The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information represents a chance for the private sector to contribute to HHS regulation. Interested parties have until June 6, 2022 to submit comments.

HHS seeks this information to be better informed when making determinations regarding fines, audits, and remedies after a potential violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule. The request for information was issued by HHS’s Office for Civil Rights (“OCR”), which enforces the privacy and security rules for health providers and insurers that hold health data.

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act requires that HHS consider industry recognized security practices during enforcement, and does not require nor prohibit rulemaking based on the same. The HITECH Act defines “recognized security practices” as (i) the standards found in section 2(c)(15) of the National Institute of Standards and Technology (“NIST”) Act, (ii) the approaches found in section 405(d) of the Cybersecurity Act of 2015, and (iii) “other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities”. OCR seeks information in order to improve guidelines about these standards.

Uncorrected violations under the HITECH Act can carry a minimum of $50,000 per violation in civil penalties. Enforcement actions are initiated by OCR through investigating complaints alleging violations of HIPAA Rules, as well as compliance reviews conducted by OCR following a breach report. Covered entities are required to submit breach reports after cybersecurity incidents under certain circumstances.

The request for information, found here contains specific prompts on the topic.

Contingency management (CM) is a form of intervention treatment program that incentivizes patients with substance use disorders to observe certain conditions—such as non-use of drugs or alcohol confirmed via urine drug screening or breathalyzer test, or even drug therapy adherence—in exchange for something of monetary value.  Adherence is often tracked and confirmed by those that provide the incentive payment through digital health technologies—including apps that can be downloaded to the patient’s smart phone or that are already downloaded to a smart phone provided to the patient as part of a CM program.  While many contend that CM is an effective, evidence-based treatment, certain legal barriers limit, and often prevent, its widespread adoption and use.  When there is the potential for patients to receive items and services payable by Federal health care programs (FHCPs), CM incentives are subject to scrutiny under the Federal anti-kickback statute (AKS) and the Beneficiary Inducements CMP.  A recent advisory opinion issued by the United States Department of Health and Human Services (HHS), Office of Inspector General (OIG), approved a digital health company’s offer to provide cash equivalents to patients participating in a CM program.  This favorable result continues to demonstrate OIG’s flexibility notwithstanding regulatory precedent or guidance appearing to the contrary.

Continue Reading OIG Approves Cash Equivalents Paid to Patients Participating in Contingency Management Program Offered Through Digital Health Technology

On February 24, 2022, the Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), announced the Accountable Care Organization Realizing Equity, Access, and Community Health (ACO REACH) Model, which will begin January 1, 2023, and replace the Global and Professional Direct Contracting (GPDC) Model.  The Request for Applications (RFA) has been posted on CMS’s website, and applications are due by April 22, 2022.  While the application is not binding, the failure to apply will foreclose any opportunity to participate.

This article discusses the termination of the GPDC Model, the establishment of the ACO REACH Model, and the differences between them.

Continue Reading CMS Responds to Industry Stakeholder Feedback, Redesigns and Renames the GPDC Model for DCEs as the ACO REACH Model

A variety of conditions may be conspiring against businesses in certain segments of the health care industry.  These include reduced patient census at skilled nursing and other long-term care facilities, COVID regulations that limit the ability of providers to give (or patients to receive) various forms of treatment and patients choosing to delay lucrative elective procedures, or even to forego health and dental care altogether.  In addition, Congress passed and President Trump enacted into law the No Surprises Act, which went into effect on January 1, 2022 and will have a profound impact on health care service providers across the country.  Individually, or in combination, these and other adverse market conditions have the potential to wreak financial havoc on health care businesses.

When financial distress afflicts one of its borrowers, private credit lenders must act quickly to maximize the prospects for recovering their capital.  In this alert, we discuss five of the most significant challenges for private credit lenders in addressing a distressed health care borrower.

Read the full alert.

We previously noted that the No Surprises Act (NSA) regulation’s establishment of the presumption that the qualifying payment amount (QPA)—generally, the median payment by the plan to providers in the region—is the appropriate payment amount in arbitrations between plans and providers under the NSA did not appear to comport with the NSA.

In a recent case brought by the Texas Medical Association challenging the established presumption, the United States District Court for the Eastern District of Texas (“Court”) has held that the regulation “conflicts with the Act” and that the regulatory agencies failed to engage in necessary notice and comment rulemaking.  See Texas Medical Association & Adam Corley v. United States Department of Health and Human Services, et al., No. 6:21-cv-425-JDK, 2022 WL 542879, at *1 (E.D. Tex., Feb. 23, 2022). Based on such violations, the Court vacated the requirement that the QPA serve as the presumptive payment amount in such disputes.

The Court noted that “the Rule conflicts with the unambiguous terms of the Act in several key respects” and that “there is nothing the Departments can do … to rehabilitate or justify the challenged portions of the Rule.”  Id. at *32.  As the Court noted, “[i]f Congress had wanted to restrict arbitrators’ discretion and limit how they could consider the other [non QPA statutory] factors, it would have done so—especially here, where Congress described the arbitration process in meticulous detail.”  Id. at *19.

While the decision will likely be appealed, the strength of the decision reflects growing judicial intolerance with regulators making law, and it is not likely to be reversed.  If the administration wants to make the QPA the presumptive payment amount in disputes between providers and plans, it will likely need legislation.

On January 11, 2022, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) issued, without an opportunity for public notice and comment,[1] a Final Rule, amending its internal process for accepting and issuing advisory opinions.  87 Fed. Reg. 1367 (Jan. 11, 2022).  In response to the industry’s “expressed frustration” with the regulatory provision precluding advisory opinion requests from being accepted and/or advisory opinions from being issued when the same conduct is under investigation by a governmental agency, OIG decided to remove that barrier altogether, effective February 10, 2022.  Id. at 1368.  OIG’s amendment is surprising, since OIG did not publicly signal its intent to make such a change and because the Final Rule is not simply procedural in nature.  It is unclear whether OIG’s well-intended amendment will have any meaningful upside for requestors of advisory opinions.

The current regulation, which substantively has been in effect since OIG issued its 1997 interim final rule (as finalized in 1998 and amended in other aspects in March 2008 and July 2008), precludes an advisory opinion request from being accepted and/or an advisory opinion from being issued when the same or substantially the same course of action is under investigation, or is or has been the subject of a proceeding involving HHS or another governmental agency.  42 C.F.R. § 1008.15(c)(2).  The purpose of this prohibition was “to prevent the advisory opinion process from interfering with the investigatory or prosecutorial authority of OIG, [the Department of Justice (DOJ)], or any other governmental agency.”  87 Fed. Reg. at 1368.  Accordingly, “no advisory opinion is issued if the same or substantially the same course of action is under investigation or is the subject of a proceeding involving HHS or another governmental agency.”  Id.

Within the current regulatory framework, a requestor seeking an advisory opinion receives notice of OIG’s formal declination to accept the request for an advisory opinion.  42 C.F.R. § 1008.41(b)(3).  However, when such notice is provided, OIG does not appear to have any obligation or responsibility to inform the requestor why.  Id. at Part 1008, in passim.  This appears to be the likely source of the “expressed frustration” OIG addresses in its Final Rule.[2]  Indeed, if OIG rejects a request for an advisory opinion under 42 C.F.R. § 1008.15(c)(2) because, e.g., the matter under investigation by DOJ is under seal, OIG is not permitted to disclose that reason to the requestor.  Consequently, requestors have been left wondering why they were precluded from receiving advisory opinions.[3]

Now, the barrier to having an advisory opinion request accepted and an advisory opinion issued in these circumstances has been knocked down—by OIG itself.  In its Final Rule, OIG explained its two-fold reasoning for making such a change as (1) offering OIG more flexibility in responding to requests for advisory opinions and in issuing favorable or unfavorable[4] advisory opinions when an arrangement presented in a request involves conduct that is the same or substantially the same as conduct that is under investigation or subject to a proceeding, and (2) providing industry stakeholders with greater transparency regarding factors the Government may consider in evaluating compliance with certain Federal fraud and abuse laws and distinguishing between similar arrangements.  87 Fed. Reg. at 1368.  It is unclear, however, whether this new regulatory framework will ultimately benefit requestors.

On the one hand, a requestor can rest assured that its request for an advisory opinion will not be declined on the basis that the same, or substantially the same, course of action is under investigation by, or is or has been the subject of a proceeding involving, any governmental agency.  That basis is now unavailable to, and not required to be used by, OIG, effective February 10, 2022.  If the request for an advisory opinion is accepted and the same conduct is under investigation by, e.g., DOJ, the requestor could presume that DOJ, via its “consultation with” OIG and via OIG’s requests for additional information from the requestor during its ordinary process of fact-gathering, would not use OIG’s advisory opinion process as an extension of its investigatory authority.  42 C.F.R. § 1008.1(a); id. at § 1008.39.  Likewise, the requestor could also presume that OIG would not permit DOJ to engage in such investigatory conduct through OIG’s advisory opinion process.

On the other hand, it is unclear how OIG could feasibly issue a favorable advisory opinion related to conduct that is concurrently under investigation by DOJ.  Indeed, OIG even admits this would be unlikely:  “[I]f the arrangement for which an advisory opinion is sought is the same or similar conduct that is currently under investigation or is the subject of a proceeding involving a governmental agency, that fact will weigh against the issuance of a favorable advisory opinion because such circumstances generally indicate that the arrangement does not present a sufficiently low risk of fraud and abuse.”  87 Fed. Reg. at 1368 (emphasis added).  However, OIG’s sentiment may presume too much.

First, OIG appears to presuppose that any conduct under investigation by DOJ—by virtue of it being under investigation—is problematic.  To the contrary, conduct under investigation by DOJ has merely been alleged to be problematic.  Even if DOJ resolves such conduct via, e.g., settlement agreement, there is no admission of liability by the individual or entity that has allegedly engaged in such “problematic” conduct.  But, if OIG issues an unfavorable advisory opinion, such a conclusion could provide a sufficient basis for DOJ to proceed with its investigation or even intervene in a qui tam action.  Additionally, even if OIG is prepared to issue an unfavorable advisory opinion and the requestor “withdraw[s] [its] request prior to the issuance” of such advisory opinion, OIG still “reserves the right to retain any request for an advisory opinion, documents and information submitted to it … and to use them for any governmental purposes”—presumably including a DOJ investigation into the requestor for the conduct.  42 C.F.R. § 1008.40 (emphasis added).  Nothing precludes DOJ, or even OIG or another governmental agency, from using its “investigatory or prosecutorial authority” to move forward against the requestor for the conduct.  Id. at § 1008.1(d).

Second, a question emerges:  What does a favorable advisory opinion mean for both the requestor and DOJ under the new regulatory framework?  Certainly, if OIG “blesses” conduct that is also under investigation by DOJ, one could presume that DOJ would not likely move forward with its investigation for that conduct.  Indeed, in such circumstances where DOJ decides to move forward and, e.g., intervene in a qui tam action notwithstanding a favorable advisory opinion related to that same conduct, the requestor could, and probably should, attach that favorable advisory opinion as “Exhibit 1” to its answer.

Lastly, regardless of whether OIG issues a favorable or unfavorable advisory opinion related to the same or substantially the same conduct that is under investigation by another governmental agency, it is unclear how OIG’s removal of the barrier will interact with OIG’s other regulatory limitations affecting the industry.  For example, if a requestor receives a favorable advisory opinion related to a set of facts and circumstances that may not necessarily be unique to the requestor itself, the applicable regulations would still prohibit another individual or entity’s reliance on or use of such favorable advisory opinion as evidence during litigation.  Id. at § 1008.53 (“No individual or entity other than the requestor(s) may rely on an advisory opinion.”), id. at 1008.55 (“An advisory opinion may not be introduced into evidence by a person or entity that was not the requestor of the advisory opinion to prove that the person or entity did not violate” the law reviewed by OIG in the advisory opinion.).  If such facts and circumstances were under investigation by DOJ, but the investigation related to an individual or entity that is not the requestor, presumably OIG’s issuance of a favorable advisory opinion would, and should, give DOJ pause.  Indeed, DOJ, in consideration of its investigation into the same or similar conduct, would presumably re-consider continuing with such investigation.

On balance, OIG’s removing the barrier to advisory opinion requests being accepted and/or advisory opinions being issued when the same or similar conduct is under investigation by a governmental agency, such as DOJ, may not benefit, and could end up harming, requestors because (1) the likelihood that a favorable advisory opinion will be issued by OIG when that conduct is under investigation by DOJ is low, (2) an unfavorable advisory opinion may affect DOJ’s investigation into the conduct adversely to the requestor, and (3) any information provided by the requestor to OIG at OIG’s request during the advisory opinion process may be shared with DOJ, even when DOJ is investigating the conduct.

The Firm’s Health Care Group continuously monitors changes from OIG and other governmental agencies affecting the Firm’s clients.  Check back for additional, forthcoming alerts.

[1] In its Final Rule, OIG explains that, “[b]ecause this rule is procedural, notice and comment rulemaking is not required under 5 U.S.C. 553(b)(A)”—i.e., the Administrative Procedure Act.  87 Fed. Reg. at 1368.

[2] OIG explains how it “reject[s] advisory opinion requests pursuant to the existing regulation,” but does not indicate whether it actually informs the requestors the reason for such rejections.  Id. (emphasis added).

[3] Even so, savvy requestors could reasonably deduce whether their requests for advisory opinions have been declined based on the other factors set forth at 42 C.F.R. 1008.15.

[4] A “favorable opinion” describes an advisory opinion when OIG has determined that either (1) the arrangement would not violate the law and would not constitute grounds for the imposition of sanctions under that law, or (2) even if an arrangement would violate the law, OIG would not impose administrative sanctions on a requestor under that law in connection with the arrangement.  See e.g., Advisory Opinion 21-10 as an example of the former, available at Advisory Opinion 21-10 | Office of Inspector General | Government Oversight | U.S. Department of Health and Human Services (hhs.gov), and Advisory Opinion 21-16 as an example of the latter, available at Advisory Opinion 21-16 | Office of Inspector General | Government Oversight | U.S. Department of Health and Human Services (hhs.gov).  By contrast, an “unfavorable opinion” describes an advisory opinion when OIG has determined that the arrangement would violate the law and would constitute grounds for the imposition of sanctions under that law.  See, e.g., Advisory Opinion 21-18, available at Advisory Opinion 21-18 | Office of Inspector General | Government Oversight | U.S. Department of Health and Human Services (hhs.gov).

On December 31, 2021, New York Governor Kathy Hochul signed landmark legislation to increase the transparency of prescription drug pricing and to establish requirements on pharmacy middlemen. This new law is amongst 100 [1] state bills introduced in 2021 that shed light on the business practices of pharmacy benefit managers (PBM). In an approval memo, Governor Hochul described the New York legislation as the most comprehensive regulatory framework in the country for PBMs. The new law requires PBMs to register with the State Department of Financial Services (DFS) by April 1, 2022 and thereafter to be licensed by January 1, 2023. Failure to obtain a license by 2023 could result in a cease and desist order from DFS and financial penalties. The new legislation also sets forth duties and obligations that PBMs must follow, which are outlined below.

Duties

The new legislation creates a duty on the PBM to perform their services to covered individuals, health plans, and providers with “care, skill, prudence, diligence, and professionalism”.

Price transparency

The new law requires the PBM to place all money for service in trust to be distributed according to the PBM’s contract with the health plan, provider, or applicable law, including any payment that has been specifically allocated to compensate the PBM. In addition, PBMs must inform the health plans and providers of any pricing discounts, rebates, credits, fees, grants, reimbursements or other benefits “annually or more frequently.” The PBM is required to ensure that any portion of such income or financial benefit is passed in its entirety to the health plan or provider.

The new law also requires PBMs to disclose to DFS financial information and the terms and conditions of any contract they have with any party in writing, including dispensing fees paid to the pharmacies. Annually on or before July 1, PBMs are required to file a detailed report of: 1) any pricing discounts, rebates, credits, fees, grants, reimbursements and other benefits received by the PBM, and 2) the terms and conditions of any contract or arrangements between the PBM and “any other party relating to PBM services provided to a health plan or provider.” Medicare and Medicaid have had similar price transparency rules, but now those rules will apply across all lines of business in New York.

Disclosure requirements

If any activity, policy, practice or contract presents a conflict of interest with a PBM’s relationship or obligation to a health plan or provider, the PBM is required to disclose this information in writing.

Private Right of Action

If a PBM is in violation of any of their duties, providers and patients are afforded a private right of action to seek legal or equitable relief for any injury or loss resulting from a violation.

DFS along with the Department of Health in New York (DOH) will issue regulations that establish the minimum standards and requirements of PBM services in order to address the elimination of: conflicts of interest, deceptive and anti-competitive practices, and unfair claims practices. The new statute authorizes DFS to examine any registrant or licensee at any time they deem it expedient to ensure compliance.

***

The new legislation was passed as part of a three-part pharmacy reform package, one of which was vetoed. The vetoed Senate Bill 6603 prohibited PBMs from limiting an individual’s option to receive medications from non-mail order pharmacies, and from denying a retail pharmacy participation in another provider’s network. No other PBM measures were included in Governor Hochul’s proposed 2023 Budget, released yesterday. However, time will tell if other legislation is contemplated in the budget negotiations and this legislative session. Given the newly enacted legislation and the evolving landscape on PBM regulatory oversight, Proskauer attorneys can assist self-insured employers and health plans regarding PBM business practice compliance.

[1] https://www.nashp.org/rx-legislative-tracker/

Recently, in Siegel v. Snyder, Slip.Op. 07624, New York’s Appellate Division, Second Department interpreted New York’s peer review/quality assurance confidentiality statute in a manner that may require modifications to the standard documentation of such meetings.  New York’s Education Law 6527(3) shields from disclosure “the proceedings [and] the records relating to performance of a medical or a quality assurance review function or participation in a medical . . . malpractice prevention program,” as well as testimony of any person in attendance at such a meeting when a medical or quality assurance review function or medical malpractice prevention program was performed (see Logue v Velez, 92 NY2d 13, 16-17).  Public Health Law 2805-m(2) affords similar protection from disclosure for “records, documentation or committee actions or records” required by law, which includes peer review activity.

Continue Reading Failure to Disclose Speakers at Protected QA Meeting Loses Protection for All Speakers

On November 2, 2021, the Centers for Medicare and Medicaid Services (“CMS”) issued its Calendar Year (CY) 2022 Physician Fee Schedule (“PFS”) Final Rule. In this post, we sample some key highlights from the Final Rule. Continue Reading Physician Fee Schedule Final Rule for Calendar Year 2022 – CMS Cuts Rates and Extends Telehealth

On November 2, 2021, the Centers for Medicare & Medicaid Services (“CMS”) issued a final rule (“Final Rule”) that advances the shift from paying for Medicare home health services based on volume to a system that pays based on value. In addition to other matters, the Final Rule expands the HHVBP Model from 9 states to all 50.

The new rule stems from a decade of CMS Innovation Center experimenting with alternative home health payment models, all launched with the goal of incentivizing quality of care improvements for home health patients. The HHVBP Model was originally piloted in 9 states and resulted in reductions in acute hospitalizations and skilled nursing facility stays. Thus, CMS determined that expanding the model will further reduce Medicare spending and improve quality. Beginning on January 1, 2022, the HHVBP Model shall apply to all Medicare certified HHAs in the 50 States, Territories, and the District of Columbia. In this blog post, we highlight the key components of the expanded HHVBP Model.

Of note, CY 2022 will be a pre-implementation year with CMS providing HHAs with training and resources to prepare for success. CY 2023 will be the first performance year with payment adjustments occurring in CY 2025. Payment adjustments will be based on each HHA’s performance on a set of quality measures in a given performance year relative to other HHAs grouped in the same cohort.

Cohorts are identified based on the unique nature of the HHAs beneficiaries served in the year prior to the performance year with assignment based on either nationwide large-volume or nationwide small-volume of similar size and quality performance HHAs.  Adjustments will range from -5% to +5% of Medicare fee-for-service payments.

Specifically, payment adjustments are based on each HHA’s Total Performance Score (TPS) in a given performance year, which is comprised of performance on: (1) A set of measures reported via the Outcome and Assessment Information Set (OASIS), (2) completed Home Health Consumer Assessment of Healthcare Providers and Systems (HHCAHPS) surveys, and (3) claims-based measures (e.g., acute care or ER hospitalizations during the first 60 days of HHA use). Quality measures do not count: (i) for patients that were not responsive at the start of care or resumption of care, (ii) if the HHA has less than 20 eligible quality episodes and (iii) for any patients in Medicare Advantage or Medicaid.

The expanded Model will use benchmarks, achievement thresholds, and improvement thresholds based on CY 2019 data to assess achievement or improvement of HHA performance on applicable quality measures. Competing HHAs that demonstrate they can deliver higher quality of care in a given performance year when measured against a baseline year and relative to peers nationwide (as defined by larger- versus smaller-volume cohorts), will be eligible to have their HH PPS claims final payment amount adjusted higher than the amount that otherwise would be paid. Payment adjustments for a given year will be based on the TPS calculated for performance two years prior. All HHAs certified to participate in the Medicare program prior to January 1, 2022, will be required to participate and will be eligible to receive an annual TPS based on their CY 2023 performance.

Note that while the HHVBP Model does not apply to Medicaid or commercial patients, it does provide a path and format for use in these markets as most payors move toward paying for value instead of volume.

More information on the CMS HHVBP Model can be found at https://innovation.cms.gov/innovation-models/expanded-home-health-value-based-purchasing-model and as will be updated with further guidance in 2022.

Proskauer’s Health Care team can help you strategize and consider alternative payment and value-based payment arrangements for home care and other healthcare services.