Healthcare Empowered

Jose Vela, Jr., for Clark Hill:

Last Friday, the U.S. Supreme Court (SCOTUS) handed down an important ruling that will give healthcare organizations and practitioners relief against meritless whistleblower lawsuits. The ruling could result in saving organizations and practitioners their time, money, and reputation.

In a near-unanimous 8-1 decision, the SCOTUS affirmed the Third Circuit Court of Appeals on whether the federal government may obtain dismissal of a whistleblower lawsuit it declined to intervene under the federal False Claims Act (FCA). Upon a defendant’s request or its own volition, the federal government may move to voluntarily dismiss a FCA case over the objection of the whistleblower.

From HuschBlackwell, Healthcare Law Insights:

Following two weeks of trial testimony, a Travis County jury recently rendered a $10 million verdict in a novel corporate practice of medicine (CPOM) case. The jury found in favor of a physician hospitalist group that claimed a management company repeatedly broke its promise to comply with the state’s CPOM prohibition, putting profits over patients, among other wrongdoings.

An appeal is underway, but the case stands out among CPOM cases that typically focus on terms of a contract or on practice models and are limited to seeking declaratory judgments and not money damages. The case also serves as a reminder that breaching a contractual promise to follow applicable state laws (even those to be enforced by regulators and that do not provide for a private right of action) can carry real risk.

Most improper disclosures are caused by complacency, poor training, or lack of attention. These kinds of lists are good reminders of some of the biggest types of violations. Of course, Covered Entities should provide this, and more, to employees and business associates.

From Security Boulevard:

1. Unsecure internet access. Transmitting e-PHI over unsecured networks, such as Wi-Fi networks at a coffee shop, internet cafe, or even at home, can increase the risk of patient data becoming accessible to hackers.

2. Improper handling of paper-based PHI. Paper-based procedures are still commonly used for some elements of a healthcare organization’s operations. This may result in unauthorized access to PHI. For example, if a remote employee prints out patient information from their family printer, the household may access these files.

3. Improper disposal of files. Improper disposal includes disposing of files, physical or electronic, in a way that information can still be read or accessed by unauthorized individuals. …

4. Unauthorized devices.  HIPAA rules require all devices that use, gather, store, or transfer e-PHI to be safeguarded by specific security controls. Employees often use multiple devices to complete their daily tasks, so it is possible to use a device their organization did not authorize unintentionally. …

5. Insufficient compliance training program.  Business associates and covered entities are required to renew their HIPAA certifications annually through compliance training programs. All staff, including remote employees, must complete compliance training.

6. Lost or stolen records.  The HIPAA Security Rule outlines security and safeguards to ensure minimal risk of unauthorized access to PHI. …

7. Incorrect filing of PHI. Incorrect filing can result in unauthorized access to PHI. For example, if a health care provider sends digital X-ray results to the wrong physician or patient information to the wrong patient …

8. Phishing scams.  Phishing scams are a common way cybercriminals trick individuals into accidentally revealing passwords and other sensitive information by sending them communications that appear to come from a reputable source. Refresher courses for all employees on cybersecurity awareness can help reduce these risks. …

9. Unencrypted data.  With most communication occurring through text, email, and other messaging platforms, it’s easy to forget how vulnerable that information is. If PHI is not encrypted appropriately, there is an increased risk of cyberattacks, threats, and data breaches. …

10. Lack of physical security.  For example, leaving paper PHI unattended in communal rooms of the house or on the table at a coffee shop increases the risk of theft or unauthorized access to these files.

Source: 10 HIPAA Violations to Watch Out for While Working Remotely – Security Boulevard

U.S. Supreme Court Justice Samuel Alito has temporarily stayed until Wednesday a Texas federal court order imposing restrictions on the distribution of the abortion drug mifepristone while they consider a request by the Biden administration to block the restrictions.

Brendan Pierson, writing for Reuters, discusses What Happens Next?

Whether or not the Supreme Court decides to stay Kacsmaryk’s order, it will not decide the merits of the case. Rather, the court will determine whether and how mifepristone can be distributed while the case is pending.

…

Whichever way the Supreme Court rules, it will send the case back to the 5th Circuit, where the FDA will pursue a full appeal of Kacsmaryk’s preliminary injunction. The agency and the anti-abortion groups will both have a chance to file briefs, and the case is scheduled to be argued before a three-judge panel on May 17.

That appeal process could last months. The losing party could petition for rehearing with all judges of the 5th Circuit, known as en banc rehearing, and ultimately petition the Supreme Court once again.

…

A final resolution could be months or years away. Once it does come, the losing side will again have the chance to appeal to the 5th Circuit and, eventually, the Supreme Court.

Interesting statistics on hospice care, its growth, and fraud from Deborah Abrams Kaplan, writing for Managed Healthcare Executive:

• Hospice care really started to take hold after Medicare started covering it in 1985. With Medicare paying the bills, hospice gained traction over time. Medicare spending on hospice nearly doubled from 2010 to 2020, increasing from $12.9 billion to $22.4 billion, according to the Medicare Payment Advisory Commission (MedPAC), an independent group that advises Congress on Medicare. During that period, the number of organizations that provide hospice care grew by 44%, from 3,498 in 2010 to 5,058 in 2020.
• With the growth in hospice care has come a growth in fraudulent practices. Hospice fraud is rampant and has gotten more sophisticated, especially in four areas: (1) improper admission, (2) improper retention, (3) improper classification, and (4) kickbacks.
• Hospice care in the U.S. was originally provided almost exclusively by nonprofit organizations, but now the providers are predominately for-profit organizations and an increasing number of them are backed by private equity. In 2010, 1,958 of the 3,498 hospices (or about 56%) in the U.S. were run by for-profit companies, according to MedPAC. By 2020, the number of hospices had grown by 44%, to 5,047, and 73% of them were owned by for-profit companies, according to MedPAC.

Violations of the False Claims Act require a requisite state of “knowledge” a claim’s falsity. To violate the statute, one must have “actual knowledge,” “deliberate ignorance” or “reckless disregard of the truth or falsity” of the claim. Any of those broad levels of knowledge is sufficient to support a False Claims Act violation.

But knowledge in retrospect looks different than knowledge prosectively. Is the “usual and customary” price of a drug the price that cash customers pay in cash, or is it the price negotiated by insurance companies or set by Medicare?

This week, the United States Supreme Court will consider the issue in U.S. ex rel. Proctor v. Safeway, Inc.

Nina Totenberg for NPR explains:

The case essentially began in 2006, when Walmart upended the retail pharmacy world by offering large numbers of frequently used drugs at very cheap prices — $4 for a 30-day supply — with automatic refills. That left the rest of the retail pharmacy industry desperately trying to figure out how to compete.

The pharmacies came up with various offers that matched Walmart’s prices for cash customers, but they billed Medicaid and Medicare using far higher prices, not what are alleged to be their usual and customary prices.

Walmart did report its discounted cash prices as usual and customary, but other chains did not. Even as the discounted prices became the majority of their cash sales, other retail pharmacies continued to bill the government at the previous and far higher prices.

For example, between 2008 and 2012, Safeway charged just $10 for almost all of its cash sales for a 90-day supply of a top-selling drug to reduce cholesterol. But it did not report $10 as its usual and customary price. Instead, Safeway told Medicare and Medicaid that its usual and customary price ranged from $81 to $109.