Categories
Around the Web

OIG Issues Final Information Blocking Enforcement Rule and Highlights the Potential for Referrals to the FTC and FCA Liability

By Ryan P. Blaney & Jonian Rafti, for Proskauer:

The Final Rule codifies the prohibition on “information blocking” introduced by the 21st Century Cures Act (“Act”), which was enacted on December 13, 2016. In the Act, “information blocking” was defined as any activity that, in part, is “likely to interfere with, prevent, or materially discourage access, exchange, or use” of electronic health information (“EHI”).[1] The Final Rule provides an enforcement process for alleged information blocking violations by health information networks, health information exchanges, and developers of health IT certified by the HHS Office of the National Coordinator for Health Information Technology (“ONC”). Enforcement of the information blocking penalties will begin on September 1, sixty days after publication of the final rule in the Federal Register.

Categories
Around the Web

Healthcare Industry Faces Heightened Antitrust Scrutiny Under New Merger Guidelines, HSR Rules

By Wendy Arends, Mark Tobey & Kelsey Toledo, for HuschBlackwell:

The draft Merger Guidelines were published on July 19, 2023, by the Agencies just weeks after the FTC issued newly proposed rules under the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR). The Merger Guidelines represent a significant departure from the 2010 Horizontal and Vertical Merger Guidelines, and the proposed HSR rules represent the first time the HSR process has been substantively updated in over 40 years.If implemented in their current form, both will have the effect of making the merger review process lengthier, more complicated, and more burdensome for virtually all companies, including those operating in the healthcare industry. The Agencies are seeking comments on the Merger Guidelines through September 18, 2023, and the FTC is currently accepting comments on the Proposed HSR Rules, extending the comment period until September 27, 2023.

Categories
Around the Web

Private Equity in Healthcare Is Under A Microscope, So What’s Next?

Jacqueline LaPointe, for RevCycle Intelligence:

As of 2019, private equity entities accounted for 65 percent of physician practice acquisitions, representing the vast majority of physician deals, according to data from the American Hospital Association (AHA). …

Researchers from several universities, including the University of Chicago and Columbia University, found that private equity acquisitions in every studied healthcare setting have increased in prevalence, and those investments were most closely associated with up to a 32 percent increase in costs for payers and patients.

Private equity ownership of medical settings was also associated with mixed to harmful effects on care quality. …

Research has linked price hikes to consolidation in healthcare, and when the topic of healthcare mergers and acquisitions comes up lately, private equity is on the tip of everyone’s tongue.

Categories
Around the Web

5 Steps to Ensure HIPAA Compliance on Mobile Devices

For mobile devices used by your providers and staff (your mobile endpoints), Michael Goad, for TechTarget, suggests:

1. Ensure devices and data are secure and encrypted … Encrypting mobile data prevents unauthorized access and protects patient information. [Use] strong encryption protocols for … Data transmission and storage … Regularly monitoring systems for potential security issues, OS patching and updates.
Enhanced security and networking policies and tools to prevent malicious attacks.

2. Implement strong authentication controls …  so unauthorized users cannot access confidential data.

3. Establish clear device usage policies …  Provide specifics, such as who can access these devices, how often users must update them and which apps users can install on them.

4. Conduct regular security audits … to ensure that all devices used by staff comply with regulations and relevant policies. A formalized response plan for dealing with potential data breaches is vital as well.

5. Carefully manage applications … ensure that application data is digitally sandboxed to control how data can be accessed, viewed and shared.

Categories
Around the Web

New Regulations on Health Care Transactions in California

While this blog is focused on Texas and federal law, many of our clients offer telehealth or Internet-centric services which implicate the laws of other states.

Andrew J. Demetriou, for HuschBlackwell, discusses new California regulations that “contemplate a dramatic expansion of state review of transactions affecting health care services.”

When approved, final regulations would be effective January 1, 2024. …

The regulations have been proposed pursuant to California Health & Safety Code §§ 125507-125507.6, part of an omnibus health care law enacted in 2022 which created OHCA [California Office of Health Care Affordability] and gave it broad authority to set and enforce heath care cost targets for the State.  The law requires that OHCA receive 90 days’ advance notice of transactions intended to close on or after April 1, 2024, that affect health care services in California. OHCA is required within the notice period to decide whether to conduct a cost and market impact review (“CMIR”) to determine whether a proposed transaction will reflect a market failure, increase market power of a party or create a risk of significant impact on market competition, the State’s ability to meet cost targets or costs for health care purchasers or consumers. Any transaction subject to the notice requirements may not be closed until OHCA has determined not to conduct a CMIR or, alternatively, has completed a CMIR evaluating the transaction.

Categories
Around the Web

Attacks at US Hospitals Show Why Health Care Is One of the Nation’s Most Violent Fields

Rebecca Boone, for AP News:

Data shows American health care workers now suffer more nonfatal injuries from workplace violence than workers in any other profession, including law enforcement. …

It’s not just deadly shootings: Health care workers racked up 73% of all nonfatal workplace violence injuries in 2018, the most recent year for which figures are available, according to the U.S. Bureau of Labor Statistics. …

Around 40 states have passed laws creating or increasing penalties for violence against health care workers, according to the American Nurses Association. Hospitals have armed security officers with batons, stun guns or handguns, while some states, including Indiana, Ohio and Georgia, allow hospitals to create their own police forces.

Categories
Around the Web

Should Patient Consent Be Considered When Using AI/RPA Technology for Prior Authorization?

From Physician’s Weekly:

The HIPAA Privacy Rule doesn’t specify provisions for protecting PHI data entered in AI technologies. What the rule does stipulate is that healthcare entities are not obligated to get patient consent for interoperability and electronic exchange of PHI. Certain states or entities, however, adopted bills, policies, regulations, or statutes requiring opt-in or opt-out consent from patients. The George Washington University Milken Institute School of Public Health pulled together a list of those states and entities, but its last update was in 2016.

Categories
Around the Web

How to Measure Acuity-Adjusted Panel Size for Contemporary Provider Compensation Plans

A report from VMG Health by Anthony Domanico, CVA, and Ben Minnis discussing the growing trend of introducing empanelment metrics into compensation formulas:

Empanelment can take on many forms in the compensation system, but all metrics center around the size of a particular primary care provider’s (PCP’s) patient panel (i.e., panel size and/or acuity-adjusted panel size), and how well (e.g., quality, patient experience) and how efficiently (e.g., shared savings, reduction of unnecessary procedures, etc.) a particular PCP take cares for those patients in his or her charge.

Categories
Around the Web

FTC Emerges as Leader in Health Privacy Enforcement

Kirk J. Nahra, Ali A. Jessani, and Samuel Kane, for WilmerHale:

In the past several weeks, the FTC has taken two additional actions that further signal its emergence as a leading regulatory force for health data. First, on July 20, the Commission issued a joint letter with the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) pertaining to the use of online tracking technologies by hospitals and telehealth providers. Second, on July 25, the Commission published a blog post highlighting key takeaways from its recent health data enforcement actions. Taken together, these actions indicate that the FTC’s recent interest in health privacy enforcement is no fluke — rather, companies should expect the FTC to remain an active regulator in this space for the foreseeable future.  Accordingly, companies that handle health data (as broadly defined by the FTC) — particularly those outside of the scope of HIPAA — should ensure that their health data privacy and security programs are robust.

Categories
Around the Web

OAG Files Appeal to Texas Supreme Court, Blocking Judge’s Injunction in Lawsuit Over Exceptions to State Abortion Laws

Erica Pauda, for KXAN:

The Office of the Attorney General filed an appeal Saturday to the Texas Supreme Court after a Texas judge issued a temporary injunction over exceptions to state abortion laws, according to a news release from the OAG’s office.

The ruling clears things up for doctors on when they can provide abortions. Those cases include medical conditions that pose a risk of infection or unsafe pregnancy that could pose a risk to the mother’s health, medical conditions that are exacerbated by pregnancy and fetal conditions where the fetus is unlikely to survive.