C&M Health Law

C&M Health Law

Analysis, commentary, and the latest developments in health care law and policy

Mount Sinai Health System to Pay $2.95 Million in 60-Day Overpayment FCA Settlement

Posted in Fraud, Waste & Abuse, Health Care Reform & ACA, Litigation
Diana HuangBarbara H. Ryland

On August 24, 2016, Judge Edgardo Ramos of the Southern District of New York approved a settlement in which Mount Sinai Health System (Mount Sinai) will pay $2.95 million to New York and the federal government to resolve allegations that it violated the False Claims Act (FCA) by withholding Medicare and Medicaid overpayments in contravention of the 60-day overpayments provision of the Affordable Care Act (ACA).  The provision creates FCA liability for healthcare providers that identify overpayments but fail to return them within 60 days, and the Mount Sinai settlement is the first one that specifically resolves allegations of violations of the provision.

The settlement stems from the qui tam action Kane v. Healthfirst, Inc., No. 1:11-cv-02325-ER, in which it was alleged that employee Robert Kane alerted Continuum Health Partners, Inc. (now a part of Mount Sinai) to hundreds of potential overpayments, and, instead of pursuing the refund of overpayments, Continuum fired Kane and delayed further inquiry.  Last year, as we discussed in a previous post, Judge Ramos denied Mount Sinai’s motion to dismiss and provided first-of-its-kind guidance on what it means to “identify” an overpayment and start the 60-day clock created by the ACA.  He opined that a provider has identified an overpayment if it has been “put on notice” that a certain claim may have been overpaid.  In February of this year, CMS released its final 60-day overpayment rule, largely adopting the same interpretation of “knowledge” and “identified” that Judge Ramos used.

Although the Kane court did not hold that the “mere existence” of an obligation under the ACA established an FCA violation, the 60-day period in the statute clearly carries a heightened risk of potential liability for providers that fail to carry out compliance activities or undertake an investigation once they have been given credible evidence of the existence of overpayments.  The settlement further signals to providers the importance of taking any allegation related to overpayments seriously, and to take swift action in order to be ready for the start of the 60-day clock deadline for returning any overpayments.

CMS Renews Focus on Third-Party Payment of Insurance Premiums Steering Medicaid & Medicare Eligibles into Marketplace Plans

Posted in Exchanges, Fraud, Waste & Abuse, Health Care Reform & ACA, Medicaid, Medicare
A. Xavier BakerTroy A. Barsky

On August 18, 2016, CMS issued a request for information on “inappropriate steering of people eligible for Medicare or Medicaid into Marketplace plans” by third parties. CMS voiced concern over “anecdotal reports” that Medicaid or Medicare eligibles received premium and cost-sharing assistance from third parties so they could enroll in Marketplace plans, enabling providers to receive higher reimbursement rates. In November 2013, CMS had issued guidance discouraging third-party payment of premiums because it has the propensity to “skew the insurance risk pool and create an unlevel field in the Marketplaces.” Almost three years later, it appears that CMS has determined that more decisive action may be necessary.

In July, UnitedHealthcare filed suit against American Renal Associates LLC in the United States District Court for the Southern District of Florida (complaint), alleging ARA violated Florida’s deceptive and unfair trade practices act, fraud, unjust enrichment, conspiracy, and other causes of action. The suit alleges that ARA coordinated with the American Kidney Foundation to pay premiums of low-income enrollees to switch from government health care programs to private insurance coverage. The suit alleges that by steering enrollees from Medicaid and Medicare to private insurance, ARA was able to increase billing from about $300 to $4,000 for the same services. The complaint also alleges that ARA did not collect copayments or deductibles from the enrollees after covering their premiums for private insurance and so committed negligent misrepresentation and tortious interference with a contract by misrepresenting the charges of claims submitted to UnitedHealthcare.

Continue Reading

OCR Announces Major HIPAA Enforcement Initiative

Posted in HIPAA & Privacy
Elliot GoldingStephanie Willis

The Department of Health & Human Services Office of Civil Rights (“OCR”) announced on August 18, 2016 that it is stepping up enforcement actions related to small breaches.  Although OCR investigates all reported breaches affecting more than 500 people, this new initiative will increase investigations of breaches affecting fewer than 500 people.  As OCR recognizes, it is often only through investigations following a reported breach that OCR uncovers more widespread HIPAA compliance issues, and it is those additional issues that often lead to monetary settlements or fines. Particularly given this increased enforcement initiative, covered entities and business associates should continue to evaluate and, where appropriate, strengthen their HIPAA compliance efforts.

To read more about the announcement, please click here.

Upcoming Free Healthcare Event: Healthy Data Management Webinar

Posted in Health IT
Elliot Golding

On Thursday, September 8, 2016 from 1:00 PM to 2:00 PM ET Crowell & Moring’s Elliot Golding will be speaking as part of a 60-minute Bloomberg BNA Webinar on Healthy Data Management: Essential Strategies for Governing PHI, PII, and Highly Sensitive Data during an Acquisition or Divestiture.  The panel discussion will cover the information governance life cycle for health care, life sciences, and pharmaceutical companies, from identification of sensitive data to storing and protecting that data during mergers and divestitures.  The webinar is free and open to all.

Objectives:

  • Data management considerations for companies responsible for maintaining personally identifiable information (PII), protected health information (PHI), and confidential or sensitive data.
  • Unique issues that arise when highly sensitive data is involved during the merger and divestiture transaction process.
  • Strategies to develop effective policies and procedures for data life cycle management.

Addressing Health Privacy and Security Gaps in ONC Report

Posted in Health IT, HIPAA & Privacy
Jodi G. DanielElliot GoldingJennifer Williams

On July 19th, the Office of the National Coordinator for Health Information Technology (“ONC”) released a report expressing concerns about major gaps in policies and oversight surrounding the access to, security, and privacy of health information held by certain mobile health (“mHealth”) technology companies and health social media.  While the report frames the issue well, it largely punts to the private sector to develop solutions.  For recommendations on how to address the oversight gaps identified by ONC, see our recent article in Bloomberg BNA’s Health Care Policy Report.

 

FDA Finalizes Guidance on Low Risk “General Wellness Products”

Posted in Health IT
Jodi G. DanielJennifer Williams

In a final guidance document released July 29th, the U.S. Food and Drug Administration (“FDA”) officially confirmed that it does not intend to review or require regulatory compliance for fitness trackers and certain health apps, collectively termed “general wellness products.”  This guidance, which is largely unchanged from the draft guidance issued in January 2015, coincides with FDA’s narrowing oversight of mobile medical apps and related tools.

According to the guidance, general wellness products are:

  1. Products that are intended for “general wellness use” (e.g., weight management, physical activity trackers, and stress management tools); and
  2. Products that present a low risk to the safety of users and others persons.

The primary distinction between a general wellness product and a medical device, which FDA does regulate, is that the intended use of a general wellness product is either to maintain or encourage a general state of health or healthy activity or to support a healthy lifestyle to help reduce the risk or impact of certain chronic conditions where there is a well-known connection. The guidance further explained that although general wellness products may claim to help manage or reduce the risk of certain chronic diseases, they may not claim to treat or diagnose a specific disease or condition.  Products that make these claims are considered medical devices and are subject to FDA regulation.

As mentioned above, this guidance is in line with FDA’s recent policy to exercise enforcement discretion when dealing with products that may help consumers manage or prevent ill health and pose a minimal risk of harm.  The policy attempts to strike a balance between ensuring consumer safety while supporting the rapid pace of innovation that is directed at consumer health.  This guidance along with earlier guidance can help mobile medical app, fitness trackers, wellness tools, and health information technology developers determine how to market their products in light of existing law and should be considered in the early stages of product development and business strategy.

For more information, please contact the authors of this post or your regular Crowell & Moring contact.

Medicaid Managed Care Final Rule: Prevention of Fraud, Waste, and Abuse

Posted in Fraud, Waste & Abuse, Medicaid
Troy A. BarskyRoma Sharma

The Medicaid Managed Care Final Rule aims to align Medicaid regulations with those of other health coverage programs, modernizing the post-Affordable Care Act healthcare landscape. Among other goals, the Final Rule seeks to bolster the transparency, accountability, and integrity of Medicaid managed care by imposing and clarifying requirements meant to reduce fraud, waste, and abuse. The rule finalizes a number of changes that address two types of program integrity risks: fraud committed by Medicaid managed care plans and fraud by network providers. It also tightens standards for managed care organization (MCO) submission of certified data, information, and documentation used for program integrity oversight by state and federal agencies.

First, the Final Rule places new responsibilities on both states and managed care plans. State Medicaid programs will now be required to screen and enroll all network providers that order, refer, or furnish services to beneficiaries under the state plan unless a network provider is otherwise enrolled with the state to provide services to fee-for-service (FFS) Medicaid beneficiaries.[1] This requirement, which will take effect in July 2018, may delay the growth of provider networks; to address this concern the Final Rule allows programs to execute network provider agreements pending the outcome of the screening process of up to 120 days. However, upon notification from the state that a provider’s enrollment has been denied or terminated, or the expiration of the 120 day period without enrollment, the plan must terminate the network provider immediately and notify affected enrollees. In addition, the Final Rule requires states to periodically, but no less frequently than once every 3 years, audit patient encounter data and financial reports for accuracy, truthfulness, and completeness. States must also post on their website or otherwise publicize a range of programmatic data, including the results of past audits and information related to entity contracts.[2]

Second, beginning July 2017, managed care plans will also have to submit and certify a range of data—including data related to rate setting, compliance with Medical Loss Ratio (MLR) standards, accessibility of services, and recoveries of overpayments—to their respective states. In order to comply with this requirement, the Final Rules permits the executive leadership of an MCO to delegate the certification to an employee who reports directly to the plan’s CEO or CFO.[3]

Continue Reading

Digital Health, Big Data, Cybersecurity, and Privacy – Four Key Takeaways from C&M’s Digital Health Strategies Conference

Posted in Health IT, HIPAA & Privacy
Marisa E. AdelsonJodi G. Daniel

In late June, Crowell & Moring partnered with Accenture to host a comprehensive one-day conference on legal issues affecting the digital health landscape. The program covered a wide range of topics, some of which you can read more about via the following links: Developing Digital Health Platforms; the Health Care Economy’s Internet of Things; and New Payment Models and Data. More information on the June 23rd “Fostering Innovative Digital Health Strategies Conference” can be found on Crowell.com.

One session touched upon privacy and cybersecurity issues regarding the usage of products and data in the digital health realm. This panel was moderated by Fauzia Zaman-Malik, Accenture’s Global Legal Lead for Health Industry Offerings and North America Legal Lead for Health and Public Services Operating Group; and featured Evan Wolff, partner at Crowell & Moring; Cora Han, FTC senior attorney, Division of Privacy and Identity Protection; and Hilary Weckstein, chief privacy officer at Inovalon, Inc.

This panel focused on methods and benefits of de-identification, HIPAA requirements, the FTC’s role in regulating big data and digital health technologies, and data breach preparation and response.  Keep reading for four key takeaways from this session; the full panel session can also be accessed by video at this link.

Continue Reading

Senate Finance Committee Members Hear from Partner Troy Barsky and Hospital System Executives on Necessary Stark Law Reforms

Posted in Fraud, Waste & Abuse, Health Care Reform & ACA, Medicaid, Medicare
Crowell & Moring

Barsky

Yesterday, our colleague Troy A. Barsky testified before the U.S. Senate Finance Committee led by Chairman Orrin Hatch (R-Utah) and provided recommendations for modernizing the Stark Law to regulate self-referrals without impeding the care coordination and value-based payment models promoted by health care reform legislation. Other witnesses before the Committee included Dr. Ronald A. Paulus, president and chief executive officer of Mission Health; and Peter Mancino, deputy general counsel of The Johns Hopkins Health System Corporation.

During his oral testimony, Barsky raised the following points and recommendations to the Senate Finance Committee:

  • That the Stark Law is affecting the health care industry because it has moved beyond the bounds of its original intent;
  • Because of the changing nature of the health care system, the Stark Law should be reformed to facilitate new alternative payment models; and
  • What Congress can do to reform the law while still protecting patients and the Medicare program, such as removing the compensation-based prohibitions in the Stark Law and granting the Centers of Medicare & Medicaid Services more authority to issue broad waivers for a wider variety of innovative health care and payment systems to limit the piecemeal waiver approach developing under the Affordable Care Act.

In addition, Barsky urged that reform of the Stark Law should focus on “[m]aking bright line rules that providers can follow and expanding CMS’s authority to provide guidance through advisory opinions will greatly assist provider.” Other options for reform also included implementing a lower penalty scheme for technical violations of the Stark Law, and lowering CMS’s heightened standard of “no program or patient abuse” for promulgating new regulatory exceptions to the general prohibition” against self-referrals.

The Committee members in attendance, representing both the Republican and Democratic Parties, largely responded positively to comments shared by all of the witnesses during the hearing and Chairman Hatch said that the Committee would move reform proposals forward in the remainder of the year.

Barsky’s full written testimony can be found here. His comments are also featured in Bloomberg BNA, Inside Health Policy, Law360, and MedTech Insight (subscriptions required).

New Payment Models and Data: Changes and Themes to Watch

Posted in Events, Fraud, Waste & Abuse, Health IT, Medicare
Jodi G. DanielRoma Sharma

On June 23, Crowell & Moring and Accenture co-hosted the Fostering Innovative Digital Health Strategies Conference in Crowell’s D.C. office. The conference provided a broad analysis of the business and legal issues that must be addressed as health care organizations and technology companies consider innovative strategies to use digital health technologies. The conference covered several topics including trends in the health care economy’s Internet of Things, setting up digital health platforms, legislative activity related to telehealth, and the use of digital health technology to support new payment models.

The fifth session of the conference, “New Payment Models and New Sources of Data for Care Coordination and Quality Improvement” featured John Brennan (Partner, Crowell & Moring), Dr. Elizabeth Raitz-Cowboy (Southeast Medical Director, Aetna Life Insurance Company), Barbara Ryland (Senior Counsel, Crowell & Moring), and Soph Sophocles (Associate General Counsel, Biogen).

The discussion addressed changes and themes in the wake of digital health technology and growing use of data. Key takeaways from the session:

Continue Reading