Skip to the contentCenters for Medicare & Medicaid Services
- The Centers for Medicare & Medicaid Services (CMS) implemented a final rule in October requiring casualty insurers, defined as Responsible Reporting Entities (RREs), to report certain payments to Medicare beneficiaries or face Civil Money Penalties (CMPs). The rule focuses on “Non-Group Health Plans” (NGHPs), including liability insurers, no-fault carriers, and workers’ compensation plans, and emphasizes reporting timeliness while excluding penalties for reporting quality. This change follows the U.S. Supreme Court’s June 2024 decision to overturn the Chevron doctrine, adding scrutiny to CMS’s long-standing NGHP User Guide. Insurers face complexities in identifying the correct RRE and correctly reporting “total payment obligation to the claimant” (TPOC) settlements, with risks of overreporting in complex settlements involving multiple insurers. CMS’s guidance and the Supreme Court decision highlight the need for insurers to carefully assess their reporting obligations to avoid penalties.
- On November 1, 2024, the Centers for Medicare & Medicaid Services (CMS) released the CY 2025 Hospital Outpatient Prospective Payment System (OPPS) and Ambulatory Surgery Center (ASC) Payment System final rule, which includes a 2.9% increase in Medicare OPPS payments for 2025. This increase results from a 3.4% projected hospital market basket percentage increase, reduced by a 0.5% multifactor productivity reduction mandated by the ACA. The rule has been criticized by the American Hospital Association (AHA) for not adequately addressing the financial challenges faced by hospitals, particularly in rural and underserved areas. CMS has approved 21 new medical and dental procedures for the ASC covered procedures list for 2025, resulting in a projected $308 million increase in ASC payments, bringing the total to approximately $7.4 billion. The rule aligns with the Biden-Harris Administration’s goals to address health disparities and improve transparency, but concerns remain about the impact of rising labor and supply costs on healthcare delivery.
Emerging Technology
- The convergence of quantum technology and artificial intelligence in precision medicine is set to revolutionize healthcare by enabling highly personalized treatments and advancing drug design, medical imaging, and real-time health monitoring. Second-generation quantum technologies, which integrate quantum and classical computing, offer significant advantages in computing, sensing, and networking, with applications ranging from drug discovery to secure patient data sharing. However, these advancements come with regulatory challenges, as existing frameworks may not adequately address the unique risks associated with quantum devices, necessitating the development of new evaluation protocols, risk management frameworks, and clinical trial guidelines. Policymakers are encouraged to promote quantum literacy, anticipate societal impacts, and implement adaptive regulations to balance innovation with public safety. Ultimately, global collaboration and harmonized standards are essential to harnessing the potential of quantum technology in healthcare responsibly.
Fraud & Abuse
- Dr. Basem Hamid, a 52-year-old neurologist from Pearland, Texas, has agreed to pay $948,359.85 to settle allegations of submitting false Medicare claims. The claims involved billing for the surgical implantation of neurostimulator electrodes between August 27, 2019, and October 3, 2022. However, it is alleged that neither Dr. Hamid nor his staff performed these surgeries. Instead, patients received electro-acupuncture devices that were non-invasive and applied in his clinic, not in a surgical setting. Many patients reported that the devices, which were taped behind the ear, often fell off within a few days.
- The U.S. Department of Justice (DOJ) has historically focused on combating fraud against federally funded healthcare programs like Medicare, Medicaid, and TRICARE by encouraging whistleblowers to file lawsuits under the False Claims Act. Recently, the DOJ launched the Corporate Whistleblower Awards Pilot Program, a three-year initiative aimed at incentivizing reports of corporate crime, including private healthcare fraud, with potential monetary rewards for whistleblowers. This program expands the DOJ’s focus to include fraud involving private insurers and healthcare benefit programs outside the scope of the False Claims Act. The DOJ’s updated Evaluation of Corporate Compliance Program guidance emphasizes the importance of confidential reporting structures to protect whistleblowers and urges healthcare providers to enhance compliance programs to address both public and private healthcare fraud. These developments signal an increased scrutiny of corporate healthcare practices and the need for robust compliance systems.
- Edelmira Marquez, the 59-year-old owner of Marquez Medical Supply in El Paso, was sentenced to five years in federal prison and ordered to pay over $1.7 million in restitution for a health care fraud scheme involving adult diapers. Marquez pleaded guilty to conspiracy to commit health care fraud by billing Medicaid and Medicare for more expensive items while providing lower-value products. The fraud, which began as early as 2010, was uncovered by an investigation led by the Texas Attorney General Medicaid Fraud Control Unit and the FBI. In addition to the prison sentence, Marquez was fined $20,000 and admitted full responsibility for her actions. Born in Chihuahua, Mexico, and a naturalized U.S. citizen since 2008, Marquez had no prior criminal record and cooperated with investigators.
HIPAA Penalties
- The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) imposed a $548,265 civil monetary penalty on Children’s Hospital Colorado for violations of the HIPAA Privacy and Security Rules following breaches reported in 2017 and 2020 due to phishing attacks. The breaches compromised the protected health information (PHI) of 3,370 and 10,840 individuals, respectively, and were partly due to disabled multi-factor authentication and unauthorized email access by third parties. OCR found additional violations for failure to train staff on HIPAA Privacy Rules and conduct a proper risk analysis of electronic PHI (ePHI). In June 2024, Children’s Hospital Colorado waived its right to a hearing, leading OCR to finalize the penalty. OCR recommends that covered entities implement robust cybersecurity measures, including multi-factor authentication, encryption, regular risk analyses, and workforce training to prevent such breaches.
- The U.S. Department of Health and Human Services Office for Civil Rights (OCR) fined Gulf Coast Pain Consultants, LLC, $1.19 million for multiple HIPAA Security Rule violations, including failing to terminate a former contractor’s access to systems containing electronic protected health information (ePHI). The contractor, who had ceased providing services in August 2018, accessed ePHI of approximately 34,310 individuals without authorization and generated around 6,500 false Medicare claims. Gulf Coast Pain Consultants failed to conduct a HIPAA-compliant risk analysis until September 30, 2022, and did not implement necessary policies and procedures for access termination and activity review until April 2020. The penalty is part of OCR’s 14th HIPAA enforcement action in 2024 and highlights the importance of proactive cybersecurity measures. Despite providing evidence of mitigating factors, Gulf Coast Pain Consultants could not reach an informal settlement with OCR.
Mental Health and Substance Use
Pharmacy Benefit Managers
Private Equity
