Author: WadeEmmert

Categories
Health Law Highlights

FDA Proposes Updated Guidance Concerning Cybersecurity of Medical Devices

Summary of article from Jones Day, by Maureen Bennett, Ryan Blaney, Alexis Gilroy, Colleen Heisey, Michael McFerran, Lauren Murtagh:

The U.S. Food and Drug Administration (FDA) has proposed an updated draft Premarket Cybersecurity Guidance on March 13, 2024, to aid in meeting cybersecurity requirements for FDA medical device submissions. This guidance, under Section 524B of the Federal Food, Drug, and Cosmetic Act, applies to any submission for a “Cyber Device”, which is defined as any device containing software, with potential internet connectivity, and susceptibility to cybersecurity threats. Manufacturers are required to provide documentation that includes plans for dealing with cybersecurity vulnerabilities, assurance of device and system security, and a detailed software bill of materials. The guidance also addresses the impact of device modifications on cybersecurity and the need for a “reasonable assurance of cybersecurity” in the device’s safety and effectiveness evaluation. The FDA will finalize the draft guidance after considering comments and suggestions submitted by May 13, 2024.

Categories
Health Law Highlights

FDA Brings Lab Tests Under Federal Oversight

Summary of article from AP News, by Matthew Perrone:

The FDA has finalized a regulation that will gradually introduce oversight for new tests developed by laboratories. The rule mandates that these tests, including those for life-threatening diseases, must demonstrate accurate results within a timeframe of 3.5 to 4 years. However, existing tests will not require federal review and will be grandfathered into approval. All lab tests will need to register with the agency and report any issues. The move has been opposed by the testing industry, which argues it will limit access to critical tests, increase healthcare costs, and stifle innovation.

Categories
Health Law Highlights

Healthcare Industry Sees Increased Investment in Generative AI, LLMs

Summary of article from Health IT Analytics, by Shania Kennedy:

A recent Generative AI in Healthcare Survey reveals that healthcare and life sciences organizations are increasingly investing in generative AI projects, with larger organizations and leadership roles reporting higher adoption rates. The survey found that 35% of respondents are not actively considering generative AI, while 21% are evaluating use cases and 20% are developing these tools. The majority of organizations have significantly increased their generative AI budgets, with a focus on small, task-specific language models. The most common use cases are streamlining clinical workflows and improving patient communication. Despite the increased adoption, accuracy and potential legal and reputational risks are major roadblocks, and many generative AI projects have not been thoroughly tested for bias and explainability.

Categories
Health Law Highlights

FTC Finalizes Changes to Health Breach Notification Rule

Summary of article from Fierce Healthcare, by Heather Landi:

The Federal Trade Commission (FTC) has finalized the revised Health Breach Notification Rule (HBNR) to enhance data privacy protection for consumers using digital health apps. The rule mandates vendors managing digital health records to notify individuals, the FTC, and sometimes the media, of any breach of unsecured personally identifiable health data. The data includes traditional health information, data from fitness trackers, and “emergent health data” such as health information inferred from location data and health-related purchases. The rule also obligates third-party service providers to notify vendors of personal health records following a breach discovery. The rule will be effective 60 days after its publication in the Federal Register.

Categories
Health Law Highlights

HIPAA Update to Include Cybersecurity Requirements for Health Care Organizations

Summary of article from Renal and Urology News, by John Schieszer:

The Department of Health and Human Services (HHS) is updating the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to include new cybersecurity requirements, in light of increasing cyber threats to the healthcare sector. The HHS has issued a concept paper providing voluntary Cybersecurity Performance Goals (CPGs) to help healthcare organizations improve their cyber resilience. A significant rise in data breaches and ransomware attacks has been observed, emphasizing the need for improved cyber protection. The HHS is planning to establish two programs to aid healthcare providers in implementing these CPGs, one of which involves financial aid for high-need providers. Additionally, changes to the HIPAA Security Rule may include allowing patients more direct access to their Protected Health Information (PHI) and potential privacy concerns are being addressed.

Categories
Health Law Highlights

Let’s Make a Deal with DOJ: The Impact of the DOJ’s New Whistleblower Reward Program on Corporate Compliance

Summary of article from Husch Blackwell, by Christina Moore, Madison Rector:

The DOJ announced a new whistleblower rewards program aimed at incentivizing reports of corporate or financial misconduct. This program, allowing individuals to report violations of any federal law, particularly criminal abuses of the U.S. financial system, fills gaps not covered by existing whistleblower initiatives like the False Claims Act (FCA) or the IRS Whistleblower Program. Under the new program, whistleblowers do not need to file a lawsuit or hire an attorney, making it easier for them to report wrongdoings. This initiative could increase pressure on companies to maintain high ethical standards and prevent misconduct. To mitigate risks, compliance officers should foster a culture of openness and communication, ensuring that employees are aware of internal reporting procedures and feel safe using them.

Categories
Health Law Highlights

HHS Warns Health Care Sector of AI-Driven Phishing, Social Engineering Attacks on IT Help Desks

Summary of article from Carlton Fields, by Michael Bailey, John Clabby:

The Health Sector Cybersecurity Coordination Center (HC3) has issued an alert about advanced cybersecurity threats targeting the healthcare sector, particularly IT help desks. These threats involve the use of publicly available information and AI to impersonate healthcare employees, gaining access to email accounts and diverting payments to threat-controlled accounts. The alert also highlights the rise of “spearphishing voice” or “vishing” attacks, using AI to mimic employee voices. In response, the Department of Health and Human Services (HHS) is planning to expand its cybersecurity regulations and enforcement, including potential increases in penalties for HIPAA violations. To mitigate these threats, organizations are advised to enhance training, review cybersecurity policies, limit social media exposure, improve help desk verification procedures, and reassess multi-factor authentication methods.

Categories
Health Law Highlights

What the FTC’s Rule Banning Non-Competes Means for Healthcare

Summary of article from Nelson Mullins Riley & Scarborough LLP, by Candace Friel, Denise Gunter, Carrie Hanger:

The Federal Trade Commission (FTC) has finalized a rule banning most non-compete agreements, with the rule set to take effect 120 days after its publication in the Federal Register. The rule applies to all workers, regardless of title, job function, or compensation, excluding “Senior Executives” as per a narrowly defined term. Non-profit organizations are exempt from the rule. The rule is expected to significantly impact industries such as healthcare where non-compete agreements are common. Legal challenges to the rule have already been initiated, with the U.S. Chamber of Commerce announcing its intention to sue the FTC and a lawsuit filed on April 23, 2024.

Categories
Health Law Highlights

False Claims Act Settlements to Know from Q1 2024

Summary of article from Bass, Berry & Sims PLC, by Theresa Androff, Molly Ruberg:

The first quarter of 2024 saw significant False Claims Act (FCA) and civil healthcare fraud settlements in the healthcare industry, despite a recent downward trend. These settlements, worth millions of dollars, were related to alleged kickbacks, medically unnecessary services and equipment, pharmaceutical issues, and Controlled Substances Act violations. Key settlements included New York York-Presbyterian/Brooklyn Methodist Hospital’s $17.3 million for alleged kickbacks, Lincare’s $25.5 million for false claims related to medical equipment, and Endo Health Solutions’ $475.6 million for its opioid marketing schemes. There were also significant settlements related to voluntary self-disclosures, such as Moffitt’s $19.5 million for false claims related to research studies. Additionally, eBay Inc. settled for $59 million, marking the first Controlled Substances Act settlement with an e-commerce company.

Categories
Health Law Highlights

Fast Five: Important Law and Policy Updates for US Health Care Transactions

Summary of article from ArentFox Schiff, by Michele L. Gipp, Jo-Ann Marchica, Kathryn L. Steffen:

The first quarter of 2024 has seen significant changes in the US health care sector, with new guidelines from the Department of Justice (DOJ) and Federal Trade Commission (FTC) potentially affecting mergers and acquisitions, particularly those involving small health care businesses and physician practices. Federal agencies have also sought public comment on health care transactions, focusing on the impact on various stakeholders and the objectives of these transactions, indicating a continued scrutiny on private equity investment. State authorities are also increasing their oversight of health care transactions, with several states implementing new laws or expanding existing ones. As health care organizations face escalating operating costs, they are considering streamlining services through transactions, but must be cautious of potential legal risks, including antitrust issues. Lastly, the resumption of Medicare and Medicaid audits in full force has increased the need for compliance in health care transactions.