Healthcare Empowered

Zachary S. Taylor and Sarah M. Hall, for Epstein Becker Green:

Of the numerous cases, three specific areas comprised the vast majority of the $2.5 billion in alleged fraud:

Telemedicine Fraud: … 11 defendants were charged for their alleged connection to an $1.9 billion fraudulent scheme in the Southern District of Florida, which involved C-suite executives who were selling DME templates via a software platform in exchange for kickbacks and bribes. These defendants allegedly used telemarketing and advertising to induce elderly and disabled individuals to order unnecessary medical equipment and prescriptions. The defendants allegedly bypassed Medicare requirements of in-person contact by fraudulently generating documentation. Interestingly, this scheme continued after new owners acquired the underlying business. …

Pharmaceutical Fraud: 10 defendants were charged for a $370 million fraud scheme related to drug diversion. One defendant in this case allegedly paid over $5 million in kickbacks in order to get individuals to submit prescriptions to a pharmacy; such drugs were allegedly never dispensed. The defendant received over $100 million from Medicare and Medicaid.

Opioids and Clinical Laboratories: $150 million of the enforcement action’s total loss amount was attributed to the illegal distribution of opioids and clinical laboratory testing fraud.

Beth Mole, for ArsTechnica:

The OTC-approved pill is the Opill (norgestrel), a once-a-day progestrin-only pill manufactured by the Dublin-based company Perrigo. The company said it expects the pill will be available starting in the first quarter of 2024, though its pricing is not yet clear. For optimal efficacy, it needs to be taken consistently every day in the same three-hour window. Opill is estimated to be about 93 percent effective at preventing pregnancy in real-life use, higher than the real-life efficacy of other over-the-counter birth control methods, such as condoms, which are around 87 percent effective.

Jenna Godlewski and Alice Harrs, for MaynardNexsen:

If you are a healthcare provider enrolled with Medicare and Medicaid, it is imperative that you know the governmental agencies’ expectations for compliant billing and understand that the agencies constantly monitor and audit provider claims to identify aberrant claims submissions and billing patterns.  This article summarizes several primary governmental agencies and Center for Medicare and Medicaid Services (“CMS”) contractors who conduct audits of healthcare claims reimbursed by Medicare and Medicaid and provides information as to how to monitor and identify the current audit targets of these auditors.

Douglas A. Grimm, for ArentFox Schiff:

In a recent Yale CEO Summit survey, 48% of CEOs indicated that AI will have its greatest effect as applied to the health care industry — more than any other industry. This alert analyzes how AI is already affecting the health care industry, as well as some of the key legal considerations that may shape the future of generative AI tools.

The article addresses the emerging regulatory framework, AI’s potential to streamline administrative processes, reduce operating expenses, and increase the amount of time a physician spends with a patient. While we all anticipate  AI can assist providers diagnose conditions and develope plans of care, we also need processes to confirm that AI is generating reliable information.

Jesse M. Coleman and Drew del Junco, writing for Seyfarth Shaw, LLP:

On June 13, 2023, Texas Governor Greg Abbott signed a major new patient safety bill into law that is intended both to reform the disciplinary authority of the Texas Medical Board (TMB) and to better protect patients from potentially dangerous doctors. …

The law, known as H.B. No. 1998, … seeks to equip the TMB, which regulates physicians in Texas, with the tools necessary to protect patients from dangerous physicians, increase hospital reporting requirements, all the while maintaining transparency about physician disciplinary records.

…

Among other changes, the new law:

• Requires a medical peer review committee or health care entity to report in writing to the TMB the results and circumstances of a medical peer review that adversely affects the clinical privileges of a physician for a period longer than 14 days. Previously, hospitals were obligated to make such a report only if the adverse action lasted more than 30 days, which is the current requirement for reporting such actions to the NPDB.

…

• Prevents doctors from practicing medicine in Texas if their medical licenses have been revoked, restricted, or suspended for cause in other states.
• Prevents doctors from practicing in Texas if they have been convicted, or had a deferred disposition, for a felony or misdemeanor crime involving moral turpitude.

Employees of health care providers do not have carte blanche authority to access patient records. Any access of protected health information must be for an appropriate use, either the provision of care to the patient, one of the other authorized uses. When employees misuse PHI, the Health and Human Services Office for Civil Rights (OCR) can and will penalize the organization.

McDermott Will & Emery, posted on National Review, writes about one such recent settlement with OCR:

The settlement involved impermissible data breaches by non-medical staff who, allegedly, used their login credentials to access patient medical records maintained in the hospital’s electronic medical record system without a job-related purpose. The lesson here is straightforward: all HIPAA-covered entities must “protect the privacy and security of health information.”

Will Maddox, for D-Magazine:

Fourteen Medical City Healthcare hospitals are among the hundreds of facilities caught up in an apparent patient data theft at the North Texas hospital operator’s parent company, HCA Healthcare. HCA says that information from around 11 million patients was “made available by an unknown and unauthorized party” in an online forum.
HCA believes that clinical and payment information was not part of the breach, but name, address, email, phone number, and service date and location were included in what was stolen. Credit card information, passwords, driver’s license numbers, and social security numbers are not believed to be a part of the theft.

James A. Cannatti, III, Tony Maida, and Niya Mack, for McDermott Will & Emery:

On June 27, 2023, the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a final rule amending OIG’s civil money penalty (CMP) regulations implementing the 21st Century Cures Act (Cures Act) amendment to the CMP Law (CMPL), which, among other things, authorizes HHS to impose CMPs, assessments and exclusions upon individuals and entities that engage in fraud and other misconduct related to HHS grants, contracts and other agreements (42 USC 1320a-7a(o)-(s)). OIG’s final rule also addresses the Cures Act amendment to the Public Health Services Act (42 USC 300jj-52) authorizing OIG to investigate claims of information blocking and providing the Secretary of HHS authority to impose CMPs for information blocking, as well as Bipartisan Budget Act of 2018 increases to penalty amounts in the CMPL. We will be issuing a separate Special Report on the information blocking portion of OIG’s final rule.

Wendell Bartnick, Christian Blair and Stuart Cobb for Law 360:

On June 18, Texas enacted the Texas Data Privacy and Security Act, becoming the 11th state to enact a comprehensive consumer data privacy law.

Businesses regulated by the TDPSA have until July 1, 2024, to come into compliance with the law. The TDPSA does not tread much new ground for material privacy-related obligations, but its scope and applicability will require new thinking.

…

[T]the TDPSA likely applies to a larger swath of businesses than other state privacy laws because it may apply when a business produces a product or service that is consumed by a Texas resident. Analyzing the applicability of the TDPSA could look like a first-year civil procedure question examining personal jurisdiction.

It seems possible that a business without any operations in Texas or any desire to offer products or services in Texas could be regulated by the TDPSA if an individual takes a product from another state and uses it in Texas.

Similar to other comprehensive state privacy laws, the TDPSA provides exemptions depending on characteristics of the business or the data, including exemptions for nonprofits and businesses or data regulated by certain federal and state laws.