidemiology of America, and the Association of Perioperative Registered Nurses.

“By requiring that hospitals have antibiotic stewardship programs that are not only active and hospital-wide, but also demonstrate adherence to nationally recognized guidelines for the optimization of antibiotic use through stewardship,” the agency said, “the changes are aimed at effectively reducing the development and transmission of [hospital acquired infections] and antibiotic-resistant organisms that ultimately will greatly improve the care and safety of patients while adding cost benefits for hospitals.”

Inspector General Plans 2020 Review of Urine Drug Testing

The Department of Health and Human Services Office of Inspector General (OIG) has released its 2020 workplan, a broad outline of the investigations and reports that OIG has in mind for the coming year. One item on the list for 2020 is a review of Medicare Part B urine drug testing services, which falls under Medicare payment for treatments related to substance use disorders (SUD).

OIG said it wants to look into urine drug testing because of a 2018 report of Medicare fee-for-service improper payment data that showed laboratory testing overall had an improper payment rate of almost 30%. OIG also said it believes that the overpayment rate for definitive drug testing for 22 or more drug classes was 71.7%. OIG said it will review urine drug testing services for Medicare beneficiaries with SUD-related diagnoses to determine whether lab testing followed all Medicare rules.

This new plan to investigate laboratory testing comes after a report on drug testing OIG released in 2018 that focused on inappropriate specimen validity testing. OIG and the Centers for Medicare and Medicaid Services (CMS) chastised clinical laboratories for billing for specimen validity testing as a separate service when also billing for urine drug tests. Validity testing includes assays for urinary pH, nitrates, oxidants, and other indicators of specimen adulteration. They are supposed to be included as part of screening or quantitative testing.

Medical Center Settles $3 Million Mobile Data Breach Case

The University of Rochester Medical Center (URMC) agreed to pay $3 million to the Department of Health and Human Services (HHS) and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act privacy and security rules. According to HHS, URMC lost a flash drive and a laptop that contained unencrypted protected health information.

The settlement comes after URMC filed breach reports with the government in 2013 and 2017 after discovering that the flash drive and laptop were lost. According to an HHS investigation, URMC failed to conduct an enterprise-wide risk analysis, implement sufficient security measures, use device and media controls, and use a mechanism to appropriately encrypt and decrypt electronic protected health information.

“Because theft and loss are constant threats, failing to encrypt mobile devices needlessly puts patient health information at risk,” said HHS Office of Civil Rights director Roger Severino. “When covered entities are warned of their deficiencies, but fail to fix the problem, they will be held fully responsible for their neglect.”