This past week, the Supreme Court of the United States (Supreme Court) denied UnitedHealthcare Insurance Company’s (UnitedHealthcare) petition for a writ of certiorari (Petition) challenging, in part, the Centers for Medicare & Medicaid Services’s (CMS) Overpayment Rule, which requires Medicare Advantage (MA) plans, such as UnitedHealthcare, to return identified “overpayments” to CMS within 60 days.  With this denial, the Overpayment Rule remains in full force and effect, and UnitedHealthcare, among other MA plans, must comply or potentially face False Claims Act (FCA) liability.

Continue Reading The Supreme Court Denies Petition Challenging CMS’s Overpayment Rule

The Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), recently issued new regulatory guidance relating to covered entities’ HIPAA-compliant use of remote communication technologies for audio-only telehealth services. This guidance is a direct response to a December 2021 Executive Order that tasked HHS with developing HIPAA guidance for telehealth services, with the stated goals of improving “patient experience and convenience” as the COVID-19 public health emergency subsides. HHS has issued this guidance in anticipation of the national public health emergency ending, at which time OCR’s Telehealth Notification loses effect.

The new HIPAA guidance affects covered entities in four key ways.

Continue Reading HHS Issues HIPAA Guidance on Remote Communication Technologies for Audio-Only Telehealth

We previously discussed the requirements of the Hospital Price Transparency Rule (“Rule”) on health care providers and health plans, as well as CMS’s proposal to increase penalties for a hospital’s failure to comply with the Rule.  About a year and a half after the Rule became effective, CMS has now imposed its first set of civil monetary penalties (“CMPs”) on Northside Hospital Atlanta and Northside Hospital Cherokee, which have been fined $883,180 and $214,320, respectively.

The Rule requires, in part, hospitals to make public a machine-readable file containing a list of all standard charges for all items and services, such as, e.g., supplies, room and board, and use of the facility, among other items.  See 45 C.F.R. § 180.40(a); id. at § 180.20.  The Rule also requires hospitals to display shoppable services in a consumer-friendly manner.  See id. at § 180.60(d)(2); id. at § 180.60(b).  The goal of these specific requirements, in addition to those set forth in the remainder of the Rule, is to provide consumers with sufficient information about the charges for certain items and services by requiring health care providers and health plans to be publicly transparent about such charges.

Based on CMS’s CMP letters, dated June 7, 2022, Northside Hospital Atlanta and Northside Hospital Cherokee were non-compliant with the aforementioned specific requirements of the Rule.  The chronology of events is important to understand how CMS ended up issuing its CMP letters.

Continue Reading Health Care Providers on Alert: Two Hospitals Penalized for Continuous Noncompliance with the Hospital Price Transparency Rule

The onset of the COVID-19 public health emergency (“PHE”) led to a surge in the use of telehealth by health care providers. In addition, the PHE fueled a boom in the number of direct-to-consumer (“DTC”) telehealth platforms, many of which have relied upon COVID-19 regulatory waivers to launch and operate in multiple states across the nation. For the reasons discussed below, DTC telehealth platforms should re-visit their compliance plans and be prepared for increased state and federal regulatory scrutiny.

Continue Reading Key Legal Issues Facing Telehealth Platforms, as Compliance Concerns Bubble for Platforms Launched During the Public Health Emergency

As part of the Fiscal Year 2023 New York state Executive Budget legislation, $1.2 billion in funding has been allocated for the payment of bonuses for certain “frontline” healthcare workers.

With the stated goals to “recruit, retain, and reward health care and mental hygiene workers,” the provision – located within Part D of the Health and Mental Hygiene Bill, as amended – requires the state Commissioner of Health, in consultation with the state Commissioner of Labor and the Medicaid inspector general, to develop procedures to facilitate payment of claims to covered employers for the purpose of funding worker bonuses in accordance with the provision’s requirements.  Bonus amounts will be commensurate with the number of hours worked by covered workers during designated vesting periods up to a total of $3,000 per covered worker.

Continue Reading New York State to Fund Bonuses for Certain Healthcare Workers as Part of State Budget

The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information represents a chance for the private sector to contribute to HHS regulation. Interested parties have until June 6, 2022 to submit comments.

HHS seeks this information to be better informed when making determinations regarding fines, audits, and remedies after a potential violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule. The request for information was issued by HHS’s Office for Civil Rights (“OCR”), which enforces the privacy and security rules for health providers and insurers that hold health data.

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act requires that HHS consider industry recognized security practices during enforcement, and does not require nor prohibit rulemaking based on the same. The HITECH Act defines “recognized security practices” as (i) the standards found in section 2(c)(15) of the National Institute of Standards and Technology (“NIST”) Act, (ii) the approaches found in section 405(d) of the Cybersecurity Act of 2015, and (iii) “other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities”. OCR seeks information in order to improve guidelines about these standards.

Uncorrected violations under the HITECH Act can carry a minimum of $50,000 per violation in civil penalties. Enforcement actions are initiated by OCR through investigating complaints alleging violations of HIPAA Rules, as well as compliance reviews conducted by OCR following a breach report. Covered entities are required to submit breach reports after cybersecurity incidents under certain circumstances.

The request for information, found here contains specific prompts on the topic.

Contingency management (CM) is a form of intervention treatment program that incentivizes patients with substance use disorders to observe certain conditions—such as non-use of drugs or alcohol confirmed via urine drug screening or breathalyzer test, or even drug therapy adherence—in exchange for something of monetary value.  Adherence is often tracked and confirmed by those that provide the incentive payment through digital health technologies—including apps that can be downloaded to the patient’s smart phone or that are already downloaded to a smart phone provided to the patient as part of a CM program.  While many contend that CM is an effective, evidence-based treatment, certain legal barriers limit, and often prevent, its widespread adoption and use.  When there is the potential for patients to receive items and services payable by Federal health care programs (FHCPs), CM incentives are subject to scrutiny under the Federal anti-kickback statute (AKS) and the Beneficiary Inducements CMP.  A recent advisory opinion issued by the United States Department of Health and Human Services (HHS), Office of Inspector General (OIG), approved a digital health company’s offer to provide cash equivalents to patients participating in a CM program.  This favorable result continues to demonstrate OIG’s flexibility notwithstanding regulatory precedent or guidance appearing to the contrary.

Continue Reading OIG Approves Cash Equivalents Paid to Patients Participating in Contingency Management Program Offered Through Digital Health Technology

On February 24, 2022, the Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), announced the Accountable Care Organization Realizing Equity, Access, and Community Health (ACO REACH) Model, which will begin January 1, 2023, and replace the Global and Professional Direct Contracting (GPDC) Model.  The Request for Applications (RFA) has been posted on CMS’s website, and applications are due by April 22, 2022.  While the application is not binding, the failure to apply will foreclose any opportunity to participate.

This article discusses the termination of the GPDC Model, the establishment of the ACO REACH Model, and the differences between them.

Continue Reading CMS Responds to Industry Stakeholder Feedback, Redesigns and Renames the GPDC Model for DCEs as the ACO REACH Model

A variety of conditions may be conspiring against businesses in certain segments of the health care industry.  These include reduced patient census at skilled nursing and other long-term care facilities, COVID regulations that limit the ability of providers to give (or patients to receive) various forms of treatment and patients choosing to delay lucrative elective procedures, or even to forego health and dental care altogether.  In addition, Congress passed and President Trump enacted into law the No Surprises Act, which went into effect on January 1, 2022 and will have a profound impact on health care service providers across the country.  Individually, or in combination, these and other adverse market conditions have the potential to wreak financial havoc on health care businesses.

When financial distress afflicts one of its borrowers, private credit lenders must act quickly to maximize the prospects for recovering their capital.  In this alert, we discuss five of the most significant challenges for private credit lenders in addressing a distressed health care borrower.

Read the full alert.

We previously noted that the No Surprises Act (NSA) regulation’s establishment of the presumption that the qualifying payment amount (QPA)—generally, the median payment by the plan to providers in the region—is the appropriate payment amount in arbitrations between plans and providers under the NSA did not appear to comport with the NSA.

In a recent case brought by the Texas Medical Association challenging the established presumption, the United States District Court for the Eastern District of Texas (“Court”) has held that the regulation “conflicts with the Act” and that the regulatory agencies failed to engage in necessary notice and comment rulemaking.  See Texas Medical Association & Adam Corley v. United States Department of Health and Human Services, et al., No. 6:21-cv-425-JDK, 2022 WL 542879, at *1 (E.D. Tex., Feb. 23, 2022). Based on such violations, the Court vacated the requirement that the QPA serve as the presumptive payment amount in such disputes.

The Court noted that “the Rule conflicts with the unambiguous terms of the Act in several key respects” and that “there is nothing the Departments can do … to rehabilitate or justify the challenged portions of the Rule.”  Id. at *32.  As the Court noted, “[i]f Congress had wanted to restrict arbitrators’ discretion and limit how they could consider the other [non QPA statutory] factors, it would have done so—especially here, where Congress described the arbitration process in meticulous detail.”  Id. at *19.

While the decision will likely be appealed, the strength of the decision reflects growing judicial intolerance with regulators making law, and it is not likely to be reversed.  If the administration wants to make the QPA the presumptive payment amount in disputes between providers and plans, it will likely need legislation.