Photo of Marisa E. Adelson

Marisa Adelson is an associate in Crowell & Moring's San Francisco office, where she practices in the Health Care and Antitrust groups. In her health care practice, Marisa represents managed care payors and provides counseling on regulatory compliance. Marisa's antitrust practice primarily involves complex antitrust recovery litigation. Marisa has an active pro bono practice and currently represents a client from South Asia seeking asylum in the United States.

In late June, Crowell & Moring partnered with Accenture to host a comprehensive one-day conference on legal issues affecting the digital health landscape. The program covered a wide range of topics, some of which you can read more about via the following links: Developing Digital Health Platforms; the Health Care Economy’s Internet of Things; and New Payment Models and Data. More information on the June 23rd “Fostering Innovative Digital Health Strategies Conference” can be found on

One session touched upon privacy and cybersecurity issues regarding the usage of products and data in the digital health realm. This panel was moderated by Fauzia Zaman-Malik, Accenture’s Global Legal Lead for Health Industry Offerings and North America Legal Lead for Health and Public Services Operating Group; and featured Evan Wolff, partner at Crowell & Moring; Cora Han, FTC senior attorney, Division of Privacy and Identity Protection; and Hilary Weckstein, chief privacy officer at Inovalon, Inc.

This panel focused on methods and benefits of de-identification, HIPAA requirements, the FTC’s role in regulating big data and digital health technologies, and data breach preparation and response.  Keep reading for four key takeaways from this session; the full panel session can also be accessed by video at this link.

Continue Reading Digital Health, Big Data, Cybersecurity, and Privacy – Four Key Takeaways from C&M’s Digital Health Strategies Conference

On June 23, Crowell & Moring and Accenture co-hosted the Fostering Innovative Digital Health Strategies Conference in Crowell’s D.C. office. The goal of the conference was to take a comprehensive look at all of the business and legal issues that need to be addressed as health care organizations and technology companies are considering innovative strategies using digital health technologies. The conference covered a wide array of digital health topics, including trends in the healthcare Internet of Things, setting up digital health platforms, legislative activity regarding health IT and telehealth, privacy, cybersecurity, and use of digital health technology to support new payment models.

Session 2, “Setting up a Platform for Digital Health,” featured panelists Jodi Daniel (Partner, Crowell & Moring), Bakul Patel (Associate Director for Digital Health, Center for Devices and Radiological Health, FDA), Anna Shimanek (Senior Legal Counsel, CVS Health), Paul L. Uhrig (EVP, Chief Administrative, Legal, & Privacy Officer, Surescripts) and Ronan Wisdom (Managing Director, Accenture Digital).  Key takeaways include:

  • New partnerships are emerging. There is a broad movement among a variety of stakeholders – providers, payors, consumers, technology companies, and the government – toward using digital health to improve communicating with providers and patients’ understanding of their own health. This leads to new opportunities to partner with other organizations and require strategies for doing so effectively from a legal and business perspective.

Continue Reading In Case You Missed It . . . Five Key Takeaways in Developing Digital Health Platforms

The Medicaid Managed Care Final Rule addresses managed care plan network issues while preserving significant flexibility for the states in designing the standards.  The Rule adds a new regulation (42 C.F.R. § 438.68) on network adequacy standards for medical care and Long-Term Services and Supports (LTSS) as well as one related to availability of services (42 C.F.R. § 438.206).  Although states already regulate network adequacy, the Rule provides a new minimum level of compliance and aligns standards for Medicaid managed care plans around the country while deferring to states to actually develop the standards.  States must set time and distance standards for a variety of provider types, including, primary care (adult and pediatric), OB/GYN, behavioral health, specialist (adult and pediatric), hospital, pharmacy, pediatric dental, LTSS providers, and additional provider types that promote the objectives of the Medicaid program.  These standards must include CMS-mandated elements such as anticipated enrollment, expected utilization, the numbers and types of providers required to provide contracted services, the ability of providers to communicate with limited English proficient beneficiaries in their preferred language, and the availability of telemedicine and other “evolving and innovative technological solutions.”  42 C.F.R.§ 438.68 (c).  In the Preamble, CMS explains that time and distance standards are a more accurate measure of timely access than provider-to-enrollee ratios, which some states previously used.  States must publish these standards online and make them available, at no cost, in alternative formats for individuals with disabilities.  42 C.F.R.§ 438.68 (e).

Additionally, states must ensure that covered services are available and accessible in a timely manner, as explained in 42 C.F.R. § 438.206. The Rule requires states to enforce network maintenance and monitoring requirements for managed care plans, including direct access to women’s health specialists for female beneficiaries, appropriate access to second opinions, coordination with out of network providers for payment, and provision of sufficient family planning providers.  States also must ensure compliance with timely access requirements, including the specific requirement that network provider hours of operation are no less than the hours offered to commercial enrollees.  42 C.F.R. § 438.206(c)(1)(i).  And service delivery must be provided in a culturally competent manner and accessible to those with physical or mental disabilities.  In the Rule’s Preamble, CMS remarked that the disability access was especially critical for LTSS recipients, who have a higher rate of disability than other beneficiary groups.

For additional coverage of the Medicaid Managed Care Final Rule, click here.

A key event in Congress affecting health information technology occurred last week when two members of the Senate HELP Committee issued a discussion draft of their bipartisan legislation on health information technology (health IT).  This ambitious bill addresses many of the same areas as other recent bills, including information blocking, transparency, a star rating system for electronic health records (EHRs), usability, and interoperability. It also contains provisions on governance of health information exchange, safety, and patient access to data. If it passes, the bill will impact both users and producers of health IT and EHRs, including providers and technology companies.  To learn more, click here.

On October 28, 2015, the U.S. Copyright Office of the Library of Congress (the “Office”) issued a Final Rule containing several exemptions to the Digital Millennium Copyright Act that expanded access to medical device computer programs and the patient data they generate.  The Digital Millennium Copyright Act allows intellectual property holders to install “technological protection measures” (TPMs) in their software which blocks unauthorized inspection of data to protect copyright.  Under the Act, the Library of Congress grants exemptions to TPMs every three years.

In the Final Rule, the Office included an exemption for researchers investigating computer programs on devices and machines for good faith security research. The Office found that legitimate security research has been hindered by TPMs that limit access.  Covered devices include medical devices used for patient implantation or corresponding personal monitoring systems, as long as they are not used by patients or for patient care.  The research exemption begins 12 months after the regulation’s effective date, meaning it starts on October 28, 2016.  Additionally, the Office created an exemption for patients who seek to passively access information that is already being generated by their own medical devices or personal monitoring systems.  Unlike the research exemption, the patient monitoring exemption takes effect immediately, and it is limited to patients themselves, as opposed to researchers or other parties.

Continue Reading U.S. Copyright Office Authorizes New Access to Medical Device Programs and Data under Digital Millennium Copyright Act

On December 17, 2014, the Centers for Medicare and Medicaid Services (CMS) published on its website a Frequently Asked Questions (FAQs) on its Quality Rating System (QRS) and Qualified Health Plan (QHP) Enrollee Experience Survey for QHPs on the insurance exchanges. Section 1311(c)(3) of the Affordable Care Act (ACA) requires CMS to develop a system that rates QHPs based on quality and price. All QHP issuers that offered a category of coverage through any exchange during the prior benefit year and meet minimum enrollment criteria are subject to QRS requirements. To comply, QHP issuers must collect and submit third-party validated QRS measure data, which CMS uses to calculate QHP scores and ratings. Additionally, CMS developed the QHP Enrollee Survey to gather consumer experience data for the QRS. While exchanges are not required to publicly display QRS ratings for 2015 because it is the beta testing period, CMS will require public display of QRS rating information beginning in fall of 2016 for the 2017 open enrollment. The FAQs explained that QRS data will be released via a numeric score and a star rating for each applicable product, along with a single global score and rating. CMS also explained that multiple exchange products may not be combined for the QRS reporting, and that QRS data is provided at the product level.

The FAQ also addresses whether issuers may include enrollees that are in non-exchange plans in their QRS data submissions. While generally, only exchange members should be included in QRS submissions, CMS recognized and accepted that in the 2015 beta testing, certain data submissions did not consistently separate exchange and non-exchange members due to inconsistent use of an identifier in Health Insurance Oversight System, the master federal database, and consequently, some QHP issuers likely included a mix of exchange and non-exchange enrollees in their QRS data.

In addition, the FAQs clarified that QHP issuers must comply with the QRS and QHP Enrollee Survey requirements as well as any other quality measures imposed by the respective states where the issuers offer QHPs. The FAQs are available here.

On November 26, 2014, the U.S. Department of Health and Human Services (HHS) released its proposed Notice of Benefit and Payment Parameters for 2016, also known as the “Payment Notice.” Now that HHS has completed the majority of its major rulemakings implementing the Affordable Care Act, the annual Payment Notice has become the recurring opportunity for HHS to modify Affordable Care Act (ACA) policy in a wide variety of subject areas. The 2016 Payment Notice touched on a number of policies, including essential health benefits (EHB), rate review, network adequacy and discriminatory benefit design, among others. Below is a summary of some of the key provisions of the 2016 Payment Notice.

Essential Health Benefits

Section 1302 of the ACA requires all non-grandfathered health plans in the individual and small group markets provide EHB to their beneficiaries. EHB are a comprehensive set of health care items and services. The Secretary of Health and Human Services defines the EHB to be covered; however, at a minimum, EHB must be equal in scope to the benefits covered by a typical employer plan and cover at least 10 general categories. The 2016 proposed Payment Notice would make several changes to the EHB regulations.
First, HHS proposes to establish a universal definition for one of these 10 general categories of care: habilitative services. Currently, issuers are required to match the habilitative services provided by the appropriate base-benchmark plan. When the base-benchmark plan does not offer habilitative services, the state in which the issuer is located may specify the services that are included in that category. If no definition is provided, however, the issuer is obligated to provide habilitative services benefits that are similar in scope, amount, and duration to benefits covered for rehabilitative services or to determine which services will be covered and report the determination to HHS. The proposed rule would alleviate this challenge for issuers by defining habilitative services as “health care services that help a person keep, learn, or improve skills and function for daily living.” Additionally, HHS proposes to remove the option for issuers to determine the scope of habilitative services under 45 C.F.R. § 156.110(c)(6).

Second, HHS wants to clarify that pediatric services should be provided until at least age 19. HHS proposes new language in 45 C.F.R. § 156.115(a) to clarify that coverage for pediatric services should be provided until at least the end of the plan year in which an enrollee turns 19.

Third, HHS proposes to give states the option of selecting a new 2014 plan to serve as their base-benchmark plan for the 2017 plan year. The proposed rule reinstates unintentionally deleted data submission requirements used to determine potential state benchmark plans.

Continue Reading 2016 Payment Notice Proposed Rule: Potential Changes to EHBs, Rate Review, and Other ACA Tweaks

On October 15, 2014, the Centers for Medicare & Medicaid Services (“CMS”) launched a new accountable care organization (“ACO”) program that aims to encourage new Medicare Shared Savings Program (“MSSP”) ACOs in rural and underserved areas. The program, known as the ACO Investment Model, provides up to $114 million to as many as 75 ACOs in the U.S. CMS created the program in response to concerns that the current ACO initiatives do not provide sufficient funding to certain classes of providers. The agency will recover its investments through an offset of the ACOs’ earned shared savings.

The ACO Investment Model will contain two types of ACOs, based on when the ACOs began:

1) New MSSP ACOs joining in 2016, with a focus on those in rural geographic areas and areas of minimal ACO activity; and

2) ACOs that joined the MSSP in 2012, 2013, or 2014, where the focus will be on encouraging success in the program and progression to higher levels of financial risk.

In the selection process, CMS will prioritize new ACOs in rural and low-penetration areas, and existing ACOs that provide high quality care, achieve financial benchmarks, demonstrate exceptional financial need, or provide compelling proposals for use of the funds. The deadline for 2012 and 2013 ACO MSSP participants is December 1, 2014. Applications for the 2014 or 2016 MSSP ACOs will be available in the summer of 2015. ACOs that began MSSP participation in 2015 are ineligible for the current ACO Investment Model because they will not have of reconciled financial and quality performance data until after the second application period.


On October 16, 2014, the Centers for Medicare & Medicaid Services (“CMS”) and the Office of the Inspector General (“OIG”) announced the continuation of the Accountable Care Organization (“ACO”) fraud and abuse waivers for an additional year. The Affordable Care Act (“ACA”) authorized creation of the Shared Savings Program to facilitate development of ACOs in Medicare. The ACA also allows for a waiver of certain fraud and abuse laws to provide ACOs greater flexibility in developing innovative models of care. CMS and the OIG published an interim final rule establishing waivers of the Federal self-referral law and anti-kickback statute and certain civil monetary penalty provisions for ACOs in the Shared Savings Program. This interim final rule extends the application of these waivers through November 2, 2015 unless a final waiver rule becomes effective at an earlier date. CMS explained that this extension will minimize legal uncertainty and business disruptions of ACOs. CMS also requested additional stakeholder input on the adequacy of the existing waivers.

On July 16, 2014, the Consumer Information and Insurance Oversight (CCIIO) division of the Centers for Medicare & Medicaid Services (CMS) released an Enrollment Bulletin for the individual markets of Federally-facilitated Exchanges (FFEs) about grace periods for premium non-payment. The Bulletin addresses when grace periods related to terminations for premium non-payment fall across enrollment periods for the next benefit year. Issuers must provide a three-month grace period to Exchange enrollees who receive advance premium tax credits (APTCs), pay at least one month’s premium during the benefit year, and subsequently fail to pay their portion of the monthly premium. If the three-month grace period passes and the enrollee does not pay all outstanding premiums, the issuer must terminate the enrollee’s coverage, retroactive to the last day of the first month of the grace period. All other Exchange enrollees receive grace periods according to state law. The Bulletin explains the following for APTC recipients in FFEs:

Continue Reading CCIIO Issues New Guidance on Grace Periods for Non-payment of Premiums in Exchanges