Electronic health record (EHR) vendor Allscripts recently disclosed on an earnings call that it has reached a tentative agreement with the Department of Justice (DOJ) to pay $145 million to settle an investigation into the regulatory compliance of one of its recent acquisitions, Practice Fusion. This news, combined with DOJ’s other recent successful enforcement actions against EHR companies, represents a trend and should be a warning that compliance is a priority when it comes health IT. We anticipate that there will be more Anti-Kickback, HIPAA, and False Claims Act cases against similar health IT targets in the pipeline.

Allscripts acquired Practice Fusion, also an electronic health record company, in February 2018. According to the company’s public SEC filing from the first quarter of 2019, the investigation “relates to both the certification Practice Fusion obtained in connection with the U.S. Department of Health and Human Services’ Electronic Health Record Incentive Program and Practice Fusion’s compliance with the Anti-Kickback Statute and HIPAA.”


Continue Reading

A patient has an emergency and goes to a hospital she knows is in her plan’s network. She receives treatment. She leaves the hospital. Weeks later, she receives a medical bill for tens of thousands of dollars. Unbeknownst to her, some or all of her treating doctors were out-of-network.

This all-too-common story has contributed to a significant medical debt crisis in this country, and has captured the attention of policymakers on all sides of the political spectrum—leading to the rare circumstance of executive and legislative alignment and the potential for bipartisan legislative action.

Proponents of price transparency hope that it will improve competition and allow patients to better understand their financial responsibility ahead of receiving services. The idea is that disclosing prices to individuals will incentivize them to “shop around” for health care services, which may drive down costs. On the other hand, opponents of price transparency argue that releasing such information could compromise bargaining leverage between third party payers and providers, and have the effect of driving up prices since information exchanges in concentrated markets can lead to tacit coordination that’s difficult to detect and punish under the antitrust laws.


Continue Reading

In order to move health care organizations towards consistency in mitigating important cybersecurity threats to the health care sector, the Department of Health & Human Services (HHS) published multiple guidance documents on best practices for health care organizations to reduce cybersecurity risks (“HHS Cyber Guidance”). The HHS Cyber Guidance is the result of HHS’ public-private partnership with more than 150 cybersecurity and health care experts. While compliance is voluntary, this guidance serves as direction to health care entities on important practices that should be considered and implemented to reduce risk.

Why HHS has published this guidance


Continue Reading

  • More of our health information is becoming digital every day, as new technology companies enter the health care and wellness markets.
  • Many companies that hold a wealth of consumer health information are not covered by HIPAA.
  • Many consumers may not realize that their health information only is protected and they only have certain rights with respect to that information when it is held by certain entities, but not when it is held by others.
  • The private sector should work with regulators to develop a common sense, appropriate framework for use of health information by non-HIPAA covered entities.

As we await proposed HHS regulations on interoperability and patient access to data, and as more companies than ever before are collecting and using data to power advanced data analytics, artificial intelligence, and machine learning to improve health care quality and delivery, it is important to understand the scope and limitation of protections and the applicability of the HIPAA Privacy Rule.

Patients, providers and caregivers now have access to a wide array of devices and applications to manage and track patient health, improve treatment adherence, and better coordinate care. Large technology companies, athletic gear manufacturers, and others are entering a rapidly growing consumer health technology market. They are developing new technologies including tracking apps, wearables, and social networks that are increasingly integrated into patients’ daily lives. With an estimated 86.7 million U.S. consumers owning wearable devices by 2019, patients are generating billions of data points that provide insight into their health. Yet many of these companies are not subject to existing privacy protections under HIPAA, creating a significant gap in consumer protections.

At the same time, HHS is pushing for greater interoperability and patient access to data to address a challenge that remains widespread even after the investment of billions of federal dollars into the adoption of electronic health records. Agencies are encouraging and mandating easier availability of electronic health data, through current and anticipated CMS and ONC regulations and through a variety of government initiatives such as: 1) Blue Button and MyHealtheData; 2) incentivizing the adoption of open APIs; 3) developing new fee-for-service payment policies regarding remote monitoring and virtual care reimbursement; and 4) launching Sync for Science, a technical standard for facilitating patient-mediated data exchange for research. Consumers and companies alike seek guidance on the implications of collecting, storing, maintaining, and commercializing personal health data.
Continue Reading

This blog post has been prepared in collaboration with Validic. Mr. Schiller is CEO of Validic. Jodi Daniel is a partner in Crowell & Moring’s Health Care Group in Washington, D.C.


Our healthcare system is in the midst of a fundamental shift toward value-based care to drive down costs and improve the quality of care. We won’t be able to achieve that goal without technology that allows providers to collect and use health data and puts patients front and center. Patient access to clinical and claims data is essential. When patients have access to their own information, they can better understand their condition and feel empowered to ask questions and shape their own care plan.

Congress and the federal government are pushing to liberate data from within the healthcare system and to promote patient access to health information. However, it is equally important to focus on the flow of data from the patient back into the healthcare system. The patient – who is gathering data at home, managing her condition, and making day-to-day decisions that impact her health – holds information that is critical to treatment decisions and outcome improvements.
Continue Reading

Building on momentum from Administrator Seema Verma’s announcement of the MyHealtheData initiative at HIMSS 2018, CMS has published more clues as to future action to liberate health information for patients.

In the CY 2019 call letter to Medicare Advantage organizations and Part D programs, CMS describes the Blue Button 2.0 project and its use of

On March 6, 2018 at the Healthcare Information and Management Systems Society (HIMSS) 2018 conference, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced a new initiative furthering the current Administration’s focus on value-based care and increasing patient access to healthcare data. The initiative — called MyHealthEData — will be led by the White House Office of American Innovation, in collaboration with the Department of Health and Human Services (HHS), CMS, the Office of the National Coordinator for Health Information Technology (ONC), the National Institutes of Health (NIH), and the Department of Veterans Affairs (VA). (CMS press release here.)
Continue Reading

Congress is considering several adjustments to health IT policy which may have significant impact on the Centers for Medicare and Medicaid Services’ (“CMS”) electronic health records (“EHR”) incentives. On July 20th and 21st, Representatives met to discuss bipartisan legislation to improve the Meaningful Use program and introduced legislation that would authorize a CMS Innovation Center (“CMMI”) project to incentivize EHR adoption by behavioral health providers. The bills may be indicative of Congress’ attitude towards the Meaningful Use program, which has garnered criticism from providers for being burdensome.

On July 21, 2017, the House Committee on Energy and Commerce Subcommittee on Health held a hearing on H.R. 3120 and featured testimony from Cletis Earle, Chairman-Elect of the College of Healthcare Information Management Executives. The bill, sponsored by a group of bipartisan lawmakers, will allow CMS to modify the requirements of the Meaningful Use program in order to give the Secretary additional flexibility in implementing the program. Currently, providers and vendors must comply with the Stage 3 measures and objectives of the Meaningful Use program starting January 1, 2018 or be subject to Medicare reimbursement penalties. Earle argued that the implementation timeline for Stage 3 of the program is too rigorous for providers to meet and may lead to an increase in hardship exemption applications. Provider and vendor groups across the industry have suggested that the HHS Secretary Tom Price delay the Stage 3 obligations, noting that software implementation and cybersecurity issues have made the 2018 deadline unreasonable. Sponsors of H.R. 3120 note that the bill will reduce the burden on providers’ use of EHR systems, allowing providers to focus on care coordination and patient outcomes. In response, CMS noted that the proposed “Medicare Program; CY 2018 Updates to the Quality Payment Program,” which is open for comment through August 21, 2017, would give eligible providers an additional year to implement EHR technology that complies with the 2014 or 2015 edition of Certified Electronic Health Record Technology (“CEHRT”) and offers the opportunity to apply for hardship exemptions for the Advancing Care Information performance category of the Merit-based Incentive Payment System (“MIPS”). For more information, see our update on key proposals of the 2018 Proposed Rule here.
Continue Reading

On September 26, 2016, the Office of the National Coordinator for Health Information Technology (ONC) released guidance, entitled EHR Contracts Untangled, to help providers navigate the complexities of electronic health record (EHR) vendor contracting. The guidance breaks down important considerations for selecting EHR systems, and provides strategic pointers – including sample contract language

Crowell & Moring and Accenture co-hosted a conference, “Fostering Innovative Digital Health Strategies,” in late-June. The program aimed to provide a broad analysis of the business and legal issues that must be addressed as health care organizations and technology companies consider innovative strategies to use digital health technologies.

The first session of the conference, “Trends in the Health Care Economy’s Internet of Things,” featured the following distinguished panelists: Zane Burke (president, Cerner); Jodi Daniel (partner, Crowell & Moring); Cheryl Falvey (partner, Crowell & Moring); Melissa Goldstein (assistant director, Bioethics and Privacy Office of Science and Technology Policy, Executive Office of the President); and Kaveh Safavi (senior managing director, Global Health Industry Lead, Accenture).

A series of five videos from the session can be watched below:

Here are key health care Internet of Things (IoT) trends discussed in Session 1:


Continue Reading