On Thursday, September 30, 2021, The United States departments of Health and Human Services (“HHS”), Labor and Treasury released an interim final rule (“Rule”) that completes most of the regulatory framework under the federal No Surprises Act (“Act”). The Act largely bars balance billing of patients who receive emergency services or hospital-based provider services (at an in-network facility) on an out-of-network basis. This is the second part of the agencies’ rulemaking under the Act. The first part was released in July 2021. This second part deals primarily with the independent dispute resolution (“IDR”) process, which will determine the “appropriate out of network rate” to be paid to the provider by the health plan for a particular emergency or hospital-based provider service and a portion of the provider price transparency requirements under the Act.Continue reading…
As we indicated in last week’s blog post , the D.C. Circuit Court’s refusal to uphold HHS’ pharmaceutical price disclosure rule (“RX Rule”) was not a predictor of how the trial court might rule in the closely watched challenge to HHS’ hospital price transparency rule (“Hospital Rule”). In a June 23, 2020 ruling on cross motions for summary judgment, American Hospital Association, et. al. v. Azar, D.C. District Court Judge, Carl Nichols, ruled that HHS did not overstep its authority under Section 2718 of the Public Health Services Act (“Section 2718”) by requiring hospitals to publish their “gross charges”, payer-specific negotiated rates, discounted cash prices, and de-identified minimum and maximum negotiated charges.Continue reading…
On June 16, the D.C. Circuit Court struck down the Centers for Medicare and Medicaid Services’ (“CMS”) rule issued in May 2019 requiring pharmaceutical companies to disclose the wholesale acquisition cost of drugs over $35 in their direct-to-consumer television advertisements (“RX Rule”). Similar to the RX Rule, the Hospital Price Transparency Rule, issued on November 27, 2019, requires hospitals to publish, among other information, payor-specific rates for certain services on their websites beginning on Jan 1, 2021 (“Hospital Rule”). Both rules stem from the Trump administration’s stated efforts to improve the nation’s health care quality and transparency, and both were met with swift legal opposition. The Hospital Rule litigation, American Hospital Association et al v. Azar, is currently before the U.S. District Court for the District of Columbia. While the D.C. Circuit Court’s RX Rule decision could be viewed as a predictor of the outcome of the Hospital Rule litigation, the alleged statutory authority underlying the Hospital Rule is different than the statutory authority underlying the RX Rule. Therefore, the Circuit Court’s ruling in the RX Rule litigation may not be an accurate barometer of the likely outcome in the Hospital Rule litigation.Continue reading…
As another mark of progress in the fight against opioid addiction, Governor Wolf signed Senate Bill 572 (the “Act”) into law on November 27, 2019, requiring prescribing providers (referred to as “Prescribers”) to take several additional steps before issuing a prescription for an opioid in certain treatment situations. Specifically, the Act’s requirements kick in before a Prescriber can issue a patient the first prescription in a single course of treatment for chronic pain with a controlled substance containing an opioid.Continue reading…
Google has confirmed that it is working with Ascension, one of the nation’s largest health systems in a project that will involve the health data of millions of Americans. Google and Ascension have partnered in a project to store and analyze patient data with the intended goal of using Google’s artificial intelligence tools to enhance patient care and medical decision making. As a result of this partnership, it has been estimated that over 100 Google employees may have access to sensitive patient data such as name, birth date, diagnoses and treatments. Such access by Google to millions of patient’s health data has resulted in some concern over how the data will be protected, including a recently announced inquiry into the relationship by the U.S. Department of Health and Human Services’ Office of Civil Rights (“OCR”). OCR has stated that it “would like to learn more information about this mass collection of individuals’ medical records with respect to the implication for patient privacy under HIPAA.” Ascension has said that the project with Google has complied with the law and followed the healthcare organization’s “strict requirements for data handling.”
We will continue to follow this important story. Several other tech companies continue to try to gain a bigger share of America’s health care market, which will all have to be balanced with patient data privacy and security concerns.
CMS today issued its Price Transparency Requirements for Hospitals Final Rule, which will go into effect on January 1, 2021. (CMS had initially proposed that it go into effect January 1, 2020, but agreed that that deadline was too “challenging”). Hospitals will be required to post on a public website, among other things, the “payer-specific negotiated charges” for each payer and plan. These negotiated rates have typically been subject to lock and key treatment through confidentiality agreements. Noncompliance with the rules may result in corrective action plans (CAPs), civil monetary penalties (CMPs) of $300 per day (indexed to an inflation factor), and a public notice of the CMP on a CMS website. Under the rules, CMS can issue “subsequent” CMPs for continued noncompliance. A link to the Final Rule is here: https://www.hhs.gov/sites/default/files/cms-1717-f2.pdf.
The Trump Administration has also issued a proposed “Transparency in Coverage” rule that would require plans to give consumers access to a tool providing an estimate of their cost-sharing liability for all covered healthcare items and services. It would also require plans to list on a website their negotiated rates for in-network providers and the allowed amounts paid for out-of-network providers. A link to the Proposed Rule is here: https://www.hhs.gov/sites/default/files/cms-9915-p.pdf.
We will continue to analyze and monitor these rules. Stay tuned.
cybersecurity, Federal Trade Commission, FTC, Privacy, Uncategorized / No Comments
On July 2, 2018, the Federal Trade Commission (FTC) issued a number of press releases and a proposed settlement with California-based employee training company ReadyTech Corporation. In announcing the settlement, FTC Chairman Joe Simons said, “Today’s settlement demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield.” According to the FTC, this is the 4th case enforcing the Privacy Shield and 47th case enforcing international privacy frameworks such as the Safe Harbor framework and the Asia Pacific Economic Cooperation Cross Border Privacy Rules.
The ReadyTech settlement should be a warning for other companies that make representations in their Privacy Policies about the Privacy Shield, GDPR, CCPA and other data security and privacy frameworks. By way of background, the Privacy Shield framework allows companies to transfer personal data lawfully from the EU to the United States. To join the Privacy Shield framework, a company must self-certify to the U.S. Department of Commerce that it complies with the Privacy Shield Principles and related requirements that have been deemed to meet the EU’s adequacy standard. A company, like ReadyTech, that claims it has self-certified to the Privacy Shield Principles, but failed to self-certify to the U.S. Department of Commerce, may be subject to an enforcement action by the FTC. Continue reading…
Hospital, Mental Health, Uncategorized / No Comments
Hospitals that have emergency departments should call upon their “available resources” to screen and stabilize patients with mental health emergencies as required by the Emergency Medical Treatment and Labor Act (“EMTALA”) according to recent statements by an analyst for CMS and an attorney with the Office of Inspector General (“OIG”) for the Department of Health and Human Services.
While speaking at the American College of Emergency Physicians annual meeting in Chicago, the CMS representative noted that EMTALA requires hospitals with emergency departments to provide a medical screening within the capabilities of the hospital by a person who is qualified to do the examination, which, if the hospital offers psychiatric services, would include a psychiatrist. While the initial screening must be done with medical personnel such as a psychiatrist, the CMS official stated that other mental health professionals may be qualified to assist in those examinations.
The White House recently released a guidance document for those in the precision medicine community to help ensure that participants’ data and resources remain secure. The document, titled “Precision Medicine Initiative: Data Security Policy Principles and Framework,” is meant to offer “security policy principles and a framework to guide decision-making by organizations conducting or participating in precision medicine activities” and is the result of a collaborative, interagency process featuring roundtable discussions with various security experts as well as a review of existing data security resources. Federal PMI agencies already have committed to integrating the framework into all PMI activities.
But the document is meant only to be a guideline – not a one-size-fits-all solution. It notes that those in the PMI community must constantly strive to use current best practices and should conduct their own “comprehensive risk assessment to identify specific security requirements and establish processes to continuously review and make improvements.”
The guidance emphasizes some overarching principles that anyone dealing with sensitive data should bear in mind when developing and implementing a data security plan:
- Keep pace with changing technology and new security threats.
- Tailor your data security plan to your unique circumstances.
- Be specific – think about your risks and put in writing how you will neutralize them.
- Have an independent third party review your plan.
- Without compromising security, be transparent about your plan to build trust among participants.
The document also offers specific suggestions with respect to identity proofing, user credentials and authentication, encryption and physical security, audits to detect anomalous activity, and incident response, among other topics. The White House also emphasizes the importance of ongoing participant education, as well as role-specific training for those who use PMI data.
On balance, the White House’s message to the PMI community is clear: Think hard about data security, think often about data security, and act vigilantly.
The guidance is available here: www.whitehouse.gov/sites/whitehouse.gov/files/documents/PMI_Security_Principles_Framework_v2.pdf.
For more information you can contact Ryan P. Blaney or another member of Cozen O’Connor’s Health Law team.
On Tuesday, December 8 Cozen O’Connor’s Health Care practice and industry team hosted the Health Law Year in Review, an annual discussion of hot topics facing those in the health care industry.
Presentation topics included:
- Update from Washington, DC – Havi Glaser discussed the Affordable Care Act five years in and provided updates. She also gave a forecast of what is likely to happen in 2016 and discussed pharmaceutical pricing.
- The Move to Pay for Value Reimbursement – Chris Raphaely discussed changes to how we pay for health care services and pay providers. He also discussed new initiatives, including ACOs, risk arrangements, readmission penalties, care management fees, capitation, bundled payments, quality incentives and patient experience.
- Employment Update – Debra Friedman looked back at hot employment issues from 2015 and forward to issues that may come up in 2016, including wellness programs and wage and hour developments impacting health care providers.
- Are You Protecting Your Intellectual Property? – Kyle Vos Strache looked at the different types of intellectual property and how each can increase a company’s value and mitigate risk.
- Hot Tax Topics – Richard Silpe talked about the 2018 Cadillac Tax, final regulations under IRC Section 501(r) and the tax implications of the case involving Morristown Memorial Hospital determining whether the hospital was non-profit or for-profit.
- Trends in Concierge Medicine and Alternative Payment Methods – Marc Auerbach discussed the three models of concierge medicine, traditional, hybrid and direct primary care medical home, and the benefits of choosing each.
- Antitrust Developments in Health Care – Jonathan Grossman led a discussion on the recently announced mergers of Aetna/Humana and Anthem/Cigna. He also discussed the Supreme Court’s limit of state action immunity in NC Dental and the continuing aggressive federal and state antitrust enforcement.
- Cybersecurity and Health Care – Ryan Blaney and Gregory Fliszar discussed cybersecurity risks and best practices and the steps to take for compliance.
- M&A Update – Anna McDonough and Trey Crabb (Ziegler Investment Banking) talked about recent trends in health care transactions.
For more information about any of the topics listed above, or copies of the presentations, please click the speaker’s name to be directed to their biography. Please click here to be added to our health care alert list to read about new developments and to receive invitations to upcoming seminars and webinars.