Author: WadeEmmert

Violations of the False Claims Act require a requisite state of “knowledge” a claim’s falsity. To violate the statute, one must have “actual knowledge,” “deliberate ignorance” or “reckless disregard of the truth or falsity” of the claim. Any of those broad levels of knowledge is sufficient to support a False Claims Act violation.

But knowledge in retrospect looks different than knowledge prosectively. Is the “usual and customary” price of a drug the price that cash customers pay in cash, or is it the price negotiated by insurance companies or set by Medicare?

This week, the United States Supreme Court will consider the issue in U.S. ex rel. Proctor v. Safeway, Inc.

Nina Totenberg for NPR explains:

The case essentially began in 2006, when Walmart upended the retail pharmacy world by offering large numbers of frequently used drugs at very cheap prices — $4 for a 30-day supply — with automatic refills. That left the rest of the retail pharmacy industry desperately trying to figure out how to compete.

The pharmacies came up with various offers that matched Walmart’s prices for cash customers, but they billed Medicaid and Medicare using far higher prices, not what are alleged to be their usual and customary prices.

Walmart did report its discounted cash prices as usual and customary, but other chains did not. Even as the discounted prices became the majority of their cash sales, other retail pharmacies continued to bill the government at the previous and far higher prices.

For example, between 2008 and 2012, Safeway charged just $10 for almost all of its cash sales for a 90-day supply of a top-selling drug to reduce cholesterol. But it did not report $10 as its usual and customary price. Instead, Safeway told Medicare and Medicaid that its usual and customary price ranged from $81 to $109.

Web tracking technology has been in the news a lot lately. Most websites use such tools to track users as they navigate through a particular site and around the web. Nothing new here. But in doing so, user data gets transferred from one site to another, or actively collected, posing privacy risks for healthcare providers.

A new study, published in Health Affairs, indicates that 99% of hospital websites use third-party tracking code on their sites, creating privacy risks for patients and legal liability for hospitals:

We found that third-party tracking is present on 98.6 percent of hospital websites, including transfers to large technology companies, social media companies, advertising firms, and data brokers. Hospitals in health systems, hospitals with a medical school affiliation, and hospitals serving more urban patient populations all exposed visitors to higher levels of tracking in adjusted analyses. By including third-party tracking code on their websites, hospitals are facilitating the profiling of their patients by third parties. These practices can lead to dignitary harms, which occur when third parties gain access to sensitive health information that a person would not wish to share. These practices may also lead to increased health-related advertising that targets patients, as well as to legal liability for hospitals.

OIG has approved the use of gift cards to incentivize patients to return sample collection kits, provided there are certain safeguards in place:

• Mailing the gift cards only to those patients who return the kits by the deadline specified in the reminder letter.
• Advising patients that they may not use the gift cards on items or services provided by the requestors.
• Limiting patients to one gift card every 36 months, which is consistent with Medicare’s coverage period for the screening test.
• Implementing processes to ensure patients who received a gift card during the 36-month period do not receive another one during that period.
• Refraining from patient-focused promotional activities that advertise the availability of the gift card.
• Prohibiting advertising or marketing the proposed arrangement to healthcare providers who may order the test.
• Excluding tests ordered by healthcare providers through the requestors’ website from the proposed arrangement.

Dee Harleston, Stewart Kameen, Jinnifer Michael, and Danielle Sloane, for Bass Berry & Sims:

The U.S. Department of Health and Human Services Office of Inspector General (OIG) recently issued Advisory Opinion 23-03, approving a proposal by the manufacturer of a colorectal cancer screening test and its wholly owned laboratory to provide gift cards to certain patients to encourage them to return the sample collection kits. While limited in scope, this favorable opinion is noteworthy because OIG typically disfavors arrangements under which providers or suppliers distribute gift cards to incentivize patients to obtain federally reimbursable services. Although OIG approved the proposed arrangement at issue in Advisory Opinion 23-03, the agency also pointedly warned entities against structuring arrangements that differ from the facts of the proposed arrangement.

OIG Advisory Opinion 23-03

Jill McKeon, for Health IT Security:

Effective immediately, the US Food and Drug Administration (FDA) will require medical device manufacturers to provide cybersecurity information in their premarket device submissions. Additionally, beginning October 1, the FDA will exercise its authority to refuse submissions for cybersecurity reasons.

…

Key Medical Device Security Requirements Included in Omnibus Bill
HSCC Publishes Guidance On Managing Legacy Medical Tech Security
Outdated Operating Systems Remain Key Medical Device Security Challenge
For any submission after March 29, manufacturers must include a “plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures,” the FDA stated.

In addition, manufacturers must develop and maintain procedures that provide a reasonable assurance that the device and systems are cybersecure and incorporate plans to patch and update the device and related systems at the postmarket stage.

Lastly, manufacturers are required to provide a software bill of materials (SBOM) for their devices, including commercial, open-source, and off-the-shelf software components. The FDA issued an accompanying FAQ document to help manufacturers determine their obligations.

FDA: Cybersecurity in Medical Devices Frequently Asked Questions (FAQs)

From the HIPAA Journal:

On Wednesday, March 29, 2023, the medical device cybersecurity requirements of the $1.7 trillion omnibus spending bill – The Consolidated Appropriations Act, 2023 – took effect and the FDA now requires all regulatory submissions for medical devices to include information about the cybersecurity measures that have been implemented for the devices. Section 3305 of the Omnibus bill — Ensuring Cybersecurity of Medical Devices — amended the Federal Food, Drug, and Cosmetic Act (FD&C Act) by adding section 524B, Ensuring Cybersecurity of Devices. This requirement took effect 90 days after the enactment of the Act on December 29, 2022, which means premarket submissions submitted to the FDA after March 29, 2023, require information to be included about the cybersecurity of medical devices.

Medication abortions typically use two drugs taken together: Mifepristone and Misoprostol. This ruling only affects Mifepristone. The other drug, Misopostol, is still available, but its use has always required the physician to prescribe it “off-label,” meaning it is not FDA-approved for abortions. It is FDA-approved only for use to prevent stomach ulcers while taking NSAIDs.

Chloe Atkins writing for NBC News:

In an unprecedented move, U.S. District Judge Matthew Kacsmaryk on Friday suspended the Food and Drug Administration’s longtime approval of key abortion pill mifepristone, though he gave the government a week to appeal his decision. If the ruling does eventually go into effect, it would curtail access to the standard regimen for medication abortion nationwide.

The FDA approved mifepristone more than 20 years ago to be used in combination with a second drug, misoprostol, to terminate pregnancies at up to 10 weeks. Over half of U.S. abortions are done by medication abortion, according to the Guttmacher Institute, a research group that supports abortion rights.

…

If the stay on the FDA’s mifepristone approval goes into effect, the drug would no longer be available anywhere in the U.S. That would leave a surgical procedure or off-label use of misoprostol on its own as the only options in states where abortion is legal.