Category: Health Law Highlights

Categories
Health Law Highlights

New Practical Guidance for Balancing Fairness, Privacy

Summary of article from IAPP, by Cobun Zweifel-Keegan:

The tension between achieving fairness and maintaining privacy in the operation of advanced AI and machine learning systems is a major challenge for digital governance teams. To test for bias and ensure equity, demographic data is often needed, potentially infringing on privacy rights. A report by the Center for Democracy and Technology AI Governance Lab offers best practices for navigating this issue, such as gathering data responsibly, pseudonymization, encryption, and conducting privacy impact assessments. Legislation, like the upcoming Colorado bill, may balance these issues by requiring fairness and bias testing in AI systems. Transparency and clear communication of methodologies are essential to build trust and uniform benchmarks in AI governance.

Categories
Health Law Highlights

Second Circuit Defines “Willful” under Anti-Kickback Statute

Summary of article from Policy & Medicine, by Thomas Sullivan:

The United States Court of Appeals for the Second Circuit recently ruled that for a defendant to be considered “willful” under the federal Anti-Kickback Statute (AKS), they must be aware that their actions are somehow unlawful. This decision came from a qui tam case against McKesson Corp, which was accused of offering free access to business tools to oncology practices in return for using McKesson as their primary drug supplier. The court upheld the dismissal of the case, finding the evidence insufficient to prove that McKesson acted with wrongful intent. The court’s interpretation of “willful” under the AKS protects those who unintentionally engage in prohibited conduct. Despite this, the case was sent back for review of potential violations of state anti-kickback laws, which may have less stringent requirements.

Categories
Health Law Highlights

Five Key Analyses for Healthcare Financial Due Diligence

Summary of article from VMG Health, by Grayson Terrell, CPA:

In the complex landscape of healthcare mergers and acquisitions (M&A), informed decision-making and financial due diligence (FDD) are crucial for both buyers and sellers. FDD involves a detailed investigation of a company’s financial information to validate its true operating potential, with the purchase price usually based on a multiple of the company’s EBITDA. Five key aspects of FDD include Quality of Earnings, Quality of Revenue, Pro Forma Considerations, Net Working Capital, and Debt and Debt-Like Items. These elements help normalize earnings, convert revenues, project future business directions, determine necessary operating capital, and understand a company’s debts and liabilities. Overall, FDD is a necessary step for achieving successful, lucrative transactions in the healthcare sector.

Categories
Health Law Highlights

Implementing AI and Mitigating Compliance Risks – Part II

Summary of article from Dentons, by Susan Freed:

With the increasing role of generative AI in the healthcare industry, there is a growing need for a clear, consistent approach to its implementation. To mitigate compliance risks, organization must have an AI strategy, identify current uses of generative AI, update relevant policies, and create a process for evaluating new AI technology. It is important to training users, implement regular reporting strategies, and conduct periodic reviews of the AI technology in use. Providers should develop governance processes now and be flexible to enough to adapt to new technologies and regulations.

Categories
Health Law Highlights

Health Plan Services Firm Notifying 2.4 Million of PHI Theft

Summary of article from GovInfo Security, by Marianne Kolbasuk McGee:

Texas-based health plan administration services firm, WebTPA, is notifying over 2.4 million individuals about a hacking incident that occurred in 2023, which was detected in December of the same year. The breach potentially compromised personal data including names, contact information, birthdates, Social Security numbers, and insurance details. WebTPA has offered two years of free identity and credit monitoring services to those affected and has bolstered its network security. The delay in identifying and responding to the breach highlights the challenges organizations face in incident response and breach analysis. This incident is the third-largest breach reported in 2024 and emphasizes the increasing targeting of business associates that provide administrative services to health plans and other healthcare sector entities.

Categories
Health Law Highlights

Don’t Call It a Breach Rule: FTC Health Breach Notification Rule Has Been Here for Years, Now Updated to Serve as a Backdoor Privacy Regulation

Summary of article from Wyrick Robbins Yates & Ponton LLP, by Lynn Percival IV:

In December 2021, the Federal Trade Commission (FTC) began a rulemaking process to update the Health Breach Notification Rule (HBNR), which mandates notice following a security breach of unsecured personal health records. The FTC has now finalized these updates, expanding the definition of a “breach of security” to include unauthorized uses and disclosures of health information. The updated rule also broadens the terms “personal health records” and “PHR identifiable health information,” potentially encompassing more websites, apps, and data repositories. The definition of “PHR related entity” has also been clarified, expanding the types of organizations subject to the rule. The updated rule will be effective 60 days after its publication in the Federal Register, with violations potentially resulting in significant civil penalties.

Categories
Health Law Highlights

Telehealth: Regulatory Questions Amid Legislative Uncertainty

Summary of article from McDermott+Consulting, by Jeffrey Davis, Rachel Stauffer:

The article discusses the potential expiration of temporary Medicare waivers for telehealth services, which were instated during the COVID-19 pandemic and are set to expire by the end of 2024. Without further action from Congress, Medicare telehealth will revert to a rural-only benefit from 2025, and patients will have to visit an “originating” site to receive services. Congress is currently considering another extension, but the uncertainty is causing confusion among patients and providers. The Centers for Medicare & Medicaid Services (CMS) must establish payment policies for 2025, but the legislative uncertainty makes it challenging. Key issues include determining which telehealth services will be added to the Medicare list, the reimbursement rates for these services, the adoption of new telehealth codes, and decisions about other telehealth flexibilities.

Categories
Health Law Highlights

HHS Issues New Affordable Care Act Section 1557 Nondiscrimination Regulations

Summary of article from Seyfarth Shaw LLP, by Kristina Launey, Leon Rodriguez:

Section 1557 of the Affordable Care Act prohibits discrimination in health programs receiving federal financial assistance. It has been subject to changes across different Presidential administrations since its inception in 2016. The latest regulations, effective from August 6, 2024, restore some repealed provisions and enhance nondiscrimination requirements. The Final Rule restores protections against discrimination based on sexual orientation, gender identity, disability, and religious objections, and expands its reach to include Medicare Part B providers, private insurance plans, and AI patient decision-making tools. It also mandates language assistance and accessibility services, and re-states federal protections for religious freedom and conscience.

Categories
Health Law Highlights

OCR HIPAA Audit Program to Commence in 2024

Summary of article from The HIPAA Journal, by Steve Adler:

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 mandates periodic audits of HIPAA-regulated entities by the Office for Civil Rights (OCR) to assess HIPAA compliance, with a focus on the HIPAA Security Rule. OCR has confirmed that audits will be conducted in 2024. The increasing rate and scale of data breaches suggest inadequate compliance with the HIPAA Security Rule among healthcare organizations. OCR aims to improve future audit programs and cybersecurity across the healthcare sector, with a particular focus on risk analysis and management provisions of the HIPAA Security Rule. OCR is working on an update to the HIPAA Security Rule, expected to be finalized by the end of the year, to reflect changes in technology and working practices, including the adoption of cloud technology, encryption, and multifactor authentication.

Categories
Health Law Highlights

Health Care, AI and Antitrust: Analysis and Next Steps

Summary of article from Manatt, Phelps & Phillips, LLP, by Dylan Carson, Harvey Rochman:

As artificial intelligence (AI) becomes more prevalent in the health care industry, there are growing concerns about potential anticompetitive conduct, including algorithmic price fixing. This issue was highlighted in a recent New York Times report alleging that certain health plans and administrators were using the same company’s algorithmic tools to set out-of-network rates, potentially leading to higher costs for patients. Antitrust enforcers argue that using the same AI systems to set prices could be seen as collusion and therefore a violation of antitrust laws. Health care companies are advised to closely monitor these developments and consider the potential legal risks associated with their use of AI.