Around the Web

Antitrust & Competition Healthcare Quarterly Update Q2 2023

Andrew Lacy, Arman Oruc, John Goheen Kevin Walsh, and Andrew Jensen, writing for Goodwin Procter:

In the second quarter, the US antitrust agencies continued efforts to bolster their aggressive enforcement agenda by rewriting long-standing policies and procedures, including sweeping revisions to Merger Guidelines, significant changes to the HSR filing process, and withdrawing long-established antitrust healthcare guidance.

Pressure on PBMs continued to mount as the FTC expanded its study of the industry and withdrew previous advocacy statements and market studies related to PBMs.

The FTC continued to challenge major healthcare mergers, including the ongoing challenge to Illumina/Grail and a new challenge to IQVIA/Propel.

Beyond merger review, the FTC has not relented in its focus on state COPA laws, which may intensify enforcement actions in this space. Further, two states enacted notification laws for healthcare transactions that will require additional information and extend the timeline for regulatory approval.

Around the Web

After Hearing Arguments, Future of Planned Parenthood in Texas Rests with Federal Judge

Dallas Morning News:

Texas officially ousted the organization from the state’s Medicaid program in 2021 after four years of trying and a subsequent legal battle.

Planned Parenthood continued to collect Medicaid payments from the state during legal appeals, $17 million the state says the health care group should now pay back, in addition to fines that far exceed the amount the state said Planned Parenthood owes in reimbursement funds. Planned Parenthood said the total judgment could be greater than $1 billion.

Now-suspended Texas Attorney General Ken Paxton filed the lawsuit last year under the False Claims Act, which establishes liability for health care fraud and allows fines for every incorrect payment.

Around the Web

Hospital Mergers Double the Risk of a Data Breach, Study Shows

Joseph J. Lazzarotti, writing for JacksonLewis:

A recent study suggests that the likelihood for hospitals to experience a data breach doubles during the year before and after a merger. As some expect an increase in hospital mergers in the coming year, one can expect the number of healthcare data breaches to increase.

According to the research, Nan Clement, a Ph.D. candidate in economics in the School of Economic, Political and Policy Sciences in the University of Texas at Dallas looked at reporting on data breaches from the Office for Civil Rights during the period 2010 to 2022. Based on her analysis, for the two-year period surrounding a transaction closing (one year before and after the closing date), the chances of a data breach was 6%, compared to 3% for hospitals that merged but were outside that two-year period.

Around the Web

CMS Unveils New Changes to ACO REACH Model

By Noah Tong, for Fierce Healthcarel:

Among numerous tweaks, CMS reduced the beneficiary alignment minimum for new entrant accountable care organizations from 5,000 to 4,000. It also reduced minimums for high needs populations. A 10% buffer will be applied across all ACO types, allowing an ACO to temporarily drop below the new beneficiary minimum, but an ACO cannot remain below the threshold for more than one of the model’s remaining years, according to the newly released standards.

Around the Web

OIG Issues Final Information Blocking Enforcement Rule and Highlights the Potential for Referrals to the FTC and FCA Liability

By Ryan P. Blaney & Jonian Rafti, for Proskauer:

The Final Rule codifies the prohibition on “information blocking” introduced by the 21st Century Cures Act (“Act”), which was enacted on December 13, 2016. In the Act, “information blocking” was defined as any activity that, in part, is “likely to interfere with, prevent, or materially discourage access, exchange, or use” of electronic health information (“EHI”).[1] The Final Rule provides an enforcement process for alleged information blocking violations by health information networks, health information exchanges, and developers of health IT certified by the HHS Office of the National Coordinator for Health Information Technology (“ONC”). Enforcement of the information blocking penalties will begin on September 1, sixty days after publication of the final rule in the Federal Register.

Around the Web

Healthcare Industry Faces Heightened Antitrust Scrutiny Under New Merger Guidelines, HSR Rules

By Wendy Arends, Mark Tobey & Kelsey Toledo, for HuschBlackwell:

The draft Merger Guidelines were published on July 19, 2023, by the Agencies just weeks after the FTC issued newly proposed rules under the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR). The Merger Guidelines represent a significant departure from the 2010 Horizontal and Vertical Merger Guidelines, and the proposed HSR rules represent the first time the HSR process has been substantively updated in over 40 years.If implemented in their current form, both will have the effect of making the merger review process lengthier, more complicated, and more burdensome for virtually all companies, including those operating in the healthcare industry. The Agencies are seeking comments on the Merger Guidelines through September 18, 2023, and the FTC is currently accepting comments on the Proposed HSR Rules, extending the comment period until September 27, 2023.

Around the Web

Private Equity in Healthcare Is Under A Microscope, So What’s Next?

Jacqueline LaPointe, for RevCycle Intelligence:

As of 2019, private equity entities accounted for 65 percent of physician practice acquisitions, representing the vast majority of physician deals, according to data from the American Hospital Association (AHA). …

Researchers from several universities, including the University of Chicago and Columbia University, found that private equity acquisitions in every studied healthcare setting have increased in prevalence, and those investments were most closely associated with up to a 32 percent increase in costs for payers and patients.

Private equity ownership of medical settings was also associated with mixed to harmful effects on care quality. …

Research has linked price hikes to consolidation in healthcare, and when the topic of healthcare mergers and acquisitions comes up lately, private equity is on the tip of everyone’s tongue.

Around the Web

5 Steps to Ensure HIPAA Compliance on Mobile Devices

For mobile devices used by your providers and staff (your mobile endpoints), Michael Goad, for TechTarget, suggests:

1. Ensure devices and data are secure and encrypted … Encrypting mobile data prevents unauthorized access and protects patient information. [Use] strong encryption protocols for … Data transmission and storage … Regularly monitoring systems for potential security issues, OS patching and updates.
Enhanced security and networking policies and tools to prevent malicious attacks.

2. Implement strong authentication controls …  so unauthorized users cannot access confidential data.

3. Establish clear device usage policies …  Provide specifics, such as who can access these devices, how often users must update them and which apps users can install on them.

4. Conduct regular security audits … to ensure that all devices used by staff comply with regulations and relevant policies. A formalized response plan for dealing with potential data breaches is vital as well.

5. Carefully manage applications … ensure that application data is digitally sandboxed to control how data can be accessed, viewed and shared.

Around the Web

New Regulations on Health Care Transactions in California

While this blog is focused on Texas and federal law, many of our clients offer telehealth or Internet-centric services which implicate the laws of other states.

Andrew J. Demetriou, for HuschBlackwell, discusses new California regulations that “contemplate a dramatic expansion of state review of transactions affecting health care services.”

When approved, final regulations would be effective January 1, 2024. …

The regulations have been proposed pursuant to California Health & Safety Code §§ 125507-125507.6, part of an omnibus health care law enacted in 2022 which created OHCA [California Office of Health Care Affordability] and gave it broad authority to set and enforce heath care cost targets for the State.  The law requires that OHCA receive 90 days’ advance notice of transactions intended to close on or after April 1, 2024, that affect health care services in California. OHCA is required within the notice period to decide whether to conduct a cost and market impact review (“CMIR”) to determine whether a proposed transaction will reflect a market failure, increase market power of a party or create a risk of significant impact on market competition, the State’s ability to meet cost targets or costs for health care purchasers or consumers. Any transaction subject to the notice requirements may not be closed until OHCA has determined not to conduct a CMIR or, alternatively, has completed a CMIR evaluating the transaction.

Around the Web

Attacks at US Hospitals Show Why Health Care Is One of the Nation’s Most Violent Fields

Rebecca Boone, for AP News:

Data shows American health care workers now suffer more nonfatal injuries from workplace violence than workers in any other profession, including law enforcement. …

It’s not just deadly shootings: Health care workers racked up 73% of all nonfatal workplace violence injuries in 2018, the most recent year for which figures are available, according to the U.S. Bureau of Labor Statistics. …

Around 40 states have passed laws creating or increasing penalties for violence against health care workers, according to the American Nurses Association. Hospitals have armed security officers with batons, stun guns or handguns, while some states, including Indiana, Ohio and Georgia, allow hospitals to create their own police forces.