Health Law Highlights

Chevron’s End Means Uncertainty and Opportunity for the Healthcare Industry

Summary of article from Schwabe, Williamson & Wyatt PC, by Gary Bruce, Jon French:

The U.S. Supreme Court’s decision in Loper Bright Enterprises v. Raimondo, which overruled the Chevron Doctrine, will significantly affect the healthcare industry by allowing courts to independently interpret statutory ambiguities rather than deferring to administrative agencies. This shift is expected to increase legal challenges to federal health agencies’ regulations and actions, leading to greater unpredictability and slower rulemaking processes. Healthcare providers may face more litigation, particularly concerning reimbursement rates and enforcement of fraud, abuse, and privacy laws. Consequently, healthcare organizations should anticipate ongoing disruption, stay informed on legal developments, and be prepared to adjust their policies and procedures swiftly.

Health Law Highlights

Chevron Runs Out of Gas: The Bumpy Road Ahead for Health Regulations After Loper Bright

Summary of article from Akin Gump Strauss Hauer & Feld LLP, by Anna Abram, Sudhana Bajracharya, Jenna Becker, Craig Bleifer, Nathan Brown, Kelly Cleary:

The Supreme Court’s decision in Loper Bright Enterprises v. Raimondo overturns the Chevron doctrine, which previously allowed federal agencies to interpret ambiguous statutes with judicial deference. This change raises the bar for agencies like CMS and FDA, requiring them to provide the “best reading” of statutory gaps rather than a “permissible” one. The ruling will significantly impact lower courts, which have continued to apply Chevron, and could lead to increased litigation challenging longstanding regulations. Additionally, the Corner Post decision extends the timeframe for challenging agency regulations under the APA, further exposing agencies to potential lawsuits. These developments will necessitate more precise statutory language from Congress and could constrain agency policy changes across administrations.

Health Law Highlights

CMS Releases Proposed Rule on Anomalous DME Spending and MSSP Financial Calculations

Summary of article from American Hospital Association:

The Centers for Medicare & Medicaid Services (CMS) released a proposed rule to address significant, anomalous, and highly suspect (SAHS) billing activity affecting the Medicare Shared Savings Program (MSSP) financial calculations for 2023. CMS proposes excluding payment amounts for certain intermittent urinary catheter codes from expenditure and revenue calculations for 2023, impacting benchmarks for subsequent years and application cycles for new agreements starting in 2025. This decision follows advocacy from the AHA and others to relieve accountable care organizations (ACOs) from the financial burden of anomalous spending beyond their control. CMS has initiated a 30-day comment period, ending July 29, to ensure minimal disruption to ACO timelines. The AHA supports this move and anticipates further measures in the upcoming CY 2025 Physician Fee Schedule to address anomalous spending comprehensively.

Health Law Highlights

Medicaid: CMS Final Rules Aim to Expand Access, Provide Parity with Commercial Markets

Summary of article from Foley & Lardner LLP, by Anil Shankar:

The Centers for Medicare & Medicaid Services (CMS) introduced two significant updates to its Medicaid regulations on May 10, 2024: the Medicaid Access Rule and the Medicaid Managed Care Rule. These updates aim to enhance and standardize reporting, monitoring, and evaluation of Medicaid services, potentially increasing Medicaid reimbursement. The new rules require states and Medicaid managed care plans to report and analyze payment rates and access to services, and to implement corrective action plans for identified access deficiencies. The Managed Care Rule introduces federal “appointment wait time” standards and allows states to increase Medicaid reimbursement to match commercial plan rates. Lastly, the Access Rule establishes a numerical floor for Medicaid rates and requires at least 80% of Medicaid payments to home and community-based service providers to be spent on direct care workers’ compensation.

Health Law Highlights

CMS Finalizes Major Reforms to Medicaid, Part 1: Medicaid Access Reg

Summary of article from McDermott+Consulting, by Jeffrey Davis, Kayla Holgash, Katie Waldo:

The Centers for Medicare & Medicaid Services (CMS) has issued two new regulations pertaining to state-operated Medicaid programs, aiming to improve access to care for Medicaid enrollees. A notable policy within the ‘Ensuring Access to Medicaid Services’ regulation specifies that at least 80% of Medicaid fee-for-service (FFS) and managed care payments for home- and community-based services (HCBS) must be allocated towards compensation for direct care workers. The regulation also introduces new definitions, allows for state-specific flexibilities, and outlines reporting requirements for states. Other key provisions include the establishment of a grievance process for beneficiaries, regular review of person-centered service plans, and the creation of a Beneficiary Advisory Council. The regulation will take effect 60 days after publication, but specific provisions have varied effective dates.

Health Law Highlights

Researchers Observe Increase in Emerging Ransomware Groups Targeting Healthcare

From HealthIT Security, by Jill McKeon:

  • The healthcare sector experienced significant data breaches in 2023, with over 540 organizations reporting such incidents, largely due to ransomware attacks. Healthcare was the third-most targeted industry, following manufacturing and technology.
  • The GuidePoint Research and Intelligence Team (GRIT) identified 63 distinct ransomware groups responsible for these attacks, with established groups like LockBit, Alphv, and Clop causing the majority of breaches. These groups have operated for at least nine months and have well-defined tactics.
  • Both established and emerging ransomware groups have increasingly targeted healthcare organizations. Despite traditionally being considered ‘off-limits’ due to potential negative press and law enforcement attention, the number of attacks on healthcare organizations rose in 2023.
  • Emerging groups, defined as those in operation for less than three months, have been particularly problematic for the healthcare sector. One such group, Rhysidia, has been aggressive in its attacks despite its relative newness, using tactics like phishing to compromise victims.
  • GRIT predicts that ransomware attacks will continue to escalate in 2024, with the most prolific groups leading advancements in techniques and strategies. The report emphasizes the importance of industry best practices in threat intelligence, information sharing, and public-private partnerships to combat this growing threat.
Health Law Highlights

CMS Finalizes its Proposal to Advance Interoperability and Improve Prior Authorization Processes

From Sheppard Mullin Richter & Hampton LLP, by Gianfranco Spinelli and Krysten Thomas:

  • Final Rule Issued by CMS: The Centers for Medicare and Medicaid Services (CMS) issued a final rule titled “CMS Interoperability and Prior Authorization” on January 17, 2024, which aims to advance interoperability and improve prior authorization processes. This rule impacts Medicare Advantage organizations, state Medicaid and CHIP agencies, Medicaid and CHIP managed care plans, and plans on the Affordable Care Act exchanges, as well as MIPS eligible clinicians, and eligible hospitals and critical access hospitals.
  • Patient Access API: The final rule requires Impacted Payers to provide patients access to certain information, including claims, cost sharing data, encounter data, and a set of clinical data accessible via health applications. The implementation of this requirement is set for January 1, 2027, which is a change from the original proposed date of January 1, 2026.
  • Provider Access API and Payer-to-Payer API: The rule mandates Impacted Payers to build and maintain a Provider Access API for data sharing with in-network providers. It also requires a Payer-to-Payer API to ensure patients can maintain continuity of care and have uninterrupted access to their health data. Both these requirements are to be implemented by January 1, 2027.
  • Prior Authorization API and Process Improvements: CMS finalized the proposal to require Impacted Payers to build and maintain a Prior Authorization API, which is to be implemented by January 1, 2027. The rule also shortens the time frames for prior authorization decisions and requires Impacted Payers to provide a specific reason for denied decisions. These requirements are to be complied with by January 1, 2026.
  • Public Reporting and Electronic Prior Authorization Measure: The final rule requires Impacted Payers to publicly report certain prior authorization metrics, with the initial set of metrics to be reported by March 31, 2026. It also mandates MIPS eligible clinicians, eligible hospitals, and CAHs to report the number of prior authorizations for medical items and services requested electronically from a Prior Authorization API.
Health Law Highlights

CMS Issues Interim Rule in Response to State Medicaid Disenrollment Trend

From Nelson Mullins Riley & Scarborough LLP, by Shane Duer, Knicole Emanuel, Cara Ludwig:

  • The Centers for Medicare & Medicaid Services (CMS) has issued an interim rule in response to the trend of states disenrolling recipients from the Medicaid program.
  • The rule aims to limit the removal of recipients from the program for procedural reasons rather than eligibility considerations.
  • States that fail to comply with the rule may face enforcement actions, including submitting a corrective action plan and paying civil money penalties.
  • The rule also requires states to submit reports on their eligibility redetermination activities, which will be made public.
  • The regulations became effective on December 6, 2023.

CMS Provides Additional Expansion Opportunities for High Medicaid Physician-Owned Hospitals

Under the Affordable Care Act’s amendments to the Stark Law, a Physician Owned Hospital (POH) cannot expand the aggregate number of operating rooms, procedure rooms or licensed beds beyond the number for which the hospital was licensed on March 23, 2010.

The Secretary of Health and Human Services may grant an exception to this prohibition to POHs qualifying as either an “applicable hospital” or a “high Medicaid facility” (as those terms are defined in the regulations).

POHs meeting one of these two exceptions were nonetheless still limited in that they could only request an expansion once every two years and the expansion was limited to no more that 200% of the rooms or beds that existed as of March 23, 2010.

These new rules relax these expansion limitations for “high Medicaid facilities,” but not “applicable hospitals”.

Though there are other requirements, a “high Medicaid facility” POH is one that for the three (3) most recent 12-month periods for which data is available, has an annual percentage of total Medicaid inpatient admissions that is estimated to be greater than the percent of such admissions for any other hospital located in the same county in which the POH is located (as determined by the data sources approved by CMS.

The new Final Rule, removes the limitation on the number of times a high Medicaid facility can request an expansion so long as the POH only has one request under review at any given time.

CMS also removed the 200% capacity limitation that previously existed for high Medicaid facilities seeking expansion.

High Medicaid facility POHs can now expand off of their main campus, but must continue to comply with Medicare rules and regulations regarding distance limitations relative to off-campus facilities and provider-based departments.

Source: CMS Provides Additional Expansion Opportunities for High Medicaid Physician-Owned Hospitals


Stark + AKS Final Rules

The final rules for changes to the Stark Law and Anti-Kickback Statute (healthcare fraud & abuse laws) have been published and go into effect on January 19, 2020. Of course, health lawyers love this stuff, but it could impact other practice areas too.

Transaction attorneys, you already know to be very careful if your transaction or arrangement, in any way, involves a hospital, doctor, or any other healthcare provider or entity. Even if your deal does not involve a healthcare provider, but could impact reimbursement by any federal program, these statutes may be implicated.

Litigators, these statutes can apply to your cases too. If your case involves one of these improper payments or an improper business structures, you might have a contractual avoidance theory available to you, if you’re the defendant, or an additional claim of fraud, if you are the plaintiff.

The key point is that these statutes can apply in ways that don’t seem immediately obvious.

Source: Stark + AKS Final Rules