Category: Around the Web

Recommending to clients that they self-disclose violations of the False Claims Act often creates a lot of anxiety. It is a certainty that self-disclosure will be percevied as a good faith effort to by the provider to correct the conduct. It is also true that, without the disclosure, OIG might not identify the wrongful conduct.

Trey Hendershot, for Hendershot Cowart, PC discusses why self-disclosure is almost always the best course of action.

[T]he OIG Self-Disclosure Protocol generally benefits the provider in several ways:

The OIG views a good-faith disclosure as an indication of a robust and effective compliance program. As a result, many self-disclosed violations are resolved through settlements that do not involve exclusion from participation in federal healthcare programs.

The OIG believes that entities that self-disclose and cooperate deserve to pay a lower multiplier on damages than normally would be required in resolving an DOJ-led investigation.

The Self-Disclosure Protocol may mitigate potential exposure under the Civil Monetary Penalties Law and the False Claims Act.

Providers can expect a streamlined and less costly review and resolution process upon acceptance into the Self-Disclosure Protocol.

Matt Stringer, for The Texan:

[T]he Texas Data and Privacy Security Act (TDPSA), was signed into law by Gov. Greg Abbott on Sunday and will take effect in two stages over the next two years.

The act creates a list of rights for internet users over their personal data, including knowing when it is collected, the ability to correct and delete personal data, the right to prohibit the sale of personal data, and protections against being discriminated against or retaliation by companies for using these rights.

Companies will also be required to obtain consent before collecting data relating to racial or ethnic origins, health conditions, sexuality, or citizenship status, as well as genetic and biometric data.

Artificial Intelligence, particularly generative AI, is upending many industries. It will be years before we have an appreciation for the many ways AI can be used to improve quality and equity in healthcare. It will be even longer before laws catch up to protet patients from its inevitable misuse.

Sarah M. Worthy, for The Fast Mode:

Healthcare executives must navigate the delicate balance between harnessing the power of AI and safeguarding the privacy and security of sensitive data. This article explores the imperative for healthcare executives to fortify data protection efforts, delves into the unique challenges posed by AI, and emphasizes the need for a comprehensive approach to safeguard patient and employee data.

Holden Godat, Taylor Anderson, CVA, and Trent Fritzsche, writing for VMG Health:

With the emergence of private equity (PE) firms attempting to align with physician practices, VMG Health has seen an increase in the number of management services agreements (MSAs). Due to the highly fragmented and regulated nature of healthcare, PE investment in healthcare is not as straightforward as in other industries. In states with some level of corporate practice of medicine (CPOM) adoption, PE’s interaction with physician practices usually involves a “Friendly PC” model with an affiliated management services organization (MSO) [1]. In return for providing most of the non-clinical assets and services to a physician practice, the MSO charges a management fee via an MSA. To better understand how these arrangements are structured in the market, VMG Health experts have outlined their findings from valuing over 120 MSAs and offer insight into how to generate more value from these agreements.

Jose Vela, Jr., for Clark Hill:

Last Friday, the U.S. Supreme Court (SCOTUS) handed down an important ruling that will give healthcare organizations and practitioners relief against meritless whistleblower lawsuits. The ruling could result in saving organizations and practitioners their time, money, and reputation.

In a near-unanimous 8-1 decision, the SCOTUS affirmed the Third Circuit Court of Appeals on whether the federal government may obtain dismissal of a whistleblower lawsuit it declined to intervene under the federal False Claims Act (FCA). Upon a defendant’s request or its own volition, the federal government may move to voluntarily dismiss a FCA case over the objection of the whistleblower.

From HuschBlackwell, Healthcare Law Insights:

Following two weeks of trial testimony, a Travis County jury recently rendered a $10 million verdict in a novel corporate practice of medicine (CPOM) case. The jury found in favor of a physician hospitalist group that claimed a management company repeatedly broke its promise to comply with the state’s CPOM prohibition, putting profits over patients, among other wrongdoings.

An appeal is underway, but the case stands out among CPOM cases that typically focus on terms of a contract or on practice models and are limited to seeking declaratory judgments and not money damages. The case also serves as a reminder that breaching a contractual promise to follow applicable state laws (even those to be enforced by regulators and that do not provide for a private right of action) can carry real risk.

Most improper disclosures are caused by complacency, poor training, or lack of attention. These kinds of lists are good reminders of some of the biggest types of violations. Of course, Covered Entities should provide this, and more, to employees and business associates.

From Security Boulevard:

1. Unsecure internet access. Transmitting e-PHI over unsecured networks, such as Wi-Fi networks at a coffee shop, internet cafe, or even at home, can increase the risk of patient data becoming accessible to hackers.

2. Improper handling of paper-based PHI. Paper-based procedures are still commonly used for some elements of a healthcare organization’s operations. This may result in unauthorized access to PHI. For example, if a remote employee prints out patient information from their family printer, the household may access these files.

3. Improper disposal of files. Improper disposal includes disposing of files, physical or electronic, in a way that information can still be read or accessed by unauthorized individuals. …

4. Unauthorized devices.  HIPAA rules require all devices that use, gather, store, or transfer e-PHI to be safeguarded by specific security controls. Employees often use multiple devices to complete their daily tasks, so it is possible to use a device their organization did not authorize unintentionally. …

5. Insufficient compliance training program.  Business associates and covered entities are required to renew their HIPAA certifications annually through compliance training programs. All staff, including remote employees, must complete compliance training.

6. Lost or stolen records.  The HIPAA Security Rule outlines security and safeguards to ensure minimal risk of unauthorized access to PHI. …

7. Incorrect filing of PHI. Incorrect filing can result in unauthorized access to PHI. For example, if a health care provider sends digital X-ray results to the wrong physician or patient information to the wrong patient …

8. Phishing scams.  Phishing scams are a common way cybercriminals trick individuals into accidentally revealing passwords and other sensitive information by sending them communications that appear to come from a reputable source. Refresher courses for all employees on cybersecurity awareness can help reduce these risks. …

9. Unencrypted data.  With most communication occurring through text, email, and other messaging platforms, it’s easy to forget how vulnerable that information is. If PHI is not encrypted appropriately, there is an increased risk of cyberattacks, threats, and data breaches. …

10. Lack of physical security.  For example, leaving paper PHI unattended in communal rooms of the house or on the table at a coffee shop increases the risk of theft or unauthorized access to these files.

Source: 10 HIPAA Violations to Watch Out for While Working Remotely – Security Boulevard

U.S. Supreme Court Justice Samuel Alito has temporarily stayed until Wednesday a Texas federal court order imposing restrictions on the distribution of the abortion drug mifepristone while they consider a request by the Biden administration to block the restrictions.

Brendan Pierson, writing for Reuters, discusses What Happens Next?

Whether or not the Supreme Court decides to stay Kacsmaryk’s order, it will not decide the merits of the case. Rather, the court will determine whether and how mifepristone can be distributed while the case is pending.

…

Whichever way the Supreme Court rules, it will send the case back to the 5th Circuit, where the FDA will pursue a full appeal of Kacsmaryk’s preliminary injunction. The agency and the anti-abortion groups will both have a chance to file briefs, and the case is scheduled to be argued before a three-judge panel on May 17.

That appeal process could last months. The losing party could petition for rehearing with all judges of the 5th Circuit, known as en banc rehearing, and ultimately petition the Supreme Court once again.

…

A final resolution could be months or years away. Once it does come, the losing side will again have the chance to appeal to the 5th Circuit and, eventually, the Supreme Court.

Interesting statistics on hospice care, its growth, and fraud from Deborah Abrams Kaplan, writing for Managed Healthcare Executive:

• Hospice care really started to take hold after Medicare started covering it in 1985. With Medicare paying the bills, hospice gained traction over time. Medicare spending on hospice nearly doubled from 2010 to 2020, increasing from $12.9 billion to $22.4 billion, according to the Medicare Payment Advisory Commission (MedPAC), an independent group that advises Congress on Medicare. During that period, the number of organizations that provide hospice care grew by 44%, from 3,498 in 2010 to 5,058 in 2020.
• With the growth in hospice care has come a growth in fraudulent practices. Hospice fraud is rampant and has gotten more sophisticated, especially in four areas: (1) improper admission, (2) improper retention, (3) improper classification, and (4) kickbacks.
• Hospice care in the U.S. was originally provided almost exclusively by nonprofit organizations, but now the providers are predominately for-profit organizations and an increasing number of them are backed by private equity. In 2010, 1,958 of the 3,498 hospices (or about 56%) in the U.S. were run by for-profit companies, according to MedPAC. By 2020, the number of hospices had grown by 44%, to 5,047, and 73% of them were owned by for-profit companies, according to MedPAC.

Violations of the False Claims Act require a requisite state of “knowledge” a claim’s falsity. To violate the statute, one must have “actual knowledge,” “deliberate ignorance” or “reckless disregard of the truth or falsity” of the claim. Any of those broad levels of knowledge is sufficient to support a False Claims Act violation.

But knowledge in retrospect looks different than knowledge prosectively. Is the “usual and customary” price of a drug the price that cash customers pay in cash, or is it the price negotiated by insurance companies or set by Medicare?

This week, the United States Supreme Court will consider the issue in U.S. ex rel. Proctor v. Safeway, Inc.

Nina Totenberg for NPR explains:

The case essentially began in 2006, when Walmart upended the retail pharmacy world by offering large numbers of frequently used drugs at very cheap prices — $4 for a 30-day supply — with automatic refills. That left the rest of the retail pharmacy industry desperately trying to figure out how to compete.

The pharmacies came up with various offers that matched Walmart’s prices for cash customers, but they billed Medicaid and Medicare using far higher prices, not what are alleged to be their usual and customary prices.

Walmart did report its discounted cash prices as usual and customary, but other chains did not. Even as the discounted prices became the majority of their cash sales, other retail pharmacies continued to bill the government at the previous and far higher prices.

For example, between 2008 and 2012, Safeway charged just $10 for almost all of its cash sales for a 90-day supply of a top-selling drug to reduce cholesterol. But it did not report $10 as its usual and customary price. Instead, Safeway told Medicare and Medicaid that its usual and customary price ranged from $81 to $109.