News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

CMS Proposes New Amendments to Federal Hospital Price Transparency Rule That May Affect Clinical Laboratories and Pathology Groups

Proposal comes as patient advocacy group reports poor compliance by hospitals with the federal price transparency regulation; AHA pushes back

Recent data compiled by Patient Rights Advocate, a non-profit group dedicated to nationwide healthcare transparency, appears to indicate that as many as two thirds of US hospitals continue to ignore hospital transparency rules established by Congress in 2021, according to an op-ed published in the Washington Examiner.

This may be why the Biden Administration has now proposed new amendments aimed at strengthening those requirements. According to KFF Health News (formerly Kaiser Health News), this new proposal “aims to further standardize the required data, increase its usefulness for consumers, and boost enforcement.”

However, “the goal of exact price tags in every situation is likely to remain elusive,” KFF Health News noted.

“Noncompliant hospitals are preventing patients and payers from shopping around for high-value care—and inflating healthcare costs in the process,” wrote Sally C. Pipes, President and CEO of Pacific Research Institute, in her Washington Examiner column.

Pathologists who were near the top of a Health Care Cost Institute (HCCI) list of medical specialties that most often billed out of network may be affected by CMS’ proposed new amendments to the transparency rule.

“The nonprofit group Patient Rights Advocate just published its fifth report exploring how hospitals are complying with federal price transparency requirements. About two-thirds are still flouting the rules. That’s unacceptable,” wrote Sally Pipes (above), President and CEO of Pacific Research Institute, in an op-ed she penned for the Washington Examiner. Federal law also requires clinical laboratories to post their prices for testing. (Photo copyright: The Heartland Institute.)

Hospitals, Clinical Laboratories Required to Post Chargemaster Prices

The proposed amendments were part of a larger proposed rule published in the July 31, 2023, Federal Register by the Centers for Medicare and Medicaid Services (CMS).

Dark Daily has long been reporting on the federal government’s efforts to mandate Hospital Price Transparency (HPT). Beginning Jan. 1, 2019, hospitals have been required to post pricing information on their websites, as Dark Daily reported in “New CMS Final Rule Makes Clinical Laboratory Test/Procedure Pricing Listed on Hospital Chargemasters Available to Public.”

That rule required hospitals to disclose chargemaster prices, essentially the “list prices” for hospital procedures.

But a year later, as we reported in “Hospital Associations and Healthcare Groups Battle HHS Efforts to Expand Pricing Transparency Rules to Include Negotiated Rates with Payers,” the CMS passed a final rule that required disclosure of prices negotiated with payers.

That rule also required hospitals to provide a list of charges for at least 300 “shoppable services,” including at least 14 laboratory and pathology tests.

“We’re closer to that, but we’re not there,” Gerard Anderson, PhD, a professor at the Johns Hopkins Bloomberg School of Public Health, told KFF. The goal may be the kind of pricing transparency that consumers are accustomed to when purchasing goods and services, but healthcare, he said, poses unique challenges.

“Each patient is unique and uses a slightly different bundle of services,” Anderson added. “You might be in the operating room for 30 minutes, or it might be 45. You might need this lab test and not that one.”

The KFF Health News story noted that health insurers have been subject to even stricter regulations, “with more prescriptive details and tougher penalties for noncompliance,” since 2022. CMS’ latest proposed amendments would bring requirements for hospitals that are more in line with those that apply to payers, KFF reported.

As described in the Federal Register, the proposed rule aims to:

  • Improve standardization of machine-readable file (MRF) formats and data elements.
  • Require hospitals to include a new data element known as the “consumer-friendly expected allowed charges,” KFF Health News noted.
  • Require hospitals to “affirm the accuracy and completeness of their standard charge information displayed in the MRF.”
  • Require hospitals to place a link to pricing information in the footers of their web pages.

The rule also includes provisions for enhanced enforcement of pricing transparency requirements. Under one proposal, CMS would publicly identify hospitals that are not in compliance.

Jeffrey Leibach, MBA, a healthcare finance strategist and Partner with the consulting firm Guidehouse, told KFF Health News that the new rules will make it easier for third-party data firms to create online price comparison tools. “And, ultimately, consumers who want to shop will then find this data more easily,” he said.

The proposal comes on the heels of a July report from Patient Rights Advocate (PRA) indicating that only 36% of US hospitals were in full compliance with the current transparency requirements. The report was based on an analysis of 2,000 hospital websites. However, that was an improvement over earlier reports. In February, the group reported that 24.5% were fully compliant, compared with 16% in August 2022.

Most hospitals in the report posted negotiated prices, but in many cases, “their pricing data was missing or significantly incomplete,” PRA contended. A total of 69 hospitals “did not post a usable standard charges file,” the report stated.

PRA Uses Humor to Highlight Discrepancies, AHA Pushes Back

According to KFF Health News, PRA is running a satirical ad campaign in which retailers adopt the “hospital pricing method,” listing estimates on store shelves instead of actual prices.

“When they ask for a price, we give them an estimate,” says one retail manager in the video ad. “Then we bill them whatever we want.”

This new video pokes fun at the lack of price transparency in healthcare. The American Hospital Association took issue with the clip’s tone.

“People need price certainty,” PRA founder and Chairman Cynthia Fisher, MBA, told KFF Health News. “Estimates are a way of gaming the people who pay for healthcare.”

However, executives from the American Hospital Association (AHA) pushed back on the video ad and PRA’s claims about HPT compliance. AHA contends that hospitals were flagged as being noncompliant if they left spaces blank or used formulas, both of which are permitted under the current rules.

“Very few health services are so straightforward where you can expect no variation in the course of care, which could then result in a different cost than the original assessment,” AHA Group Vice President for public policy Molly Smith, MS, told KFF. “Organizations are doing the best they can to provide the closest estimate. If something changes in the course of your care, that estimate might adjust.”

As for the July PRA report, in a July 25 AHA press release, Smith stated, “Patient Rights Advocate has put out a report that blatantly misconstrues, ignores, and mischaracterizes hospitals’ compliance with federal price transparency regulations.”

CMS, she said, “has found that as of last year 70% of hospitals had complied with both federal requirements and over 80% had complied with at least one. Due to the ongoing efforts of the hospital field, these numbers are surely higher today. Third party analyses have agreed that hospitals have made tremendous progress.”

But then what is motivating the government’s new amendments to the price transparency rule? Regardless, clinical laboratories and pathology groups should continue to monitor progress of these new amendments to the federal hospital transparency rule.

—Stephen Beale

Related Information:

Hospitals Are Still Neglecting Transparency Rules

Proposed Rule Would Make Hospital Prices Even More Transparent

CMS Proposes Updates to the Hospital Price Transparency Rule

A Progress Check on Hospital Price Transparency

Price Transparency: A Boon For Patients, a Bust for Hospitals?

Just More than a Third of Hospitals Are Complying with Price Transparency Rules

Scientists and Medical Professionals Face Huge Fees, Court Costs after Speaking at Certain COVID-19 Webinars

Little-known Polish company relied on suspect arbitration court to demand thousands of euros from conference speakers

Clinical laboratory and pathology professionals may want to heed the phrase “caveat emptor” (“let the buyer beware”) if invited to speak at events organized by little-known entities. That appears to be the lesson from a rather bizarre story coming out of Poland involving scholars from multiple countries who agreed to speak during a series of online COVID-19 webinars and who were later billed thousands of euros for their participation.

In “Costly Invite? Scientists Hit with Massive Bills after Speaking at COVID-19 ‘Webinars,’Science magazine reported that in 2020 and 2021, dozens of researchers were invited by a Polish company called Villa Europa to speak in a series of online conferences about modeling of COVID-19.

But months after the event, the organizer demanded payment for the researchers’ participation, and in some cases, turned to a Polish arbitration court to enforce the demand. But in a curious twist, the legitimacy of that court has itself been called into question.

“I was interested in the topic, and I agreed to participate,” Björn Johansson, MD, told Science. “I thought it was going to be an ordinary academic seminar. It was an easy decision for me.” Johansson, a physician and researcher at the Karolinska Institute in Sweden, has since “come to regret that decision,” the publication reported.

Villa Europa is now seeking €80,000 ($86,912 in current US dollars) from Johansson, including legal costs and interest, after turning to a Swedish court. Others have received demands for €13,000 to €25,000 ($14,123 to $27,156) in fees, late payment penalties, and court costs, Science reported.

Researchers Axel Brandenburg, PhD (left), and Björn Johansson, MD (right), are two of the 32 scholars from six countries who are now being billed thousands of euros for their participation in the Villa Europa COVID-19 modeling webinars. Pathology and clinical laboratory leaders who receive similar invitations may want to thoroughly read the contracts before agreeing to participate. (Photo copyright: Axel Brandenburg, Björn Johansson.)

How Did It All Happen?

According to Science, the ordeal began when an individual named Matteo Ferensby invited the scientists to speak at the webinars. His email signature indicated an affiliation with the University of Warsaw, but the university “has no employee by that name, according to the institution’s press office,” Science reported, adding that “there is no track record of scientific publications from a Matteo Ferensby.”

By one speaker’s count, the company produced at least 11 webinars between April 2020 and June 2021. “The speakers themselves—about 10 people in each session—were the only audience, but participants were told the recordings would be published open access afterward,” Science reported.

Ferensby did not disclose that speakers would be charged conference fees. In fact, one speaker was told explicitly that no fees would be requested, Science noted.

However, the speakers were later asked to sign a license agreement that would allow the organizer to publish the recordings. It included a clause on the last page stating that they would have to pay fees of €790 and €2785 (US$859 and $3,029) related to publication.

The financial amounts were written in words rather than numbers with no highlighting, according to Science, which reviewed some of the contracts.

“Many of the speakers, already busy studying COVID-19 and under pressure from the transition to remote teaching, did not notice these clauses,” Science reported. Said one speaker: “The contract was unreadable [but] I eventually sent it.”

Questionable Arbitration

Some of the webinar participants told Science that they later received altered versions of the contracts with “an additional page where the fees are made explicit, and [with] modified clauses, one of them stating that disputes can be settled by a Polish arbitration court.”

That court, identified as Pan-Europejski-Sąd-Arbitrażowy (Pan European Arbitration Court or PESA), apparently does not exist. Agnieszka Durlik, JD, Director General of The Arbitration Court at the Polish Chamber of Commerce, told Science that she had never heard of PESA, and it that appears Villa Europa set up the PESA website.

“In my opinion this is fraud,” Durlik said. Nevertheless, Villa Europa used alleged rulings by PESA to go after some of the speakers in their own local courts.

“For the researchers now under pressure from the courts, ignoring the demands is not an option,” Science reported. “They have all submitted court filings supporting their case.”

The speakers claim that “the demands are illegitimate and that they were deceived about what they were signing in the contracts,” Science noted. One speaker, Axel Brandenburg, PhD, of the Nordic Institute for Theoretical Physics (NORDITA), is awaiting a ruling in September, Science reported.

Warnings against Predatory Conferences

The story comes amid increasing concerns about so-called “predatory conferences,” in which scientists are invited under false pretenses to participate in what appear to be legitimate meetings.

“Would-be attendees should expect missing plenary speakers, multiple fields of research smashed together in a Frankenstein program, and an absence of the important academic rigor that fuels the conferences that scientists know and love,” wrote senior science writer Ruairi J. Mackenzie in Technology Networks. “The companies organizing these events are motivated by profit above all else.”

Mackenzie offered several tips to help both speakers and attendees spot fake conferences:

  • Examine the promotional materials. “Whether you are studying an unprompted email or a conference webpage, look for shoddy writing quality or outlandish layouts.”
  • Check with your colleagues. “The dominant conferences in your field are probably in that position because they have proved time and time again that they can deliver a valuable experience for attendees.”
  • Look at other conferences from the same producer. If a company produces a high volume of conferences on a wide range of topics, that can be a sign that the quality will be shoddy, he suggested.
  • Look at the contact information. A legitimate conference should have ties to an established society or conference organizer. Get the address, and then look at that location in Google Street View to see if it’s the kind of building where you’d expect a legitimate company to be located.

The experience of these 32 scientific and medical scholars demonstrates that there is always a new twist in how honest citizens can be defrauded. For that reason, clinical laboratory managers and pathologists should be wary when approached by unknown organizations with speaking invitations, particularly in Europe.

—Stephen Beale

Related Information:

Costly Invite? Scientists Hit with Massive Bills after Speaking at COVID-19 ‘Webinars.’

The Ultimate Guide to Avoiding Predatory Conferences

The Alarming Rise of Predatory Conferences

The Ethics Blog: Predatory Conferences

Arbitrarily Applied: Another COVID-19 Scam, This Time On Scientists

California’s Statute Restricting Use of Moniker ‘Doctor’ to Only Physicians and Surgeons Challenged by Nurse Practitioners in Court Case

Plaintiffs claim state is criminalizing speaking the truth about their earned advanced degrees

Doctorate of Nursing Practice (DNP) is the highest degree that can be acquired by a nurse practitioner (NP). But can NPs who achieve this degrees call themselves doctors? What about others who hold doctorates, such as PhDs in clinical laboratories?

According to the State of California—which has enacted a law restricting the use of the word “doctor” or the prefix “Dr.” in titles, online, or in business communications solely to physicians and surgeons—the answer is no.

Predictably, implementation of the law brought a lawsuit. In June, three California nurse practitioners with DNP degrees sued the California attorney general and leaders of the Medical Board of California and California Board of Registered Nursing.

They are seeking to block enforcement of the law, according to The Washington Post.

“The word ‘doctor’ doesn’t belong to physicians,” Jacqueline Palmer, DNP, one of the three NPs suing over California’s law restricting non-physician medical providers from using that word, told The Washington Post. Palmer argues that NPs should be able to use the word “doctor” or the prefix “Dr.” when describing themselves much like PhDs and other non-physicians do who hold doctorates. (Photo copyright: Jacqueline Palmer, DNP.)

Plaintiffs Claim Criminalization of the Truth

The statute in question is the California Business and Professions Code Section 2054 which is part of California’s Medical Practice Act originally written in 1931.

Section 2054 of the statute states, “Any person who uses in any sign, business card, or letterhead, or, in an advertisement, the words doctor or physician, the letters or prefix Dr., the initials M.D., or any other terms or letters indicating or implying that he or she is a physician and surgeon, physician, surgeon, or practitioner under the terms of this or any other law, or that he or she is entitled to practice hereunder, or who represents or holds himself or herself out as a physician and surgeon, physician, surgeon, or practitioner under the terms of this or any other law, without having at the time of so doing a valid, unrevoked, and unsuspended certificate as a physician and surgeon under this chapter, is guilty of a misdemeanor.”

In their complaint, the three lawsuit plaintiffs state, “Defendants are California state officials charged with enforcing a law that criminalizes the truthful use of the title ‘Dr.’ by any healthcare professional who is not a licensed physician or surgeon. That means veterinarians, dentists, pharmacists, physical therapists, and nurse practitioners are subject to severe penalties if they truthfully refer to themselves as ‘doctor.’ This is true even where the doctor specifies the specific profession in which he or she has obtained his or her doctorate degree. The statute that mandates this regime goes far beyond patient protection and violates the First Amendment rights of doctors to truthfully describe themselves and their credentials.”

The three plaintiffs in the case are:

California is not the only state that restricts the use of the word “doctor” or “Dr.” but it is the strictest, according to Donna Matias, JD, Pacific Legal Foundation, the attorney representing the three plaintiffs.

“If you read the law literally, it appears to prohibit even PhDs and university professors from using the title,” she told the Post.

Previous Case Led to Stiff Penalties for Nurse Practitioner

In November of 2022, California Nurse Practitioner Sarah Erny, DNP, was fined a total of $22,500 by both the State of California and the State Medical Association for describing herself as a doctor on several professional online platforms without also including that she was a nurse, not a physician.

“While in most instances Ms. Erny indicated that she was a nurse practitioner, she failed to advise the public that she was not a medical doctor and failed to identify her supervising physician. Adding to the lack of clarity caused by referring to herself as ‘Dr. Sarah,’ online search results would list ‘Dr. Sarah Erny,’ without any mention of Ms. Erny’s nurse status,” wrote County of San Luis Obispo District Attorney Dan Dow, JD, in a statement.

Dow went on to say, “All forms of professional medical services advertising, including websites and social media accounts, must be free of deceptive or misleading information and must clearly identify the professional license held by the advertiser. Providing patients upfront with the proper title of our healthcare professionals aids consumers in making a more informed decision about their healthcare.”

Along with the financial penalties, Erny was ordered to “refrain from referring to herself as ‘doctor’ in her role of providing medical treatment to the public. [The judgement] also requires Ms. Erny to identify and make reasonable efforts to correct information on internet sites referring to her as ‘doctor’ or ‘Dr.’” the statement noted.

Speaking Truthfully about Advanced Degrees

Palmer spent 14 years in school pursuing her degrees. She feels her patients are smart enough to know the difference between her and a physician. “It’s not an ego trip; it’s not a power trip,” Palmer told the Post, “It’s just validation that I worked hard to get where I am today.”

The Pacific Legal Foundation argues in favor of the nurses by virtue of their advanced and in-depth training: “[After] years earning their advanced degrees and qualifications … they should be able to speak truthfully about them in their workplaces, on their business cards, the internet, and social media, so long as they clarify that they are nurse practitioners.”

Until the dust settles, NPs in California are taking precautions. Palmer said she has asked her patients to stop calling her “doctor” out of fear of being fined like Erny, a move she also claimed her patients protested against. “They all have said that they know that I worked hard for it,” she told the Post.

Clinical laboratory PhDs and others with advanced degrees may want to investigate their state’s requirements as to how they can legally refer to themselves.

—Ashley Croce

Related Information:

Should Nurses with Doctorates Be Called Doctor? Lawsuit Targets California Rule

Nurse Practitioners Sue State Over Right to Use ‘Doctor’ Title

Nurse Practitioners Sue California over Restricted Use of ‘Doctor’

Complaint for Declaratory and Injunctive Relief: United States District Court Central District of California

California Medical Practice Act

DNPs Can Face Heavy Fines If They Call Themselves Doctors. Some Are Fighting Back Against the Laws

Nurses with a Doctorate in Nursing Practice (DNP) Should Not Call Themselves “Doctor” in a Clinical Setting

California Business and Professions Code Section 2054

Nurse Practitioner (DNP) Fined $19K for Calling Self “Doctor Sarah”

District Attorney Dan Dow Announces Settlement with Arroyo Grande Nurse for Unlawfully Advertising Herself as “Doctor”

Major Data Breaches at Hospitals, Clinical Laboratories, and Health Plans Continue to Put Patient Data at Risk

Lapses in security measure testing can give healthcare employees a false sense of protection against data breaches, says cybersecurity expert

Cyberattacks on our nation’s hospitals, clinical laboratories, other healthcare organizations, and health plans, continue to plague the healthcare industry. As of July 7, 2023, 324 data breaches have occurred and are currently under investigation, according to the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) data breach portal.

This has affected more than 39 million people, HealthITSecurity reported.

When cybercriminals attack hospitals, clinical laboratories, and other medical organizations, healthcare consumers’ protected health information (PHI) may be stolen.

Dark Daily has covered such cyberattacks extensively.

In “Healthcare Cyberattacks at Two Hospitals Prompt Tough Decisions as Their Clinical Laboratories Are Forced to Switch to Paper Documentation,” we reported how in response to cyberattacks on two hospitals, medical laboratories in Florida and Maryland were forced to switch from digital to paper documentation and, in at least one case, the organization reportedly had difficulty accessing electronic laboratory test results.

And in, “Nearly One Million Patient Records of Hospitals, Health Clinics, Medical Laboratories, and other Providers Stolen in Ransomware Attack on Medical Records Company,” we covered how a single ransomware attack on a medical records company netted nearly a million PHI records from 28 healthcare providers in New York. This include names, home addresses, treatment dates, health plan numbers, and internal account numbers of 934,138 patients.

Below is a list of the data breaches this year that affected the most people.

“The way that computer network environments work today, users are acknowledged as the weakest link and offer the most potential for access to a hacker,” Ben Denkers (above), former Chief Innovation Officer at CynergisTek, told Dark Daily’s sister publication The Dark Report. He added that data breaches at clinical laboratories can start with “missteps” by lab employees who have a false sense of protection caused by lapses in testing a lab’s security measures. CynergisTek merged with Clearwater in 2022. (Photo copyright: CynergisTek.)

Top Data Breaches in First Six Months of 2023

Here are healthcare’s top 10 data breaches for the first half of 2023, listed by organizations with the most people affected, according to HHS:

  • Managed Care of North America, dental benefits organization, Atlanta, Georgia, 8.8 million individuals affected.
  • PharMerica Corporation, pharmacy services for skilled nursing, Louisville, Kentucky, 5.8 million individuals affected.
  • Regal Medical Group, Reseda, California, 3.3 million individuals affected.
  • Cerebral, mental health services, Claymont, Delaware, 3.1 million individuals affected.
  • NationsBenefits Holdings, supplemental benefits company, Plantation, Florida, three million individuals affected.
  • Harvard Pilgrim Health Care, health plan, Canton, Massachusetts, 2.5 million individuals affected.
  • Enzo Clinical Labs, clinical reference laboratory, Farmingdale, New York, 2.4 million individuals affected.
  • ZOLL Services, medical equipment, Pittsburgh, Pennsylvania, 997,097 individuals affected.
  • Community Health Systems, healthcare provider with 15,000 licensed beds at 89 acute care hospitals in 16 states, Brentwood, Tennessee, 962,884 individuals affected.
  • CentraState Healthcare System, healthcare provider with a 284-bed acute care medical center, an ambulatory campus, and an urgent care clinic, Freehold, New Jersey, 617,901 individuals affected.

Clinical Laboratory Brings in Cybersecurity Experts

Following a ransomware incident in April on its computer network, Enzo Clinical Labs in Farmingdale, New York, “immediately took steps to secure our systems and began an investigation with the assistance of a cybersecurity firm,” the lab’s Notice of Data Security Incident explains.

“The investigation determined an unauthorized party accessed files on our systems,” the notice continues. “The files contained patient names, dates of service, clinical test information, and, in some instances, Social Security numbers.”

Enzo “has incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,” according to the lab’s Securities and Exchange Commission (SEC) filing.

Multiple Large Health Systems Suffer Data Breaches

At Community Health Systems (CHS) it was a security incident at Fortra, a cybersecurity firm engaged by CHS, that resulted in “unauthorized disclosure of patient information,” according to CHS’s Notice of Third Party Security Incident.

The extent of data theft from the breach of Fortra’s GoAnywhere MFT secure managed file transfer software was not immediately clear, HIPAA Journal reported.

“The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and Social Security number,” the CHS notice explained.

At CentraState Healthcare System, “an unauthorized person obtained a copy of an archived database that stored certain patient information,” the healthcare provider’s Notice of Security Incident states. 

“There was no financial account and/or payment card information involved in this incident,” CentraState noted.

Financial Impact of Data Breaches

One of the effects on healthcare providers is costly settlement of lawsuits following data breaches that allege failure to secure patients’ PHI. For example, according to Becker’s Health IT:

  •  UMass Memorial Medical Center in Worcester, Massachusetts, paid $1.2 million “to settle a March 2022 lawsuit regarding a data breach of its payroll management system Kronos.”  
  • Advent Health in Altamonte Springs, Florida, paid $500,000 “to settle a data breach lawsuit alleging that the health system failed to protect patients’ confidential information after a September 2021 data breach.”
  • CommonSpirit Health in Chicago spent $150 million recovering from a ransomware attack in October 2022 that also sparked lawsuits over stolen PHI.

Tips for Clinical Laboratories on Securing Patient Data

In “Labs Must Audit Their Cybersecurity Measures,” Ben Denkers, former Chief Innovation Officer at CynergisTek, an Austin-based cybersecurity company which has since merged with healthcare cybersecurity and compliance company Clearwater, told Dark Daily’s sister publication The Dark Report, “The way that computer network environments work today, users are acknowledged as the weakest link and offer the most potential for access to a hacker.”

Denkers advises that while training employees is important for cybersecurity because it aims at changing human behavior, laboratories and other healthcare organizations also need to audit the technological measures they have in place to protect data.

“What we find is that organizations have security technology or processes in place that are either not effective or not working as designed,” he said, adding that when data breaches do occur “it’s a complete blindside for a lot of organizations that think they have protections in place because they bought a product, or they developed a policy.

“Testing, validating, and auditing whether measures are working as designed is a change of mentality for a lot of organizations. I would recommend taking those steps,” he added.

Clinical laboratories hold vast amounts of patient data and cannot afford disruptions to testing and results reporting. Vigilance can help labs avoid catastrophic cyberattacks, secure their patients’ protected health information from being stolen, and prevent the subsequent lawsuits that ensue following a data breach.

—Donna Marie Pocius

Related Information:

US Department of Health and Human Services Office for Civil Rights Breach Portal

2023 Largest Health Data Breach So Far Brings Legal Flurry

Biggest Healthcare Data Breaches Reported This Year, So Far

Notice of Data Security Incident: Enzo Clinical Laboratories

Securities and Exchange Commission (SEC) Filing: Enzo

Third Party Security Incident Impacting Community Health Systems

Up to One Million Community Health Systems Patients Affected by GoAnywhere MFT Hack

CentraState Healthcare System Notice of Security Incident

How Much Three Health Systems are Paying to Resolve Cyberattacks

Sophisticated Cyberattacks Target Healthcare

Labs Must Audit Their Cybersecurity Measures

Healthcare Cyberattacks at Two Hospitals Prompt Tough Decisions as Their Clinical Laboratories Are Forced to Switch to Paper Documentation

Nearly One Million Patient Records of Hospitals, Health Clinics, Medical Laboratories, and other Providers Stolen in Ransomware Attack on Medical Records Company

Clinical Laboratory Owner Receives 15-Year Federal Prison Sentence, Hefty Fine as DOJ Hits Hard on Healthcare Fraud Cases

US Department of Justice sends a strong message that it will continue to root out fraud involving clinical laboratory owners and operators

Arkansas clinical laboratory owner/operator Billy Joe Taylor has been sentenced to 15 years in federal prison and ordered to pay nearly $30 million in restitution, according to a June 8 press release from the US Attorney’s Office for the Western District of Arkansas.

Taylor pleaded guilty in October of 2022 to conspiracy to commit fraud and money laundering. He and his accomplices submitted $134 million in false or fraudulent claims to Medicare before and during the COVID-19 pandemic.

The claims came from five laboratory companies owned and operated by Taylor and his co-conspirators. All claims centered around respiratory illness tests or urine drug tests that were either not medically necessary or not ordered by medical providers, the DOJ’s press release states.

Taylor’s 15-year sentence in federal prison and huge restitution reinforces the fact that the federal Department of Justice (DOJ) will indict—and convict—owners and managers of clinical laboratory companies accused of healthcare fraud.

Billy Joe Taylor, owner/operator of five clinical laboratories in four states, was sentenced in June to 15 years in prison and ordered to repay nearly $30 million in fraudulent test claims made to Medicare prior to and during the COVID-19 pandemic. This conviction is part of an ongoing campaign against healthcare fraud being conducted by the US Department of Justice. (Photo copyright: Arkansas Democrat-Gazette.)

Details of Taylor Fraud Case

Taylor allegedly obtained private personal and medical data from Medicare beneficiaries and then used that information to submit and resubmit claims to Medicare for diagnostic tests. More than $38 million was received from Medicare on those fraudulent claims, the DOJ noted.

According to an October 2022 DOJ press release, the labs involved in the case included:

In 2021, Taylor claimed innocence and told Arkansas Business that the accusations were “sensationalism-type claims from the government that were completely erroneous and false.”

As a young man, Taylor planned to go into the clinical laboratory field when he was still in high school. He got started by volunteering at his hometown hospital in Stigler, Oklahoma, the Free Library reported. Eventually hired by the hospital to draw blood, run tests, and keep quality control and inspection data, Taylor later moved to other hospitals before partnering in 2009 to start Advanced Laboratory Services (ALS) of Oklahoma City, Oklahoma.

A pulmonary embolism and stroke forced Taylor to sell his share in ALS, and not long after returning as a consultant, his business partner sold the lab company. Taylor joined two people from a Tulsa laboratory to start a new company, acquiring Medtest Laboratories LLC of Hurricane, West Virginia, and Vitas laboratory LLC in 2017. He hoped to compete with national laboratories, earning up to $2 million per month, the Free Library reported.  

Other Clinical Laboratory Testing Fraud Schemes

The DOJ’s aggressive efforts to crack down on healthcare fraud over the past years have produced multiple court cases against clinical laboratory owners, managers, and the doctors who conspire with them. Dark Daily has covered such fraud cases in numerous ebriefings over the years.

In “Southern California Physician and Clinical Laboratory Owners Charged in Federal Crackdown on Pandemic-Related Billing Fraud,” we reported on federal charges that had been brought against a number of physicians and clinical laboratory owners in what the DOJ described as the “largest ever” coordinated nationwide law enforcement effort against COVID-19 pandemic-related healthcare fraud.

Also, in “California Clinical Laboratory Owners among 21 Defendants Indicted or Criminally Charged for COVID-19 Test Fraud and Other Schemes Totaling $214 Million,” we covered how the DOJ had charged the owners of a California clinical laboratory—as well as 19 other defendants—for their roles in fraudulent billing, kickbacks, and money laundering schemes to defraud Medicare of more than $214 million.

And in “Department of Justice Recovers $1.8B from Medical Laboratory Owners and Others Accused of Alleged Healthcare Fraud During COVID-19 Pandemic,” we reported that DOJ had recovered billions of dollars as a result of federal investigations into alleged healthcare fraud by clinical laboratories and other organizations during fiscal year 2020.

DOJ’s Healthcare Fraud Unit

In 2021, the DOJ’s Healthcare Fraud Unit brought “criminal charges against 14 defendants, including 11 newly-charged defendants and three who were charged in superseding indictments, in seven federal districts across the United States for their alleged participation in various healthcare fraud schemes that exploited the COVID-19 pandemic and resulted in over $143 million in false billings,” a DOJ press release announced.

In a statement to the press, Deputy Attorney General Lisa O. Monaco said, “The multiple healthcare fraud schemes charged today describe theft from American taxpayers through the exploitation of the national emergency … These medical professionals, corporate executives, and others allegedly took advantage of the COVID-19 pandemic to line their own pockets instead of providing needed healthcare services during this unprecedented time in our country.

“We are committed to protecting the American people and the critical healthcare benefits programs created to assist them during this national emergency, and we are determined to hold those who exploit such programs accountable to the fullest extent of the law,” she added.

Monaco’s statement emphasizes the DOJ’s expanding focus on healthcare fraud. The DOJ formed the Health Care Fraud Strike Force in 2007 to handle cases like Taylor’s. The program is composed of 15 teams operating out of 25 federal districts. During the 15 plus years the Strike Force has been active, the DOJ has charged more than 5,000 defendants who collectively billed over $24 billion to both private insurers and federal healthcare programs.

Therefore, it behooves clinical laboratory managers to ensure all lab operations are well-within the bounds of legality. The DOJ is taking its hunt for healthcare fraudsters quite seriously.

—Kristin Althea O’Connor

Related Information:

Lavaca Man Sentenced in $134 Million COVID-19 Health Care Fraud and Money Laundering Scheme

Lavaca Man Sentenced to 15 Years in Prison, Ordered to Pay More than $29.8 Million in Medicare Fraud Case

Lavaca Man Gets July 19 Sentencing Date in Federal Healthcare Fraud, Money Laundering Case

Lab Owner Fights His Insurer, and Now a Federal Fraud Case: Lavaca Man Denies Fraud in Health System, Accusing US of ‘Sensationalism’

Lavaca Man Pleads Guilty of Conspiracy to Commit Healthcare Fraud and Money Laundering

Lavaca Man Pleads Guilty to Stealing Millions in Medicare Fraud

DOJ Announces Coordinated Law Enforcement Action to Combat Healthcare Fraud Related to COVID-19

Federal Trial for Lavaca Man Facing Healthcare Fraud Charges Moved to Next Year

Southern California Physician and Clinical Laboratory Owners Charged in Federal Crackdown on Pandemic-Related Billing Fraud

California Clinical Laboratory Owners among 21 Defendants Indicted or Criminally Charged for COVID-19 Test Fraud and Other Schemes Totaling $214 Million

Department of Justice Recovers $1.8B from Medical Laboratory Owners and Others Accused of Alleged Healthcare Fraud During COVID-19 Pandemic

Providers and Legislators Seek Changes in Rules Implementing No Surprises Act and How Physicians, Labs, and Other Providers Can Bill Patients

Provider groups and members of Congress say the rules favor payers, federal judge agrees, but path forward in how providers bill patients remains unclear

Groups representing healthcare providers—including pathologists—are challenging the Biden administration’s implementation of the No Surprises Act, a bill passed in 2020 that aims to protect patients from surprise medical bills.

This will be of particular interest to pathologists who—as a study from the Health Care Cost Institute (HCCI) found—were second only to emergency room physicians among providers with the highest percentage of out-of-network billing.

Dark Daily’s sister publication The Dark Report covered the HCCI study and its findings in “Federal Rule to Revise Out-Of-Network Billing.”

The College of American Pathologists (CAP) and American Society for Clinical Pathology (ASCP), both of which supported the No Surprises Act, are now among numerous provider groups claiming that the bill’s rules for resolving payment disputes unfairly favor payers.

These groups have bipartisan support in Congress, Bloomberg Law reported, noting that some legislators are urging Health and Human Services (HHS) Secretary Xavier Becerra to change the rules. The lawmakers may seek to amend the law or turn to the courts if Becerra does not follow through on their requests.

“Either we legislate, we go to court, whatever it takes,” Rep. Brad Wenstrup (R-Ohio) told Bloomberg. Meanwhile, a federal district court judge has sided with the Texas Medical Association (TMA) in two lawsuits over the rules, Healthcare Dive reported.

“We need to make sure that the administration is implementing what we passed consistent with the legislative intent,” Sen. Michael Bennet (D-Colorado) told Bloomberg Law regarding the No Surprises Act. “We had a very complicated coalition of people to come together to support this legislation.” (Photo copyright:

Details of No Surprises Act

The No Surprises Act aims to protect patients from “balance billing,” in which they receive surprise bills for out-of-network medical services even when they use in-network providers. The bill was signed into law in December 2020, with most provisions taking effect on Jan. 1, 2022.

As Dark Daily reported in “ASCP and CAP Support New Legislation That Bars Surprise Medical Billing,” following passage of the bill, patients who unknowingly receive services from out-of-network providers are liable only for costs they would have incurred for in-network care. Providers and payers then have 30 days to negotiate a payment. If they can’t agree, an arbiter determines the payment as part of a federal independent dispute resolution (IDR) process.

Passage of the bill required the federal Department of Health and Human Services (HHS), Department of Treasury, and Department of Labor to craft regulations and guidance to implement the law—including the IDR process—according to the American Hospital Association (AHA).

Legal Pushback to Arbitration Rule

One contention was an interim rule that instructed arbiters to use the “qualifying payment amount” (QPA) as the primary basis for ruling in favor of either insurers or providers in payment disputes.

Writing in MedPage Today, pediatric radiologist Richard Heller, MD, National Subspecialty Lead for Pediatric Radiology at Radiology Partners in Chicago, and Radiological Society of North America (RSNA) Board Liaison for Public Information and Corporate Relations, described the QPA as “the insurer’s median in-network rate.”

Heller wrote that “the calculation methodology does not result in real world, market-based rates. Further, insurers calculate their own QPA, and may do so in a non-transparent fashion, raising questions about QPA integrity.”

He added, “The departments have repeatedly tried to establish the QPA as the primary factor arbiters should use in their decision making. These attempts have twice been rejected by a federal court. Recent guidance issued by the administration as a result of the second Texas Medical Association lawsuit more closely reflects the balance that Congress intended.”

In its first lawsuit, the TMA characterized the QPA as “an opaque and flawed insurer-calculated amount” that would result in reduced payments to providers. The lawsuit claimed that Congress, instead, intended for the dispute resolution process to look at “a range of factors.”

Federal Judge Jeremy Kernodle ruled in the TMA’s favor and ordered HHS to change the rule. He also sided with the TMA in another lawsuit, which alleged that a final rule issued in August 2022, while “formally abandoning the QPA rebuttable presumption,” unduly restricted use of non-QPA factors, according to a litigation update for certified IDR entities from Sidley Austin LLP.

The final rule “nevertheless continues to place a thumb on the scale for the QPA by requiring arbitrators to begin with the QPA and then imposing restrictions on the non-QPA factors that appear nowhere in the statute,” the judge stated in his ruling, the American Medical Association (AMA) reported.

In its latest lawsuit, the TMA is challenging a big hike in administrative fees for dispute resolution, which went from $50 initially to $350 beginning last January.

Another issue with the law has been the sheer volume of arbitration cases. The administration originally estimated that payers and providers would submit about 17,000 claims per year, but between April 15 and Sept. 30, 2022, about 90,000 disputes were initiated, according to a government report cited by RevCycleIntelligence.

The No Surprises Act reflected lawmaker compromises about arbitration, Sen. Michael Bennet (D-Colorado) told Bloomberg Law. Bennet indicated to the news outlet that he is not happy with the current arbitration process.

Pathology Groups Weigh In

The CAP and ASCP joined other physician organizations in raising early objections to the Biden Administration’s plans to implement the independent dispute process.

“The skewed IDR process outlined within the IFC [Interim Final Rule with Comment Period] will remove a critical incentive for insurers to negotiate reasonable contracts with physicians by establishing the QPA as a reasonable out-of-network payment,” the ASCP stated in a Dec. 6, 2021, letter to administration officials.

On Dec. 23, 2021, the CAP filed an amicus brief in a lawsuit brought by the AMA and AHA challenging an interim rule issued that September. The regulations “must support an equitable and balanced system for resolving out-of-network payment disputes,” said CAP President Emily Volk, MD, FCAP in a statement accompanying the filing. “As of today, the rules heavily favor the insurers when their power is already too great.”

The AMA and AHA later withdrew the lawsuit after the Biden administration revised the rule, Healthcare Finance News reported. However, the groups still contend that the rule favors payers.

High Stakes for Pathologists

When the law passed Congress, it appeared likely it would have a disproportionate impact on medical laboratories and pathology groups. The HCCI report ranked pathology number two among six specialties responsible for the highest percentage of out-of-network bills. And when the interim final rule was published in the Federal Register, the HCCI data was cited in an accompanying commentary.

However, the CAP told The Dark Report that the statistics about pathologists, though accurate, were “presented in a somewhat misleading manner.”

The No Surprises Act does permit balance billing when patients have given prior consent, but pathologists were among a group of specialties barred entirely from the practice, Dark Daily previously reported.

—Stephen Beale

Related Information:

Surprise Medical Bill Disputes Spur Lawmakers to Seek Changes

The Six Provider Lawsuits Over the No Surprises Act: Latest Developments

HCCI: How Often Do Providers Bill Out of Network?

HHS and Federal Departments Issue Final Rules to Clarify No Surprises Act Dispute Resolution

Biden Administration Should Revise No Surprises Act Rules, Says ASCP

Judge Removes Disputed Element of No Surprises Act