In a continuing wave of fraud and abuse civil enforcement actions brought by qui tam relators, big pharma giant, Biogen, is the latest corporate actor to reach a mega settlement with the U.S. Department of Justice (DOJ) for allegations of False Claims Act liability for paying bribes to physicians who participated in Biogen’s sales and marketing programs veiled as “physician training and education” seminars over a five year period from 2009 through 2014. DOJ did not intervene in the case.

According to an investor relations statement released by Biogen on September 26, 2022, the Company reached a final agreement to pay $900 million to settle the qui tam action; however, Biogen insists that its intent and conduct were at all times lawful and, therefore, it denies all allegations raised in the qui tam law suit. Significantly, the Company stated in the release as a basis for the settlement that, “Biogen determined that now was the right time to resolve the litigation and allow the Company to remain focused on our patients and strategic priorities.”

In this case, the qui tam relator, Michael Bawduniak, who was also an employee at Biogen, alleged specifically that the Company routinely paid fees to physicians as inducements for ordering/prescribing three Biogen products (Avonex, Tysabri and Tecfidera) in the form of speaker honoraria, training fees, consulting fees and meals at speaker programs and training sessions. If true, these practices would be in violation of the federal Anti-Kickback Statute.

What is material about this settlement is that industry manufacturers (whether pharma or DME) need to take stock of their interactions with physicians and clinical institutions and they need to do this soon. While, in this case, DOJ did not intervene, there is now precedent. As a result, we can expect only greater enforcement activity and intervention by DOJ.

Those affected by this case, or similar fact patters, should pay close attention, and seek counsel if there are questions about their own industry conduct concurrently or retrospectively.

The Office of Civil Rights of the Department of Health and Human Services (“OCR”) announced the resolution of three more right of access cases, bringing the total to a whopping 41 since the start of its drive to increase compliance with this Health Insurance Portability and Accountability Act (“HIPAA”) requirement over two years ago. From small physician practices to nursing homes to health systems, OCR has spared no one in its quest to reduce patient complaints related to medical records request fulfillment. The three most recent actions all involved dental practices, with settlements ranging from $25,000 to $80,000. Each instance involved a failure to timely provide records (where the respective patient made multiple requests over a span of months to over a year), and one where the practice’s $170 copying fee exceeded HIPAA’s reasonable and cost-based standard.

In its recently published Special Fraud Alert, the Office of Inspector General (“OIG”) presented a list of suspect characteristics related to arrangements with telehealth and telemedicine companies, which may help determine the potential for fraud.

The OIG developed this list based on dozens of fraud investigations involving companies in the digital health space. The schemes investigated by the OIG varied in design and operations, as well as the types of entities and individuals involved. They implicated a whole slew of Federal laws, including, among others, violations of the Federal anti-kickback statute and the False Claims Act. These schemes raised significant fraud concerns because “of the potential for considerable harm to Federal health care programs and their beneficiaries.”

The list of suspect characteristics related to arrangements with telemedicine companies is as follows:

On August 19, 2022, the United States Departments of Health and Human Services, Labor and Treasury released final rules (“Final Rules”) revising certain provisions of their previously issued interim final rules regarding the No Surprises Act (“NSA”).

The revisions reflect some comments received on the interim final rules under the NSA that the department published in 2021, but they were made necessary because two separate federal trial courts vacated certain provisions of the department’s interim final rules regarding the use of the Qualified Payment Amount (“QPA”) in the Independent Dispute Resolution IDR process. Here are the four things you need to know about the Final Rules:

• The QPA, the plan’s median contract rate for a particular item or service, is a factor that the certified IDR entity must take into account in determining the payment that best represents the value of the item or service in dispute, along with the additional information, if any, submitted by the parties that is permissible under the NSA rules (“Additional Information”). This is a change to the interim final rules that were necessitated by the litigation challenging those rules. The vacated interim final rules established a “rebuttable presumption” that the QPA best represents the value of the item or service in dispute.

• The Final Rules do not require the certified IDR entity to select the offer closest to the QPA. Rather, they require certified IDR entities to select the offer that best represents the value of the item or service under dispute after considering the QPA and all Additional Information. This is another change to the interim final rules that were necessitated by the litigation challenging those rules.

• The Departments were clearly concerned that the certified IDR entities’ consideration of   Additional Information might lead to “double counting” information that is already factored into the establishment of the QPA and provided several examples of how double counting can be avoided while still considering non-duplicative Additional Information.

• To increase transparency as to the plans’ initial payment determinations and the certified IDR entities’ ultimate payment determinations, the Final Rule added the following requirements: 
  • A plan must provide a statement that the service code or modifier billed by the provider was downcoded; an explanation of why the claim was downcoded, including a description of which service codes were altered, if any, and which modifiers were altered, added, or removed if any; and the amount that would have been the QPA had the service code or modifier not been downcoded.
  • A certified IDR entity’s written decision must include an explanation of its determination, including what information the certified IDR entity determined demonstrated that the offer selected as the out-of-network rate is the offer that best represents the value of the item or service in dispute, including the weight given to the QPA and any Additional Information.  

The Final Rules as well as the litigation that necessitated them, are generally seen as favorable to providers, but it remains to be seen whether they will have a material effect on what providers are paid by plans for out-of-network services that are subject to the NSA.     

On February 23, 2022, the U.S. District Court for the Eastern District of Texas gutted portions of the interim final rule affecting the independent dispute resolution (“IDR”) process of the No Surprises Act (the “Act”). Tex. Med. Ass’n v. U.S. Dep’t of Health & Human Servs., No. 6:21-cv-425-JDK, 2022 WL 542879, at *15 (E.D. Tex. Feb. 23, 2022). In particular, the Court found that the rule did not square with the plain language of the Act, which mandates that the IDR process equally consider a number of factors in deciding payments for out-of-network (“OON”) services. Id. at *7–9. Instead, the rule substantially favored one factor over the others. In further rejecting the IDR-related portions of the rule, the Court found that the government had failed to provide an opportunity for notice and comment in advance of publishing the interim final rule. Id. at *10–14. As a result, the Court granted the plaintiffs’ motion for summary judgment, denied the defendants’ cross-motion for summary judgment, and severed portions of the rule. Id. at *15.

On Thursday, September 30, 2021, The United States departments of Health and Human Services (“HHS”), Labor and Treasury released an interim final rule (“Rule”) that completes most of the regulatory framework under the federal No Surprises Act (“Act”). The Act largely bars balance billing of patients who receive emergency services or hospital-based provider services (at an in-network facility) on an out-of-network basis. This is the second part of the agencies’ rulemaking under the Act. The first part was released in July 2021. This second part deals primarily with the independent dispute resolution (“IDR”) process, which will determine the “appropriate out of network rate” to be paid to the provider by the health plan for a particular emergency or hospital-based provider service and a portion of the provider price transparency requirements under the Act.   

As we indicated in last week’s blog post , the D.C. Circuit Court’s refusal to uphold HHS’ pharmaceutical price disclosure rule (“RX Rule”) was not a predictor of how the trial court might rule in the closely watched challenge to HHS’ hospital price transparency rule (“Hospital Rule”). In a June 23, 2020 ruling on cross motions for summary judgment, American Hospital Association, et. al. v. Azar, D.C. District Court Judge, Carl Nichols, ruled that HHS did not overstep its authority under Section 2718 of the Public Health Services Act (“Section 2718”) by requiring hospitals to publish their “gross charges”, payer-specific negotiated rates, discounted cash prices, and de-identified minimum and maximum negotiated charges.  

On June 16, the D.C. Circuit Court struck down the Centers for Medicare and Medicaid Services’ (“CMS”) rule issued in May 2019 requiring pharmaceutical companies to disclose the wholesale acquisition cost of drugs over $35 in their direct-to-consumer television advertisements (“RX Rule”). Similar to the RX Rule, the Hospital Price Transparency Rule, issued on November 27, 2019, requires hospitals to publish, among other information, payor-specific rates for certain services on their websites beginning on Jan 1, 2021 (“Hospital Rule”). Both rules stem from the Trump administration’s stated efforts to improve the nation’s health care quality and transparency, and both were met with swift legal opposition. The Hospital Rule litigation, American Hospital Association et al v. Azar, is currently before the U.S. District Court for the District of Columbia. While the D.C. Circuit Court’s RX Rule decision could be viewed as a predictor of the outcome of the Hospital Rule litigation, the alleged statutory authority underlying the Hospital Rule is different than the statutory authority underlying the RX Rule.  Therefore, the Circuit Court’s ruling in the RX Rule litigation may not be an accurate barometer of the likely outcome in the Hospital Rule litigation.

As another mark of progress in the fight against opioid addiction, Governor Wolf signed Senate Bill 572 (the “Act”) into law on November 27, 2019, requiring prescribing providers (referred to as “Prescribers”) to take several additional steps before issuing a prescription for an opioid in certain treatment situations. Specifically, the Act’s requirements kick in before a Prescriber can issue a patient the first prescription in a single course of treatment for chronic pain with a controlled substance containing an opioid.  

Google has confirmed that it is working with Ascension, one of the nation’s largest health systems in a project that will involve the health data of millions of Americans.  Google and Ascension have partnered in a project to store and analyze patient data with the intended goal of using Google’s artificial intelligence tools to enhance patient care and medical decision making.  As a result of this partnership, it has been estimated that over 100 Google employees may have access to sensitive patient data such as name, birth date, diagnoses and treatments.  Such access by Google to millions of patient’s health data has resulted in some concern over how the data will be protected, including a recently announced inquiry into the relationship by the U.S. Department of Health and Human Services’ Office of Civil Rights (“OCR”).  OCR has stated that it “would like to learn more information about this mass collection of individuals’ medical records with respect to the implication for patient privacy under HIPAA.”  Ascension has said that the project with Google has complied with the law and followed the healthcare organization’s “strict requirements for data handling.” 

We will continue to follow this important story.  Several other tech companies continue to try to gain a bigger share of America’s health care market, which will all have to be balanced with patient data privacy and security concerns.