Author: WadeEmmert

Artificial Intelligence, particularly generative AI, is upending many industries. It will be years before we have an appreciation for the many ways AI can be used to improve quality and equity in healthcare. It will be even longer before laws catch up to protet patients from its inevitable misuse.

Sarah M. Worthy, for The Fast Mode:

Healthcare executives must navigate the delicate balance between harnessing the power of AI and safeguarding the privacy and security of sensitive data. This article explores the imperative for healthcare executives to fortify data protection efforts, delves into the unique challenges posed by AI, and emphasizes the need for a comprehensive approach to safeguard patient and employee data.

Holden Godat, Taylor Anderson, CVA, and Trent Fritzsche, writing for VMG Health:

With the emergence of private equity (PE) firms attempting to align with physician practices, VMG Health has seen an increase in the number of management services agreements (MSAs). Due to the highly fragmented and regulated nature of healthcare, PE investment in healthcare is not as straightforward as in other industries. In states with some level of corporate practice of medicine (CPOM) adoption, PE’s interaction with physician practices usually involves a “Friendly PC” model with an affiliated management services organization (MSO) [1]. In return for providing most of the non-clinical assets and services to a physician practice, the MSO charges a management fee via an MSA. To better understand how these arrangements are structured in the market, VMG Health experts have outlined their findings from valuing over 120 MSAs and offer insight into how to generate more value from these agreements.

Jose Vela, Jr., for Clark Hill:

Last Friday, the U.S. Supreme Court (SCOTUS) handed down an important ruling that will give healthcare organizations and practitioners relief against meritless whistleblower lawsuits. The ruling could result in saving organizations and practitioners their time, money, and reputation.

In a near-unanimous 8-1 decision, the SCOTUS affirmed the Third Circuit Court of Appeals on whether the federal government may obtain dismissal of a whistleblower lawsuit it declined to intervene under the federal False Claims Act (FCA). Upon a defendant’s request or its own volition, the federal government may move to voluntarily dismiss a FCA case over the objection of the whistleblower.

From HuschBlackwell, Healthcare Law Insights:

Following two weeks of trial testimony, a Travis County jury recently rendered a $10 million verdict in a novel corporate practice of medicine (CPOM) case. The jury found in favor of a physician hospitalist group that claimed a management company repeatedly broke its promise to comply with the state’s CPOM prohibition, putting profits over patients, among other wrongdoings.

An appeal is underway, but the case stands out among CPOM cases that typically focus on terms of a contract or on practice models and are limited to seeking declaratory judgments and not money damages. The case also serves as a reminder that breaching a contractual promise to follow applicable state laws (even those to be enforced by regulators and that do not provide for a private right of action) can carry real risk.

Most improper disclosures are caused by complacency, poor training, or lack of attention. These kinds of lists are good reminders of some of the biggest types of violations. Of course, Covered Entities should provide this, and more, to employees and business associates.

From Security Boulevard:

1. Unsecure internet access. Transmitting e-PHI over unsecured networks, such as Wi-Fi networks at a coffee shop, internet cafe, or even at home, can increase the risk of patient data becoming accessible to hackers.

2. Improper handling of paper-based PHI. Paper-based procedures are still commonly used for some elements of a healthcare organization’s operations. This may result in unauthorized access to PHI. For example, if a remote employee prints out patient information from their family printer, the household may access these files.

3. Improper disposal of files. Improper disposal includes disposing of files, physical or electronic, in a way that information can still be read or accessed by unauthorized individuals. …

4. Unauthorized devices.  HIPAA rules require all devices that use, gather, store, or transfer e-PHI to be safeguarded by specific security controls. Employees often use multiple devices to complete their daily tasks, so it is possible to use a device their organization did not authorize unintentionally. …

5. Insufficient compliance training program.  Business associates and covered entities are required to renew their HIPAA certifications annually through compliance training programs. All staff, including remote employees, must complete compliance training.

6. Lost or stolen records.  The HIPAA Security Rule outlines security and safeguards to ensure minimal risk of unauthorized access to PHI. …

7. Incorrect filing of PHI. Incorrect filing can result in unauthorized access to PHI. For example, if a health care provider sends digital X-ray results to the wrong physician or patient information to the wrong patient …

8. Phishing scams.  Phishing scams are a common way cybercriminals trick individuals into accidentally revealing passwords and other sensitive information by sending them communications that appear to come from a reputable source. Refresher courses for all employees on cybersecurity awareness can help reduce these risks. …

9. Unencrypted data.  With most communication occurring through text, email, and other messaging platforms, it’s easy to forget how vulnerable that information is. If PHI is not encrypted appropriately, there is an increased risk of cyberattacks, threats, and data breaches. …

10. Lack of physical security.  For example, leaving paper PHI unattended in communal rooms of the house or on the table at a coffee shop increases the risk of theft or unauthorized access to these files.

Source: 10 HIPAA Violations to Watch Out for While Working Remotely – Security Boulevard

U.S. Supreme Court Justice Samuel Alito has temporarily stayed until Wednesday a Texas federal court order imposing restrictions on the distribution of the abortion drug mifepristone while they consider a request by the Biden administration to block the restrictions.

Brendan Pierson, writing for Reuters, discusses What Happens Next?

Whether or not the Supreme Court decides to stay Kacsmaryk’s order, it will not decide the merits of the case. Rather, the court will determine whether and how mifepristone can be distributed while the case is pending.

…

Whichever way the Supreme Court rules, it will send the case back to the 5th Circuit, where the FDA will pursue a full appeal of Kacsmaryk’s preliminary injunction. The agency and the anti-abortion groups will both have a chance to file briefs, and the case is scheduled to be argued before a three-judge panel on May 17.

That appeal process could last months. The losing party could petition for rehearing with all judges of the 5th Circuit, known as en banc rehearing, and ultimately petition the Supreme Court once again.

…

A final resolution could be months or years away. Once it does come, the losing side will again have the chance to appeal to the 5th Circuit and, eventually, the Supreme Court.

Interesting statistics on hospice care, its growth, and fraud from Deborah Abrams Kaplan, writing for Managed Healthcare Executive:

• Hospice care really started to take hold after Medicare started covering it in 1985. With Medicare paying the bills, hospice gained traction over time. Medicare spending on hospice nearly doubled from 2010 to 2020, increasing from $12.9 billion to $22.4 billion, according to the Medicare Payment Advisory Commission (MedPAC), an independent group that advises Congress on Medicare. During that period, the number of organizations that provide hospice care grew by 44%, from 3,498 in 2010 to 5,058 in 2020.
• With the growth in hospice care has come a growth in fraudulent practices. Hospice fraud is rampant and has gotten more sophisticated, especially in four areas: (1) improper admission, (2) improper retention, (3) improper classification, and (4) kickbacks.
• Hospice care in the U.S. was originally provided almost exclusively by nonprofit organizations, but now the providers are predominately for-profit organizations and an increasing number of them are backed by private equity. In 2010, 1,958 of the 3,498 hospices (or about 56%) in the U.S. were run by for-profit companies, according to MedPAC. By 2020, the number of hospices had grown by 44%, to 5,047, and 73% of them were owned by for-profit companies, according to MedPAC.