Wade’s Health Law Highlights for December 17, 2024

Centers for Medicare & Medicaid Services

• On November 1, the Centers for Medicare & Medicaid Services (CMS) finalized an extension of virtual direct supervision through real-time audio-visual technology until December 31, 2025, and permanently for certain “incident to” services. These changes are part of the CY 2025 Medicare Physician Fee Schedule (MPFS) and Medicare Hospital Outpatient Prospective Payment System (OPPS) final rules, which revise regulations to balance patient safety and program integrity with expanded access to care. CMS has permanently extended virtual direct supervision for specific low-risk services typically performed by auxiliary personnel, such as those described by CPT code 99211. CMS is considering further expanding permanent virtual direct supervision for additional low-risk services like diagnostic tests and behavioral health. Stakeholders have generally supported the extension, though concerns about patient safety and billing barriers remain.
• Medicaid involves a complex five-year lookback period where any unexplained transfers of assets can result in penalty periods affecting eligibility. The penalty period length is calculated by dividing the transferred asset value by the state’s determined nursing home cost, with the period beginning when the applicant is otherwise eligible for benefits while in a nursing facility. Several exemptions exist, including transfers between spouses, transfers to young or disabled children, and specific cases involving primary residence transfers to siblings or caretaker children who meet certain criteria. Applicants can avoid penalties by proving the transfer was intended for fair market value, was made for purposes other than qualifying for Medicaid, or if the transferred assets are returned. The process is particularly challenging for elderly residents with diminished cognitive function, often requiring nursing facility staff or consultants to handle the documentation and appeals process.
• CMS Issues Final Rules for Medicare Parts A and B Overpayments: Key and Lingering Questions outlines significant changes to Medicare overpayment rules effective January 1, 2025. The Centers for Medicare & Medicaid Services released a final rule in November 2024 that modifies overpayment requirements in two key ways: allowing a 180-day suspension of the return deadline during good-faith investigations and changing the standard for identifying overpayments to align with the False Claims Act’s knowledge standard. The new rule removes the requirement to quantify overpayment amounts before identification, though CMS notes that practical considerations still require calculation within 60 days of identification. While appearing to extend timeframes for providers, the rule may actually reduce available time for identifying and returning overpayments, and leaves several critical questions unanswered regarding notice requirements and handling of incomplete investigations after the 180-day period.

Compliance Programs

• The Office of Inspector General (OIG) issued new Industry-Specific Compliance Program Guidance (ICPG) for nursing facilities, updating its previous guidance from 2000 and 2008 to address modern compliance challenges. The guidance focuses on four main risk areas: quality of care and life, Medicare/Medicaid billing requirements, Federal Anti-Kickback Statute compliance, and other risks including HIPAA and civil rights. Quality of care issues highlighted include staffing levels, infection control, emergency preparedness, and medication use, with the OIG noting these were particularly problematic during the COVID-19 pandemic. The guidance addresses billing compliance under the prospective payment system, warning against common issues like duplicate billing and fraudulent cost reports, while also providing recommendations for avoiding kickback risks in referral arrangements with various healthcare entities. The OIG encourages nursing facilities to use this guidance to identify their own risk areas and implement appropriate compliance and quality programs to mitigate these risks.

Hospital Outpatient Practices

• Texas hospitals have been acquiring doctors’ practices and integrating them into their outpatient networks, benefiting from higher Medicare fees for hospital-operated facilities. Congress is considering reforms to standardize Medicare payments regardless of the service location, potentially saving the government up to $100 billion over the next decade. This change could significantly impact hospital revenues, as they rely on these higher fees to support outpatient services. Hospitals argue that the higher fees are necessary to cover the costs of treating uninsured patients and maintaining service access. The proposed reforms, supported by bipartisan efforts, aim to curb Medicare spending, but they raise concerns about financial strain on hospitals, especially those already struggling, like rural hospitals in Texas.

HIPAA

• The U.S. Department of Health and Human Services “Reproductive Health Care Privacy Rule” becomes effective on December 23, 2024. To enhance privacy protections for reproductive health services, including abortion, the rule prohibits Covered Entities and Business Associates from disclosing protected health information (PHI) for investigations or liability related to reproductive health care if it is lawful or protected under federal law. Requests for PHI related to reproductive health care require a signed attestation confirming the information will not be used for prohibited purposes. Covered Entities must update their Notice of Privacy Practices to reflect these changes and ensure disclosures to law enforcement are only made when legally required and compliant with HIPAA. Professional organizations advise caution in disclosing PHI to prevent or lessen serious threats, recommending legal consultation for such decisions.
• The Office of the Inspector General (OIG) has called for enhancements to the HIPAA audit program due to increasing cyberattacks on healthcare organizations, resulting from the narrow scope and ineffective oversight of previous audits conducted by the Office for Civil Rights (OCR) in 2016-2017. In response, OCR plans to resume HIPAA audits by late 2024 or early 2025, with an expanded focus on physical and technical safeguards, and the development of criteria for compliance reviews. While OCR agreed to most of OIG’s recommendations, it did not concur with the recommendation to ensure deficiencies are corrected, citing limitations in legal authority and resources. OCR also intends to define metrics for monitoring audit effectiveness and will survey past audit participants to track compliance improvements. The enforcement process for potential HIPAA violations involves reviewing complaints, investigating breaches, and potentially referring criminal violations to the Department of Justice.
• HHS-OIG anticipates recovering $7.13 billion in FY 2024 from investigations and audits, including $4 billion from activities between April and September 2024, resulting from 1,548 criminal and civil enforcement actions. The June 2024 National Health Care Fraud Enforcement Action charged 193 individuals in schemes totaling $2.75 billion in losses, while 3,234 individuals were added to the HHS-OIG exclusion list, barring them from federal healthcare programs. Notable cases included two brothers ordered to pay $424 million in restitution for DME fraud and a nurse practitioner ordered to pay $192 million, with HHS-OIG consistently achieving a $10 return on every $1 invested in investigations. The agency’s investigations revealed significant issues in durable medical equipment fraud schemes, involving telemarketing strategies and physician bribes for unnecessary equipment orders. Beyond financial recoveries, HHS-OIG identified systemic issues including states’ inability to monitor maltreatment in foster care facilities and the need to improve maternal healthcare access through MCO provider coverage requirements.
• Even public-facing healthcare websites can present significant privacy risks through seemingly innocent features like contact forms, appointment requests, and symptom checkers. Unauthenticated pages can inadvertently capture Protected Health Information (PHI) through web forms, tracking technologies, cookies, and web beacons, which may collect user data including IP addresses and browsing history. Healthcare organizations must implement proper safeguards including data encryption, secure storage, explicit consent mechanisms, and careful evaluation of third-party tracking technologies to maintain HIPAA compliance. Organizations should consider minimizing PHI collection on public pages by providing general inquiry options instead of detailed health information forms, while maintaining clear privacy notices and readily accessible contact information for privacy-related concerns. The protection of PHI requires ongoing vigilance and consistency, as even basic data points can constitute protected health information when linked to an individual’s healthcare activities.

OIG Fraud Alert

• The Office of Inspector General (OIG) has issued a Special Fraud Alert to highlight fraud and abuse risks associated with marketing arrangements between Medicare Advantage Organizations (MAOs), healthcare professionals (HCPs), agents, and brokers. The alert identifies problematic compensation arrangements that violate the Federal anti-kickback statute, leading to improper steering of Medicare enrollees, unfair competition, and potential harm to enrollees. Specifically, payments from MAOs to HCPs for referrals and from HCPs to agents or brokers for steering enrollees are scrutinized. Such arrangements may result in enrollees being inappropriately enrolled in Medicare Advantage plans that do not meet their needs, often influenced by financial incentives rather than the best interest of the enrollees. The alert also outlines suspect characteristics of these arrangements that could indicate heightened fraud and abuse risk.

GLP-1 Drugs

• Since 2022, four GLP-1 drugs, including those for weight loss, have been on the FDA’s drug shortage list due to high demand, leading to widespread compounding of these drugs, which would normally be prohibited. Compounded GLP-1s have become popular due to their accessibility and lower cost, despite potential differences from branded versions in formulation and administration. If the shortage ends, compounded GLP-1s will become unapproved drugs, posing legal and regulatory challenges for the FDA and compounders. The situation highlights unique market dynamics and regulatory challenges, but it is unlikely to signal a broader shift in FDA’s approach to drug compounding. The compounded GLP-1 market’s future is uncertain, with potential legal battles and pressure from branded drug manufacturers to restrict compounding.

Insurance Coverage

• A federal judge blocked a Biden administration rule allowing DACA recipients to enroll in health insurance through the Affordable Care Act, siding with 19 state attorneys general who argued it violated a law against providing public benefits to those without legal immigration status. This ruling affects DACA recipients in the 19 states that filed the lawsuit, leaving the rule in effect elsewhere. The decision prevents thousands of DACA recipients in those states from accessing subsidized health coverage, forcing many to rely on employer-provided insurance, state programs, or remain uninsured. The Kansas Attorney General, who led the legal challenge, praised the ruling as upholding the rule of law.

Physician Compensation

• It is vital to use nationally published compensation and productivity survey data correctly to set provider compensation at fair market value (FMV). Misconceptions about using survey data for FMV provider compensation are common, including the belief that compensation under the 75th percentile is always FMV or that compensation above the 90th percentile is impermissible. Relying solely on productivity ratios like compensation per wRVU or compensation-to-collections can also be misleading, as they don’t fully capture the complexity of provider compensation. To ensure FMV compensation, organizations should analyze individual arrangements, consider regional variations, and seek expert guidance from valuation firms like VMG Health.

Fraud & Abuse

• Recent lawsuits by pharmaceutical manufacturers challenge the U.S. Department of Health and Human Services Office of Inspector General’s interpretation of the Anti-Kickback Statute (AKS), arguing that violations require corrupt intent; however, courts have largely sided with the OIG, maintaining that any remuneration intended to induce purchases violates the AKS. In Zafirov v. Florida Medical Associates LLC, a Florida court ruled the False Claims Act (FCA) qui tam provision unconstitutional, raising questions about FCA enforcement without this mechanism, though the government still retains authority to file FCA actions independently.

Medicare Advantage Organizations

• The U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a special fraud alert on December 11, 2024, focusing on potentially abusive marketing arrangements between Medicare Advantage Organizations (MAOs), healthcare professionals (HCPs), and brokers/agents. The alert specifically addresses two concerning arrangements: MAOs providing payments to HCPs for patient referrals, and HCPs paying agents/brokers for patient recommendations, both of which could violate the federal anti-kickback statute and other laws. OIG identified several suspect characteristics that may indicate fraud risk, including payments contingent on patient demographics or health status, and remuneration that varies with referral numbers. Following recent settlements with MCS Advantage ($4.2 million) and Oak Street Health ($60 million), this alert emphasizes the need for careful structuring of relationships between MAOs, HCPs, and brokers/agents to ensure compliance with federal laws and prevent improper steering, inappropriate enrollments, and anticompetitive conduct. The guidance aims to protect Medicare Advantage beneficiaries from enrolling in unsuitable plans or choosing inappropriate healthcare providers based on financially motivated recommendations rather than their actual healthcare needs.
• The Centers for Medicare and Medicaid Services released a 240-page Proposed Rule on December 10, 2024, introducing significant changes to Medicare Advantage (MA), Medicare Part D, Medicaid, Medicare cost plans, and PACE programs. Key changes include stricter requirements for medical loss ratio (MLR) reporting, requiring incentives and bonuses to be tied to measurable clinical or quality improvement standards, and new regulations for quality improvement activity expenses. The rule proposes new guidelines for supplemental benefits administered through debit cards, including restrictions on usage and marketing, while expanding the definition of “marketing” under MA and Part D regulations to enable stronger CMS oversight. Additional proposals include enhanced agent/broker disclosure obligations, new pharmacy network contracting requirements including mandatory notification deadlines and reciprocal termination rights, and required pharmacy enrollment in the Medicare Transaction Facilitator Data Module. The proposals aim to improve transparency, reduce excessive spending, and enhance beneficiary protections across Medicare programs.

Unlicensed Practice of Medicine

• Texas Attorney General Ken Paxton has filed a lawsuit accusing a New York doctor of prescribing abortion drugs to a Texas resident in violation of state law. The lawsuit targets Dr. Margaret Carpenter, who allegedly mailed abortion pills to a 20-year-old woman in Collin County, Texas, when she was nine weeks pregnant, with Paxton seeking $100,000 for each violation of Texas’ near-total abortion ban. The case represents the first test of conflicting state abortion laws, with New York’s shield law protecting providers from out-of-state investigations while Texas vows to pursue such cases regardless. Dr. Carpenter, who is not licensed in Texas, founded the Abortion Coalition for Telemedicine and works with organizations that help provide telemedicine consultations and abortion pills to patients in states with abortion bans. Legal experts are divided on the outcome, with New York’s shield law designed to prevent Texas from bringing New York providers into Texas courts, potentially leaving Texas without a defendant to prosecute.