Categories
Around the Web

OIG Final Rule Expands OIG Enforcement Authority to Grant and Contract Fraud

James A. Cannatti, III, Tony Maida, and Niya Mack, for McDermott Will & Emery:

On June 27, 2023, the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a final rule amending OIG’s civil money penalty (CMP) regulations implementing the 21st Century Cures Act (Cures Act) amendment to the CMP Law (CMPL), which, among other things, authorizes HHS to impose CMPs, assessments and exclusions upon individuals and entities that engage in fraud and other misconduct related to HHS grants, contracts and other agreements (42 USC 1320a-7a(o)-(s)). OIG’s final rule also addresses the Cures Act amendment to the Public Health Services Act (42 USC 300jj-52) authorizing OIG to investigate claims of information blocking and providing the Secretary of HHS authority to impose CMPs for information blocking, as well as Bipartisan Budget Act of 2018 increases to penalty amounts in the CMPL. We will be issuing a separate Special Report on the information blocking portion of OIG’s final rule.

Categories
Around the Web

Navigating Scope And Applicability Of Texas Data Privacy Law

Wendell Bartnick, Christian Blair and Stuart Cobb for Law 360:

On June 18, Texas enacted the Texas Data Privacy and Security Act, becoming the 11th state to enact a comprehensive consumer data privacy law.

Businesses regulated by the TDPSA have until July 1, 2024, to come into compliance with the law. The TDPSA does not tread much new ground for material privacy-related obligations, but its scope and applicability will require new thinking.

[T]the TDPSA likely applies to a larger swath of businesses than other state privacy laws because it may apply when a business produces a product or service that is consumed by a Texas resident. Analyzing the applicability of the TDPSA could look like a first-year civil procedure question examining personal jurisdiction.

It seems possible that a business without any operations in Texas or any desire to offer products or services in Texas could be regulated by the TDPSA if an individual takes a product from another state and uses it in Texas.

Similar to other comprehensive state privacy laws, the TDPSA provides exemptions depending on characteristics of the business or the data, including exemptions for nonprofits and businesses or data regulated by certain federal and state laws.

Categories
Around the Web

CMS Proposes ‘36-Month Rule’ to Curb Hospice License ‘Flipping’

Jim Parker, for Hospice News:

Some hospice owners have been selling their businesses soon after securing a license. This has prompted federal agencies to pursue new regulations to address the problem.

The practice appears to stem from a rash of newly licensed hospices that have emerged in California, Nevada, Texas and Arizona.

Some of these providers have secured licenses, as well as Medicare certification and, sometimes, accreditation. They then proceed to enroll a small number of patients for whom they never bill Medicare …

By not billing, they are better able to avoid regulators’ attention.

Hospice is perceived as a predictable revenue stream by private equity (PE). Too often, PE does not understand the hospice business model nor does it have the commitment to prioritize standard of care over maximizing profits. Flipping licenses has undoubtedly increased because of an influx of PE funds.

Categories
Around the Web

DOJ Charges Nearly 80 People in $2.5 Billion Health Care Fraud Scheme

Telehealth has been a boon for fraud because it expands the reach of the fraudster. But this type of fraud is nothing new. It’s just a different mechanism for communicating with vulnerable targets.

Joseph Choi for The Hill:

The Department of Justice (DOJ) announced Wednesday it has charged 78 people relating to their alleged involvement in defrauding care programs for elderly and disabled people of more than $2.5 billion. …

The bulk of the fraud appears to have been conducted through telemedicine schemes. According to the DOJ, individuals in the U.S. and abroad engaged in an operation that targeted elderly and disabled people through advertisements and the mail, connecting them with offshore staff who upsold unnecessary equipment and prescriptions.

Categories
Around the Web

U.S. Supreme Court: False Claims Act Liability Depends on Defendant’s Subjective Beliefs

Michael R. Bertoncini & William Kang for Jackson Lewis:

Liability in False Claims Act (FCA) suits depends on whether a defendant subjectively believed its claims were false, not on whether it can offer an objectively reasonable basis for its claims, the U.S. Supreme Court has held in a unanimous decision authored by Justice Clarence Thomas. U.S. ex. rel. Schutte v. SuperValu Inc., No. 21-1326, together with U.S. ex rel. Proctor v. Safeway, Inc., No. 22-111 (June 1, 2023).

Following the Court’s decision, Medicare and Medicaid providers and other federal contractors should practice caution when submitting claims to the U.S. government. An FCA defendant’s subjective beliefs at the time claims were submitted may become subjected to intense scrutiny.

Categories
Around the Web

A Provider’s Guide to OIG’s Self-Disclosure Protocol

Recommending to clients that they self-disclose violations of the False Claims Act often creates a lot of anxiety. It is a certainty that self-disclosure will be percevied as a good faith effort to by the provider to correct the conduct. It is also true that, without the disclosure, OIG might not identify the wrongful conduct.

Trey Hendershot, for Hendershot Cowart, PC discusses why self-disclosure is almost always the best course of action.

[T]he OIG Self-Disclosure Protocol generally benefits the provider in several ways:

The OIG views a good-faith disclosure as an indication of a robust and effective compliance program. As a result, many self-disclosed violations are resolved through settlements that do not involve exclusion from participation in federal healthcare programs.

The OIG believes that entities that self-disclose and cooperate deserve to pay a lower multiplier on damages than normally would be required in resolving an DOJ-led investigation.

The Self-Disclosure Protocol may mitigate potential exposure under the Civil Monetary Penalties Law and the False Claims Act.

Providers can expect a streamlined and less costly review and resolution process upon acceptance into the Self-Disclosure Protocol.

Categories
Around the Web

New Texas Data and Privacy Security Act Aims to Increase Protections for Online User Data

Matt Stringer, for The Texan:

[T]he Texas Data and Privacy Security Act (TDPSA), was signed into law by Gov. Greg Abbott on Sunday and will take effect in two stages over the next two years.

The act creates a list of rights for internet users over their personal data, including knowing when it is collected, the ability to correct and delete personal data, the right to prohibit the sale of personal data, and protections against being discriminated against or retaliation by companies for using these rights.

Companies will also be required to obtain consent before collecting data relating to racial or ethnic origins, health conditions, sexuality, or citizenship status, as well as genetic and biometric data.

Categories
Around the Web

Safeguarding Healthcare Data in the Age of AI: A Critical Imperative for Healthcare Executives

Artificial Intelligence, particularly generative AI, is upending many industries. It will be years before we have an appreciation for the many ways AI can be used to improve quality and equity in healthcare. It will be even longer before laws catch up to protet patients from its inevitable misuse.

Sarah M. Worthy, for The Fast Mode:

Healthcare executives must navigate the delicate balance between harnessing the power of AI and safeguarding the privacy and security of sensitive data. This article explores the imperative for healthcare executives to fortify data protection efforts, delves into the unique challenges posed by AI, and emphasizes the need for a comprehensive approach to safeguard patient and employee data.

Categories
Around the Web

Key Findings from Private Equity’s Healthcare Play: Management Service Agreements

Holden Godat, Taylor Anderson, CVA, and Trent Fritzsche, writing for VMG Health:

With the emergence of private equity (PE) firms attempting to align with physician practices, VMG Health has seen an increase in the number of management services agreements (MSAs). Due to the highly fragmented and regulated nature of healthcare, PE investment in healthcare is not as straightforward as in other industries. In states with some level of corporate practice of medicine (CPOM) adoption, PE’s interaction with physician practices usually involves a “Friendly PC” model with an affiliated management services organization (MSO) [1]. In return for providing most of the non-clinical assets and services to a physician practice, the MSO charges a management fee via an MSA. To better understand how these arrangements are structured in the market, VMG Health experts have outlined their findings from valuing over 120 MSAs and offer insight into how to generate more value from these agreements.

Categories
Ask the Health Lawyer

How Often Should Med Spas Perform Good Faith Exams?

At a minimum, a Good Faith Exam (GFE) should be performed annually, but may be required more often depending on the circumstances.

The good faith exam should be performed on any patient receiving treatment for the first time. From this GFE, the provider develops a treatment plan which will often include multiple treatments over several sessions. A GFE does not need to be performed for each session included in that treatment plan.

With that said, a new GFE should be performed:

  • If a patient seeks additional services not anticipated during the initial GFE, or not included in the initial treatment plan;
  • The patient discontinues the treatment plan, but then desires to resume treatment after a substantial delay; or
  • A patient’s health changes materially, either during the course of a treatment plan or thereafter.

There is no hard and fast rule. It is a question of the applicable medical standard of care. When in doubt, a physician or midlevel should decide if a GFE is required.