In order to move health care organizations towards consistency in mitigating important cybersecurity threats to the health care sector, the Department of Health & Human Services (HHS) published multiple guidance documents on best practices for health care organizations to reduce cybersecurity risks (“HHS Cyber Guidance”). The HHS Cyber Guidance is the result of HHS’ public-private partnership with more than 150 cybersecurity and health care experts. While compliance is voluntary, this guidance serves as direction to health care entities on important practices that should be considered and implemented to reduce risk.

Why HHS has published this guidance

Continue Reading HHS Releases Voluntary Cybersecurity Practices Guidance

 

  • More of our health information is becoming digital every day, as new technology companies enter the health care and wellness markets.
  • Many companies that hold a wealth of consumer health information are not covered by HIPAA.
  • Many consumers may not realize that their health information only is protected and they only have certain rights with respect to that information when it is held by certain entities, but not when it is held by others.
  • The private sector should work with regulators to develop a common sense, appropriate framework for use of health information by non-HIPAA covered entities.

As we await proposed HHS regulations on interoperability and patient access to data, and as more companies than ever before are collecting and using data to power advanced data analytics, artificial intelligence, and machine learning to improve health care quality and delivery, it is important to understand the scope and limitation of protections and the applicability of the HIPAA Privacy Rule.

Patients, providers and caregivers now have access to a wide array of devices and applications to manage and track patient health, improve treatment adherence, and better coordinate care. Large technology companies, athletic gear manufacturers, and others are entering a rapidly growing consumer health technology market. They are developing new technologies including tracking apps, wearables, and social networks that are increasingly integrated into patients’ daily lives. With an estimated 86.7 million U.S. consumers owning wearable devices by 2019, patients are generating billions of data points that provide insight into their health. Yet many of these companies are not subject to existing privacy protections under HIPAA, creating a significant gap in consumer protections.

At the same time, HHS is pushing for greater interoperability and patient access to data to address a challenge that remains widespread even after the investment of billions of federal dollars into the adoption of electronic health records. Agencies are encouraging and mandating easier availability of electronic health data, through current and anticipated CMS and ONC regulations and through a variety of government initiatives such as: 1) Blue Button and MyHealtheData; 2) incentivizing the adoption of open APIs; 3) developing new fee-for-service payment policies regarding remote monitoring and virtual care reimbursement; and 4) launching Sync for Science, a technical standard for facilitating patient-mediated data exchange for research. Consumers and companies alike seek guidance on the implications of collecting, storing, maintaining, and commercializing personal health data. Continue Reading Closing the Health Information Privacy Divide

The Centers for Medicare & Medicaid Services (CMS) recently proposed a rule to allow Medicare Advantage plans to expand telehealth benefit coverage. (See alert for more detail) This proposed rule implements the statutory provisions in section 50323 the Bipartisan Budget Act of 2018. What you might not know, however, is that the Bipartisan Budget Act of 2018 is only one of many legislative vehicles by which advocates for telehealth expansion have been able to move the needle definitively in their favor during this session of Congress.

Over the past two years, Congress has shown its support for the utilization of telehealth by introducing forty-one bills that, if passed, would require Medicare to reimburse providers for their use of telehealth to treat numerous health conditions such as stroke diagnosis, mental health, chronic care management and opioid addiction treatment. Of note, the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act of 2017 was the predecessor bill that passed out of the Senate in September of 2017 and became law on February 9, 2018 as a part of the Bipartisan Budget Act of 2018. Continue Reading Government Affairs – The Progress of Telehealth Bills in Congress

This blog post has been prepared in collaboration with Nemours. Ms. Boyer is a Manager of Nemours Children’s HospitalMaya Upplauru is an associate in Crowell & Moring’s Health Care Group in Washington, D.C.

This Bulletin is brought to you by AHLA’s Children’s Health Affinity Group, which is part of the Academic Medical Centers and Teaching Hospitals and In-House Counsel Practice Groups.

One of the most fear-inducing experiences for new and first-time parents is the middle of the night illness of a young child. Many may head directly to the emergency department (ED) because they lack any means to communicate with their health care provider after-hours. Parents of children with chronic conditions or rare diseases are often forced to travel long distances to see specialists at regional centers of excellence and may struggle to check in or get questions answered once they are back at home. Teenagers managing chronic conditions may prematurely discontinue their treatment plan when they transition to college in a different state or when they enter the working world after college. Continue Reading Delivering Virtual Pediatric Care Across State Lines: Regulatory Barriers and Opportunities

CMS has finalized the adoption of multiple CPT codes in the CY 2019 PFS that create more opportunities for providers and digital health companies to collaborate on chronic care management business models in the fee-for-service market.

Virtual Check-Ins

CMS finalized the creation of a new code to reimburse providers for brief “check-in” services conducted using communications technology by creating HCPCS code G2012, defined as “[b]rief communication technology-based service, e.g. virtual check-in.” Continue Reading Digital Health Updates in the 2019 Physician Fee Schedule (PFS) Rule

Yesterday, the FDA released draft guidance on the management of cybersecurity in medical devices submitted to the agency for premarket review. Noting that cybersecurity threats to the healthcare sector have increased in number and severity, the FDA offered new recommendations for device design, labeling, and documentation that medical device manufacturers will need to consider during premarket submission processes.

The guidance comes shortly after the FDA’s launch of its Medical Device Cybersecurity Playbook, which provides a framework for healthcare delivery organizations to use in preparing for and responding to cybersecurity threats against patient medical devices.

Given rapid changes in technology and increasing innovation in the digital health market, the guidance intends to decrease the risk of cyberattacks that could render medical devices inoperable and potentially harm patients. Comments on the draft guidance are due on March 18, 2019. Continue Reading FDA Issues New Guidance for the Management of Cybersecurity in Medical Devices

On October 15, 2018, the Centers for Medicare & Medicare Services (“CMS”) in the Department for Health and Human Services proposed a rule to require prescription drug manufacturers to post the Wholesale Acquisition Cost (“WAC”) for drugs and biological products covered by Medicare or Medicaid in direct-to-consumer television advertisements. The WAC reflects the manufacturer’s list price for a drug to direct purchasers, not inclusive of any discounts or rebates. CMS is proposing this rule in the context of broadcast advertisements, an area in which the Supreme Court has recognized that the government may take special steps to help ensure that viewers receive appropriate information.[1]

CMS stated that 47 percent of Americans have high-deductible health plans and that many patients may pay the list price of the drug until they meet their deductible. The proposed rule aims to provide greater transparency into the prices charged by prescription drug manufacturers. The theory is that markets operate more efficiently with greater transparency, and that increased exposure of the list price will also provide a moderating force to discourage price increases. While wholesale prices do not equate to the patient’s out-of-pocket obligation, CMS asserts that benefit designs are impacted by WACs, and patients in high-deductible plans may pay the full list price until meeting their deductible – thus, the WAC may still be relevant to many patient and impact their decisions and market dynamics. The price required to be posted would be for a typical course of treatment for an acute medication like an antibiotic, or a thirty day supply of medication for a chronic condition that is taken every month. The posting would take the form of a legible textual statement at the end of the ad and would not apply where the list price for a thirty day supply or typical course of treatment of a prescription drug was less than $35. Continue Reading CMS PROPOSES RULE TO REQUIRE PRESCRIPTION DRUG MANUFACTURERS TO DISCLOSE DRUG PRICES IN TV ADS

CMS has issued its 2019 Physician Fee Schedule Proposed Rule, containing highly anticipated new reimbursement policies for telehealth, remote monitoring, and other uses of digital tools, as well as updates to health IT requirements in the Quality Payment Program, with a stronger focus on patient access to health information. Comments are due September 10 at 5pm.

Continue Reading New CMS Incentives for Remote Patient Monitoring and Patient Access

Next week, on June 21, 2018, attorneys from Crowell & Moring will hold a bootcamp entitled “Early Stage Investing in Health Technology.” Crowell & Moring attorneys will present on topics of interest to entrepreneurs, investors, and early stage health technology companies. Attendees will have the opportunity to learn about a range of matters including formation of a start-up, protection of intellectual property, FDA and product safety requirements, and how to commercialize a product through government and commercial reimbursement. Specifically, the bootcamp will feature the following presentations:

  • Building an Investible Health Tech Company;
  • IP Basics for Health Tech;
  • Navigating The Existing Regulatory and Product Safety Landscape In A New Digital World;
  • Healthcare Reimbursement:  Commercialization Strategies and Approaches; and
  • Adding Value: Managed Care Contracting Issues.

The bootcamp is a co-sponsored event with the Inova Center for Personalized Health (“ICPH”). Following the bootcamp, there will be a networking reception and panel presentation on the State of Heathcare Investing. For more information, contact a participant listed below or your regular Crowell & Moring contact.

Crowell & Moring Participants:

A. Xavier Baker

Troy A. Barsky

Lex Eley

Michael H. Jacobs

Lisa A. Adelson

Rebecca Baden Chaney

Joe Records

Roma Sharma

Maya Uppaluru

Chalana N. Williams

Danielle Winston

 

On April 17, 2018, the Food and Drug Administration (FDA) released its Medical Device Safety Action Plan which outlines FDA’s intended steps to address medical device safety while preserving enough space for innovation in the market.

The FDA’s plan is the latest effort by the FDA on medical device safety, including a recent budget request seeking $70 million to create a Center of Excellence on Digital Health that would, among other things, craft new regulations for third-party certification for developing medical devices. This comes as FDA is pushing guidance and innovative approaches for oversight of digital health (see our blog).

According to FDA Commissioner Scott Gottlieb’s announcement, the FDA’s plan organized into five points that seek to balance patients’ timely access to devices and safety and effectiveness. Continue Reading FDA’s Medical Device Safety Action Plan