Categories
Article

Updated: Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

From U.S. Department of Health and Human Services:

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) updated its guidance to regulated entities when using online tracking technologies. These technologies, used to collect and analyze user interaction with websites or mobile applications, must comply with HIPAA rules if the information gathered includes protected health information (PHI). Unauthorized disclosures of PHI to tracking technology vendors, such as for marketing purposes without compliant authorizations, are deemed impermissible.

The update emphasizes that regulated entities should ensure they disclose PHI only as expressly permitted or required by the HIPAA Privacy Rule. It provides guidance on the application of HIPAA rules to the use of tracking technologies on user-authenticated webpages, unauthenticated webpages, and within mobile apps. For instance, tracking technologies on user-authenticated webpages generally have access to PHI, and tracking technology vendors are considered business associates if they handle PHI.

Unauthenticated webpages, which do not require user login, usually do not have tracking technologies that access PHI. However, in cases where PHI is accessible, HIPAA rules apply. For mobile apps offered by regulated entities, information collected is generally considered PHI, and the entity must comply with HIPAA rules for any PHI the app uses or discloses. However, HIPAA does not protect information users voluntarily enter into non-regulated mobile apps.

Disclosures of PHI to tracking technology vendors must be specifically permitted by the Privacy Rule. If the vendor is a business associate, a business associate agreement (BAA) must be established. The use of tracking technologies should be addressed in the entity’s Risk Analysis and Risk Management processes. If there’s an impermissible disclosure of PHI, breach notification to affected individuals and the Secretary is required. OCR is prioritizing compliance with the HIPAA Security Rule in investigations into the use of online tracking technologies.

Categories
Around the Web

Patient Inducements: Law and Limits

From Holland & Hart, by Kim Stanger:

Although often well-intentioned, offering free or discounted items or services to patients (e.g., gifts, rewards, writing off copays, free screening exams, free supplies, etc.) may violate federal and state laws governing improper inducements, especially if the patient is a federal program beneficiary. The government is concerned that offering or rewarding such inducements to patients may result in overutilization, biased decisions concerning care, and increased costs to the Medicare, Medicaid, or other government programs. Penalties for illegal inducements may include administrative, civil, and criminal penalties; repayment to government programs; and exclusion from federal programs. Increasingly, private payors are also challenging such inducements. It is imperative that healthcare providers and their staff understand the applicable laws and limits.

Categories
Health Law Highlights

Inside the Healthcare Industry: The Growing Importance of Intellectual Property Valuations

From J.S. Held, by Magi Curtis, Noor Al-Banna, Greg Campanella:

Healthcare and life sciences companies are increasingly recognizing the importance of Intellectual Property (IP) in their strategic growth initiatives, investments, and licensing of data. A study by Ocean Tomo found that approximately 90% of the value of companies in the S&P 500 comes from intangible assets, such as brands, technology, patents, data, and software. This has led to two major trends in the healthcare industry.

Healthcare organizations are also becoming more thoughtful in managing their IP. They are using IP analysis not just for accessing capital, but also to provide a baseline for management to understand the incremental value generated by different strategic approaches. The rise of AI platform development technology in healthcare, life sciences, and medical device industries is another trend that is accelerating. However, healthcare organizations need to be cautious about regulatory issues around AI use and the data it’s trained on.

Data is a significant IP asset that healthcare organizations can leverage. Anonymized information and technical data related to processes, procedures, and methodologies can be licensed or sold to healthcare technology, life science, and medical device companies. This data can also be used to train AI platforms, adding further value. However, healthcare organizations need to be aware of the potential costs and dangers related to the use of this data.

Healthcare organizations need to recognize the value of their brands and negotiate license fees for their use in joint ventures and partnerships. This can be achieved by establishing a rate card, a price list for the use of an organization’s name for a specific type of service. The earnings from these license fees can be reinvested into the system, research, and more.

Categories
Alert

Justice Department, Federal Trade Commission and Department of Health and Human Services Issue Request for Public Input as Part of Inquiry into Impacts of Corporate Ownership Trend in Health Care

From DOJ Office of Public Affairs:

The Justice Department’s Antitrust Division, Federal Trade Commission (FTC), and Department of Health and Human Services (HHS) have launched a joint public inquiry into the increasing control of private-equity and corporate entities over healthcare. This inquiry aims to understand how certain healthcare market transactions may lead to increased consolidation, generate profits for firms, and potentially threaten patient health, worker safety, and the affordability and quality of care.

The agencies are seeking public comment on deals conducted by health systems, private payers, private equity funds, and other alternative asset managers that involve healthcare providers, facilities, or ancillary products or services. This includes transactions that would not be reported to the Justice Department or FTC for antitrust review under the Hart-Scott-Rodino Antitrust Improvements Act.

Research indicates that competition in healthcare provider and payer markets promotes higher quality, lower-cost healthcare, greater access to care, increased innovation, higher wages, and better benefits for healthcare workers. The responses to the RFI will inform the agencies’ enforcement priorities and future actions, including potential regulations aimed at promoting and protecting competition in healthcare markets and ensuring appropriate access to quality, affordable healthcare items and services.

The public, including patients, consumer advocates, doctors, nurses, healthcare providers and administrators, employers, insurers, and more, are invited to share their comments in response to the RFI within 60 days. The agencies are particularly interested in comments on a variety of transactions, including those involving dialysis clinics, nursing homes, hospice providers, primary care providers, hospitals, home health agencies, home- and community-based services providers, behavioral health providers, as well as billing and collections services.

Categories
Health Law Highlights

Healthcare Hit Hardest by Ransomware Last Year, FBI IC3 Report Shows

From Health IT Security, by Jill McKeon:

The Federal Bureau of Investigation’s 2023 Internet Crime Report reveals that the healthcare sector experienced the highest number of ransomware attacks among all critical infrastructure sectors last year.

The FBI’s Internet Crime Complaint Center (IC3) recorded an unprecedented 880,418 complaints, marking a 10% increase from the previous year and financial losses exceeding $12.5 billion, a 22% increase. Of the total complaints, 1,193 were from critical infrastructure organizations, with 249 from healthcare and 218 from critical manufacturing.

The report suggests that the high figures from the healthcare sector could be due to its readiness to report such incidents. The FBI has historically struggled to determine the actual number of ransomware victims, as many cases go unreported. The two most prevalent ransomware variants, LockBit and ALPHV/BlackCat, known for targeting healthcare, were responsible for 175 and 100 attacks respectively.

Ransomware was a significant concern across IC3’s complaint database, with over 2,800 complaints related to ransomware, an 18% increase from 2022. Financial losses from these attacks rose by 74% from $34.3 million to $59.6 million. The FBI noted emerging trends, including deploying multiple ransomware variants against the same victim and using data-destruction tactics to increase pressure on victims to negotiate.

Categories
Health Law Highlights

Six AI Applications to Transform Your Clinical Operations

From D Magazine, by Dr. Harvey Castro:

Artificial Intelligence (AI) and Machine Learning (ML) are set to revolutionize the healthcare industry by enhancing clinical outcomes, improving access to care, and elevating the patient experience. The integration of sophisticated AI applications is expected to increase healthcare efficiency, accuracy, and personalization globally. AI can automate routine tasks, allowing human expertise to focus on direct patient care. The potential benefits include earlier disease detection, reduced error rates, optimized resource allocation, and cost-effective solutions.

Challenges exist around transparency, data access, and over-reliance on technology. However, steady progress in AI validation is laying the foundation for new standards of evidence-based medicine. The future of healthcare will likely be defined by the fusion of clinical wisdom and machine insights, paving the way for innovative solutions to improve lives.

AI has the potential to transform clinical operations in several ways:

  • Rewriting Medical Language: Large language models can tailor medical vocabulary to fit the patient’s understanding. For example, they can convert discharge instructions into a coloring book for a young patient or translate complex medical and legal language related to lawsuits.
  • Virtual Nursing Assistants: AI-powered virtual assistants can optimize nursing workflows by performing basic triage, reviewing patient records, answering common questions, and scheduling appointments. This allows healthcare professionals to focus on more complex care needs. 
  • Medical Imaging Analysis: AI has shown proficiency in analyzing complex medical images and detecting anomalies, rare diseases, and cancers. This technology can free up radiologists’ time for more challenging cases while providing faster second opinions.
  • Virtual Clinical Assistants: AI assistants can augment clinicians during patient visits by providing real-time diagnostic and treatment suggestions. They can also summarize records and prompt providers to address preventative care gaps.
  • Predictive Analytics and Outreach: Machine learning can analyze vast amounts of data to identify individuals at high risk for emergent or costly conditions early on, enabling proactive healthcare delivery. This can improve patient outcomes and reduce healthcare costs.
  • Personalized Treatment Matching: AI can leverage real-world outcomes data to recommend treatments and care pathways most likely to benefit each unique individual. This personalized approach can enhance treatment effectiveness for complex conditions.
Categories
Health Law Highlights

5th Circ. Backs NLRB On Nurse Fired Over COVID Complaints

From Law360, by Tim Ryan:

The Fifth Circuit court upheld a 2022 National Labor Relations Board (NLRB) ruling that Texas-based Renew Home Health LLC unlawfully dismissed a nurse who raised concerns about the company’s handling of the COVID-19 pandemic.

The three-judge panel unanimously rejected Renew’s argument that Bornschlegl was a supervisor and therefore not protected under the National Labor Relations Act (NLRA).

The nurse was fired in April 2020 after she and her coworkers wrote a letter expressing concerns about shortages of personal protective equipment and inadequate hazard pay during the early stages of the pandemic.

Renew Home Health argued that the nurse was not protected under the NLRA as she was a supervisor. However, the panel disagreed, stating that the board had enough evidence to conclude that Renew fired the nurse due to her protected activity. The company had claimed that she was fired because she signed a coworker’s name to the letter without permission, but the panel found that her protected activity was a motivating factor in her termination.

Categories
Health Law Highlights

The Knowledge Requirement in a Case Alleging False Claims Act Violations

From PharmacyToday, by David B. Brushwood, BSPharm, JD:

This matter involved a pharmacy corporation accused of violating the FCA due to falsification of prior authorization (PA) forms by a Clinical Pharmacy Manager (CPM). The CPM allegedly completed these forms with false information, leading to coverage of Medicaid patients who did not meet criteria for payment. This resulted in a substantial increase in the pharmacy’s revenue from just over $1.5 million to over $5 million in 15 months.

The pharmacy corporation moved to dismiss its case, arguing that it was unaware of the CPM’s illegal actions.

The court denied the motion, noting that the FCA holds liable any person who knowingly presents or causes to be presented a false or fraudulent claim for payment. “Knowingly” is defined as having “actual knowledge”, “deliberate ignorance”, or “reckless disregard of the truth or falsity.”

The court reasoned that the corporation was aware of the significant increase in revenue, which was discussed between the CPM and her supervisor. Furthermore, the corporation’s bonus program, which incentivized higher sales, could have potentially encouraged the increase in revenue by any means necessary.

The takeaway is that pharmacy supervisors should be vigilant about any unexpected increase in pharmacy revenues and should confirm a legitimate explanation to prevent liability for knowingly allowing fraudulent activity. Any unlawful request must be reported to a supervisor, and rules must be adhered to for the benefit of the patients.

Categories
Health Law Highlights

The FTC Hosts Workshop on Private Equity in Health Care

From Sheppard Mullin Richter & Hampton LLP, by John Carroll, Joy Siu, Jake Walker:

On March 5, 2024, the Federal Trade Commission (FTC) hosted a workshop titled “Private Capital, Public Impact: An FTC Workshop on Private Equity in Health Care”. The event aimed to explore the effects of private equity (PE) investment on the health care system. The workshop brought together representatives from the FTC, Department of Justice (DOJ), Department of Health and Human Services (HHS), academia, and health care professionals. Concurrently, these agencies initiated a “Cross-Government Inquiry on Impact of Corporate Greed in Health Care”, issuing a Request for Information (RFI) to seek public opinions on health care deals involving PE firms.

The workshop revealed a general skepticism from the agencies towards the escalating involvement of PE in the health care industry. They expressed concerns about potential negative impacts, such as increased consolidation and poorer patient outcomes. FTC Chair Lina Khan and Assistant Attorney General of the Antitrust Division of the DOJ, Jonathan Kanter, were among those who voiced worries about the potential for profit motives to override medical judgment and the detrimental effects of PE ownership on patient care.

The workshop also highlighted that antitrust enforcement is looking to address certain practices employed by PE firms in the health care sector. These include serial acquisitions of provider practices, short-term acquisitions with high debt aimed at quick profit and resale, investments in competing companies within the same industry, and PE representation on the boards of competing companies. Testimonies from health care professionals further supported these concerns, citing instances of reduced staffing and lower quality of care following PE acquisitions.

During a discussion, FTC Commissioner Rebecca Slaughter and Rhode Island Attorney General Peter Neronha addressed how Rhode Island’s Hospital Conversions Act allowed the state to impose conditions on a private equity transaction. They advocated for similar legislation and encouraged state attorneys general to use state antitrust and consumer protection laws to combat PE consolidation in the health care system.

The workshop and RFI emphasize an increasing federal and state oversight of PE transactions, particularly in the health care sector. Several states have proposed new legislation to provide state attorneys general with more power to investigate and potentially block investments by PE firms in the health care industry. The goal of the RFI, as stated by Jonathan Kanter, is to understand the modern market realities of the health care industry and enforce the law against unlawful deals. PE firms, sellers, and portfolio companies should be aware of these potential obstacles when considering health care transactions.

Categories
Health Law Highlights

Public Sector Predictions for Healthcare Utilization in 2024

From VMG Health, by Jordan Tussy, Colin McDermott, Madi Whyde:

VMG Health’s analysis of 2024 healthcare sector trends, based on earnings calls from various companies, suggests continued growth in utilization driven by patient backlogs, recovering macroeconomic trends, and an aging population. Key findings include:

  • Medical Equipment Suppliers and Distributors: Companies like Intuitive Surgical, Inc., Stryker Corporation, and Cardinal Health, Inc. reported strong demand and growth in 2023, driven by higher system utilization and robust demand for capital products. They expect these trends to continue into 2024.
  • Healthcare Operators: Operators like HCA Healthcare and Tenet Healthcare Corporation echoed the growth in utilization, particularly in the fourth quarter of 2023. They expect continued volume strength and investment in their programs, with growth in key specialties like gastrointestinal (GI) and ear, nose, and throat (ENT) services.
  • Payors: Payors like Humana Inc. and UnitedHealth Group noted higher-than-expected medical costs due to strong utilization, particularly in outpatient care for seniors, orthopedic, and cardiac procedures. They expect these trends to persist in 2024.
  • 2024 Expectations: Companies expect the growth trends of 2023 to persist throughout 2024, driven by elevated backlogs, stabilizing macroeconomic trends, and an aging population. They anticipate continued strong demand, healthy patient activity levels, and robust capital markets.

In conclusion, VMG Health anticipates that 2024 will be a strong utilization year for healthcare service providers, although higher utilization may lead to increased medical claims for payors.