OIG Approves Gift Cards to Promote Patient Compliance with a Preventive Screening Measure

OIG has approved the use of gift cards to incentivize patients to return sample collection kits, provided there are certain safeguards in place:

  • Mailing the gift cards only to those patients who return the kits by the deadline specified in the reminder letter.
  • Advising patients that they may not use the gift cards on items or services provided by the requestors.
  • Limiting patients to one gift card every 36 months, which is consistent with Medicare’s coverage period for the screening test.
  • Implementing processes to ensure patients who received a gift card during the 36-month period do not receive another one during that period.
  • Refraining from patient-focused promotional activities that advertise the availability of the gift card.
  • Prohibiting advertising or marketing the proposed arrangement to healthcare providers who may order the test.
  • Excluding tests ordered by healthcare providers through the requestors’ website from the proposed arrangement.

Dee Harleston, Stewart Kameen, Jinnifer Michael, and Danielle Sloane, for Bass Berry & Sims:

The U.S. Department of Health and Human Services Office of Inspector General (OIG) recently issued Advisory Opinion 23-03, approving a proposal by the manufacturer of a colorectal cancer screening test and its wholly owned laboratory to provide gift cards to certain patients to encourage them to return the sample collection kits. While limited in scope, this favorable opinion is noteworthy because OIG typically disfavors arrangements under which providers or suppliers distribute gift cards to incentivize patients to obtain federally reimbursable services. Although OIG approved the proposed arrangement at issue in Advisory Opinion 23-03, the agency also pointedly warned entities against structuring arrangements that differ from the facts of the proposed arrangement.

OIG Advisory Opinion 23-03

Can Actions Be Considered Remuneration Under the Anti-Kickback Statute?

When discussing the Anti-Kickback Statute (AKS), it’s common to say that “remuneration” can be “anything of value.” That board definition has been called into question by the Sixth Circuit in United States ex rel. Martin v. Hathaway et al., No. 22-1463. In that case, a qui tam relator (physician) alleged that a small-town hospital refused to hire her in exchange for a physician group to continue to send the hospital referrals. The “value” then was the not hiring a physician in exchange for referrals. The AKS does not define “remuneration.”

The Sixth Circuit determined that a careful examination of the meaning of “remuneration” and context shows that this term is limited to “payments and other transfer of value,” not “any act that may be valuable to another.” Thus the act of not hiring the physician is not remuneration.

Further, even if remuneration was present, the court stated that False Claims Act liability “resulting from” an AKS violation requires showing but-for causation. In other words, an FCA plaintiff must show “that the referrals would not have been made without the remuneration, and that the claims would not have been submitted to the government without those referrals.” Here, the qui tam physician was unable to point to any specfic Medicare claims that would not have been submitted as a result of the hospital’s decision not to hire the physician.

FDA to Refuse Medical Device Submissions For Cybersecurity Reasons Beginning in October

Jill McKeon, for Health IT Security:

Effective immediately, the US Food and Drug Administration (FDA) will require medical device manufacturers to provide cybersecurity information in their premarket device submissions. Additionally, beginning October 1, the FDA will exercise its authority to refuse submissions for cybersecurity reasons.

Key Medical Device Security Requirements Included in Omnibus Bill
HSCC Publishes Guidance On Managing Legacy Medical Tech Security
Outdated Operating Systems Remain Key Medical Device Security Challenge
For any submission after March 29, manufacturers must include a “plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures,” the FDA stated.

In addition, manufacturers must develop and maintain procedures that provide a reasonable assurance that the device and systems are cybersecure and incorporate plans to patch and update the device and related systems at the postmarket stage.

Lastly, manufacturers are required to provide a software bill of materials (SBOM) for their devices, including commercial, open-source, and off-the-shelf software components. The FDA issued an accompanying FAQ document to help manufacturers determine their obligations.

FDA: Cybersecurity in Medical Devices Frequently Asked Questions (FAQs)

FDA Cybersecurity Requirements for Medical Devices Now in Effect

From the HIPAA Journal:

On Wednesday, March 29, 2023, the medical device cybersecurity requirements of the $1.7 trillion omnibus spending bill – The Consolidated Appropriations Act, 2023 – took effect and the FDA now requires all regulatory submissions for medical devices to include information about the cybersecurity measures that have been implemented for the devices. Section 3305 of the Omnibus bill — Ensuring Cybersecurity of Medical Devices — amended the Federal Food, Drug, and Cosmetic Act (FD&C Act) by adding section 524B, Ensuring Cybersecurity of Devices. This requirement took effect 90 days after the enactment of the Act on December 29, 2022, which means premarket submissions submitted to the FDA after March 29, 2023, require information to be included about the cybersecurity of medical devices.

A Federal Judge Suspends FDA’s Longtime Approval of an Abortion Pill, but Gives the Government 7 Days to Appeal

Medication abortions typically use two drugs taken together: Mifepristone and Misoprostol. This ruling only affects Mifepristone. The other drug, Misopostol, is still available, but its use has always required the physician to prescribe it “off-label,” meaning it is not FDA-approved for abortions. It is FDA-approved only for use to prevent stomach ulcers while taking NSAIDs.

Chloe Atkins writing for NBC News:

In an unprecedented move, U.S. District Judge Matthew Kacsmaryk on Friday suspended the Food and Drug Administration’s longtime approval of key abortion pill mifepristone, though he gave the government a week to appeal his decision. If the ruling does eventually go into effect, it would curtail access to the standard regimen for medication abortion nationwide.

The FDA approved mifepristone more than 20 years ago to be used in combination with a second drug, misoprostol, to terminate pregnancies at up to 10 weeks. Over half of U.S. abortions are done by medication abortion, according to the Guttmacher Institute, a research group that supports abortion rights.

If the stay on the FDA’s mifepristone approval goes into effect, the drug would no longer be available anywhere in the U.S. That would leave a surgical procedure or off-label use of misoprostol on its own as the only options in states where abortion is legal.

Telemedicine Prescribing of Controlled Substances When the Practitioner and the Patient Have Not Had a Prior In-Person Medical Evaluation

When the public health emergency ends, so do many of the waivers that were created to facilitate healthcare during the pandemic. One such concession involves the The Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (the “Act”).

Generally, the Act provides that no controlled substance may be delivered, distributed, or dispensed by means of the Internet without a valid prescription. A valid prescription requires a medical practitioner to conduct at least one in-person medical evaluation of a patient before issuing a prescription for a controlled substance. There are seven exceptions, one of which is during a public health emergency.

For the past three years, many telehealth providers have become accustomed to prescribing controlled substances following a telehealth visit, without first conducting an in-person exam.

With the PHE coming to an end in May, an in-person exam will be required. However, the Drug Enforcement Agency (DEA) has proposed rules to that will create additional flexibilities on the timing and manner for obtaining an in-person exam.

Federal Register

OIG Expands Topics for Frequently Asked Questions

OIG has used various avenues to communicate its views on various healthcare compliance issues, such as advisory opinions, contractor self-disclosures, corporate integrity agreements, and exclusions. In March, the OIG has expanded the number of topics it will consider for FAQs submitted by the healthcase stakeholders:

  1. general questions regarding the Federal anti-kickback statute and the civil monetary penalty (CMP) provision prohibiting certain remuneration to Medicare and State health care program beneficiaries and OIG’s administrative enforcement authorities in connection with these statutes
  2. inquiries regarding the general application of the Federal anti-kickback statute and Beneficiary Inducements CMP to a type of arrangement that may implicate these statutes,
  3. questions regarding compliance considerations, and
  4. OIG’s Health Care Fraud Self-Disclosure Protocol.

More information at Frequently Asked Questions | Office of Inspector General | U.S. Department of Health and Human Services.

Judge Strikes Down ACA’s Preventive Care Requirement

A Fort Worth federal judge yesterday ruled that insurers cannot be compelled under the Affordable Care Act to provide preventative care free of charge to insureds. The basis of the ruling involves the U.S. Preventive Services Task Force, which is the body tasked with enforcing the ACA. The judge determined that the Task Force is unlawful because the members are not appointed by the President or confirmed by the Senate.

Julia Forrest, writing for the The Texas Tribune:

O’Connor found that preventive care recommendations issued by the panel do not have to be followed because he found their volunteer members, who are 16 medical professionals and scientists charged with issuing the recommendations, do not have to be appointed by the president nor confirmed to their posts by the Senate.

The Med Spa on the Corner Is Probably Breaking the Law

Five vials of botulism toxin (botulism toxin)

Look better. Feel better. Fountain of youth promises are making med spas one of the fastest-growing segments in healthcare. Botox injections, laser hair removal, IV hydration and therapy, medical weight loss, and hormone therapy seem to be available on every corner.

But most med spas are not compliant with Texas law. Either they are formed as the wrong entity type, they lack proper oversight and ownership, or all the above.

The consequences can be significant for everyone involved.

Med spa owners face potential civil and criminal liability for the unauthorized practice of medicine. Physicians associated with those med spas could find themselves subject to disciplinary action from the Texas Medical Board. And patients are caught in the middle.

The “med” in med spa stands for medical because many of the services they provide are medical in nature. Botox, Disport, Juvederm, and Kybella injections, microneedling, chemical peels, laser hair removal, dermaplaning, and CoolSculpting are considered “nonsurgical medical cosmetic procedures” by the Texas Medical Board.

IV hydration and therapy, platelet-rich plasma injections, medical weight loss injections, and hormone therapy are also medical services. If a procedure involves injecting a patient intravenously or subcutaneously, it is probably a medical procedure.

Before any medical procedure, a physician or midlevel provider (like a physician assistant or nurse practitioner) must perform a good faith exam, establish a medically appropriate treatment plan, and document everything in a medical record.

Midlevel providers must be supervised by a physician under a Prescriptive Authority Agreement. The physician must review a sample of the charts regularly and generally be available to the midlevel if they have questions.

This does not happen in many med spas.

Then there’s the business side. The practice of medicine in Texas is regulated by the Texas Medical Practice Act, the Texas Medical Board, and administrative rules. Because med spas provide medical services to the public, they must comply with all these rules just like any other medical practice.

Med spas must be formed as an acceptable legal entity type. In Texas, medical practices are limited to professional associations (PAs), professional limited liability companies (PLLCs), and general partnerships with other licensed physicians. Many med spas are incorrectly formed as corporations or regular LLCs.

This is not just a technical problem. It leads to improper ownership. Medical entities, like med spas, cannot be owned by non-physicians. They must be owned by persons licensed to practice medicine in Texas.

There is a lot of information on the Internet, much of which is incomplete or wrong.

Texas is a “Corporate Practice of Medicine” state, which means that physicians cannot be employed to provide medical services by companies not owned by licensed physicians. In practical terms, a non-physician cannot start a company and then hire a physician to provide medical services to patients of that company. With very few exceptions, medical services can only be provided through professional entities owned by physicians.

These same prohibitions apply to midlevel providers like Physician Assistants and Nurse Practitioners. Physician Assistants can co-own a medical practice with a physician only if the physician controls a majority interest in the practice. Nurse Practitioners cannot own any percentage of a medical practice.

These are just a few of the compliance issues for Texas med spas. There are also in-office and website disclosure requirements, registration requirements, reporting requirements, and restrictions on the type of marketing or advertising the practice can engage in.

Patients are caught in the middle. Those injured at a non-compliant med spa may not know where to turn.

These types of complaints to the Texas Medical Board are growing at an alarming rate. If the non-compliant med spa has a Medical Director, the Board can discipline the physician for inappropriate supervision or unprofessional conduct. Physicians associated with non-compliant med spas are putting their medical licenses at risk.

For the unlicensed med spa owner, the Medical Board can shut down their business. In extreme cases, the unlicensed med spa owner could be charged with practicing medicine without a license. If the patient suffers a physical or psychological injury, the owner could be charged with a third-degree felony which carries jail time of two to ten years and a fine of $10,000.

If the patient hires an attorney to sue for malpractice, the med spa’s insurance company may deny coverage if the med spa was not formed or owned in compliance with Texas law.

Med spas are big business and growing rapidly. But with great reward comes great responsibility. Entrepreneurs owe it to themselves and patients to set up the med spa the right way, with the right supervision, and the right ownership.

Hospital to Pay False Claims Act Penalty for Allegedly Letting Unsupervised Residents Interpret X-Rays

When a healthcare provider submits claims to Medicare, they are making several implied representations: 1) the service was medicaly necessary; 2) the service was performed; and 3) the service was performed by someone with the proper credentials. If any of those implied representations are not accurate, and the provider has the requisite “knowledge” of the falsity, the claims violate the civil False Claims Act.

A hospital in Iowa learned this lesson the hard way. Marty Stempniak, writing for Radiology Business:

The U.S. Attorney’s Office first filed suit against University of Iowa Health Care in 2019, accusing the institution of perpetuating a “batch signing scheme.” Through it, the Iowa City hospital would allegedly bill for radiology services rendered by residents during 12- to 15-hour on-call shifts.

However, the physician supervision and approval required by Medicare never occurred, the office alleged in its complaint. …

Rather than complete the necessary review, the office alleged, physicians instead would engage in “rapid-fire signing of dozens of reports within a matter of a minute or so, solely in order to falsely bill the government for ‘interpretations’ that never took place,” the complaint alleged.