You received a notice from the TMB — now what?

A TMB action — how to report

Because the threat of a disciplinary action is all too real, every TMLT policy includes Medefense coverage. Medefense covers legal expenses, fines, and penalties associated with disciplinary actions, such as actions by the TMB, a hospital review committee, or a federal regulatory agency.

If you receive notice of any disciplinary action, you are strongly urged to do the following as possible.

1. Call the Claim Department at 800-580-8658 to report a Medefense claim as soon as you receive the initial letter from the TMB or other disciplinary authority. You have 60 days to report an insured event to receive reimbursement for covered expenses under Medefense.

2. Consider retaining an attorney to help draft your initial response to the TMB.TMLT can provide you with the contact information of attorneys who have experience handling disciplinary proceedings.

Working with an attorney who is knowledgeable of TMB proceedings can result in an early dismissal of the complaint. “I have seen too many examples of cases where the physician responds on his own, or forwards a copy of the medical records without a response. Often the physician’s response does not contain what it should and can actually make matters worse,” says Gregory Myers, an attorney with the Myers and Doyle Law Firm in Houston.

3. If you do not choose an attorney from TMLT’s panel of attorneys, promptly send the following information to TMLT to expedite the payment process under Medefense:

  • copies of all legal expense invoices pertaining to the defense of the claim — the legal or audit expenses should be itemized on an hourly basis showing the services provided, the time incurred, and the hourly rate;
  • copies of all payments made to the attorney or law firm representing the policyholder in the matter; and
  • a copy of the dispositive letter describing the final outcome so the claim can be closed.

Because the TMB can impose a range of disciplinary actions — including revoking or suspending your medical license — it’s important to respond appropriately when you receive a notice of investigation.

At TMLT, we have encountered a number of cases where physicians did not hire an attorney or notify us when they received the initial complaint notice from the TMB. These physicians believed they could prepare a response to the Board and hoped the matter would go away. They learned otherwise when they received a notice of investigation or notice that the matter was set for an Informal Settlement Conference. Ultimately, once an attorney was finally hired, the physician and attorney were at a disadvantage in preparing a defense.

Health and Human Services launches random HIPAA audit surveys

Last year, the U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) reported their intentions to survey health care entities and their business associates in order to select subjects for a new “random” audit.

The selection process is now underway!

OCR has begun sending pre-audit screening surveys via email to applicable entities across the state, with questions expected to focus on security risks to protected health information (PHI) and pervasive issues of non-compliance based on OCR’s 2011 and 2012 audit findings and observations.

It is unknown how many of those contacted will actually be selected for the audit; however, sources are projecting that approximately half of those contacted will be audited. If you receive a survey, please don’t ignore it. Respond to it as soon as possible. Failure to do so could potentially “raise a red flag” with HHS, and invite scrutiny or even an independent audit.

If a serious compliance concern is found through an audit, OCR may initiate a full compliance review through its enforcement division that could lead to financial penalties.

The audit program is an attempt by OCR to proactively enforce, assess, and confirm HIPAA compliance efforts, and present new opportunities to “examine mechanisms for compliance, identify best practices, and discover risks and vulnerabilities that may not have come to light through OCR’s ongoing complaint investigations and compliance reviews.” (1)

TMLT Resources

If you receive a survey, please contact Cathy Bryant in TMLT’s Product Development and Consultant Services department at or 512-425-5910. Cathy will do a high level review to help your Privacy Officer identify areas that may be on the audit.

If you are chosen for an audit, please contact TMLT at 800-580-8658 and ask for the Claims Department.

To help you prepare for a potential audit, TMLT offers the following table with information and solutions related to these audits.

POLICIES AND PROCEDURES – REVIEW AND UPDATEHIPAA and Texas Medical Privacy and Security require you to have updated policies and procedures. 


TMLT Privacy and Security Toolkit

  • The TMLT toolkit guides practices with existing policies through a system-wide review and highlights which revisions may need to be made.
  • The toolkit also helps those practices currently developing policies and procedures to better understand HIPAA rules and Texas law.
  • The toolkit is available online at
NOTICE OF PRIVACY PRACTICES (NPP) – REVIEW AND UPDATERecent changes to the HIPAA Omnibus Rule and Texas Medical Privacy and Security laws require you to revise your Notice of Privacy Practices. 


Notice of Privacy Practices (NPP)

  • The NPP is an important document that tells your patients how you will use and disclose their protected health information (PHI).
  • Changes with Omnibus require you to review and revise your NPP.
  • Changes to Texas law require you to notify patients if you electronically disclose PHI.
  • Sample NPP are available from TMLT Risk Management, TMA and HHS at
  • Changes to Texas law require you to notify patients if you electronically disclose PHI.
  • TMLT solutions are available in TMLT’s toolkit:
BUSINESS ASSOCIATE (BA) & BUSINESS ASSOCIATE AGREEMENT (BAA) – IDENTIFY ALL BAs & REVIEW AND REVISE BAAsBAs are now held to the same requirements under HIPAA as Covered Entities (CE).During the Random HIPAA Audit, BAs of audited CE will also be subject to an audit. Business Associates and Business Associate Agreements

  • Identify all your BAs or anyone with whom you share your PHI.
  • Determine if you had an existing BAA with them prior to March 26, 2013. If yes, you have until September 22, 2014 to get an updated BAA signed. If not, get a BAA signed as soon as possible.
  • Learn more about BAs and BAAs in TMLT’s Privacy and Security Toolkit.
  • TMLT can conduct a Security Risk Analysis for your practice.
  • The HIPAA Security Rule requires a Security Risk Analysis if you do electronic billing or have EHR. (2)
TRAININGPhysician and Staff HIPAA Training 



TMLT Privacy and Security Toolkit

  •  Texas law is more stringent than Federal Law on training. TMLT’s toolkit includes “Introduction to Developing Physician Office Training.”
  •  TMLT can develop customized training for your office.
  • Again, the toolkit is available at
KNOW YOUR STATE LAW  TMLT Privacy and Security Toolkit

  • The Comparison Tool, included in the toolkit, highlights Texas and federal law differences.

For more information on TMLT’s Toolkit, risk assessments, or consulting services, please contact Stephanie Downing at 1-800-580-8658 or



New Certificate of Insurance Service

We would like to help you with your paperwork.

Physicians associated with a hospital are often required to provide a Certificate of Insurance (COI) to the hospital in order to receive or maintain hospital staff privileges. Instead of physicians retrieving, printing and delivering this document themselves, TMLT will now directly provide our policyholders’ COI to their hospital administrators upon request.

With this service, a hospital administrator has the option of retrieving a TMLT policyholder’s COI from our online member portal, myTMLT, or requesting it directly from our Underwriting Department. This service was designed to create more efficiency and greater security for our members’ credentials.

If you, as a policyholder, would like to take advantage of this service or have previously “opted in,” you don’t have to take any further action. Service will be added to your TMLT and TMIC policies beginning June 1, 2015.

However, if you do not want to take advantage of this service, you may “opt out” by contacting the Underwriting Department and requesting that all COIs be sent to you, so that you may then forward them to your hospital administrator yourself.

Whether you decide to opt in or opt out of this service, you may still log in to myTMLT to access and print your COI at any time.

If you have any questions about this service, please contact your agent or call the TMLT Underwriting Department at 800-580-8658.

Passwords: Changing them and saving them

How to make easy-to-remember changes to your password

In part one of this two-part cyber security article, we explored how to make a strong password. Now that you know how to create a good password, keep in mind that you may be required by your IT department or EHR to change your password every few months. The good news is that you don’t necessarily have to change your entire password; you may elect to only change sections of it. For instance, if “Pa$$w0rd” is your password, you could simply implement a new element at the beginning, middle, or end of the password to change it. For instance, you may change “Pa$$w0rd” to “Pa$$w0rrdd2015.”

There are several methods you can use to easily change and remember your passwords. Many use numbers instead of letters. Others like to explore using more special characters. The trick is to use a sequence that works for you. You may notice that each time you change your base password, it looks like less of a word and more of an encrypted message that only you can read.

One tip: you may wish to change one element at a time so that you can easily remember your changes. For example, you may decide to change the location of a capital letter, then add a special character, and then change a number.

Where to save the Pa$$w0rd

Avoid saving your password on your computer login or in a web browser if at all possible. Again, this makes it too easy for hackers to access or steal. Many people make the mistake of saving whole passwords to phones, writing them down, or putting them in a file. If you choose to save your password in writing, use caution. Don’t ever save them on post-it notes on or near computers. This is like putting your front door key under the welcome mat. Consider the same concepts that we use with credit card numbers and bank accounts. Once you figure out what your core password is, don’t ever write the entire word/acronym down. If you must, only write the changes and leave the rest of the password out, or write down clues that only you would understand or know the answer to, such as “my mother’s middle name.”

Read part one, P@$$w0rd! Not password.

Historic Senate Vote Provides Medical Liability Protections

The U.S. Senate has passed a bill that forbids federal quality-of-care and payment guidelines for Medicare, Medicaid and the Affordable Care Act to be used in medical liability lawsuits. The so-called “doc fix”  bill marks the first time Congress has ever passed medical liability protections.

The standard of care language is in a bill that replaces the Medicare payment system for doctors and hospitals with a new payment formula that rewards quality, value and efficiency. Doctors were concerned that these new quality measurements and payment guidelines might be used in a lawsuit to create a presumption of medical negligence.

“This bill eliminates that uncertainty,” said Austin internist, Dr. Howard Marcus.

The “doc fix” bill passed the House overwhelmingly last month. It now heads to the president who has expressed his intention to sign it.

“Practice guidelines are one of many sources of valuable information for health care providers. All patients are unique and many patients, especially those with complex health issues, don’t necessarily fit a guideline,” said Marcus,  the chairman of Texas Alliance For Patient Access.  “There is often more than one possible answer and that is where clinical judgment is required. Practice guidelines should be just that, a guideline and not a rigid, unaltering edict that creates new opportunities to sue.”

Those sentiments are underscored in a 2010 article in the New England Journal of Medicine entitled “Medical Malpractice Liability in the Age of Electronic Health Records.” The authors write “Physicians routinely override even relatively simple clinical-decision support protocols…for clinically appropriate reasons.”

“The “doc fix” bill does not change current medical liability laws nor does it alter the way courts determine if an act of medical negligence occurred,” said Bob Donohoe, president and CEO of the physician-governed Texas Medical Liability Trust.  “It simply preserves the status quo, “he said.

Historically, practice standards for physicians have been governed by the states and medical specialty societies.

In casting his vote in favor of the bill, Texas Senator John Cornyn said “This legislation provides our health care professionals with a predictable expectation for reimbursement rates, an idea that only sadly had been a dream for many physicians in Texas and across the country.”

Quotes from lawmakers that played a pivotal role in getting and keeping the standard of care language in HR 2, which passed out of the House on March 26.

“The passage of today’s legislation will permanently fix the flawed sustainable growth formula and relieve doctors of the fear of undue legal issues,” said Texas Congressman Henry Cuellar. Rep. Cuellar had introduced similar stand-alone legislation.

“This is the first step toward real, meaningful, entitlement reform, said Texas Congressman Michael Burgess, chief author of the bill. “I have worked my entire congressional career to address this problem and, after years of uneven progress, we have finally taken this opportunity to do what is right for seniors, providers and the American taxpayer. “Furthermore, the bill includes important standard of care provisions that protect state liability law and ensures that federal health care standards cannot be used to establish legal action against health care providers.”

“Today we have provided the Senate and White House with the best opportunity to write a new chapter in the history of the American health-care system that focuses on creating stability for those most in need,” said Texas Congressman Kevin Brady, the chairman of the House Ways & Means Health Subcommittee.

Read the original press release at the Texas Alliance for Patient Access website.