This article was originally published in Corporate Compliance Insights.

Both your company’s data supply chain and its physical version have fundamentally similar business risks. Given the consequences of unethical practices along both, enterprises can no longer ignore how data is sourced, how it is managed or where it is going.

While many organizations go to great lengths to monitor their physical supply chain, their data supply chain often gets short shrift. For any company interacting with large sets and various streams of information, this can represent a significant exposure to risk.

Since the first investigation under the U.S. FCPA concerning a third party acting on behalf of a U.S. company was initiated nearly 40 years ago, upholding integrity in global supply chains has garnered attention. Rightfully so, as compounding risks in physical production and movement of goods abound upstream (e.g., forced labor, conflict materials, environmental impact) and downstream (e.g., bribery, fraud, misuse).
Continue Reading Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.

On May 14, 2021, CMS published FAQs addressing questions that have been raised regarding the Interoperability and Patient Access final rule published May 2020.  CMS is careful to note that the FAQs “do not have the force and effect of law and are not meant to bind the public in any way, unless specifically incorporated into a contract, as directed by a program.”  CMS has provided links and other guidance, including regarding technical standards, best practices, and privacy and security resources, and has directly addressed questions raised by trade associations and others.

We summarize some of the key points addressed in the FAQs.  We encourage you to review the full CMS response where questions arise in your implementation.
Continue Reading CMS Issues First FAQs on the CMS Interoperability and Patient Access Rule

Earlier this month, OIG issued a Special Fraud Alert on Speaker Programs warning drug and device companies and health care providers that it has significant concerns about payments for “speaker programs.” Based on recent investigations and enforcement activity, the OIG has found that a number of speaker programs sponsored by drug and device manufacturers violate the federal Anti-Kickback Statute (AKS). OIG is skeptical about the educational value of speaker programs provided under circumstances that are not conducive to learning and to audience members who have no legitimate reason to attend. Additionally, OIG questions the value of such events given that health care providers can access the same or similar information online, on the product’s package insert, third-party educational conferences, medical journals, and more. Because all of this material is already available, OIG warns “that at least one purpose of remuneration associated with speaker programs is often to induce or reward referrals” in violation of the federal Anti-Kickback Statute (AKS).

OIG defined speaker programs as drug or device “company-sponsored events at which a [outside] physician or other health care professional (collectively, “HCP”) makes a speech or presentation to other [outside] HCPs about a drug or device product or a disease state on behalf of the company” using a presentation developed and approved by the company. HCPs are paid an honorarium and attendees are paid generally through free meals and drinks, for example.

Based on its investigations to date, OIG provided an illustrative list of speaker program characteristics that result in higher level of scrutiny with respect to AKS violations:


Continue Reading OIG Sends a Special Fraud Alert on Speaker Programs

On October 29, 2020, the Departments of Health and Human Services, Labor, and the Treasury (“the Departments”) issued a final rule requiring private-sector health insurers and self-insured health plans to disclose treatment prices and cost-sharing information with consumers.  The Transparency in Coverage rule comes in response to President Trump’s executive order aiming to increase transparency in the healthcare industry. It is slated to become effective on January 11, 2021.

The final rule contains three main parts: (1) requirements for plans and issuers to disclose estimated costs associated with covered items or services furnished by a particular provider; (2) requirements for plans and issuers to publicly disclose reimbursement rates; and (3) amendments to the medical loss ratio program rules to allow issuers to receive credit for enrollees’ savings. Each part is discussed below.

Estimated Costs

First, insurers and employer-sponsored health plans will be required to provide price estimates, including in-network and out-of-network negotiated rates, for health care items and services upon request.  The regulation requires these estimates beginning in 2023 for the 500 most “shoppable” items and services on an internet-based self-service tool (and in paper form, if requested by the participant, beneficiary, or enrollee).  Among the 500 “shoppable services” are mammograms, physician visits, colonoscopies, and various blood tests, biopsies, and X-rays, and the full list is specified in the regulations.  Then, beginning in 2024, price estimates for all remaining items and services offered, including procedures, drugs, durable medical equipment, must be disclosed. The price transparency requirements include disclosure of the following:


Continue Reading HHS Finalizes Health Plan Price Transparency Rule

Last week, the Office of the National Coordinator for Health Information Technology (ONC)  published an Interim Final Rule: Information Blocking and the ONC Health IT Certification Program: Extension of Compliance Dates and Timeframes in Response to the COVID-19 Public Health Emergency (Interim Final Rule) providing needed relief to entities working toward compliance.  In the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule (ONC Rule), issued on May 1, 2020, ONC defines the entities that are subject to the rule’s provisions. ONC refers to these entities as Actors. Actors include health care providers, health IT developers of certified health IT, Health Information Exchanges (HIEs), and Health Information Networks (HINs). The Interim Final Rule provides these Actors with “additional flexibilities” to implement the provisions of the ONC Rule including updated compliance dates.  ONC explained that the extension is due to the outbreak of COVID-19 public health emergency; however, this will also provide ONC with additional time to provide answers to the numerous questions that the agency has received as Actors work toward compliance. ONC is accepting comments on this rule, as is typical for an interim final rule. These comments must be submitted to regulations.gov by January 4, 2021.

The Interim Final Rule extends “the applicability date for the information blocking provisions and compliance dates and timeframes for certain Program requirements, including compliance dates for certain 2015 Edition health IT certification criteria and Conditions and Maintenance of Certification requirements.” See CMS and ONC Enforcement Deadlines Chart for more information about compliance dates for the ONC Rule.

Information Blocking


Continue Reading ONC Issues Interim Final Rule Extending Compliance Dates for the Information Blocking and the ONC Health IT Certification Program

On August 20, 2020 the Department of Health and Human Services (HHS) published a notice of proposed rulemaking (85 Fed. Reg. 51397) on good practices for the release and maintenance of agency guidance documents. Comments must be posted by 11:59 pm on September 16, 2020.

As instructed in the October 9, 2019 Executive Order 13891 (EO), titled ‘‘Promoting the Rule of Law Through Improved Agency Guidance Documents (84 FR 55235 (Oct. 15, 2019)), HHS proposes to issue regulations to ensure (i) there is proper notice of any new guidance, and (ii) that the guidance does not impose obligations on regulated parties that are not already reflected in duly enacted statutes or regulations.

This proposed rule appears to follow the Office of Management and Budget, “Final Bulletin for Agency Good Guidance Practices,” issued on January 25, 2007 (72 Fed. Reg. 3432) with respect to the significant guidance document that may, for example “adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities” or “materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof” and generally requires a 30 day notice and comment period.

Background


Continue Reading HHS Proposes a New Rule to Govern Release and Maintenance of Agency’s Guidance Documents

On April 30, 2020, the Centers for Medicare and Medicaid Services (CMS) announced a second round of regulatory waivers and rule changes in an interim final rule with comment (IFC) that added significant flexibilities for the coverage of telehealth services furnished by a broader set of eligible clinicians and in nontraditional health settings during the

This week CMS continued its rapid response—average approval takes less than a week—to review and approve Social Security Act Section 1115(c) Appendix K and Section 1135 waivers to facilitate state Medicaid programs’ efforts to address the COVID-19 pandemic. CMS approved waiver applications from Colorado, Connecticut, Delaware, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Maryland, Massachusetts,

On March 23, the Centers for Medicare and Medicaid Services (CMS) approved Section 1135 waiver requests submitted by the California Department of Health Care Services (DHCS) as part of its response to the COVID-19 pandemic.  The waiver requests were submitted by DHCS on March 16 and March 19, 2020.

As discussed in a previous blog post, Section 1135 authorizes the U.S. Department of Health and Human Services to waive federal Medicare, Medicaid, and Children’s Health Insurance Program requirements in order to respond to a public health or national emergency. As of March 24, CMS had approved Section 1135 waivers related to the COVID-19 pandemic from 13 different states.

With the approval granted by CMS, DHCS is permitted to take the following actions in regards to its Medicaid program (Medi-Cal), effective retroactively to March 1 and to extend until the end of the public health emergency:


Continue Reading CMS Approves Medi-Cal Section 1135 Waivers

On March 23, 2020 CMS approved 11 more Section 1135 state Medicaid waiver requests for the following states: Alabama, Arizona, California, Illinois, Louisiana, Mississippi, New Hampshire, New Jersey, New Mexico, North Carolina, and Virginia. As with the prior waivers, CMS approved the requests in