Wade’s Health Law Highlights for November 11, 2024

Fraud & Abuse

• Horizon Medical Center of Denton, owned by Corinth Investor Holdings, L.L.C., paid $14.2 million to settle potential violations of Medicare regulations and the Stark Law. The center self-disclosed omitting a modifier and location for services provided at off-campus facilities, as well as financial relationships with physician-owners. This settlement, along with two others, highlights the Department of Justice’s emphasis on voluntary self-disclosure and cooperation in healthcare fraud cases.
• A pharmaceutical ingredient supplier will pay $21.75 million to settle allegations of inflating Average Wholesale Prices (AWPs) for two key ingredients. A pharmacist whistleblower exposed the scheme, highlighting the critical role of whistleblowers in combating pharmaceutical fraud. The False Claims Act empowers individuals to report fraud and protects public funds from fraudulent activities.
• A Texas optometrist, agreed to pay $1 million to settle allegations of healthcare fraud. The doctor operated a network of optometry practices in Central Texas and according to the government, these practices submitted claims to TRICARE, Medicare, and Medicaid using the National Provider Identifiers (NPIs) of optometrists who did not perform the services billed. They allegedly did so “in circumstances where the optometrist who rendered services was not credentialed or enrolled in the Federal healthcare program billed.
• Oak Street Health, a CVS subsidiary, agreed to a $60 million settlement for violating the False Claims Act. The company allegedly paid kickbacks to insurance agents to recruit seniors to their clinics, resulting in false claims to Medicare. The settlement includes restitution and a whistleblower reward.

HIPAA & Cybersecurity

• The return of Donald Trump to the White House raises questions about potential changes to healthcare cybersecurity and HIPAA regulations. While some experts anticipate a reversal of the Biden administration’s reproductive health data privacy protections, others believe the Trump administration will focus on completing previously proposed HIPAA Privacy Rule changes. Cybersecurity, however, is seen as a non-partisan issue, with potential for continued focus on implementing stronger practices and potentially updating the HIPAA Security Rule.
• The Health Infrastructure Security and Accountability Act (HISAA) aims to establish mandatory minimum security standards for healthcare organizations to protect healthcare information. HISAA proposes annual audits and stress tests, increased accountability and penalties, and financial support for enhancements. The bill seeks to address the patchwork of healthcare data security standards and bring them under one minimum umbrella.

Hospice

• Hospices are exploring palliative care programs to remain relevant in the evolving value-based care landscape. Palliative care, which focuses on managing symptoms and improving quality of life for patients with serious illnesses, is increasingly recognized for its potential to reduce healthcare costs. By partnering with Medicare Advantage plans and Accountable Care Organizations, hospices can leverage palliative care to participate in value-based reimbursement models.

Insulin Overpricing

• Insulin overpricing lawsuits allege that pharmaceutical companies and Pharmacy Benefit Managers (PBMs) have engaged in deceptive and unfair trade practices, artificially inflating insulin prices. Plaintiffs, including individuals, unions, and public entities, seek damages for losses incurred and injunctive relief to prevent future price gouging. The lawsuits allege violations of state consumer protection laws, unjust enrichment, and potentially federal RICO laws, aiming to hold these companies accountable for their actions.

Loper Bright

• The Loper Bright decision, repealing Chevron deference, leaves hundreds of healthcare regulations vulnerable to litigation. Healthcare regulation, often complex and involving multiple agencies and statutes, will face challenges in determining the “best reading” of statutes. This shift in regulatory authority could lead to increased litigation and uncertainty in the healthcare industry.

Med Spas

• A Harvard-trained spa owner allegedly injected clients with bogus Botox and skin fillers. The spa owner smuggled counterfeit injectable drugs from China and Brazil, falsely claiming to be a nurse with a degree from Harvard and a license from the state’s Estate Board.
• A former plastic surgeon who gained viral attention for posting dancing videos from the operating table, is practicing with a Texas med spa under a suspended license.

No Surprises Act

• The Fifth Circuit Court of Appeals upheld several provisions of the No Surprises Act, favoring regulators and insurers. The Act aims to protect patients from surprise medical bills by capping their liability to out-of-network providers. However, the Court’s decision will likely lead to artificially low QPAs, negatively impacting provider reimbursement rates and future contract negotiations.

Physician Fee Schedule

• The Centers for Medicare & Medicaid Services (CMS) finalized the 2025 Medicare Physician Fee Schedule, resulting in a 2.93% reduction in average payment rates. This decision has been met with strong opposition from national provider associations, who argue that the cuts, coupled with inflation, threaten the financial viability of physician practices and patient access to care. These associations urge Congress to intervene and stabilize reimbursement rates.
• The Biden administration finalized 2025 Medicare reimbursement rates, with physicians facing a 2.9% decrease and hospitals receiving a 2.9% increase for outpatient services. While hospitals argue the rates are insufficient, physician groups, particularly those operating independent practices, face more significant challenges due to rising costs and smaller profit margins. The CMS also implemented changes to the Hospital Outpatient Prospective Payment System, including maternal health and safety standards and continuous coverage requirements for children in safety-net programs.
• CMS finalized a 2.83% physician pay cut for 2025 while increasing reimbursement for ASCs meeting quality reporting requirements. The rule includes updates to coding and payment policies for various services, as well as changes to the ASC quality reporting program.

Ransomeware

• Ransomware attacks, while slightly less frequent in H1 2024, saw a 68% increase in severity, with average losses reaching a record high. Businesses with over $100 million in revenue experienced the most significant impact, with a 140% increase in losses. While BEC attacks remained the most common cause of claims, ransomware attacks were the third most common, with exposed login panels and outdated technologies increasing the likelihood of a claim.
• A new report reveals a four-year high in ransomware attacks on healthcare organizations, with 67% reporting incidents in the past year. These attacks are increasingly complex, with longer recovery times and higher costs, averaging $2.57 million in 2024. Attackers are also targeting data backups, increasing pressure on organizations to pay ransoms.

Skilled Nursing Facilities

• CMS has updated the CMS-855A form to require expanded disclosure of ownership and control interests for Skilled Nursing Facilities (SNFs). This includes disclosure from a broader class of entities, such as landlords, consultants, and managers, categorized as “additional disclosable parties” (ADPs). SNFs must report all persons and entities within the organizational structure of each ADP, and failure to comply may result in sanctions.