Wade’s Health Law Highlights for December 3, 2024

Elderly & Aging

• Older adults increasingly require more clinical care and social services, which places a significant burden on an already strained healthcare system. The integration of data analytics in senior care can enhance patient-centered care by enabling predictive analytics for proactive health interventions and personalized treatment plans tailored to individual needs. This approach improves health outcomes and optimizes resource allocation, ensuring efficient use of staff and financial resources. The future of senior care is data-driven, with advancements in artificial intelligence and real-time health monitoring promising further improvements in care delivery. However, challenges such as ensuring data privacy and training staff to use these technologies effectively must be addressed.

Emerging Technologies

• Technology is revolutionizing healthcare by enhancing diagnostics, patient care, and operational efficiency through innovations such as AI-driven diagnostics, wearable health devices, telemedicine, and robotic surgeries. These advancements improve accessibility and accuracy, with AI improving diagnostic precision and telemedicine expanding care to remote areas. Wearable technology empowers patients by tracking vital signs and supporting chronic disease management, while electronic health records streamline data management for continuity of care. However, challenges like data privacy, security, and accessibility persist, requiring solutions to ensure equitable healthcare access. Overall, technology is creating a future where healthcare is more efficient, personalized, and accessible.

Fraud & Abuse

• Attorney General Ken Paxton’s Medicaid Fraud Control Unit was instrumental in a significant federal prosecution involving nine pharmaceutical distributor executives and sales representatives who unlawfully distributed nearly 70 million opioid pills and over 30 million doses of other prescription drugs, valued at over $1.3 billion. These drugs were illegally sold to Houston-area pill-mill pharmacies. The investigation resulted in nine defendants pleading guilty.
• Dr. Rajesh Bindal, a 53-year-old from Sugar Land, has agreed to pay $2,095,946 to settle allegations of submitting false claims for electro-acupuncture device placements. Bindal, through Texas Spine & Neurosurgery Center P.A., billed Medicare and the Federal Employees Health Benefits Program for surgical neurostimulator electrode implantation between March 16, 2021, and April 22, 2022. However, instead of performing surgeries, his clinic allegedly inserted monofilament wires into patients’ ears and taped the devices behind the ear, which were then falsely billed as surgeries. These procedures were performed in his clinic without making any incisions, and many devices reportedly fell off within days. The U.S. Attorney and law enforcement officials emphasized the importance of accurate billing to maintain public trust and the integrity of federal health care programs.
• Federal agents detained former hospital CEO Ralph de la Torre and seized his phone as part of an escalating federal corruption and fraud investigation into the bankrupt hospital chain Steward, which he formerly led. De la Torre, held in criminal contempt of Congress in September, and Armin Ernst, who also had his phone seized, are central figures in a corruption case in Malta involving alleged bribery of government officials. A Maltese magistrate has recommended charges against them for money laundering and corruption. Domestically, Steward executives are accused of misusing the Steward-owned malpractice insurer TRACO, resulting in significant financial discrepancies, with $99 million in outstanding loans and $176 million in accounts receivable owed by Steward.

HIPAA

• Healthcare providers must comply with the new HIPAA Reproductive Health Rule by December 23, 2024, which restricts the disclosure of reproductive healthcare information (RPHI) if the care was legal in the state it was provided and the information is sought for investigative or prosecutorial purposes. The Rule faces legal challenges, notably from Texas, and its future is uncertain, especially with potential changes in federal administration. Providers must assess the legality of reproductive care and the purpose of RPHI requests, requiring attestations from requesters to ensure compliance. They must update HIPAA policies, train employees, and potentially use a model attestation from the Office for Civil Rights. Additionally, providers must update their Notice of Privacy Practices by February 16, 2026, to reflect these changes and other proposed HIPAA modifications.
• The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took its first enforcement action against Holy Redeemer Family Medicine for improperly disclosing a patient’s reproductive health information to a prospective employer without authorization. The disclosure included sensitive health details beyond what the patient had consented to share, violating HIPAA regulations. Holy Redeemer agreed to a settlement, paying a $35,581 penalty and adopting a corrective action plan, which includes revising privacy policies, training staff, and monitoring compliance for two years. OCR emphasized the importance of protecting patient privacy, particularly concerning reproductive health, to maintain trust in the patient-doctor relationship. Additionally, OCR’s Final Rule to enhance privacy protections for reproductive health information will take effect on December 23, 2024.
• On June 25, 2024, the Office for Civil Rights and the U.S. Department of Health and Human Services issued the HIPAA Privacy Rule to enhance privacy protections for Protected Health Information (PHI) related to reproductive healthcare. This rule prohibits healthcare entities and their associates from using or disclosing PHI for criminal, civil, or administrative investigations related to seeking or providing reproductive healthcare. Compliance with this rule is required by December 23, 2024, and updates to Notices of Privacy Practices (NPP) must be completed by February 16, 2026. The rule mandates obtaining a written attestation ensuring PHI is not used for prohibited purposes before any use or disclosure. Additionally, the rule requires updates to NPPs to reflect these protections and changes, with varying responsibilities for group health plans based on their insurance status.

Medicare Expansion

• The Biden administration has proposed significant health care reforms, including expanding Medicare and Medicaid coverage to include GLP-1 weight-loss drugs like Wegovy and Zepbound, which could benefit millions but cost the government an estimated $36 billion over ten years. The proposals also aim to prevent Medicare Advantage plans from denying previously authorized claims and improve transparency and appeal processes, as only 4% of denied claims are currently appealed despite an 80% success rate.

Mental Health & Substance Use

• On September 23, 2024, the Departments of Labor, Treasury, and Health and Human Services issued a final rule under the Mental Health Parity and Addiction Equity Act (MHPAEA), which requires insurers and group health plan sponsors to conduct a comparative analysis of nonquantitative treatment limitations (NQTLs) for mental health and substance use disorder benefits. Effective for plan years starting on or after January 1, 2025, the rule mandates that ERISA plan fiduciaries certify a prudent process in selecting and monitoring service providers for this analysis. The comparative analysis requirement, in effect since February 10, 2021, applies to most group health plans and includes various NQTLs like prior authorization and network design. Plan sponsors must ensure compliance by arranging for these analyses and updating contracts with insurers and vendors. Enforcement includes audits and penalties for non-compliance, with ERISA participants entitled to request the analysis within 30 days.

OIG

• The Office of Inspector General (OIG) issued Advisory Opinion No. 24-09 in response to a request from a municipal corporation about a proposal to charge insurance for treatment-in-place (TIP) emergency medical services without ambulance transport, while waiving patient cost-sharing amounts. The OIG assessed whether this proposal would violate the Federal anti-kickback statute or the Beneficiary Inducements Civil Monetary Penalty (CMP) provisions. Although the arrangement could potentially generate prohibited remuneration under these statutes, the OIG concluded that it would not impose administrative sanctions due to the low risk of fraud and abuse associated with the proposal.
• On November 20, 2024, the Office of Inspector General (OIG) released new compliance guidelines for nursing facilities, which is the first industry-specific guidance since the 2023 General Compliance Program Guidance. The guidance emphasizes best practices for nursing facilities, covering topics such as quality of care, Medicare and Medicaid billing requirements, and the federal Anti-Kickback Statute. Additionally, an OIG report published on November 12, 2024, found that Medicare overpaid acute-care hospitals an estimated $190 million over five years for outpatient services to hospice enrollees, and the OIG recommended improvements to prevent future overpayments.
• The HHS Office of Inspector General (OIG) report criticized the Office for Civil Rights (OCR) for its narrow HIPAA audit program, which assessed only eight out of 180 requirements, failing to adequately improve cybersecurity at healthcare organizations. The audits did not evaluate physical or technical safeguards, leaving potential vulnerabilities unaddressed. The OIG recommended expanding the audit scope, enforcing corrective measures, and establishing evaluation metrics, but the OCR cited budget constraints and a lack of resources as barriers to implementing these changes. From fiscal years 2018 to 2020, the OCR’s budget remained at $38 million, while complaints and data breach reports increased, and investigative staff numbers decreased by 30% since 2010. Despite agreeing with most recommendations, the OCR disagreed with requiring corrective measures, emphasizing that HIPAA allows for civil penalties instead, and audits are intended to offer technical assistance. See report here.