Author: WadeEmmert

Categories
Health Law Highlights

Behavioral Health Industry Reshaping As a Result of AI

From The National Law Review, Jean Marie R. Pechette, Neal D. Shah, Joelle M. Wilson, Catherine Kozlowski, Matthew T. Lin:

Artificial Intelligence (AI) is significantly influencing the field of behavioral health, offering potential advancements in diagnostics, treatment, and patient outcomes. The application of AI technologies ranges from virtual mental health assistants and predictive analytics to AI-enabled chatbots for therapy and AI-integrated Electronic Health Records (EHR) for diagnosis and treatment. These technologies are expected to expand further as trust in AI systems grows.

Despite the transformative potential of AI in behavioral health, the legal and regulatory implications are uncertain. The US lacks a comprehensive federal law that regulates AI development and use. However, efforts are underway to address potential risks, including promoting transparency, ensuring fairness, and protecting privacy and security of health information.

Key legal risks associated with the use of AI in behavioral health treatment include data privacy, algorithm bias, and professional liability. Data privacy risks involve ensuring compliance with HIPAA, 42 CFR Part 2, and state privacy laws.

Providers can mitigate these risks to some extent by obtaining informed consent from patients before using AI tools, vetting third-party vendors offering AI solutions for adherence to data privacy and security rules, seeking transparency from developers and vendors about the data on which AI tools were trained, and reviewing the scope of professional liability coverage before adopting AI-enabled tools.

While AI holds significant promise for transforming behavioral health care, it’s crucial to anticipate and address the evolving regulatory frameworks and legal risks associated with AI applications. AI regulation is a moving target, and anticipating and mitigating legal risks will be key to fostering a trustworthy and secure environment for both practitioners and patients.

Categories
Health Law Highlights

Health Care Groups Resist Cybersecurity Rules in Wake of Landmark Breach

From CyberScoop, by AJ Vicens and Elias Groll:

A devestating cyberattack on payment processor Change Healthcare has spurred discussions in Washington about urgent cybersecurity regulations for the healthcare sector. Health and Human Services (HHS) is working on developing mandatory rules, including updating the Health Insurance Portability and Accountability Act with cybersecurity requirements.

These updates are meeting resistance from the healthcare industry, which argues that hospitals should not be punished for the success of hackers. President Biden’s budget proposal includes funding for hospitals’ cybersecurity efforts and penalties for non-compliance. Despite this, the complexity of implementing such standards, especially for smaller health entities, and the current political climate suggest no significant changes will occur soon.

Categories
Article

Updated: Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

From U.S. Department of Health and Human Services:

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) updated its guidance to regulated entities when using online tracking technologies. These technologies, used to collect and analyze user interaction with websites or mobile applications, must comply with HIPAA rules if the information gathered includes protected health information (PHI). Unauthorized disclosures of PHI to tracking technology vendors, such as for marketing purposes without compliant authorizations, are deemed impermissible.

The update emphasizes that regulated entities should ensure they disclose PHI only as expressly permitted or required by the HIPAA Privacy Rule. It provides guidance on the application of HIPAA rules to the use of tracking technologies on user-authenticated webpages, unauthenticated webpages, and within mobile apps. For instance, tracking technologies on user-authenticated webpages generally have access to PHI, and tracking technology vendors are considered business associates if they handle PHI.

Unauthenticated webpages, which do not require user login, usually do not have tracking technologies that access PHI. However, in cases where PHI is accessible, HIPAA rules apply. For mobile apps offered by regulated entities, information collected is generally considered PHI, and the entity must comply with HIPAA rules for any PHI the app uses or discloses. However, HIPAA does not protect information users voluntarily enter into non-regulated mobile apps.

Disclosures of PHI to tracking technology vendors must be specifically permitted by the Privacy Rule. If the vendor is a business associate, a business associate agreement (BAA) must be established. The use of tracking technologies should be addressed in the entity’s Risk Analysis and Risk Management processes. If there’s an impermissible disclosure of PHI, breach notification to affected individuals and the Secretary is required. OCR is prioritizing compliance with the HIPAA Security Rule in investigations into the use of online tracking technologies.

Categories
Around the Web

Patient Inducements: Law and Limits

From Holland & Hart, by Kim Stanger:

Although often well-intentioned, offering free or discounted items or services to patients (e.g., gifts, rewards, writing off copays, free screening exams, free supplies, etc.) may violate federal and state laws governing improper inducements, especially if the patient is a federal program beneficiary. The government is concerned that offering or rewarding such inducements to patients may result in overutilization, biased decisions concerning care, and increased costs to the Medicare, Medicaid, or other government programs. Penalties for illegal inducements may include administrative, civil, and criminal penalties; repayment to government programs; and exclusion from federal programs. Increasingly, private payors are also challenging such inducements. It is imperative that healthcare providers and their staff understand the applicable laws and limits.

Categories
Health Law Highlights

Inside the Healthcare Industry: The Growing Importance of Intellectual Property Valuations

From J.S. Held, by Magi Curtis, Noor Al-Banna, Greg Campanella:

Healthcare and life sciences companies are increasingly recognizing the importance of Intellectual Property (IP) in their strategic growth initiatives, investments, and licensing of data. A study by Ocean Tomo found that approximately 90% of the value of companies in the S&P 500 comes from intangible assets, such as brands, technology, patents, data, and software. This has led to two major trends in the healthcare industry.

Healthcare organizations are also becoming more thoughtful in managing their IP. They are using IP analysis not just for accessing capital, but also to provide a baseline for management to understand the incremental value generated by different strategic approaches. The rise of AI platform development technology in healthcare, life sciences, and medical device industries is another trend that is accelerating. However, healthcare organizations need to be cautious about regulatory issues around AI use and the data it’s trained on.

Data is a significant IP asset that healthcare organizations can leverage. Anonymized information and technical data related to processes, procedures, and methodologies can be licensed or sold to healthcare technology, life science, and medical device companies. This data can also be used to train AI platforms, adding further value. However, healthcare organizations need to be aware of the potential costs and dangers related to the use of this data.

Healthcare organizations need to recognize the value of their brands and negotiate license fees for their use in joint ventures and partnerships. This can be achieved by establishing a rate card, a price list for the use of an organization’s name for a specific type of service. The earnings from these license fees can be reinvested into the system, research, and more.

Categories
Alert

Justice Department, Federal Trade Commission and Department of Health and Human Services Issue Request for Public Input as Part of Inquiry into Impacts of Corporate Ownership Trend in Health Care

From DOJ Office of Public Affairs:

The Justice Department’s Antitrust Division, Federal Trade Commission (FTC), and Department of Health and Human Services (HHS) have launched a joint public inquiry into the increasing control of private-equity and corporate entities over healthcare. This inquiry aims to understand how certain healthcare market transactions may lead to increased consolidation, generate profits for firms, and potentially threaten patient health, worker safety, and the affordability and quality of care.

The agencies are seeking public comment on deals conducted by health systems, private payers, private equity funds, and other alternative asset managers that involve healthcare providers, facilities, or ancillary products or services. This includes transactions that would not be reported to the Justice Department or FTC for antitrust review under the Hart-Scott-Rodino Antitrust Improvements Act.

Research indicates that competition in healthcare provider and payer markets promotes higher quality, lower-cost healthcare, greater access to care, increased innovation, higher wages, and better benefits for healthcare workers. The responses to the RFI will inform the agencies’ enforcement priorities and future actions, including potential regulations aimed at promoting and protecting competition in healthcare markets and ensuring appropriate access to quality, affordable healthcare items and services.

The public, including patients, consumer advocates, doctors, nurses, healthcare providers and administrators, employers, insurers, and more, are invited to share their comments in response to the RFI within 60 days. The agencies are particularly interested in comments on a variety of transactions, including those involving dialysis clinics, nursing homes, hospice providers, primary care providers, hospitals, home health agencies, home- and community-based services providers, behavioral health providers, as well as billing and collections services.

Categories
Health Law Highlights

Healthcare Hit Hardest by Ransomware Last Year, FBI IC3 Report Shows

From Health IT Security, by Jill McKeon:

The Federal Bureau of Investigation’s 2023 Internet Crime Report reveals that the healthcare sector experienced the highest number of ransomware attacks among all critical infrastructure sectors last year.

The FBI’s Internet Crime Complaint Center (IC3) recorded an unprecedented 880,418 complaints, marking a 10% increase from the previous year and financial losses exceeding $12.5 billion, a 22% increase. Of the total complaints, 1,193 were from critical infrastructure organizations, with 249 from healthcare and 218 from critical manufacturing.

The report suggests that the high figures from the healthcare sector could be due to its readiness to report such incidents. The FBI has historically struggled to determine the actual number of ransomware victims, as many cases go unreported. The two most prevalent ransomware variants, LockBit and ALPHV/BlackCat, known for targeting healthcare, were responsible for 175 and 100 attacks respectively.

Ransomware was a significant concern across IC3’s complaint database, with over 2,800 complaints related to ransomware, an 18% increase from 2022. Financial losses from these attacks rose by 74% from $34.3 million to $59.6 million. The FBI noted emerging trends, including deploying multiple ransomware variants against the same victim and using data-destruction tactics to increase pressure on victims to negotiate.

Categories
Health Law Highlights

Six AI Applications to Transform Your Clinical Operations

From D Magazine, by Dr. Harvey Castro:

Artificial Intelligence (AI) and Machine Learning (ML) are set to revolutionize the healthcare industry by enhancing clinical outcomes, improving access to care, and elevating the patient experience. The integration of sophisticated AI applications is expected to increase healthcare efficiency, accuracy, and personalization globally. AI can automate routine tasks, allowing human expertise to focus on direct patient care. The potential benefits include earlier disease detection, reduced error rates, optimized resource allocation, and cost-effective solutions.

Challenges exist around transparency, data access, and over-reliance on technology. However, steady progress in AI validation is laying the foundation for new standards of evidence-based medicine. The future of healthcare will likely be defined by the fusion of clinical wisdom and machine insights, paving the way for innovative solutions to improve lives.

AI has the potential to transform clinical operations in several ways:

  • Rewriting Medical Language: Large language models can tailor medical vocabulary to fit the patient’s understanding. For example, they can convert discharge instructions into a coloring book for a young patient or translate complex medical and legal language related to lawsuits.
  • Virtual Nursing Assistants: AI-powered virtual assistants can optimize nursing workflows by performing basic triage, reviewing patient records, answering common questions, and scheduling appointments. This allows healthcare professionals to focus on more complex care needs. 
  • Medical Imaging Analysis: AI has shown proficiency in analyzing complex medical images and detecting anomalies, rare diseases, and cancers. This technology can free up radiologists’ time for more challenging cases while providing faster second opinions.
  • Virtual Clinical Assistants: AI assistants can augment clinicians during patient visits by providing real-time diagnostic and treatment suggestions. They can also summarize records and prompt providers to address preventative care gaps.
  • Predictive Analytics and Outreach: Machine learning can analyze vast amounts of data to identify individuals at high risk for emergent or costly conditions early on, enabling proactive healthcare delivery. This can improve patient outcomes and reduce healthcare costs.
  • Personalized Treatment Matching: AI can leverage real-world outcomes data to recommend treatments and care pathways most likely to benefit each unique individual. This personalized approach can enhance treatment effectiveness for complex conditions.
Categories
Health Law Highlights

5th Circ. Backs NLRB On Nurse Fired Over COVID Complaints

From Law360, by Tim Ryan:

The Fifth Circuit court upheld a 2022 National Labor Relations Board (NLRB) ruling that Texas-based Renew Home Health LLC unlawfully dismissed a nurse who raised concerns about the company’s handling of the COVID-19 pandemic.

The three-judge panel unanimously rejected Renew’s argument that Bornschlegl was a supervisor and therefore not protected under the National Labor Relations Act (NLRA).

The nurse was fired in April 2020 after she and her coworkers wrote a letter expressing concerns about shortages of personal protective equipment and inadequate hazard pay during the early stages of the pandemic.

Renew Home Health argued that the nurse was not protected under the NLRA as she was a supervisor. However, the panel disagreed, stating that the board had enough evidence to conclude that Renew fired the nurse due to her protected activity. The company had claimed that she was fired because she signed a coworker’s name to the letter without permission, but the panel found that her protected activity was a motivating factor in her termination.

Categories
Health Law Highlights

The Knowledge Requirement in a Case Alleging False Claims Act Violations

From PharmacyToday, by David B. Brushwood, BSPharm, JD:

This matter involved a pharmacy corporation accused of violating the FCA due to falsification of prior authorization (PA) forms by a Clinical Pharmacy Manager (CPM). The CPM allegedly completed these forms with false information, leading to coverage of Medicaid patients who did not meet criteria for payment. This resulted in a substantial increase in the pharmacy’s revenue from just over $1.5 million to over $5 million in 15 months.

The pharmacy corporation moved to dismiss its case, arguing that it was unaware of the CPM’s illegal actions.

The court denied the motion, noting that the FCA holds liable any person who knowingly presents or causes to be presented a false or fraudulent claim for payment. “Knowingly” is defined as having “actual knowledge”, “deliberate ignorance”, or “reckless disregard of the truth or falsity.”

The court reasoned that the corporation was aware of the significant increase in revenue, which was discussed between the CPM and her supervisor. Furthermore, the corporation’s bonus program, which incentivized higher sales, could have potentially encouraged the increase in revenue by any means necessary.

The takeaway is that pharmacy supervisors should be vigilant about any unexpected increase in pharmacy revenues and should confirm a legitimate explanation to prevent liability for knowingly allowing fraudulent activity. Any unlawful request must be reported to a supervisor, and rules must be adhered to for the benefit of the patients.