On June 24, 2024, the Department of Health and Human Services (“HHS”) released a final rule (“Disincentives Final Rule”) establishing disincentives for certain healthcare providers that have committed information blocking. The information blocking disincentives directly impact Medicare-enrolled healthcare providers or suppliers including hospitals, critical access hospitals, MIPS-eligible clinicians, and ACOs. The Disincentives Final Rule has been submitted to the Office of the Federal Register for publication and will become effective 30 days after Federal Register publication.Continue Reading Healthcare Providers Who Engage in Information Blocking Will Face Disincentives Described in an HHS Final Rule
OIG
OIG Issues Updated General Compliance Program Guidance: Overview of Key Elements & Changes
The Office of the Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) published the General Compliance Program Guidance (GCPG) on November 6, 2023. The GCPG provides updated descriptions of the seven elements of an effective compliance program that health care entities have long relied upon. The new guidance also includes…
HHS-OIG Releases Final Rule Implementing Information Blocking Penalties
On June 27, 2023, the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) issued a final rule (“OIG Final Rule”) that implements statutory provisions for its enforcement of the information blocking penalties created by the 21stCentury Cures Act (“Cures Act”) and assessment of civil money penalties (“CMPs”) of up to $1 million per violation of information blocking for certain individuals or entities subject to the information blocking requirements.Continue Reading HHS-OIG Releases Final Rule Implementing Information Blocking Penalties
OIG Sends a Special Fraud Alert on Speaker Programs
Earlier this month, OIG issued a Special Fraud Alert on Speaker Programs warning drug and device companies and health care providers that it has significant concerns about payments for “speaker programs.” Based on recent investigations and enforcement activity, the OIG has found that a number of speaker programs sponsored by drug and device manufacturers violate the federal Anti-Kickback Statute (AKS). OIG is skeptical about the educational value of speaker programs provided under circumstances that are not conducive to learning and to audience members who have no legitimate reason to attend. Additionally, OIG questions the value of such events given that health care providers can access the same or similar information online, on the product’s package insert, third-party educational conferences, medical journals, and more. Because all of this material is already available, OIG warns “that at least one purpose of remuneration associated with speaker programs is often to induce or reward referrals” in violation of the federal Anti-Kickback Statute (AKS).
OIG defined speaker programs as drug or device “company-sponsored events at which a [outside] physician or other health care professional (collectively, “HCP”) makes a speech or presentation to other [outside] HCPs about a drug or device product or a disease state on behalf of the company” using a presentation developed and approved by the company. HCPs are paid an honorarium and attendees are paid generally through free meals and drinks, for example.
Based on its investigations to date, OIG provided an illustrative list of speaker program characteristics that result in higher level of scrutiny with respect to AKS violations:Continue Reading OIG Sends a Special Fraud Alert on Speaker Programs
OMB Concludes Review of Proposed Rules for Modernizing Physician Self-Referral and Anti-Kickback Regulations
As of October 3, 2019, the Office of Management and Budget completed its review of the proposed rules for “modernizing and clarifying” the Physician Self-Referral Regulations and revising the safe harbors under the Anti-Kickback Statute and rules regarding the Beneficiary Inducement Civil Monetary Penalties Law.
These regulations were the subject of two Requests for Information…
Health Care Fraud and Abuse Control Program FY 2017: Insights from Our Enforcement Team
The Health Care Group’s newest partners, William S.W. Chang and Laura M. Kidd Cordova, along with Counsel Stephanie D. Willis, have authored an Alert about the 21st Health Care Fraud and Abuse Control Program (HCFAC) annual report released last Friday. The HCFAC report is a joint effort of the U.S. Department of Justice (DOJ) and…
Hospitals Beware: Medicare Electronic Health Records Incentive Payments to Hospitals are in the OIG’s Crosshairs
The Department of Health and Human Services, Office of the Inspector General (OIG), modified its Work Plan to announce that the agency will be conducting a nationwide audit of hospitals that participated in the Medicare Electronic Health Records (EHR) Incentive Program (also known as the Meaningful Use Program). The OIG review is focusing on hospitals…
Blocking Access to Health Information May Violate HIPAA
The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from patients. This follows a series of similar policy documents from HHS over the past 18 months that focus on preventing business arrangements or practices that would be defined as information blocking, and thereby, frustrating the goal of interoperability. Specifically, according to the OCR FAQ:
- An electronic health records (EHR) vendor or cloud provider’s actions to terminate a covered entity’s access to its own electronic PHI (ePHI) (e.g., in a payment dispute) would violate the HIPAA Privacy Rule because those actions would constitute an impermissible use of PHI.
- An EHR vendor or cloud provider’s refusal to ensure the accessibility and usability of a covered entity’s ePHI upon demand by the covered entity or to return a covered entity’s ePHI upon termination of the agreement, in the form and format that is reasonable in light of the agreement, would violate the HIPAA Security Rule.
- A business associate may not deny a covered entity access to the PHI the business associate maintains on behalf of the covered entity if necessary to provide individuals with access to their PHI under the HIPAA Privacy Rule.
- A covered entity that agrees to terms within a business associate agreement (BAA) that would prevent the covered entity from ensuring the availability of its own PHI as required would not be in compliance with the HIPAA Privacy and Security Rules.
OCR has increasingly ramped up its enforcement of violations of the HIPAA Privacy and Security Rules related to noncompliant BAAs, so the new OCR FAQ signals that information blocking provisions could be the source of future enforcement actions.Continue Reading Blocking Access to Health Information May Violate HIPAA
OIG Updates Policy on Permissive Exclusions Based On Fraud and Kickbacks
The Office of the Inspector General of the Department of Health and Human Services (OIG) last week replaced a 20-year old policy statement, and issued guidance on the criteria the agency will use to evaluate whether to exclude certain individuals and entities from billing or “participation in” Federal health programs under its permissive exclusion authority. The new guidelines supersede and replace the OIG’s December 24, 1997 policy statement and set forth “non-binding” criteria that the OIG may consider in exercising this authority under circumstances involving fraud, kickbacks and other prohibited conduct. The newly-memorialized policy is yet another effort by the agency to encourage healthcare providers to implement robust compliance mechanisms that can timely identify and voluntarily self-disclose to the government any unlawful conduct.
Under Sections 1128(b)(1)-(b)(15) of the Social Security Act (the “Act”), the Secretary, by delegation to the OIG, has discretion to exclude individuals and entities based on a number of grounds. This so-called “permissive exclusion” authority grants significant discretion to the OIG. The new policy provides guidelines for permissive exclusions that are based on Section 1128(b)(7) of the Act, which permits the OIG to exclude persons from participation in any Federal health care program if the OIG determines that the individual or the entity has engages in fraud, kickbacks and other prohibited activities.Continue Reading OIG Updates Policy on Permissive Exclusions Based On Fraud and Kickbacks
CMS Issues Comprehensive Care for Joint Replacement (CJR) Model Final Rule
On November 16, 2016, CMS posted the final rule to implement the Comprehensive Care for Joint Replacement (CJR) model, which is a new Medicare payment model intended to hold acute care hospitals financially accountable for the quality and cost of a CJR episode of care and incentivize increased coordination of care among hospitals, physicians, and post-acute care providers. The regulations are effective on January 15, 2016, and applicable on April 1, 2016 when the first model performance period begins.
Under the CJR model, acute care hospitals in certain selected geographic areas will receive retrospective bundled payments for episodes of care for lower extremity joint replacement (LEJR) or reattachment of a lower extremity. An episode of care begins with an admission to a participant hospital of a beneficiary who is ultimately discharged under Medicare Severity-Diagnosis Related Group (MS-DRG) 469 (Major joint replacement or reattachment of lower extremity with major complications or comorbidities) or 470 (Major joint replacement or reattachment of lower extremity without major complications or comorbidities) and ends 90 days post-discharge in order to cover the complete period of recovery for beneficiaries. All related items and services paid under Medicare Part A and Part B for all Medicare fee-for-service beneficiaries are included in the episode, except for certain exclusions.Continue Reading CMS Issues Comprehensive Care for Joint Replacement (CJR) Model Final Rule