Categories
Health Law Highlights

Feds Levy First-Ever HIPAA Fine for a Phishing Breach

From Govinfo Security, by Marianne Colbasuk McGee:

  • The Department of Health and Human Services has issued the first ever HIPAA fine for a phishing breach, highlighting the importance of cybersecurity in the healthcare industry.
  • The fine was imposed on a medical practice that failed to adequately protect the sensitive information of its patients, resulting in a phishing attack that compromised over 17,000 individuals’ data.
  • The incident serves as a reminder for healthcare organizations to implement strong security measures, including employee training and robust email security protocols, to prevent similar breaches from occurring.
  • The HHS Office for Civil Rights (OCR) has emphasized the need for healthcare entities to conduct regular risk assessments and implement appropriate safeguards to protect patient data.
  • This case also highlights the OCR’s commitment to enforcing HIPAA regulations and holding organizations accountable for their failure to secure sensitive information.
Categories
Health Law Highlights

The Growing Causal Divide: But-For Causation in AKS/FCA Actions

From McGuireWoods, by Renee Kumon, Timothy Fry and Brett Barnett:

  • The District of Massachusetts Court recently joined the Sixth and Eighth Circuits in requiring the government to show a direct tie between kickbacks and referrals that proximately caused claims to federal healthcare programs to prevail in Anti-Kickback Statute (AKS) and False Claims Act (FCA) actions.
  • The District Court’s ruling contributes to the growing split between the Third Circuit, which requires a mere causal connection between kickbacks and referrals, and the Sixth and Eighth Circuits, which require but-for causation between the kickback and the federal claim.
  • This split relates to the per se fraud clause added to the AKS in 2010, which provides “a claim that includes items or services resulting from a violation of this section constitutes a false or fraudulent claim” for purposes of the FCA.
Categories
Health Law Highlights

FDA Issues Revised Off-Label Communications Guidance

From Jones Day, by Anthony Dick, Harrison Farmer, Colleen Heisey, Laura Laemmle-Weidenfeld, Rebecca Martin:

  • The FDA has issued a revised draft guidance on the sharing of scientific information with healthcare providers (HCPs) regarding unapproved uses of approved/cleared medical products.
  • The 2023 Guidance expands the scope of recommendations to include independent clinical practice resources and firm-generated presentations of scientific information.
  • It introduces a new evidentiary standard for source publications and emphasizes the importance of truthful, non-misleading, factual, and unbiased communications.
  • The guidance also provides presentational considerations, such as clear disclosures, avoidance of persuasive marketing techniques, and the use of plain language.
  • Comments on the guidance can be submitted until January 5, 2024.
Categories
Health Law Highlights

CMS Issues Interim Rule in Response to State Medicaid Disenrollment Trend

From Nelson Mullins Riley & Scarborough LLP, by Shane Duer, Knicole Emanuel, Cara Ludwig:

  • The Centers for Medicare & Medicaid Services (CMS) has issued an interim rule in response to the trend of states disenrolling recipients from the Medicaid program.
  • The rule aims to limit the removal of recipients from the program for procedural reasons rather than eligibility considerations.
  • States that fail to comply with the rule may face enforcement actions, including submitting a corrective action plan and paying civil money penalties.
  • The rule also requires states to submit reports on their eligibility redetermination activities, which will be made public.
  • The regulations became effective on December 6, 2023.
Categories
Health Law Highlights

What Cigna’s FCA Settlement Means for Other Medicare Advantage Plans

From HealthPayerIntelligence, Victoria Bailey:

  • Cigna’s recent brush with False Claims Act violations serves as a reminder that Medicare Advantage organizations should be routinely assessing their risk and compliance activities.
  • The United States alleged that Cigna submitted inaccurate and untruthful patient diagnosis data to receive additional payments from CMS and did not withdraw the inaccurate data or repay CMS.
  • Cigna submitted the diagnoses to CMS even though they were not supported by information documented on the vendors’ forms, nor were they reported to Cigna by other healthcare providers who saw the patient during the year the home visits occurred.
  • Medicare Advantage is a top priority for the government when it comes to detecting fraud.
  • Medicare Advantage plans should focus on risk mitigation assessments to avoid similar situations:
    • ensure your documentation looks good. Make sure if you’re doing these retrospective reviews of patient charts, you’re not just adding codes, but also making sure that if any of the codes needed to be downgraded, you’re deleting those extra codes
    • look at their data and imagine how it would appear to an objective third party. Plans should ensure they are identifying the correct codes and that any in-home assessments are complete.
    • conduct annual risk assessments and other monitoring.
  • All Medicare Advantage organizations would benefit from proactively assessing their data on a routine basis. Some organizations may be able to monitor their documentation and conduct risk adjustments with their current staff. However, partnering with outside companies may be helpful for others.
Categories
Health Law Highlights

Two Dallas Physicians Charged in $12 Million Fraud Scheme

From D Magazine, by Will Maddox:

  • Drs. Desi and Deno Barroga were indicted for allegedly receiving $12 million from fraudulent claims and illegally distributing hydrocodone to patients from the Dallas pain management clinic where they operated.
  • While at the clinic, the Barrogas would bill insurance for injections of anti-inflammatory steroids without administering the medicine. According to the indictment, the doctors would put a needle against the patient’s skin without piercing the skin to mimic an injection.
  • The physicians allegedly billed for 80 injections on a patient in a single visit. Court records show that the clinic sometimes billed more than $4,000 for services on a single day for a patient.
  • The clinic allegedly created fake health records to reflect the fraudulent billing, often copying and pasting the record from patient to patient with little to no variation. The Barrogas submitted the false records to the insurance companies to justify the alleged fraud. The defendant billed insurance companies for $50 million, of which they were paid $12 million for the fraudulent work.
Categories
Health Law Highlights

The New Health Privacy Landscape—Out of the Frying Pan and Into the Fire

From Perkins Coie, by Stephanie Duchesneau, Susan Fahringer, Meredith Halama, Janis Kestenbaum:

  • The legal landscape around health privacy has become much more complex in recent years, with more entities and types of data now subject to regulation and enforcement.
  • The FTC has taken a broader view of what constitutes sensitive health data and has pursued more enforcement actions around the sharing of such data with third parties like ad tech companies. 
  • Several states like Washington, New York, Nevada, and Connecticut have passed new consumer health privacy laws restricting certain uses of geofencing and health data.
  • HHS and the FTC have also issued new guidance clarifying that certain data sharing practices of HIPAA-covered entities may violate privacy rules.
  • All entities should review their health privacy practices given this changing legal landscape to ensure compliance and avoid litigation and enforcement risks.
Categories
Health Law Highlights

Defending Executive Compensation in Nonprofit Health Care Systems

From American Health Law Association, by Albert Lin, Husch Blackwell LLP, and Connor Campbell, Weaver and Tidwell LLP:

This article reviews the rules surrounding the IRS principles of executive compensation with a focus on health care organizations and discusses best practices that the governing boards of such organizations should look for in exercising their fiduciary obligations to minimize issues with tax-exempt status.

State-Specific Requirements Impacting Executive Compensation

State-Specific Nonprofit Corporation Statutes and Applicable Requirements

  • Nonprofit health care organizations should maintain awareness of state-specific nonprofit requirements. These nonprofit requirements encompass both corporate governance requirements and tax-specific requirements based on income, property, and sales taxes that may not always correlate with federal tax concepts.
  • Texas has a common, specific type of nonprofit health organization that is specifically licensed by the Texas Medical Board as a legal entity that can practice medicine.
  • State statutes will usually have provisions directly impacting the payment of compensation.
  • As applied to executive compensation, an argument that a payment is a prohibited “distribution” is usually a key risk factor. The IRS rules prohibit a distribution of net earnings; state statutes may have slightly different language.
  • It is important to have awareness of whether state community benefit goals are met.

State Common Law Fiduciary Duties

  • In exercising their fiduciary duty and reviewing and approving compensation, directors should be mindful of their Duty of Care, Duty of Loyalty, and Duty of Obedience.

Federal Tax Law Requirements Impacting Executive Compensation

Private Benefit and Private Inurement

  • Federal tax concepts of private benefit and private inurement should always be on the minds of those establishing executive compensation for nonprofit organizations.
  • Private benefit refers to situations in which the overall resources of a charitable organization may benefit a general private interest rather than the public.
  • Private inurement prohibition is absolute and occurs when net earnings of a charitable organization are redirected to persons who are essentially in control or exercise control of the charitable organization (“insiders”).

Section 4958 Intermediate Sanctions

  • The intermediate sanctions penalize two key players: any disqualified person and any organization manager.
  • The defense to private inurement and the intermediate sanction regime the rebuttable presumption of “reasonable compensation.” This essentially shifts the burden of proof to the IRS in any contest over whether compensation was excessive.

21% Excise Tax on Compensation in Excess of $1M for Nonprofit Covered Employees

  • There is a 21% excise tax on the amount of compensation over $1 million as well as excess “parachute payments” paid to any “covered employees”.
  • There is also an exception for physicians and other providers, as amounts paid for medical services are disregarded for purposes of the $1 million excise tax threshold.

Recommended Best Practices on Executive Compensation for Nonprofit Health Care Boards

Monitor Legal Developments Contemporaneously Document Facts and Circumstances Supporting Both Reasonableness of Compensation and Community Need

  • The analysis conducted by the compensation committee should be written up in the form of minutes or internal memoranda.
  • An independent third-party compensation study can be critical in providing evidence in support of meeting the burden of proof and assist in moving performance factors to criteria more focused on community benefit.
  • Compensation assessments should elaborate on non-qualitative factors, emphasizing the argument that tax-exempt hospitals need to provide more and more community benefit.

Physician Executive-Specific Factors

  • There should be a ceiling or reasonable maximum that the physician can earn.
  • An increasing level of compensation, coupled with decreasing charity care statistics, may trigger scrutiny.
  • Incentive bonuses should include measures such as quality of care and patient satisfaction.
  • Be prepared to show that the arrangement accomplishes a charitable purpose and is not intended to induce referrals or incentivize the “cherry-picking” of patients in an effort to maximize revenues.
  • The arrangement should not be a substitute for a joint venture. JVs need to be structured separately and comply with the separate set of rules and administrative rulings on physician joint ventures with tax-exempt organizations.
  • The compensation should reward physicians for services performed and not activities beyond the physician’s control.

Recruitment Incentives

Categories
Health Law Highlights

Advisory Opinion 23-7 OIG Issues Favorable Opinion Regarding Proposal to Pay Bonuses to Its Employed Physicians Based on Net Profits

From Health Law Diagnosis, by Nathaniel Arden & Michael Lisitano:

  • On October 13, 2023, the Office of Inspector General (OIG) published Advisory Opinion 23-07, in which the OIG issued a favorable opinion regarding a physician group employer’s proposal to pay bonuses to its employed physicians based on net profits derived from certain procedures performed by the physicians at ambulatory surgery centers.
  • Under the proposed arrangement, the Group would pay its physician employees a bonus in addition to the physicians’ base compensation. The bonus would be equal to 30% of the Group’s net profits derived from two ambulatory surgical centers’ facility fee collections attributable to that physician’s procedures.
  • The two ambulatory surgical centers in question would be operated as “divisions” of the Group and not as separate legal entities.
  • The OIG determined that the proposed bonus arrangement is protected by the bona fide employee statutory exception and regulatory safe harbor of the Anti-Kickback Statute and would therefore, not generate prohibited remuneration.
  • The OIG differentiated similar arrangements where the ACS is owned by a separate entity. In those cases, the bona fide employee exception and safe harbor would likely not apply.
  • OIG’s analysis in the Advisory Opinion demonstrates that when properly structured to comply with statutory exceptions and regulatory safe harbors, certain bonus compensation arrangements of this sort may be permissible.
Categories
Health Law Highlights

UnitedHealth Defends Lucrative Billing Tactic in Appeals Court

From Bloomberg Law, by Jacklyn Wille:

  • “Cross-Plan Offsetting” is the practice by an insurer of clawing back benefits it says were overpaid to a provider under one plan by reducing future payments to the provider under a different plan that it administers.
  • This common insurance billing tactic has invited litigation over its legality and opposition from the Labor Department.
  • In one such case, the Eighth Circuit is being asked to decide whether Smith and Ghanim, who are covered by health plans funded by their employers and administered by United, have been harmed in a way that would give them standing to challenge the practice under ERISA.