Author: WadeEmmert

Categories
Health Law Highlights

7 HIPAA Predictions For 2024

From Becker’s Hospital Review, by Madeline Ashley:

  • The Office for Civil Rights (OCR) is expected to increase enforcement actions for violations of HIPAA security and breach notification rules, with a predicted record number of civil monetary penalties and settlements in 2024.
  • The HIPAA right of access will continue to be a focus for OCR enforcement due to its straightforward nature and minimal resource requirement for investigations.
  • An update to the HIPAA security rule is anticipated in spring 2024, likely introducing new mandatory cybersecurity measures, including stricter access control requirements such as mandatory multi-factor authentication.
  • Following the overturning of Roe v. Wade, a new rule on reproductive health information disclosure, limiting its use to specific purposes like payment, healthcare operations, treatment, and legal investigations related to reproductive healthcare services.
  • The American Hospital Association’s lawsuit against OCR’s tracking technologies guidance could lead to the first enforcement action regarding the use of tracking technologies on hospital websites in 2024. If the lawsuit is successful, further rulemaking on tracking technology is expected to enhance patient privacy.
  • The Centers for Medicare & Medicaid Services (CMS) are projected to introduce cybersecurity requirements as a condition for participation in their programs.
  • State attorneys general are expected to increase HIPAA compliance enforcements, imposing additional financial penalties on healthcare organizations failing to meet minimum cybersecurity standards.
Categories
Health Law Highlights

Supreme Court Eyes World War II Era Doctrine for Agency Rules

From Bloomberg Law, by Kimberly Strawbridge Robinson:

  • The Supreme Court signaled its intention to replace the Chevron doctrine with the Skidmore doctrine during arguments in recent cases.
  • The Chevron doctrine, from a 1984 ruling, requires judges to defer to agency interpretations of a statute if reasonable, while the Skidmore doctrine, from a 1944 ruling, only requires deference if the interpretation is persuasive.
  • Skidmore is generally seen as less agency-friendly than Chevron. While Chevron requires courts to defer to a reasonable agency determination, Skidmore only requires that a court treat it as guidance, a much lower threshold.
  • If the Supreme Court replaces Chevron with Skidmore, it could change how courts consider challenges to agency regulations. Agencies are expected to win less under Skidmore, but the extent of this change remains uncertain, as the Supreme Court has already reduced Chevron’s influence in recent years.
  • The potential shift to Skidmore could increase pressure on agencies to provide more thorough reasoning to support their actions, possibly leading to fewer broad policy changes. However, some experts argue that agencies will still have various tools to achieve their desired results, such as enforcement actions, funding mechanisms, and exerting pressure on outside groups.
Categories
Health Law Highlights

Is Apple Pay HIPAA Compliant?

From The HIPAA Journal, by Steve Alder:

  • Apple Pay and HIPAA Compliance: Despite not being HIPAA compliant, Apple Pay can be used by healthcare providers and health plans to collect payments. The service is exempt from HIPAA under §1179 of the HIPAA Act, which applies to entities engaged in payment processing activities.
  • How Apple Pay Works: Apple Pay is a mobile payment service that uses a unique Device Account Number for each card registered in the Apple Wallet app. The service facilitates online, in-app, and contactless payments without sharing the user’s credit or debit card details with the recipient.
  • Privacy and Protected Health Information (PHI): Due to the unique way Apple Pay operates, neither the recipient nor Apple has access to information that could identify the user or their purchase details. As such, information sent through Apple Pay does not qualify as PHI.
  • Exceptions and Limitations: The HIPAA exemption only applies to the payment facilitation aspect of Apple Pay. Covered entities and business associates should not store individually identifying health information in the Apple Wallet app, as Apple will not sign a Business Associate Agreement. Any third-party integrations with Apple Pay used for payment reconciliation must be HIPAA compliant.
Categories
Health Law Highlights

Hospitals Owned by Private Equity Are Harming Patients, Reports Find

From Ars Technica, by Beth Mole:

  • Private equity firms, particularly Apollo Global Management, are increasingly acquiring hospitals across the US, a trend that has led to a decline in the quality of care, according to reports by the Private Equity Stakeholder Project (PESP) and a study in JAMA
  • Apollo Global Management, through Lifepoint and ScionHealth, operates 220 hospitals in 36 states. The PESP report found that some of these hospitals rank among the worst in their states, with an average rating of 2.8 stars, compared to the national average of 3.2 stars, on the Center for Medicare and Medicaid Services’ system.
  • The JAMA study discovered a rise in serious medical errors and health complications among patients in the first few years after private equity firms take over, including a 25% increase in hospital-acquired conditions and a doubling of surgical site infections.
  • Both reports highlight a pattern of cost-cutting measures and staff layoffs following private equity acquisition, leading to reduced services and underpaid staff. Apollo’s hospitals, for example, saw a reduction of $166 million in annual salary and benefit costs and $54 million in supply costs in 2020.
  • The reports also noted that Apollo’s hospitals carry substantial debt, with ScionHealth and Lifepoint having 5.8 and 7.9 times more debt than income, respectively. Additionally, Apollo has profited from sale-leaseback transactions, which involve selling the land under the hospitals and then leasing it back, further straining the financial resources of these institutions.
Categories
Health Law Highlights

Overlooking Executive Comp Packages Puts M&A Deals at Risk

From Bloomberg Law, by Ian Sherwin (Reed Smith):

  • Compensation and Motivation: Understanding the compensation structures and philosophies of a target company is crucial in M&A transactions. This includes executive compensation, which can be a significant cost, involving base salary, bonuses, severance entitlements, and health and welfare programs. It’s also subject to various tax, securities, corporate, and employment-related rules and regulations.
  • Transaction Structures: The nature of the transaction, whether it’s an acquisition or a merger, impacts compensation-related decisions. For private companies, disclosure concerns are minimal, but public companies have significant disclosure obligations. For carve-outs, considerations include potential employment termination and re-hiring by the acquirer, who bears the cost of severance, and the form of consideration for equity awards.
  • Severance and Bonuses: Severance protections can help maintain employee performance during a transaction. The value and duration of severance can vary based on seniority and job level. Transaction and retention bonuses can also be used to motivate and retain key employees. The former encourages employees to complete the transaction, while the latter incentivizes them to stay through certain milestones.
  • Covenants: Buyers often set restrictions on what the target can do between the signing and closing of a transaction. These include changes to benefit plans, compensation, hiring or termination of employees, and equity awards. Targets often seek post-closing employment-related covenants, such as guaranteed compensation and benefit levels, and continued participation in severance programs.
  • Sections 280G and 4999: Golden parachute rules (Sections 280G and 4999 of the Internal Revenue Code) are a major focus in most transactions. If triggered, a 20% excise tax could apply to certain service providers, and the target may lose a compensatory tax deduction. Mitigation strategies can include reasonable compensation analyses, valuing non-competition agreements, and shifting compensation to the current tax year. Private companies may opt for a shareholder cleansing vote to avoid these issues.
Categories
Health Law Highlights

What Do Threads, Mastodon, and Hospital Records Have in Common?

From Ars Technica, by Fintan Burke:

  • The concept of “federated learning”, inspired by the privacy-focused structure of new social media platforms, is being adopted by medical researchers to train AI in spotting disease trends. In this approach, user data is hosted on independent servers instead of a single corporate entity, which promotes data privacy and enables selective sharing of information.
  • Instead of pooling patient data from various hospitals into one database, which raises privacy concerns and legal complications, researchers send their AI models to individual hospitals. These models can then analyze the data within the hospital’s firewall, maintaining the privacy of sensitive patient information.
  • The training process involves doctors identifying eligible patients, selecting necessary clinical data, and organizing it on a local database. The AI software then uses this data to identify disease trends. The trained model is periodically sent to a central server, where it is combined with models from other hospitals to update the original model.
  • The updated “consensus model” is sent back to each hospital to be trained further, and this cycle continues until the final model is deemed accurate enough. This process ensures data privacy, as the information sent back to the central server is anonymized and remains within the hospital’s firewall.
  • Federated learning has seen significant growth in medical research. For instance, in 2021, a study successfully used this method to predict diabetes from CT scans of abdomens, potentially identifying at-risk patients up to seven years prior to their diagnosis.
Categories
Health Law Highlights

Up and Up and Up: Accounting for Supply Cost Inflation in Due Diligence

From VMG Health, by Johnny Zizzi, CPA, and Melissa Hoelting, CPA:

  • Inflation-Adjusted Financial Analysis: In periods of high inflation, traditional financial metrics may not accurately depict a company’s performance. It is essential to adjust financial analysis for inflation, especially in the healthcare sector where supply costs have been significantly rising. Businesses must assess their ability to maintain profitability and manage costs in the face of these increases.
  • Cash to Accrual Impacts: Converting financial statements from cash to accrual accounting can significantly impact the quality of earnings, particularly when dealing with supply cost inflation. This process becomes more complex with rising costs, necessitating a financial due diligence team to ensure accurate and comprehensive analysis.
  • Robust Forecasting and Scenario Analysis: Given the uncertainties around inflation and supply chain disruptions, robust forecasting and scenario analysis are crucial for businesses to proactively manage the financial impact of rising costs. This approach can help companies adjust pricing strategies, negotiate better contracts, and implement cost-cutting measures to maintain profitability.
  • Net Working Capital Analysis: High inflation impacts a company’s balance sheet, affecting both assets and liabilities. Advisors must align the timing of cash flows associated with assets and liabilities to mitigate liquidity risks stemming from supply cost inflation. Transactions may shift towards a shorter lookback period to set the price/earnings-to-growth (PEG) in times of rising prices.
  • Conclusion: In the dynamic world of healthcare M&A, understanding historical spend normalization, cash-to-accrual conversions, and the impact of supply cost inflation is critical. The rise in inflation places a significant level of complexity on financial due diligence, highlighting the need for inflation-adjusted financial analysis, transition from cash to accrual accounting, robust forecasting, and vigilant net working capital management.
Categories
Health Law Highlights

Providers Target Insurers in New Surprise Billing Legal Scuffles

From Bloomberg Law, by Sara Hansard:

  • Health care providers are increasingly suing insurers for not making timely arbitration award payments under the No Surprises Act, creating a new hurdle in the implementation of the billing dispute resolution system. These lawsuits are expected to rise as more claims move through the system and are potentially batched together.
  • The No Surprises Act’s federal online independent dispute resolution (IDR) portal has faced challenges, including large case backlogs and numerous shutdowns. As of June 2023, more than 490,000 disputes over out-of-network claims were submitted, with 61% remaining unresolved.
  • A significant consolidated lawsuit, Guardian Flight LLC v. Aetna Life Insurance Co., involves four air ambulance companies suing Aetna Inc. and Cigna Health and Life Insurance Co. for non-payment of claims following arbitration decisions. The companies claim that the insurers have failed to pay over $3 million in IDR awards.
  • Insurers are arguing that providers cannot file court cases to enforce IDR awards and that their only recourse is to file a complaint with the Centers for Medicare & Medicaid Services (CMS). CMS has stated that it takes the issue of late payments seriously and will impose civil monetary penalties if a violation is found.
  • There are complications and challenges in challenging arbitration awards, including the expensive cost of litigation. Some health care providers have found it difficult to determine whether to use the federal or state process for dispute resolution, further complicating the situation.
Categories
Health Law Highlights

Texas Medical Board Cracking Down on IV Hydration

From Hendershot & Cowart, PC, by Keith Lefkowitz: 

  • The Texas Medical Board (TMB) has addressed the rise of medical business models offering intravenous (IV) vitamin therapy or hydration, cautioning that these could potentially violate Texas regulations. TMB President, Dr. Sherif Zaafran, emphasized that IV therapy is a medical procedure and must be conducted under the supervision of a licensed physician or delegated non-physician.
  • Physicians are advised to ensure that such IV hydration services are therapeutically beneficial or necessary for the patient’s treatment, and are properly diagnosed and documented. 
  • The TMB warns against offering medical treatments as a “menu” for patients to choose from without proper medical assessment. The provision of medically unnecessary services could be seen as unprofessional conduct and a violation of the Medical Practice Act and TMB Rules.
  • A patient must be examined by a qualified healthcare practitioner, who should perform appropriate diagnostic tests and develop a diagnosis before prescribing drug therapies. Prescription of drugs without determining medical necessity may breach the Medical Practice Act and TMB Rules.
  • The TMB has strict guidelines for standing delegation orders and standing medical orders, including the types of medicines that may be provided. Physicians are encouraged to review the TMB regulation, Chapter 193 – Standing Delegation Orders, for full guidance on the rules related to delegation and supervision requirements and responsibilities.
Categories
Health Law Highlights

Key Considerations for Healthcare Providers Responding to Law Enforcement Requests

From Quarles & Brady LLP, by Simone Colgan Dunlap, Sarah Coyne, Kaitlyn Fydenkevez, Meghan O’Connor:

  • Current HIPAA rules permit healthcare providers to disclose protected health information (PHI) to law enforcement under specific circumstances, such as to comply with a court order, respond to an administrative request, or in cases of identifying a suspect or victim, among others.
  • Providers must also be aware of more stringent state laws, particularly when it comes to “sensitive” categories of data like mental health records or sexual/reproductive health data. Any disclosure must meet the requirements of both HIPAA and state law.
  • Providers should ensure that staff understand organizational policies and procedures regarding law enforcement requests, and should watch for the final rule on HIPAA disclosure requirements. The Senate Finance Committee’s letter calls for broader protection, which may influence the final rule, particularly in relation to pharmacy disclosure of prescription data to law enforcement.