Maryland EHR Incentives

I’m willing to bet you didn’t know about Maryland’s best kept EHR incentives secret: namely, six private insurers will pay up to $15,000 each to each Maryland practice that implements an EHR before 2014.  Here are some details about the program and where you can find further information about it.

There are six insurers that participate in this incentives program: Aetna, CareFirst, Cigna, Coventry, Kaiser Permanente, and United Healthcare.  Each insurer will pay up to $15,000 in two parts to participating providers.  Half the incentive is calculated based on the total number of Maryland patients either assigned to the practice as a PCP, or at $8 per member for each Maryland insured seen by the practice in the last 24 months.  So, if in two years, you treat 938 members of one of the six insurers, you can maximize the first part of the incentive payment.  The other half of the incentive is based on your ability to meet one of the following three criteria: (a) sign up with a state MSO, (b) demonstrate advanced use of your EHR, or (c) participate in a quality improvement initiative with the insurer.

To obtain the incentive payments, you first file an Incentive Application with the appropriate private insurer prior to December 21, 2014.  The insurer will then acknowledge your application.  Then, six months after the application, you submit a Payment Application to the insurer, who will adjudicate the claim in 60 days and make your incentive payment.  These incentives are per practice (rather than by individual physician or provider), however, these are in addition to any federal incentive payments your practice may qualify to receive from CMS under the Medicare or Medicaid programs through the HiTech Meaningful Use incentives.

You can read more about this on the MHCC web site here.

Spam Spam Spam Spam Spam Spam Baked Beans and Spam

“18” year old virgins have recently found online resellers of non-prescription viagra for Magic Jack users that want cheap ski vacations that need health insurance, iPads and Dyson vacuum cleaners at rock bottom, knock off prices!  And all of these thousands of emails have been sent to my account online so that I can help a gentleman from Nigeria move $55 million in money from an African bank account into the U.S. and I can charge a humble $5 million fee to help.  I just need to send my social security number, credit card numbers, street address, and a sample of my signature to a person I’ve never met by email, deposit the bogus cashier’s check in my trust account, and then immediately write a check off the account the next day, well before the bogus check is returned by the collecting bank.

I feel as though I have ended up in the 21st century Monty Python skit about the restaurant that only seems to have “spam” on the menu.  I hear this problem continues, with more than 70% of all email amounting to spam, according to a 2011 article from Symantec (though there was a time that more than 90% of email was spam, so there has been some improvement since those dark days in 2009).  Progress has been made with some service providers that have waged a counter war against spam.  Gmail, for example, group-sources and marks messages as spam based on all messages identified by users as spam across the gmail platform.  This is a surprisingly effective strategy.  My experience has been that there are few false positives.

Previously, email systems were implemented that would check if a message was sent from a known, blacklisted IP address based on a series of independently maintained blacklist databases on the internet.  There have also been other improvements in the background, including the use of special DNS entries, and email gateways that pre-filter messages before reaching the mail server (Symantec had a product it had acquired from Brightmail; Google Apps includes a single-domain license for Postini, which is also generally effective at cutting down spam).  Spam messages often include phishing links, virus-laden email attachments, and other nefarious attacks on users.  Reducing spam makes sense for service providers that are paying, ultimately, for the bandwidth and storage space to process and deliver this junk to users.  We clearly have a way to go to reduce this problem for users.  Until then, if you need male enhancement medicine, are missing out on a $1,000 transfer to your bank account, want to help a political refugee move his family fortune to the U.S., need a usurious student loan, or want to work from home – I’m your guy!

Affordable Care Act Legal Challenges

The Affordable Care Act (ACA) was passed into law in 2010.  This 906 page tome makes a substantial number of changes to the national health care law, but much attention has been focused on the individual health care mandate which is found in section 5000A (codified at 26 U.S.C. 5000A) of the law.  This section requires that “an applicable individual shall for each month beginning after 2013 ensure that the individual, and any dependent of the individual who is an applicable individual, is covered under minimum essential coverage for such month.”  If that applicable individual does not have “minimum essential coverage,” that person is subject to a penalty which cannot exceed 300% of $750 ($95 in 2014 and $350 in 2015), or $2,250 in 2016, and which will increase based on a cost of living adjustment in subsequent years.

People are not happy about this requirement to either buy health insurance or face a penalty at tax time that could eat up a family’s federal tax refund.  At least some people are not happy as there have been at least four different challenges to the Affordable Care Act filed in federal court which have made there way up the various federal circuit courts where these cases were filed.  In three of these cases, the administration (defending the constitutionality of the law) was the winner, but in the 11th circuit, the challengers of the law won (in the sense that the court in that case decided to not dismiss their challenge to the law).

In the U.S. today, we generally take for granted that Congress can legislate as it believes it should, and the average person most likely does not think much about whether an act of Congress is constitutional.  However, in our system of government, the Congress is empowered to legislate pursuant to specific enumerated powers found in the Constitution.  The one in play in this case is the interstate commerce clause, which is found in Article I, section 8, clause 3 of the Constitution.  This clause permits Congress to regulate activities that affect commerce between states.  Section 1501 of the ACA discusses how the individual insurance mandate is related to interstate commerce.  There are a number of findings written into the law where Congress has identified:

  • how important health care, as an industry is, to the nation ($2.5 trillion in GDP);
  • that this insurance requirement will add millions of new consumers to the health insurance market across the country;
  • that half of all personal bankruptcies are caused, in part, by medical expenses (which presumably could have been avoided if the medical issue was covered by health insurance); and
  • people don’t buy health insurance when they are healthy, which causes adverse selection in the existing health insurance pool, driving up insurance costs for everyone that does buy insurance.

The challengers to this particular section of the law essentially are arguing that Congress has exceeded its authority in trying to mandate that individuals buy health insurance.  The idea that powers not enumerated to the Congress are reserved to the individual states and the citizens of the country is discussed in the Tenth Amendment and in the history surrounding the nation’s adoption of our Constitution in the late 18th century.  If individuals that purchase health insurance are not impacting interstate commerce, Congress arguably exceeded its authority.

There are Supreme Court decisions that have investigated the limits of the commerce clause.  Federal legislation based on the commerce clause probably hit its high water mark over the buying and selling of wheat in the 1940’s in a case cited as Wickard v. Filburn, 317 U.S. 111 (1942).  In Wickard, the plaintiff had sought injunctive relief against the secretary of the department of Agriculture to prevent the collection of a tax against him for growing more wheat than permitted by federal law which set, at the time, quotas for the amount of wheat a farmer might grow.  The plaintiff alleged that Congress’ attempt at regulating the amount of wheat that a farmer might grow and consume on the farm exceeded its authority to regulate interstate commerce, as this wheat for local use was not in the commerce between states, and could only indirectly affect such commerce.  The Court rejected this argument.

The market for wheat, at the time of Wickard, exceeded any single state in the union.  According to the Court, every state, but one, grew wheat, and all states consumed it.  The market the Congress attempted to regulate was, therefore, a national and not a local one.  That Congress had the authority to regulate such a market was, from the Court’s perspective, squarely found in the Constitution.  “The stimulation of commerce is a use of the regulatory function quite as definitely as prohibitions or restrictions thereon. This record leaves us in no doubt that Congress may properly have considered that wheat consumed on the farm where grown, if wholly outside the scheme of regulation, would have a substantial effect in defeating and obstructing its purpose to stimulate trade therein at increased prices.”  Id. at 129.

Since Wickard, there has been some retreat from the relatively expansive view of the regulation of interstate commerce by Congress.  Notably, the Court indicated that a federal law aimed at criminalizing the possession of a firearm on a school campus exceeded Congress’ power.  See U.S. v. Lopez, 514 U.S. 549 (1995).  However, a divided Court decided more recently that the regulation of controlled substances, even when these drugs are only used locally as in the case of medical marijuana, may still be properly regulated by the federal government pursuant to the commerce clause.  See Gonzales v. Raich, 545 U.S. 1 (2005).

The Court today faces a number of challenges to ACA which share a commerce clause challenge as to the requirement that citizens buy health insurance or face a tax penalty annually.  To claim that health care, a $2.5 trillion market within the U.S., is not a national market, simply cannot pass the giggle test.  To further claim that making people buy health care or face a penalty, in light of the fact that most health care costs are paid for by insurance, exceeds the authority of Congress also does not pass the same test.  To the contrary – the act of not buying insurance inherently means that the risk pool for those with insurance is smaller, and therefore, increases the cost of insurance to those that carry it, plainly and directly impacts the national health care market.  If there ever was an example of local activity impacting a national industry, this would be it, given that there are between 30 and 40 million people who are uninsured in the U.S.  The challenge made, then, to ACA on this ground is to just misunderstand what Congress is supposed to be doing, and misstates an entire body of law on the enumerated powers of Congress.

Stolen Personal Information

Hackers continue to steal data from companies the world over, with a recent victim in Sony.  In that case, Sony apparently delayed reporting the loss to the 77 million users whose data was compromised, including dates of birth and possibly credit card numbers.

In late March, Epsilon reported that hackers had stolen the names and email addresses of individuals who receive business newsletters from Epsilon’s clients, which include a number of well known companies such as Best Buy and Robert Half International.  Considering that Epsilon delivers over 40 billion emails a year for its clients, the chances have gone up of improved, targeted phishing attacks as a result of this breach, particularly for banking customers of banks that have used Epsilon for email marketing.

There should be no surprise that the regulatory penalties for data breaches continues to escalate.  Security breach notification procedures were codified into the 2009 ARRA legislation for health care providers.  ARRA Health Tech Initiatives Section 13402 of the ARRA legislation (on page 17 of the linked pdf file) puts the responsibility on a covered entity to notify its customers of a data breach where unauthorized access is gained to “unsecured” protected health information.  In laymen’s terms, “unsecured” PHI is data that is not encrypted.  So, for example, a typical relational database stores its data in physical files on a computer hard drive or array.  Some database systems encrypt these files so that you could not just open up the file in notepad and read its contents.  If a hacker were to gain physical access to the server where these files were located, he or she might not be able to read them without further access (for example, with an administrator-level username and password to directly query the database).  Notification to patients would not likely be required in this circumstance if you could show the hacker gained physical access but not database-level access.

Does your database encrypt its stored data files?  Not all database software, and not all versions of specific database software, provide for native encryption.  For example, the data files of your Microsoft Access database are not likely to be encrypted.  For performance reasons, data files for MS SQL Server databases may also not be encrypted.  But, even if your database file is encrypted, if the administrator password to the database itself is blank or easy to guess (like “admin”), you may still have trouble brewing back at the server room.

Here is a list published by HHS of data breaches reported to it under ARRA’s notification requirements.  Do you see your physician on this list?  If things continue, you may sooner rather than later!

China Registrar Scam

I received this email today for my domain name,  Allegedly, another company wants to register my domain name as a .cn and .asia domain.  I can’t imagine that there are actually people in China that would be that interested in a Maryland attorney’s web site (maybe the same people looking to hire me to enforce a Maryland judgment for $800,000 against some poor ex-husband, but in reality are trying to scam my attorney trust account).  However, you will note that the real China domain name registration center is CNNIC, and the registrar listed below,, is not listed on CNNIC’s list of authorized registrars.  So, this is almost certainly a scam.  I might have my lawyer send them a cease and desist letter!

Dear Manager:

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China and Asia.  On April 18th 2011, We received HAITONG  company’s application that they are registering the name ” faithatlaw ” as their Internet Keyword and ” faithatlaw .cn “、” faithatlaw ” 、” faithatlaw .asia “domain names etc.., It is China and ASIA domain names. But after auditing we found the brand name been used by your company. As the domain name registrar in China, it is our duty to notice you, so I am sending you this Email to check. According to the principle in China, your company is the owner of the trademark, In our auditing time we can keep the domain names safe for you firstly, but our audit period is limited, if you object the third party application these domain names and need to protect the brand in china and Asia by yourself, please let the responsible officer contact us as soon as possible. Thank you!

Best Regards,

Oversea marketing manager
Office: +86(0)21 6191 8696
Mobile: +86 1366152 9704
Fax: +86(0)21 6191 8697

Social Media and Searching for Attorneys

The ABA Journal recently posted an article on a survey conducted by Harris of adults to determine how they would find a lawyer.  The days of yore when people used the yellow pages to find an attorney have apparently turned over: today, those same people are browsing the web.  That might be because some cities in the U.S. have banned or are thinking about banning the delivery of the old yellow phone book to try and save some trees.  Not surprisingly, however, the most common referral source for an attorney are friends and family, followed by a satisfied former client that calls you again for legal help (these two were the clear leaders for referral sources).

So, should lawyers throw away their Facebook, Twitter, and blog accounts?  The Harris survey indicated that a lower percentage of survey respondents were somewhat likely to look at these sources to check out an attorney (20% or less).  That’s about the same as the number of relationships that start online, according to, if you believe the ads.  Interestingly, respondents to the survey were more likely to look at “innovative websites.”  Of course, that makes more sense.  Twitter is not a legal matching or legal news or even a lawyers-only web service.  But my web site is all about my firm. is a directory of lawyers and doctors.  When you think of lawyers, I would imagine that Twitter is not the first online resource that pops into your head.

Bottom line: integrate your twitter and facebook fan pages into your web site.  Google is becoming the new phone book for online referrals, and if you don’t show up in the first couple of pages of results, you are less likely to be found by a prospective client.