Categories
Health Law Highlights

Louisiana Lawmakers Pass Bill Making Abortion Pills Controlled Dangerous Substances

Summary of article from AP News, by Sara Cline:

Louisiana is set to reclassify abortion-inducing drugs, mifepristone and misoprostol, as controlled and dangerous substances under a new bill that has received final legislative approval. Supporters of the bill argue it will protect women from coerced abortions, while critics, including numerous doctors, fear it will hamper their ability to prescribe these medicines for other reproductive health needs. The bill would place these drugs on the list of Schedule IV drugs under the state’s Uniform Controlled Dangerous Substances Law, requiring doctors to have a specific license to prescribe them and the drugs to be stored in certain facilities. Critics warn this could create barriers to treatment and cause unnecessary fear and confusion. The bill now awaits the signature of the conservative Republican Governor Jeff Landry, who has indicated his support.

Categories
Health Law Highlights

Ransomware Attack on Texas Ophthalmology Practice Exposes Data of 80,000 Patients

Summary of article from The HIPAA Journal, by Steve Adler:

A Texas-based ophthalmology practice, encompassing Victoria Surgery Center, Victoria Eye Center, and Victoria Vision Center, was hit by a ransomware attack on March 21, 2024, compromising the personal and health data of 80,122 patients. The attack encrypted files, making certain systems inaccessible, and an investigation confirmed unauthorized access to patient data. Names, addresses, and medical identification details were among the compromised information. Affected individuals have been notified and offered a year of credit monitoring and identity theft protection services. In another incident, Texas Panhandle Centers, a Certified Community Behavioral Health Clinic, disclosed an unauthorized access to its systems in October 2023, potentially exposing the data of 16,394 patients.

Categories
Health Law Highlights

Is Your Texas Data Protection Assessment Started?

Summary of article from Data Protection Report, by By David Kessler, Annmarie Giblin, Joe McClendon, Susan Ross:

The Texas Data Privacy and Security Act (TDPSA), effective from July 1, 2024, applies to companies conducting business in Texas, processing personal data, and not classified as small businesses. Unlike other state laws, TDPSA requires companies to provide an opt-out option for automated profiling that could significantly impact consumers, such as employment opportunities. The Act mandates “controllers” to conduct a data protection assessment for specific uses of personal data, including sensitive data and profiling activities that pose a risk to consumers. The assessment, which must be available to the Texas Attorney General upon request, should balance benefits against potential risks to consumer rights. Only the Attorney General can enforce the TDPSA, and violations can result in civil penalties up to $7,500 per violation.

Categories
Health Law Highlights

HHS Agency Launches Program to Improve Cyber Resiliency in Hospitals

Summary of article from The HIPAA Journal, by Steve Adler:

The Advanced Research Projects Agency for Health (ARPA-H), a Department of Health and Human Services (HHS) agency, has initiated a cybersecurity program aimed at enhancing and automating cybersecurity in U.S. hospitals. The program, called Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE), will invest over $50 million to develop software tools to bolster network defenses against cyberattacks. The software will help identify and mitigate vulnerabilities in hospital systems, intending to reduce the time devices remain vulnerable from several months to a few days. ARPA-H is seeking proposals for the creation of a vulnerability mitigation platform, development of digital twins of hospital equipment, and methods for auto-detecting vulnerabilities and auto-developing defenses. The UPGRADE program is part of HHS’s broader strategy to improve cyber resilience across the healthcare sector.

Categories
Health Law Highlights

Twin Brothers Plead Guilty to $45 Million Healthcare Fraud

Summary of article from D Magazine, by Will Maddox:

Drs. Desi and Deno Barroga have admitted to a healthcare fraud scheme involving false claims for steroid injections that were never provided, defrauding insurers including Blue Cross Blue Shield, Cigna, and United Healthcare. The scheme involved monthly office visits for patients on addictive drugs, where they fraudulently claimed to perform costly treatments. Manipulated medical records and coerced patient statements were used to validate the fraudulent claims, leading to the doctors billing insurance for $45 million and receiving $9 million. Both doctors have a history of disciplinary actions from the Texas Medical Board related to improper prescribing and inadequate record-keeping. The brothers now face a maximum of 10 years in federal prison.

Categories
Health Law Highlights

New Practical Guidance for Balancing Fairness, Privacy

Summary of article from IAPP, by Cobun Zweifel-Keegan:

The tension between achieving fairness and maintaining privacy in the operation of advanced AI and machine learning systems is a major challenge for digital governance teams. To test for bias and ensure equity, demographic data is often needed, potentially infringing on privacy rights. A report by the Center for Democracy and Technology AI Governance Lab offers best practices for navigating this issue, such as gathering data responsibly, pseudonymization, encryption, and conducting privacy impact assessments. Legislation, like the upcoming Colorado bill, may balance these issues by requiring fairness and bias testing in AI systems. Transparency and clear communication of methodologies are essential to build trust and uniform benchmarks in AI governance.

Categories
Health Law Highlights

Second Circuit Defines “Willful” under Anti-Kickback Statute

Summary of article from Policy & Medicine, by Thomas Sullivan:

The United States Court of Appeals for the Second Circuit recently ruled that for a defendant to be considered “willful” under the federal Anti-Kickback Statute (AKS), they must be aware that their actions are somehow unlawful. This decision came from a qui tam case against McKesson Corp, which was accused of offering free access to business tools to oncology practices in return for using McKesson as their primary drug supplier. The court upheld the dismissal of the case, finding the evidence insufficient to prove that McKesson acted with wrongful intent. The court’s interpretation of “willful” under the AKS protects those who unintentionally engage in prohibited conduct. Despite this, the case was sent back for review of potential violations of state anti-kickback laws, which may have less stringent requirements.

Categories
Health Law Highlights

Five Key Analyses for Healthcare Financial Due Diligence

Summary of article from VMG Health, by Grayson Terrell, CPA:

In the complex landscape of healthcare mergers and acquisitions (M&A), informed decision-making and financial due diligence (FDD) are crucial for both buyers and sellers. FDD involves a detailed investigation of a company’s financial information to validate its true operating potential, with the purchase price usually based on a multiple of the company’s EBITDA. Five key aspects of FDD include Quality of Earnings, Quality of Revenue, Pro Forma Considerations, Net Working Capital, and Debt and Debt-Like Items. These elements help normalize earnings, convert revenues, project future business directions, determine necessary operating capital, and understand a company’s debts and liabilities. Overall, FDD is a necessary step for achieving successful, lucrative transactions in the healthcare sector.

Categories
Health Law Highlights

Implementing AI and Mitigating Compliance Risks – Part II

Summary of article from Dentons, by Susan Freed:

With the increasing role of generative AI in the healthcare industry, there is a growing need for a clear, consistent approach to its implementation. To mitigate compliance risks, organization must have an AI strategy, identify current uses of generative AI, update relevant policies, and create a process for evaluating new AI technology. It is important to training users, implement regular reporting strategies, and conduct periodic reviews of the AI technology in use. Providers should develop governance processes now and be flexible to enough to adapt to new technologies and regulations.

Categories
Health Law Highlights

Health Plan Services Firm Notifying 2.4 Million of PHI Theft

Summary of article from GovInfo Security, by Marianne Kolbasuk McGee:

Texas-based health plan administration services firm, WebTPA, is notifying over 2.4 million individuals about a hacking incident that occurred in 2023, which was detected in December of the same year. The breach potentially compromised personal data including names, contact information, birthdates, Social Security numbers, and insurance details. WebTPA has offered two years of free identity and credit monitoring services to those affected and has bolstered its network security. The delay in identifying and responding to the breach highlights the challenges organizations face in incident response and breach analysis. This incident is the third-largest breach reported in 2024 and emphasizes the increasing targeting of business associates that provide administrative services to health plans and other healthcare sector entities.