By: Michael J. Schoppmann, Esq.

In today’s ever increasingly regulatory, prosecutorial and litigious medical-legal environment, there is no longer a logical or rational basis for physicians to not be actively, aggressively and perrienially embracing risk management in order to protect their practices. No one program, no one on-line course or DVD series is sufficient any longer. Risk Management must now be a way of life, a routine part of the very culture of every medical practice. The risks are not simply from claims of medical malpractice, they emanates from every aspect of practice and flow through virtually every agency - at both the federal and state levels. Faced with such an investigation, the involved physician will also face an obligatory investigation by the state licensing authority and run the risk of loss of his or her professional license. Comparatively, a claim for medical malpractice seems inconsequential.


So, to begin such a collective transformation, I propose one day. One day a year. Let’s call it Law in Medicine Day (“LMD” for short).

To make it easier, I also propose we make LMD an easy day to remember – the already dreaded, infamous April 15th, historically reserved in our national psyche as the deadline of filing our tax returns, now becomes a day for every physician, every medical practice to comply with a number of other, critical legal obligations – a goal never more paramount for every physician.

So, what of LMD? What do we address in this new annual ritual?

HIPAA – Virtually every practice will admit, if asked, that it has not taken down their original HIPAA materials developed several years ago and placed on the shelf in the Office Manager’s office. Unfortunately, since that time, HIPAA has moved on, been updated and grown even larger. HHS has issued regulations requiring health care providers, health plans, and other entities covered by HIPAA to notify individuals when their health information is breached. These “breach notification” regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).

RED FLAG REGULATIONS – These new identity theft regulations require every practice develop and maintain a formal written program to identity, prevent and mitigate the risk of identity theft within their practices. At the very core of these new regulations is the requirement that the policies be routinely and continually updated.

REIMBURSEMENT CONTRACTS – Faced with the dramatically expanding use of investigative audits, every physician must review each of their payor relationships to determine (a) is the payor-contract to be continued and if so, (b) is the practice compliant with each of the payor’s policies and procedures? If not, it is almost certain that the practice will face an adverse audit by the payor, seeking not only reimbursement but interest charges, costs and extrapolated damages.

MEDICAL PRACTICE POLICIES – Policies as to infection control, proper sterilization of equipment, handling of medical waste and other practice protocols all need to be updated (as technology, disease and prevention measures all progress) and keeping staff abreast of such changes will be critical to preventing unintended, or unknowing, violations of these policies.

CREDENTIAL/PROFILE REVIEWS – An essential aspect of a physician, or practice’s, ability to protect itself, and its reputation, in today’s climate is to be ever diligent in reviewing and re-reviewing their standing – both from a professional/credentialing perspective and a public/internet perspective. What specialty is designated in credentialing can dramatically change reimbursement models and what information a prospective patient can, and cannot, find on the internet may well dictate choice of physician – without the practice ever knowing it was harmed by either set of misinformation.

EMPLOYEE MANUAL – most practices do not even have an employee manual, but for those that do, and for those that now will, the laws pertaining to work place claims such as hostile work environment, sexual harassment, discrimination, along with the application of family leave acts, are ever changing and failure to be aware of, nonetheless comply with, new standards of law expose the practice to high levels of risk.

Each of these items, after being reviewed and updated, should be the subject of a training (or hopefully, re-training) session with the staff of the medical practice – including every physician. Attendance should be mandatory, attendance sheets should be completed and every employee should be required to sign a copy of the new policies, acknowledging they’ve been trained in same and that they understand their obligations under these new/updated policies. These signed policies should be retained by the practice for future protections.


As a physician and/or a practice weighs the need for LMD, consider this – those who regulate, supervise, prosecute and profit from making claims against physicians carry out their careers, plan their actions and pursue physicians every single day – all day. In contrast, all I ask is one day a year. LMD…it’s time to protect yourself, it’s time has come.
Kern Augustine Conroy & Schoppmann, P.C., Attorneys to Health Professionals, has offices in New Jersey, New York, Florida, Pennsylvania and Illinois. The firm’s practice is solely devoted to the representation of health care professionals. Mr. Schoppmann may be contacted at 1‐800‐445‐0954 or via email ‐