Categories
Health Law Highlights

HIPAA Update to Include Cybersecurity Requirements for Health Care Organizations

Summary of article from Renal and Urology News, by John Schieszer:

The Department of Health and Human Services (HHS) is updating the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to include new cybersecurity requirements, in light of increasing cyber threats to the healthcare sector. The HHS has issued a concept paper providing voluntary Cybersecurity Performance Goals (CPGs) to help healthcare organizations improve their cyber resilience. A significant rise in data breaches and ransomware attacks has been observed, emphasizing the need for improved cyber protection. The HHS is planning to establish two programs to aid healthcare providers in implementing these CPGs, one of which involves financial aid for high-need providers. Additionally, changes to the HIPAA Security Rule may include allowing patients more direct access to their Protected Health Information (PHI) and potential privacy concerns are being addressed.

Categories
Health Law Highlights

Let’s Make a Deal with DOJ: The Impact of the DOJ’s New Whistleblower Reward Program on Corporate Compliance

Summary of article from Husch Blackwell, by Christina Moore, Madison Rector:

The DOJ announced a new whistleblower rewards program aimed at incentivizing reports of corporate or financial misconduct. This program, allowing individuals to report violations of any federal law, particularly criminal abuses of the U.S. financial system, fills gaps not covered by existing whistleblower initiatives like the False Claims Act (FCA) or the IRS Whistleblower Program. Under the new program, whistleblowers do not need to file a lawsuit or hire an attorney, making it easier for them to report wrongdoings. This initiative could increase pressure on companies to maintain high ethical standards and prevent misconduct. To mitigate risks, compliance officers should foster a culture of openness and communication, ensuring that employees are aware of internal reporting procedures and feel safe using them.

Categories
Health Law Highlights

HHS Warns Health Care Sector of AI-Driven Phishing, Social Engineering Attacks on IT Help Desks

Summary of article from Carlton Fields, by Michael Bailey, John Clabby:

The Health Sector Cybersecurity Coordination Center (HC3) has issued an alert about advanced cybersecurity threats targeting the healthcare sector, particularly IT help desks. These threats involve the use of publicly available information and AI to impersonate healthcare employees, gaining access to email accounts and diverting payments to threat-controlled accounts. The alert also highlights the rise of “spearphishing voice” or “vishing” attacks, using AI to mimic employee voices. In response, the Department of Health and Human Services (HHS) is planning to expand its cybersecurity regulations and enforcement, including potential increases in penalties for HIPAA violations. To mitigate these threats, organizations are advised to enhance training, review cybersecurity policies, limit social media exposure, improve help desk verification procedures, and reassess multi-factor authentication methods.

Categories
Health Law Highlights

What the FTC’s Rule Banning Non-Competes Means for Healthcare

Summary of article from Nelson Mullins Riley & Scarborough LLP, by Candace Friel, Denise Gunter, Carrie Hanger:

The Federal Trade Commission (FTC) has finalized a rule banning most non-compete agreements, with the rule set to take effect 120 days after its publication in the Federal Register. The rule applies to all workers, regardless of title, job function, or compensation, excluding “Senior Executives” as per a narrowly defined term. Non-profit organizations are exempt from the rule. The rule is expected to significantly impact industries such as healthcare where non-compete agreements are common. Legal challenges to the rule have already been initiated, with the U.S. Chamber of Commerce announcing its intention to sue the FTC and a lawsuit filed on April 23, 2024.

Categories
Health Law Highlights

False Claims Act Settlements to Know from Q1 2024

Summary of article from Bass, Berry & Sims PLC, by Theresa Androff, Molly Ruberg:

The first quarter of 2024 saw significant False Claims Act (FCA) and civil healthcare fraud settlements in the healthcare industry, despite a recent downward trend. These settlements, worth millions of dollars, were related to alleged kickbacks, medically unnecessary services and equipment, pharmaceutical issues, and Controlled Substances Act violations. Key settlements included New York York-Presbyterian/Brooklyn Methodist Hospital’s $17.3 million for alleged kickbacks, Lincare’s $25.5 million for false claims related to medical equipment, and Endo Health Solutions’ $475.6 million for its opioid marketing schemes. There were also significant settlements related to voluntary self-disclosures, such as Moffitt’s $19.5 million for false claims related to research studies. Additionally, eBay Inc. settled for $59 million, marking the first Controlled Substances Act settlement with an e-commerce company.

Categories
Health Law Highlights

Fast Five: Important Law and Policy Updates for US Health Care Transactions

Summary of article from ArentFox Schiff, by Michele L. Gipp, Jo-Ann Marchica, Kathryn L. Steffen:

The first quarter of 2024 has seen significant changes in the US health care sector, with new guidelines from the Department of Justice (DOJ) and Federal Trade Commission (FTC) potentially affecting mergers and acquisitions, particularly those involving small health care businesses and physician practices. Federal agencies have also sought public comment on health care transactions, focusing on the impact on various stakeholders and the objectives of these transactions, indicating a continued scrutiny on private equity investment. State authorities are also increasing their oversight of health care transactions, with several states implementing new laws or expanding existing ones. As health care organizations face escalating operating costs, they are considering streamlining services through transactions, but must be cautious of potential legal risks, including antitrust issues. Lastly, the resumption of Medicare and Medicaid audits in full force has increased the need for compliance in health care transactions.

Categories
Health Law Highlights

CMS Finalizes Major Reforms to Medicaid, Part 1: Medicaid Access Reg

Summary of article from McDermott+Consulting, by Jeffrey Davis, Kayla Holgash, Katie Waldo:

The Centers for Medicare & Medicaid Services (CMS) has issued two new regulations pertaining to state-operated Medicaid programs, aiming to improve access to care for Medicaid enrollees. A notable policy within the ‘Ensuring Access to Medicaid Services’ regulation specifies that at least 80% of Medicaid fee-for-service (FFS) and managed care payments for home- and community-based services (HCBS) must be allocated towards compensation for direct care workers. The regulation also introduces new definitions, allows for state-specific flexibilities, and outlines reporting requirements for states. Other key provisions include the establishment of a grievance process for beneficiaries, regular review of person-centered service plans, and the creation of a Beneficiary Advisory Council. The regulation will take effect 60 days after publication, but specific provisions have varied effective dates.

Categories
Health Law Highlights

Houston Transplant Scandal: Families of Patients Who Died Begin Legal Action

Summary of article from MedPage Today, by Associated Press:

Relatives of deceased patients are demanding an investigation into a Houston doctor, J. Steve Bynon Jr., MD, who is accused of manipulating the liver transplant waitlist at Memorial Hermann-Texas Medical Center. The hospital has suspended its liver and kidney transplant programs after discovering “inappropriate changes” in the national database for liver transplant recipients. A temporary restraining order has been filed to prevent Bynon from deleting or destroying evidence. Meanwhile, a lawsuit alleging negligence has been filed against the hospital and UTHealth Houston by a woman whose husband died while on the waitlist. The death rate for patients awaiting a liver transplant at Memorial Hermann was higher than expected, according to data from the Scientific Registry of Transplant Recipients.

Categories
Health Law Highlights

Kaiser Permanente Notifying 13.4 Million of Tracker Breach

Summary of article from Gov Info Security, by Marianne Kolbasuk McGee:

Kaiser Foundation Health Plan reported a data breach affecting 13.4 million individuals due to unauthorized access/disclosure from its previous use of online tracking technologies on its websites and mobile applications. Personal information potentially transmitted to third-party vendors like Google, Microsoft Bing, and Twitter includes IP addresses, names, account sign-in information, website navigation data, and search terms. No sensitive information like usernames, passwords, Social Security numbers, or financial account details were disclosed. Kaiser Permanente has since removed these online technologies and implemented measures to prevent such incidents in future. Despite no known misuse of the personal information, the organization will notify affected individuals directly in May out of caution.

Categories
Health Law Highlights

DOJ Releases 2024 COVID-19 Fraud Enforcement Task Force Report

Summary of article from Morrison Foerster, by Adam Braverman, Kate Driscoll, Kamran Jamil, Brian Kidd, Nathaniel Mendell:

The U.S. Department of Justice (DOJ) has released a comprehensive report on the COVID-19 Fraud Enforcement Task Force, calling for an extension of the statute of limitations for pandemic fraud-related offenses and increased funding for investigations and prosecutions. Since May 2021, the Task Force has charged over 3,500 defendants, recovered more than $1.4 billion in government funds, and filed over 400 civil suits. The report highlights cases involving False Claims Act liability, primarily related to the Small Business Administration’s Paycheck Protection Program (PPP), Economic Injury Disaster Loans (EIDL), and COVID-19 testing claims. The DOJ is seeking to establish a permanent interagency body to combat government benefits fraud. The report also calls for legislation to extend time limits for charging pandemic-related fraud cases and further resource fraud investigations.