Categories
Health Law Highlights

Online Tracking Technologies and HIPAA Misconceptions

Summary of article from IAPP, by John Haskell:

Misconceptions persist about the use of online tracking technologies (OTTs) for marketing under HIPAA compliance. HIPAA mandates that covered entities must obtain explicit authorization from individuals before using or disclosing their personal health information (PHI) for marketing purposes. Simply signing a Business Associate Agreement (BAA) does not ensure compliance, particularly when PHI is involved. The U.S. Department of Health and Human Services (HHS) has clarified that disclosures of PHI to tracking technology vendors without proper authorizations are impermissible. Additionally, business associates are prohibited from using PHI for their own purposes, such as marketing campaigns. Compliance with HIPAA requires obtaining valid authorizations and adhering to specific guidelines, rather than relying solely on BAAs. Understanding these requirements is crucial to avoid regulatory issues.

Categories
Health Law Highlights

People Are Overdosing on Off-Brand Weight-Loss Drugs, FDA Warns

Summary of article from Ars Technica, by Beth Mole:

The FDA has issued a warning about overdoses related to off-brand versions of the weight-loss drug semaglutide, commonly known as Wegovy and Ozempic. Due to high costs and supply shortages, patients are turning to compounded versions, which lack standardized dosing and safety assurances. These compounded drugs often come with unclear instructions and improper syringe sizes, leading to significant dosing errors—sometimes up to 20 times the intended amount. Such overdoses have resulted in severe health issues, including nausea, vomiting, and pancreatitis. The FDA emphasizes that compounded drugs carry higher risks and should only be used when absolutely necessary. The agency also noted that healthcare providers have made dosage calculation errors, further exacerbating the problem.

Categories
Health Law Highlights

P-R-I-V-A-C-Y is Priceless to Me: The 2024 Privacy Rule

Summary of article from Holland & Hart, by Leslie Thomson:

The Department of Health and Human Services has issued the 2024 Privacy Rule, amending HIPAA privacy regulations to restrict the use or disclosure of an individual’s Protected Health Information (PHI) related to reproductive healthcare for certain non-healthcare purposes. This rule aims to protect individual privacy and trust in healthcare providers by prohibiting the use of PHI for criminal, civil, or administrative investigations or liabilities concerning lawful reproductive healthcare activities. Covered entities must update workforce training, HIPAA policies, procedures, and business associate agreements by December 23, 2024. Additionally, the Notice of Privacy Practices must be revised by February 16, 2026, to reflect these changes and address proposals related to the Confidentiality of Substance Use Disorder (SUD) Patient Records.

Categories
Health Law Highlights

AI and Healthcare: Decoding the Latest 1557 Non-Discrimination Regulations

Summary of article from Bricker Graydon LLP, by N. Bradford Wells:

The 2024 Final Rule under Section 1557 of the Affordable Care Act reinstates and expands anti-discrimination provisions for healthcare providers and health plans receiving federal reimbursement. Notably, it extends these provisions to entities participating exclusively in Medicare Part B and introduces regulations for the use of Patient Care Decision Support Tools (PCDST), including AI and clinical algorithms. Covered Entities must now ensure these tools do not perpetuate discrimination based on protected characteristics such as race, sex, and disability. This involves understanding the training data and methodologies used in AI tools, conducting regular audits, and implementing compliance programs. The rule emphasizes the need for AI data literacy among providers to prevent biased treatment decisions. Additionally, the rule has broadened the definition of sex discrimination, although enforcement of this expansion is currently under a nationwide injunction. Compliance with these regulations will require significant vigilance and proactive risk management by healthcare entities.

Categories
Health Law Highlights

Stakeholder Perspectives on Ethical and Trustworthy Voice AI in Health Care

Summary of article from Sage Journals, by Jean-Christophe Bélisle-Pipon, Maria Powell, Renee English, Marie-Françoise Malo, Vardit Ravitsky, Bridge2AI–Voice Consortium, Yael Bensoussan:

Voice as a health biomarker using artificial intelligence (AI) is gaining momentum in research. The noninvasiveness of voice data collection through accessible technology (such as smartphones, telehealth, and ambient recordings) or within clinical contexts means voice AI may help address health disparities and promote the inclusion of marginalized communities. However, the development of AI-ready voice datasets free from bias and discrimination is a complex task. The objective of this study is to better understand the perspectives of engaged and interested stakeholders regarding ethical and trustworthy voice AI, to inform both further ethical inquiry and technology innovation.

Categories
Health Law Highlights

OIG Updates Fraud and Abuse Authorities FAQs

Summary of article from King & Spalding, by Doug Comin:

On July 8, 2024, the Office of Inspector General (OIG) updated its Frequently Asked Questions regarding fraud and abuse authorities, adding four new questions and answers. The updates address the legality and conditions under which hospitals may waive cost-sharing charges for patients under financial assistance or charity care policies without violating the federal anti-kickback statute (AKS) or the Civil Monetary Penalty Law (CMP Law). OIG clarifies that waivers for uninsured or commercially insured patients generally do not violate these laws, but waivers for Federal health care program enrollees could be problematic unless they fall under specific safe harbors or exceptions. Hospitals can inform patients about financial assistance policies, provided such information is not advertised or solicited in a manner that could be construed as inducement. Additionally, offering free care to uninsured or commercially insured patients and advertising this care does not violate AKS or CMP Law. Finally, hospitals may disseminate information about financial assistance policies through various channels, ensuring the communication is compliant and low-risk under the relevant statutes. The full FAQs can be accessed on the OIG website.

Categories
Health Law Highlights

“Incident To” Billing Promotes Productivity, But Presents Many Potential Pitfalls

Summary of article from Burr & Forman, by Catherine Kirkland:

“Incident to” billing allows physician practices to bill Medicare for non-physician practitioners (NPPs) under a supervising physician’s provider number at the full physician rate, enhancing productivity and reducing appointment wait times. However, this arrangement carries significant compliance risks, requiring specific conditions such as the physician initiating treatment, ongoing management, and direct supervision. Violations can result in substantial financial penalties, as seen in recent cases where practices paid hefty settlements for non-compliance. Intentional breaches may even lead to federal criminal charges, highlighting the need for strict adherence to regulations. Practices must also recognize that “incident to” billing requirements differ among payors, necessitating tailored billing policies for each. Legal guidance should be sought if inadvertent violations occur, with self-reporting to the Office of Inspector General (OIG) as appropriate. Understanding and complying with both Medicare and individual payor guidelines is crucial for lawful “incident to” billing.

Categories
Health Law Highlights

HHS Aligns AI, Tech Strategy Under its Policy Agency

Summary of article from GovCIO, by Silvia Oakland:

The Department of Health and Human Services (HHS) has restructured its technology and data strategy responsibilities, consolidating them under its policy office. This reorganization primarily affects the Office of National Coordinator for Health IT (ONC), now renamed the Assistant Secretary for Technology Policy and ONC (ASTP/ONC). A new Office of the Chief Technology Officer will be established, encompassing the Office of the Chief AI Officer, Office of the Chief Data Officer, and a new Office of Digital Services. This digital services team will oversee HHS-wide digital strategy and ethics in technology initiatives. The 405(d) cybersecurity program will transition to the Administration for Strategic Preparedness and Response (ASPR) to enhance healthcare cybersecurity. HHS Secretary Xavier Becerra emphasized the growing importance of cybersecurity, data, and AI in healthcare. Additionally, ONC has updated the Trusted Exchange Framework and Common Agreement (TEFCA) to improve the nationwide exchange of electronic health information.

Categories
Health Law Highlights

A Lifecycle Management Approach Toward Delivering Safe, Effective AI-Enabled Health Care

Summary of blog post from FDA, by Troy Tazbaz:

AI’s continuous learning and adaptability pose risks, such as exacerbating biases, which can harm patients and underrepresented populations. Lifecycle Management (LCM), integral to reliable software since the 1960s, can address these challenges through structured frameworks. The AI Lifecycle (AILC) concept maps traditional Software Development Lifecycles to AI-specific phases, emphasizing systematic methods for data and model evaluation. This AILC model serves as a guide for assessing standards, tools, metrics, and best practices, promoting quality, interoperability, and ethical practices. The health care community is encouraged to engage with and refine these concepts to ensure AI’s safe and effective integration into health care. Feedback and involvement are welcomed to support the development of high-quality AI models.

Categories
Health Law Highlights

Medicaid Overpayment Audits: What Medical Providers Need to Know

Summary of article from Nelson Mullins, by Gabriel Imperato, Hannah Kays, Melissa Scott:

Medicaid overpayment audits ensure program integrity but can be challenging for medical providers. Auditors review medical records and billing documents, typically involving notification, document submission, preliminary findings, appeals, and final determination. Common audit triggers include high claim volumes, unusual billing patterns, frequent adjustments, specific service types, and high rates of new patient claims. Providers can mitigate risks by maintaining accurate documentation, conducting regular internal audits, training staff, implementing compliance programs, and staying updated on regulations. Legal strategies include timely responses, thorough documentation reviews, expert consultations, and utilizing the appeal process to address discrepancies. Engaging knowledgeable healthcare attorneys can help protect practices and efficiently resolve disputes. Understanding the audit process and adhering to best practices can aid providers in managing Medicaid audits effectively.