On June 27, 2023, the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) issued a final rule (“OIG Final Rule”) that implements statutory provisions for its enforcement of the information blocking penalties created by the 21stCentury Cures Act (“Cures Act”) and assessment of civil money penalties (“CMPs”) of up to $1 million per violation of information blocking for certain individuals or entities subject to the information blocking requirements.

Continue Reading HHS-OIG Releases Final Rule Implementing Information Blocking Penalties

Earlier this month, OIG issued a Special Fraud Alert on Speaker Programs warning drug and device companies and health care providers that it has significant concerns about payments for “speaker programs.” Based on recent investigations and enforcement activity, the OIG has found that a number of speaker programs sponsored by drug and device manufacturers violate the federal Anti-Kickback Statute (AKS). OIG is skeptical about the educational value of speaker programs provided under circumstances that are not conducive to learning and to audience members who have no legitimate reason to attend. Additionally, OIG questions the value of such events given that health care providers can access the same or similar information online, on the product’s package insert, third-party educational conferences, medical journals, and more. Because all of this material is already available, OIG warns “that at least one purpose of remuneration associated with speaker programs is often to induce or reward referrals” in violation of the federal Anti-Kickback Statute (AKS).

OIG defined speaker programs as drug or device “company-sponsored events at which a [outside] physician or other health care professional (collectively, “HCP”) makes a speech or presentation to other [outside] HCPs about a drug or device product or a disease state on behalf of the company” using a presentation developed and approved by the company. HCPs are paid an honorarium and attendees are paid generally through free meals and drinks, for example.

Based on its investigations to date, OIG provided an illustrative list of speaker program characteristics that result in higher level of scrutiny with respect to AKS violations:

Continue Reading OIG Sends a Special Fraud Alert on Speaker Programs

As of October 3, 2019, the Office of Management and Budget completed its review of the proposed rules for “modernizing and clarifying” the Physician Self-Referral Regulations and revising the safe harbors under the Anti-Kickback Statute and rules regarding the Beneficiary Inducement Civil Monetary Penalties Law.

These regulations were the subject of two Requests for Information

The Department of Health and Human Services, Office of the Inspector General (OIG), modified its Work Plan to announce that the agency will be conducting a nationwide audit of hospitals that participated in the Medicare Electronic Health Records (EHR) Incentive Program (also known as the Meaningful Use Program).  The OIG review is focusing on hospitals

The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from patients. This follows a series of similar policy documents from HHS over the past 18 months that focus on preventing business arrangements or practices that would be defined as information blocking, and thereby, frustrating the goal of interoperability. Specifically, according to the OCR FAQ:

  • An electronic health records (EHR) vendor or cloud provider’s actions to terminate a covered entity’s access to its own electronic PHI (ePHI) (e.g., in a payment dispute) would violate the HIPAA Privacy Rule because those actions would constitute an impermissible use of PHI.
  • An EHR vendor or cloud provider’s refusal to ensure the accessibility and usability of a covered entity’s ePHI upon demand by the covered entity or to return a covered entity’s ePHI upon termination of the agreement, in the form and format that is reasonable in light of the agreement, would violate the HIPAA Security Rule.
  • A business associate may not deny a covered entity access to the PHI the business associate maintains on behalf of the covered entity if necessary to provide individuals with access to their PHI under the HIPAA Privacy Rule.
  • A covered entity that agrees to terms within a business associate agreement (BAA) that would prevent the covered entity from ensuring the availability of its own PHI as required would not be in compliance with the HIPAA Privacy and Security Rules.

OCR has increasingly ramped up its enforcement of violations of the HIPAA Privacy and Security Rules related to noncompliant BAAs, so the new OCR FAQ signals that information blocking provisions could be the source of future enforcement actions.

Continue Reading Blocking Access to Health Information May Violate HIPAA

The Office of the Inspector General of the Department of Health and Human Services (OIG) last week replaced a 20-year old policy statement, and issued guidance on the criteria the agency will use to evaluate whether to exclude certain individuals and entities from billing or “participation in” Federal health programs under its permissive exclusion authority. The new guidelines supersede and replace the OIG’s December 24, 1997 policy statement and set forth “non-binding” criteria that the OIG may consider in exercising this authority under circumstances involving fraud, kickbacks and other prohibited conduct. The newly-memorialized policy is yet another effort by the agency to encourage healthcare providers to implement robust compliance mechanisms that can timely identify and voluntarily self-disclose to the government any unlawful conduct.

Under Sections 1128(b)(1)-(b)(15) of the Social Security Act (the “Act”), the Secretary, by delegation to the OIG, has discretion to exclude individuals and entities based on a number of grounds. This so-called “permissive exclusion” authority grants significant discretion to the OIG.  The new policy provides guidelines for permissive exclusions that are based on Section 1128(b)(7) of the Act, which permits the OIG to exclude persons from participation in any Federal health care program if the OIG determines that the individual or the entity has engages in fraud, kickbacks and other prohibited activities.

Continue Reading OIG Updates Policy on Permissive Exclusions Based On Fraud and Kickbacks

On November 16, 2016, CMS posted the final rule to implement the Comprehensive Care for Joint Replacement (CJR) model, which is a new Medicare payment model intended to hold acute care hospitals financially accountable for the quality and cost of a CJR episode of care and incentivize increased coordination of care among hospitals, physicians, and post-acute care providers. The regulations are effective on January 15, 2016, and applicable on April 1, 2016 when the first model performance period begins.

Under the CJR model, acute care hospitals in certain selected geographic areas will receive retrospective bundled payments for episodes of care for lower extremity joint replacement (LEJR) or reattachment of a lower extremity. An episode of care begins with an admission to a participant hospital of a beneficiary who is ultimately discharged under Medicare Severity-Diagnosis Related Group (MS-DRG) 469 (Major joint replacement or reattachment of lower extremity with major complications or comorbidities) or 470 (Major joint replacement or reattachment of lower extremity without major complications or comorbidities) and ends 90 days post-discharge in order to cover the complete period of recovery for beneficiaries. All related items and services paid under Medicare Part A and Part B for all Medicare fee-for-service beneficiaries are included in the episode, except for certain exclusions.

Continue Reading CMS Issues Comprehensive Care for Joint Replacement (CJR) Model Final Rule

The federal government has spent billions to promote adoption and “meaningful use” of health information technology (HIT). There is growing government interest in ensuring that HIT is used to support patient care, but doing so requires electronic exchange of information. Congress, the Department of Health and Human Services (HHS), and States have taken action to identify and prevent “information blocking”—interference with the exchange or use of electronic health information—by health care providers, hospitals, technology developers, and service providers. And there likely will be more guidance, statutory and regulatory changes, and enforcement by federal agencies and states in the coming year.

Congress Requests Information and Takes Action

On December 21, 2014, Congress raised concerns about health information blocking, claiming that such activities “frustrate Congressional intent” under the Health Information Technology for Economic and Clinical Health (HITECH) Act, “devalue taxpayer investments,” and make HIT “less valuable and more burdensome” to hospitals and health care providers. Congress urged the Office of the National Coordinator for Health Information Technology (ONC) at HHS to certify only HIT that does not block health information exchange. Congress also requested ONC publish a detailed report on the scope of health information blocking and a strategy to address it, within 90 days.

Continue Reading Health Information Blocking Leads to New Requirements and May Lead to Enforcement Actions

The Department of Justice (DOJ) has further focused its sights on individual executives as responsible parties for corporate misconduct.  On September 9, 2015, Deputy Attorney General Sally Quillian Yates issued a strongly worded seven-page memorandum to all U.S. Attorneys and the Assistant Attorneys General of DOJ’s various divisions nationwide titled “Individual Accountability for Corporate Wrongdoing” (the “Memorandum”).  Overall, the Memorandum imposes further expectations that government attorneys will investigate the acts of individual executives and management personnel before providing cooperation credit to or allowing the resolution of a civil or criminal case against a corporate entity.  Moreover, the Memorandum serves as a tacit warning to defense counsel that it will be even harder to negotiate concessions for corporate liability without providing information about potentially responsible individuals that is satisfactory to the investigating agencies.
Continue Reading DOJ’s Memo on Individual Accountability Tears at the Corporate Veil