Categories
Article

Why You Need a Privacy Program

In a previous video, we talked about what a Privacy Program is. In this video, we look at six reasons why your organization needs a privacy program.

Reason No. 1 – To Comply With the Law

A privacy program may be essential for your organization to comply with federal and state law.

  • Medical records
  • Education records
  • Disability information
  • Employer background checks
  • Financial records

No matter what business you are in, you likely collect, use, store, disclose and share a lot of personally identifiable information that is protected by law.

To comply with the law, you may need a designated privacy officer and policies in place to protect the privacy and security of that data.

Reason No. 2 – To Meet Industry Standards

Your organization may have agreed to abide by industry standards.

Take credit cards, for example. The credit card industry requires everyone who accepts credit cards to comply with the Payment Card Industry Data Security Standard (PCI DSS).

You’re required to protect your network, protect stored credit card information, apply strong access controls measures, regularly monitor and test your network, and create security policies for employees and contractors.

Are your policies compliant? Don’t assume so.

A privacy program will ensure that all standards applicable to your organization are properly addressed.

Reason No. 3 – It’s a Business Differentiator.

The news is replete with examples of companies that squandered consumer trust.

In the first three months of 2024, there have been over 700 million records breached in 658 publicly disclosed incidents.

And that’s just the breaches we know about.

A well-run privacy program keeps you out of the news for data breaches and reinforces positive customer relationships.

Reason No. 4 – It Protects Your Business Data Too.

Good security practices not only protect consumer data, they protect your business data too.

Lax privacy and security controls can lead to loss of proprietary business data.

The same techniques employed by threat actors to steal consumer data, can compromise your business plans.

Improving security controls not only protects customers’ privacy, but also your organization’s secrets.

Reason No. 5 – It Enables You to Scale and Grow.

A good privacy program creates a foundation for your organization to grow.

Every state has it’s own privacy laws, and every country has it’s own regulatory scheme.

With a privacy program in place, you may already satisfy the laws in those other jurisdictions. But if not, you are not starting from scratch.

With concepts like privacy by design integrated throughout your organization, you can more easily adapt to the laws in new markets, even if those markets are on the other side of the globe.

Reason No. 6 – It’s the Right Thing to Do.

Respecting privacy is a fundamental aspect of maintaining trust with your customers and employees.

Data breaches can harm customers financially, reputationally, and emotionally. It leads to identity theft and the feeling of being violated.

A robust privacy program helps ensure that personal data is handled responsibly and ethically, further strengthening the bond between your organization and its stakeholders.

Categories
Health Law Highlights

CMS Again Settles Record Stark Self-Disclosures in 2023

From McGuireWoods, by Gretchen Heinze Townshend, Timothy Fry, Kristen H. Chang, Varsha Gadani, Micaela Enger:

The Centers for Medicare & Medicaid Services (CMS) reported a record 176 settlements of voluntary self-disclosures related to past or potential violations of the physician self-referral law (Stark Law) in 2023, with settlements totaling over $12 million. This represents an increase from 103 self-disclosures and over $9 million in settlements in 2022. Despite the increase in total settlements, the average settlement amount in 2023 was $71,363.73, one of the lowest on record. The CMS’ self-referral disclosure protocol (SRDP) allows healthcare providers to self-disclose violations to resolve overpayment liability. The data suggests that CMS is focusing on processing SRDP submissions more quickly, with average settlement amounts remaining consistent with previous years.

Categories
Health Law Highlights

Fair Market Value and Commercial Reasonableness Considerations Amid CMS Radiopharmaceutical Reimbursement Challenges

From VMG Health, by Carla Zarazua, Preston Edison, and James Tekippe, CFA:

Radiopharmaceutical drugs (RPs) are crucial for diagnosing and treating diseases. However, the current pricing structure by the Centers for Medicare and Medicaid Services (CMS) places a financial strain on hospitals and health systems and potentially restricts patient access to these vital resources. The existing CMS payment structure categorizes diagnostic RPs as supplies, bundling their cost into the overall procedure rate, causing a disconnect between the cost of acquiring RPs and the reimbursement received, particularly for high-cost drugs. 

The CMS encourages hospitals to use cost-effective resources while ensuring patient care. A temporary exception allows for separate pricing for new and high-cost drugs for two to three years, but this is a finite period. The current pricing model may force hospitals to limit the use of high-cost or newer RPs, potentially leading to suboptimal patient care and stifling innovation in drug development.

In response to these challenges, the CMS proposed five alternative payment models in 2024, including paying separately for diagnostic RPs with per-day costs above a certain threshold, restructuring the ambulatory payment classification (APC), and adopting codes that incorporate the disease state being diagnosed. Stakeholders, including the Medical Imaging & Technology Alliance (MITAS) and the American College of Radiology (ACR), advocate for separate payment for diagnostic RPs based on the average sales price (ASP) + 6% methodology.

However, the CMS has not yet decided on a new reimbursement structure for RPs, leaving hospitals to navigate the financial implications of using these drugs. To remain compliant with fair market value (FMV) and commercial reasonableness (CR), hospitals need to review and negotiate vendor agreements, document the necessity of higher-priced drugs, and establish a process for deciding which RPs to use.

In conclusion, while awaiting a resolution from the CMS, hospitals and health systems must proactively develop compliance protocols and negotiate agreements to minimize the financial impact and ensure optimal patient care. The proposed changes to the reimbursement structure for RPs represent a significant step towards addressing the economic challenges faced by healthcare providers and improving patient access to essential diagnostic and therapeutic resources.

Categories
Alert

Oklahoma Chiropractic Clinic, Owner, and Referring Physicians Pay $465,000 to Settle Federal False Claims Act and Kickback Allegations

From United States Department of Justice:

Chiropractic Associates and Dr. Scott Kirkpatrick paid $365,000 to settle allegations of wrongfully paying physicians to induce referrals of durable medical equipment (DME), leading to the submission of false claims to the Medicare program. Dr. Cash Biddle and Dr. Chad Keeney each paid $50,000 to settle allegations that they received remuneration from Chiropractic Associates and/or Dr. Kirkpatrick to induce referrals of Medicare DME orders.

From October 2017 to July 2021, Chiropractic Associates and Dr. Kirkpatrick allegedly violated the Anti-Kickback Statute (AKS) and/or the Physician Self-Referral Law (Stark Law) by paying referring providers to induce referrals of Medicare DME orders. It is also alleged that Dr. Biddle and Dr. Keeney received such remuneration during certain periods.

The AKS and Stark Law aim to ensure that physicians’ medical judgments are not influenced by improper financial incentives and are based on patients’ best interests. Violations of these laws result in claims under the False Claims Act. To settle these allegations, Chiropractic Associates and Dr. Kirkpatrick paid $365,000, and Dr. Biddle and Dr. Keeney each paid $50,000 to the U.S.

In reaching this settlement, Chiropractic Associates, Dr. Kirkpatrick, Dr. Biddle, and Dr. Keeney did not admit liability, and the government did not make any concessions about the legitimacy of the claims. The agreements allow the parties to avoid the delay, expense, and uncertainty associated with litigation.

Categories
Alert

HHS’ Office for Civil Rights Settles HIPAA Investigation with Phoenix Healthcare

From U.S. Health and Human Services:

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a settlement with Phoenix Healthcare over a potential violation of the HIPAA Right of Access provision. The case involved a daughter, acting as a representative for her mother, who could not access her mother’s health information for almost a year despite numerous requests. OCR Director Melanie Fontes Rainer emphasized the importance of timely access to medical records for patient decision-making and treatment accuracy. Phoenix Healthcare eventually provided the requested records 323 days after the initial request. This case marks OCR’s 47th enforcement action related to the Right of Access provision under HIPAA.

Categories
Health Law Highlights

New State Health Privacy Laws—Moving Beyond HIPAA and Recasting Consumer Health Data Rights?

From Jones Day, by Alexis S. Gilroy, Lisa M. Ropple, Ryan P. Blaney, Claire E. Castles, Jennifer C. Everett and Kristen Pollock McDonald:

The new consumer health data (CHD) privacy laws enacted in Washington and Nevada aim to offer state-level protections for personal health data not covered by the Health Insurance Portability and Accountability Act (HIPAA). The laws, effective from March 31, 2024, mandate entities to obtain affirmative consent before collecting or sharing CHD, develop privacy policies, implement security safeguards, and restrict geofencing. Both laws grant consumers rights to access, review, and delete their CHD, and to withdraw consent for its collection or sharing. Washington’s law, uniquely, gives consumers a private right of action for CHD-related violations, potentially leading to increased litigation. Companies are advised to review and revise their policies and practices to ensure compliance.

Categories
Health Law Highlights

HHS Issues Guidance to Teaching Hospitals and Medical Schools on Informed Consent Requirements

From The HIPAA Journal, by Steve Alder:

The Department of Health and Human Services (HHS) has issued a letter to teaching hospitals and medical schools, emphasizing the necessity of obtaining informed consent from patients before conducting sensitive examinations, particularly when the patient is under anesthesia. The letter comes in response to reports indicating that medical students often perform such examinations without obtaining proper consent during their training. The HHS insists on the importance of documenting informed consent and upholds the patients’ right to refuse such examinations for teaching purposes. The Centers for Medicare & Medicaid Services (CMS) has provided new guidelines to clarify hospital responsibilities regarding informed consent. Furthermore, the Office for Civil Rights (OCR) underscores the HIPAA Privacy Rule, which allows patients to restrict access to their protected health information (PHI), even when unconscious.

Categories
Health Law Highlights

ACA Health Insurance Plans Are Being Switched Without Enrollees’ OK

From National Public Radio, by Julie Appleby:

Some consumers are being switched from one ACA insurance plan to another without their consent, potentially disrupting their medical care and prescription needs. This unauthorized switching can also lead to large IRS bills for back taxes. Agents can access a policyholder’s coverage using only a person’s name, date of birth, and state. This ease of access plays a significant role in the problem.

Consumers may end up in plans they did not choose and may bear tax burdens if they are signed up for coverage that includes premium tax credits for which they are ineligible.

The Centers for Medicare & Medicaid Services (CMS) is aware of the problem and has outlined technical efforts to resolve issues when complaints are lodged. However, it is unclear whether these efforts will be sufficient. CMS is considering further regulatory and technological solutions, including two-factor authentication. States that run their own marketplaces have been more successful in preventing unauthorized switches as they require more information before a policy can be accessed.

The issue is causing an outcry from agents who lose out on commissions when their clients are switched by other agents. It also casts a shadow on a record year for ACA enrollment, with more than 21 million people signing up for 2024 coverage.

Florida, Georgia, and Texas appear to be hotspots for plan-switching. 

Some agents suspect names and lists of potential clients are being circulated to agents willing to bend the rules. Online or social media advertising is a way some outfits troll for prospects, who then end up on lists sold to brokers or are contacted directly by agents.

Categories
Article

The Compounding Problems of Semaglutide, the Miracle Weight-Loss Drug

Semaglutide weight loss drugs are quite literally saving people’s lives. There are so many health benefits to losing weight that demand for the drugs is off the charts. Demand is so high that the manufacturer can’t keep up and the drugs are in short supply.

Where there is money to be made, there will be people willing to step in. Enter compounding pharmacies, who are catering to the demand by creating supposed duplicates of the drug.

But not all semaglutide is created equally, and concerns are rising that some pharmacies are creating inferior versions of the drug that are, at best, less effective or, at worst, dangerous.

How does semaglutide work?

Ozempic was approved by the U.S. Food and Drug Administration (FDA) in 2017 for use in adults with type 2 diabetes. After patients reported significant weight loss, Novo Nordisk rebranded the drug as Wegovy and received FDA approval in 2021 for use in chronic weight management in adults.

Semaglutide, the active ingredient for both drugs, mimics the function of a hormone that is naturally produced in the body. This hormone, released into the blood after you eat, helps lower blood sugar by stimulating insulin production, decreasing the amount of glycogen created in the liver, and ultimately making you feel fuller longer.

In short supply

These drugs work really, really well. So well, in fact, physicians prescribe Ozempic, the diabetes drug, “off-label” for weight loss. The manufacturer cannot make them fast enough due to a shortage of semaglutide. Both Ozempic and Wegovy have been on the FDA shortage list since March 2022.

This creates an attractive opportunity for compounding pharmacies. As long as the drugs stay on the official shortage list, they can be copied by compounders without fear of patent infringement.

And copy them they do. But how well?

Base or salt?

Ozempic and Wegovy use the base form of semaglutide. The base form has been approved by the FDA for the treatment of diabetes and obesity. But some compounding pharmacies are using different forms of semaglutide, known as semaglutide “salts,” that are chemically different from the base version.

Semaglutide salts have not been approved by the FDA, leading some authorities to caution patients about the efficacy or safety of the variant.

The FDA has received adverse reports from some patients after using the compounded semaglutide, which prompted them to send a public letter to the National Association of Boards of Pharmacy expressing agency concerns with the use of the salt forms of the compounded products. Some state pharmacy boards have also voiced concern.

The manufacturer of the brand-named drugs is making waves, too, and in some cases, threatening and filing lawsuits against pharmacies compounding the drugs and the health care providers administering them.

Best practices

Although the manufacturer is trying to step up production, the demand for semaglutide products will likely continue to outstrip the supply for the foreseeable future. Undoubtedly, many patients and their providers will turn to compounded variants to meet demand.

A physician’s responsibility goes beyond just prescribing the drug. They should understand how the drug is compounded and investigate the efficacy and safety of the salt forms of the product. Then decide if the salt form is appropriate for their patients.

If it is, providers should inform their patients. The Texas Medical Board considers the administration of non-FDA-approved drugs to be a form of alternative medicine. Medical board rules require that patients be informed that the drug is not FDA-approved and be told of the risks associated with the drug.

Pharmacies, too, play a key role as the backbone of our medication dispensing infrastructure. They should stay abreast of the regulations governing the compounding of semaglutide and the ethical considerations of preparing a medication for an individual patient.

They should follow the United States Pharmacopeia (USP) standards. Maintain a clean and safe environment, train personnel, appropriately label the medications, accurately identify the active ingredients, and provide accurate use instructions.

Patients have a responsibility, too. Talk to your doctor and discuss the risks and benefits of the compounded drug. If you and your doctor decide the drug is right for you, keep the lines of communication open with your physician and disclose any adverse reactions as soon as possible.

The future

The demand for these weight loss drugs will remain high for the foreseeable future. Until supply catches up with demand, growing pains will be felt in all corners of our healthcare delivery system.

From the companies that manufacture and compound the drugs to the physicians who prescribe them, the patients who take them, to the insurers who will be asked to pay for them – everyone has a responsible role to play.

Categories
Health Law Highlights

California Enacts First-in-Nation Pharmacy Medication Error Reporting Law

From Husch Blackwell, by Kevin Khachatryan:

On October 8, 2023, the California Governor signed Assembly Bill 1286 (AB 1286), a comprehensive pharmacy bill aimed at enhancing patient safety. The bill’s key mandate is a new requirement for community pharmacies to report outpatient medication errors to the California Board of Pharmacy. The legislation also includes several other provisions that regulate the practice of pharmacy in California.

The bill was enacted in response to a 2021 survey by the California Board of Pharmacy, which revealed significant staffing issues contributing to medication errors. The survey found that 91% of retail pharmacists reported inadequate staffing for safe patient care, 83% lacked sufficient time for safe patient consultation, and 78% had insufficient time to conduct proper health screenings before administering immunizations. This led to the establishment of a Medication Error Reduction and Task Force Ad Hoc Committee and the sponsorship of AB 1286.

AB 1286 also introduces several other changes, including amendments which govern staffing decisions in pharmacies and the responsibilities of the Pharmacist-in-Charge (PIC). The law now requires chain community pharmacies to be staffed at all times with at least one clerk or pharmacy technician dedicated to pharmacy-related services, subject to certain conditions. The bill also expands the list of actions that constitute unprofessional conduct and authorizes specially trained pharmacy technicians to prepare and administer certain vaccines and medications.