Author: WadeEmmert

Categories
Health Law Highlights

Private Investors and Digital Health Attracting Oig Attention: General Compliance Program Guidance to Watch

From McDermott, Will & Emery, by Tony Maida, Dale C. Van Demark, Monica Wallace:

  • The US Department of Health and Human Services (HHS) Office of Inspector General (OIG) has published the General Compliance Program Guidance (GCPG) as a revised reference guide for the healthcare compliance community and other stakeholders.
  • The GCPG specifically references technology companies and the growing prominence of private equity and other forms of private investment in the healthcare sector.
  • The GCPG covers various risk areas, including quality and patient safety, new entrants in the industry, financial incentives and arrangements, and the role of private investors in compliance oversight.
  • OIG’s concern about new entrants and private investment signals increased scrutiny in the healthcare marketplace and its private ownership foundation.
  • Healthcare organizations should take steps to ensure their board members and executives are trained on healthcare legal and regulatory landscape, maintain an effective compliance program, and monitor further OIG guidance and enforcement actions.
  • Private investors should also take note of OIG’s statements and the recent CMS rule requiring detailed ownership disclosure.
Categories
Health Law Highlights

HHS Finalizes Regulation of Certain AI

From Manatt, Phelps & Phillips, LLP, by Alex Dworkowitz, Alice Leiter, and Randi Seigel:

  • The U.S. Department of Health and Human Services (HHS) has finalized a rule to regulate the use of artificial intelligence (AI) in health care.
  • The rule applies to predictive algorithms used in electronic health record (EHR) systems. It requires transparency in the use of AI, including information about the purpose, funding sources, training data, fairness measures, and validation process.
  • The rule aims to promote the development of fair, valid, and safe algorithms and address concerns about biased decision-making.
  • The regulation currently applies to developers of certified EHR software and may foreshadow future regulations for health care providers.
  • The rule also includes updates to the ONC Health IT Certification Program and provisions to improve interoperability and secure exchange of health information.
Categories
Health Law Highlights

FDA’s Final Rule on Direct-to-Consumer Advertising – Presentation of Risk Information

From Foley & Lardner, LLP, by Kyle Gaget and Jordan Smiley:

  • The FDA has released a final rule regarding direct-to-consumer (DTC) advertising for prescription drugs and biologics.
  • The rule requires that DTC ads include the most important risks associated with the drug or biologic being advertised.
  • The FDA has also clarified that companies can include a “major statement” in their ads to fulfill this requirement.
  • The final rule also addresses the use of alternative media for DTC ads, such as social media and online platforms.
  • Companies are encouraged to review and update their DTC advertising practices to ensure compliance with the new rule.
Categories
Health Law Highlights

Feds Levy First-Ever HIPAA Fine for a Phishing Breach

From Govinfo Security, by Marianne Colbasuk McGee:

  • The Department of Health and Human Services has issued the first ever HIPAA fine for a phishing breach, highlighting the importance of cybersecurity in the healthcare industry.
  • The fine was imposed on a medical practice that failed to adequately protect the sensitive information of its patients, resulting in a phishing attack that compromised over 17,000 individuals’ data.
  • The incident serves as a reminder for healthcare organizations to implement strong security measures, including employee training and robust email security protocols, to prevent similar breaches from occurring.
  • The HHS Office for Civil Rights (OCR) has emphasized the need for healthcare entities to conduct regular risk assessments and implement appropriate safeguards to protect patient data.
  • This case also highlights the OCR’s commitment to enforcing HIPAA regulations and holding organizations accountable for their failure to secure sensitive information.
Categories
Health Law Highlights

The Growing Causal Divide: But-For Causation in AKS/FCA Actions

From McGuireWoods, by Renee Kumon, Timothy Fry and Brett Barnett:

  • The District of Massachusetts Court recently joined the Sixth and Eighth Circuits in requiring the government to show a direct tie between kickbacks and referrals that proximately caused claims to federal healthcare programs to prevail in Anti-Kickback Statute (AKS) and False Claims Act (FCA) actions.
  • The District Court’s ruling contributes to the growing split between the Third Circuit, which requires a mere causal connection between kickbacks and referrals, and the Sixth and Eighth Circuits, which require but-for causation between the kickback and the federal claim.
  • This split relates to the per se fraud clause added to the AKS in 2010, which provides “a claim that includes items or services resulting from a violation of this section constitutes a false or fraudulent claim” for purposes of the FCA.
Categories
Health Law Highlights

FDA Issues Revised Off-Label Communications Guidance

From Jones Day, by Anthony Dick, Harrison Farmer, Colleen Heisey, Laura Laemmle-Weidenfeld, Rebecca Martin:

  • The FDA has issued a revised draft guidance on the sharing of scientific information with healthcare providers (HCPs) regarding unapproved uses of approved/cleared medical products.
  • The 2023 Guidance expands the scope of recommendations to include independent clinical practice resources and firm-generated presentations of scientific information.
  • It introduces a new evidentiary standard for source publications and emphasizes the importance of truthful, non-misleading, factual, and unbiased communications.
  • The guidance also provides presentational considerations, such as clear disclosures, avoidance of persuasive marketing techniques, and the use of plain language.
  • Comments on the guidance can be submitted until January 5, 2024.
Categories
Health Law Highlights

CMS Issues Interim Rule in Response to State Medicaid Disenrollment Trend

From Nelson Mullins Riley & Scarborough LLP, by Shane Duer, Knicole Emanuel, Cara Ludwig:

  • The Centers for Medicare & Medicaid Services (CMS) has issued an interim rule in response to the trend of states disenrolling recipients from the Medicaid program.
  • The rule aims to limit the removal of recipients from the program for procedural reasons rather than eligibility considerations.
  • States that fail to comply with the rule may face enforcement actions, including submitting a corrective action plan and paying civil money penalties.
  • The rule also requires states to submit reports on their eligibility redetermination activities, which will be made public.
  • The regulations became effective on December 6, 2023.
Categories
Health Law Highlights

What Cigna’s FCA Settlement Means for Other Medicare Advantage Plans

From HealthPayerIntelligence, Victoria Bailey:

  • Cigna’s recent brush with False Claims Act violations serves as a reminder that Medicare Advantage organizations should be routinely assessing their risk and compliance activities.
  • The United States alleged that Cigna submitted inaccurate and untruthful patient diagnosis data to receive additional payments from CMS and did not withdraw the inaccurate data or repay CMS.
  • Cigna submitted the diagnoses to CMS even though they were not supported by information documented on the vendors’ forms, nor were they reported to Cigna by other healthcare providers who saw the patient during the year the home visits occurred.
  • Medicare Advantage is a top priority for the government when it comes to detecting fraud.
  • Medicare Advantage plans should focus on risk mitigation assessments to avoid similar situations:
    • ensure your documentation looks good. Make sure if you’re doing these retrospective reviews of patient charts, you’re not just adding codes, but also making sure that if any of the codes needed to be downgraded, you’re deleting those extra codes
    • look at their data and imagine how it would appear to an objective third party. Plans should ensure they are identifying the correct codes and that any in-home assessments are complete.
    • conduct annual risk assessments and other monitoring.
  • All Medicare Advantage organizations would benefit from proactively assessing their data on a routine basis. Some organizations may be able to monitor their documentation and conduct risk adjustments with their current staff. However, partnering with outside companies may be helpful for others.
Categories
Health Law Highlights

Two Dallas Physicians Charged in $12 Million Fraud Scheme

From D Magazine, by Will Maddox:

  • Drs. Desi and Deno Barroga were indicted for allegedly receiving $12 million from fraudulent claims and illegally distributing hydrocodone to patients from the Dallas pain management clinic where they operated.
  • While at the clinic, the Barrogas would bill insurance for injections of anti-inflammatory steroids without administering the medicine. According to the indictment, the doctors would put a needle against the patient’s skin without piercing the skin to mimic an injection.
  • The physicians allegedly billed for 80 injections on a patient in a single visit. Court records show that the clinic sometimes billed more than $4,000 for services on a single day for a patient.
  • The clinic allegedly created fake health records to reflect the fraudulent billing, often copying and pasting the record from patient to patient with little to no variation. The Barrogas submitted the false records to the insurance companies to justify the alleged fraud. The defendant billed insurance companies for $50 million, of which they were paid $12 million for the fraudulent work.
Categories
Health Law Highlights

The New Health Privacy Landscape—Out of the Frying Pan and Into the Fire

From Perkins Coie, by Stephanie Duchesneau, Susan Fahringer, Meredith Halama, Janis Kestenbaum:

  • The legal landscape around health privacy has become much more complex in recent years, with more entities and types of data now subject to regulation and enforcement.
  • The FTC has taken a broader view of what constitutes sensitive health data and has pursued more enforcement actions around the sharing of such data with third parties like ad tech companies. 
  • Several states like Washington, New York, Nevada, and Connecticut have passed new consumer health privacy laws restricting certain uses of geofencing and health data.
  • HHS and the FTC have also issued new guidance clarifying that certain data sharing practices of HIPAA-covered entities may violate privacy rules.
  • All entities should review their health privacy practices given this changing legal landscape to ensure compliance and avoid litigation and enforcement risks.