In order to move health care organizations towards consistency in mitigating important cybersecurity threats to the health care sector, the Department of Health & Human Services (HHS) published multiple guidance documents on best practices for health care organizations to reduce cybersecurity risks (“HHS Cyber Guidance”). The HHS Cyber Guidance is the result of HHS’ public-private partnership with more than 150 cybersecurity and health care experts. While compliance is voluntary, this guidance serves as direction to health care entities on important practices that should be considered and implemented to reduce risk.

Why HHS has published this guidance

Continue Reading HHS Releases Voluntary Cybersecurity Practices Guidance

WANT TO KNOW HOW THE DOJ’S BRAND MEMO MAY GIVE HEALTH CARE CONTRACTORS A NEW AVENUE OF DEFENSE IN FCA LITIGATION? READ “DOJ: PUTTING LIMITS ON GUIDANCE” TO FIND OUT

Crowell & Moring has issued its seventh-annual “Litigation Forecast 2019: What Corporate Counsel Need to Know for the Coming Year.” 

The health care section of the Forecast, DOJ: Putting Limits On Guidance,” outlines how The DOJ’s Brand Memo may give health care contractors a new avenue of defense in FCA litigation, but how it will be interpreted is still unclear.

There is also an interesting discussion of how companies and law firms are leveraging technology to improve their legal operations and litigation strategy in the cover story, “Welcome to Your New War Room: How Technology Is Finding Its Way into Litigation Case Strategy.” It features interviews with in-house counsel at Cisco, Humana, United Airlines, and Lex Machina and discusses how technology is streamlining the collection and analysis of information to aid “data-driven” decision making along the continuum of litigation.

Be sure to follow the conversation on social media with #LitigationForecast.

 

On Nov. 29, 2018, Deputy Attorney General Rod J. Rosenstein announced several amendments to policies on individual accountability set forth in the 2015 Yates Memo. As a result, companies facing FCA actions—especially defendants in health care cases—should consider following three strategy tips:  (1) Establish clear benchmarks for cooperation.  (2) Advocate for individual releases.  And (3) Emphasize that litigation costs outweigh the potential recovery in appropriate cases.

To learn more please read this Bloomberg BNA article written by Partner William S.W. Chang and Associate Spencer Churchill.

 

On January 1, 2019, portions of the U.S. Department of Labor’s (DOL) Final Rule expanding the availability of Association Health Plans (AHPs) went into effect. AHPs allow small businesses to band together and negotiate better deals when buying insurance for their members.

The partial government shutdown hasn’t slowed the raging debate over how states are to implement the DOL’s final rule. On December 28, 2018, a federal judge ordered litigation concerning the rule to continue despite the shutdown.

States have reacted to the final rule in dramatically divergent ways. Some states believe that AHPs will make it finally possible for small employers to offer affordable healthcare options for their employees. Other states worry that AHPs will destabilize the individual insurance marketplace. They predict that healthy people will join AHPs because they are less expensive than other insurance options, and this shift will leave sicker people in a smaller pool with higher premiums.   Continue Reading Taking the Pulse of New Association Health Plans

 

  • More of our health information is becoming digital every day, as new technology companies enter the health care and wellness markets.
  • Many companies that hold a wealth of consumer health information are not covered by HIPAA.
  • Many consumers may not realize that their health information only is protected and they only have certain rights with respect to that information when it is held by certain entities, but not when it is held by others.
  • The private sector should work with regulators to develop a common sense, appropriate framework for use of health information by non-HIPAA covered entities.

As we await proposed HHS regulations on interoperability and patient access to data, and as more companies than ever before are collecting and using data to power advanced data analytics, artificial intelligence, and machine learning to improve health care quality and delivery, it is important to understand the scope and limitation of protections and the applicability of the HIPAA Privacy Rule.

Patients, providers and caregivers now have access to a wide array of devices and applications to manage and track patient health, improve treatment adherence, and better coordinate care. Large technology companies, athletic gear manufacturers, and others are entering a rapidly growing consumer health technology market. They are developing new technologies including tracking apps, wearables, and social networks that are increasingly integrated into patients’ daily lives. With an estimated 86.7 million U.S. consumers owning wearable devices by 2019, patients are generating billions of data points that provide insight into their health. Yet many of these companies are not subject to existing privacy protections under HIPAA, creating a significant gap in consumer protections.

At the same time, HHS is pushing for greater interoperability and patient access to data to address a challenge that remains widespread even after the investment of billions of federal dollars into the adoption of electronic health records. Agencies are encouraging and mandating easier availability of electronic health data, through current and anticipated CMS and ONC regulations and through a variety of government initiatives such as: 1) Blue Button and MyHealtheData; 2) incentivizing the adoption of open APIs; 3) developing new fee-for-service payment policies regarding remote monitoring and virtual care reimbursement; and 4) launching Sync for Science, a technical standard for facilitating patient-mediated data exchange for research. Consumers and companies alike seek guidance on the implications of collecting, storing, maintaining, and commercializing personal health data. Continue Reading Closing the Health Information Privacy Divide

The New York State Attorney General (the ”AG”) recently issued new standards of review for the sale of all or substantially all assets of not-for-profit nursing homes which should be of keen interest to both not-for-profit providers and prospective for-profit purchasers.  See http://www.charitiesnys.com/pdfs/NursingHomeSales.pdf (the “Guidance”). After noting the significant increase in efforts to sell nonprofit nursing homes to for-profit entities since 2014 in New York, the Guidance expresses “significant concern”  regarding the “effort and success” by not-for-profit Boards of Directors and their advisors in evaluating whether the terms of the sale or transfer, and the intended use of the proceeds of the sale, will “promote the mission and purposes “ of the charity.  The Guidance recommends “best practices” for nursing home Boards and their advisors in considering a sale to assist them in the exercise of their fiduciary duties to charitable beneficiaries, including nursing home residents.

It also sets forth specific new factual representations that the AG will require to be made by the seller seeking approval of the sale of all or substantially all nursing home assets. Not-for-profit providers in New York State and any entity interested in a transfer of the assets of such providers are well advised to seek legal, financial and other professional assistance to prepare for the due diligence now required by the Guidance.

The Centers for Medicare & Medicaid Services (CMS) recently proposed a rule to allow Medicare Advantage plans to expand telehealth benefit coverage. (See alert for more detail) This proposed rule implements the statutory provisions in section 50323 the Bipartisan Budget Act of 2018. What you might not know, however, is that the Bipartisan Budget Act of 2018 is only one of many legislative vehicles by which advocates for telehealth expansion have been able to move the needle definitively in their favor during this session of Congress.

Over the past two years, Congress has shown its support for the utilization of telehealth by introducing forty-one bills that, if passed, would require Medicare to reimburse providers for their use of telehealth to treat numerous health conditions such as stroke diagnosis, mental health, chronic care management and opioid addiction treatment. Of note, the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act of 2017 was the predecessor bill that passed out of the Senate in September of 2017 and became law on February 9, 2018 as a part of the Bipartisan Budget Act of 2018. Continue Reading Government Affairs – The Progress of Telehealth Bills in Congress

In its recent notice of proposed rulemaking setting policy for Medicare Advantage (MA) and the Prescription Drug Program (PDP) for calendar year 2020, CMS announced that it would establish extrapolation as a method to be used in risk adjustment validation (RADV) audits, and further, that it would not make any adjustments to account for errors in Medicare fee for service data in determining recovery amounts.

CMS uses a risk adjustment process to modify MA plan payments to better reflect the relative risk of each plan’s enrollees. Payments to each MA plan are adjusted based on risk scores that reflect enrollees’ health status (categorized into Hierarchical Condition Categories (HCCs)) and demographic characteristics derived from member claims data. To counteract incentives that a plan might have to over-report enrollee diagnoses, CMS emphasizes that all diagnoses submitted to enhance risk must be documented in a medical record, and uses RADV audits to ensure that medical record documentation exists, and thus, that payments to MAOs accurately reflect the level of risk assumed. Continue Reading CMS Announces and Solicits Comments on Expanded RADV Audit Methodology

This blog post has been prepared in collaboration with Nemours. Ms. Boyer is a Manager of Nemours Children’s HospitalMaya Upplauru is an associate in Crowell & Moring’s Health Care Group in Washington, D.C.

This Bulletin is brought to you by AHLA’s Children’s Health Affinity Group, which is part of the Academic Medical Centers and Teaching Hospitals and In-House Counsel Practice Groups.

One of the most fear-inducing experiences for new and first-time parents is the middle of the night illness of a young child. Many may head directly to the emergency department (ED) because they lack any means to communicate with their health care provider after-hours. Parents of children with chronic conditions or rare diseases are often forced to travel long distances to see specialists at regional centers of excellence and may struggle to check in or get questions answered once they are back at home. Teenagers managing chronic conditions may prematurely discontinue their treatment plan when they transition to college in a different state or when they enter the working world after college. Continue Reading Delivering Virtual Pediatric Care Across State Lines: Regulatory Barriers and Opportunities

In the most recent technical changes made to Part C and Part D plans for 2019, CMS codified the star ratings methodology in regulations. Now, CMS is proposing changes to these regulations, such as new definitions to clarify the meaning of terminology used in describing the star ratings methodology. In addition, CMS is proposing several changes to improve program quality and accessibility of the Medicare Advantage (MA) and Part D Prescription Drug Program (PDP) Plan Quality Rating for measures other than Consumer Assessment of Healthcare Providers and Systems (CAHPS).

Continue Reading MA/PDP Star Ratings: Proposed Technical Changes for 2020