U.S. Department of Health and Human Services

On April 22, 2024, the Office for Civil Rights (OCR) for the United States Department of Health and Human Services issued a Final Rule amending the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). The Final Rule, which goes into effect on June 25, 2024, promulgates

The U.S. Department of Health and Human Services (“HHS”) has expanded upon its recent Healthcare Sector Cybersecurity Concept Paper (which we covered in a prior blog post), issuing cybersecurity performance goals (“CPGs”) for the healthcare and public health (“HPH”) sector. These CPGs aim to help healthcare organizations protect against

The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information represents a chance for the private sector to contribute to HHS regulation. Interested parties have until June 6,

Given the current political dynamic within Congress, the chances of the Biden Administration enacting significant, substantive health care legislation appear slim in the short-term. Thus, the Biden Administration has sought alternative routes to advance its policy priorities, mainly through budget reconciliation (see here for a comprehensive explainer from the Congressional Research Service) and agency regulation. For example, we have previously written here and here about the “No Surprises Act”, enacted through the legislative short-cut of budget reconciliation as part of the 2021 Consolidated Appropriations Act, and the Biden Administration’s new regulations implementing consumer protections against surprise medical bills. In this mold, President Biden’s July 9 Executive Order on Promoting Competition in the American Economy (the “Order”) appears to lay out an aspirational, yet somewhat more practical agenda to implementing reforms in the health care sector, as compared to relying on new legislation coming through Congress.

The Order tasks federal agencies across the “whole-of-government” to “protect competition in the American economy” by acting on 72 regulatory initiatives, to be coordinated by a newly established “White House Competition Council” with representatives from key federal agencies. While the “whole-of-government” is involved and the entirety of the U.S. economy is targeted, there is a distinct focus among these initiatives on “improving health care” by addressing “overconcentration, monopolization, and unfair competition” in the sector. The Order specifically cites four areas in the health care sector ripe for renewed enforcement and regulatory attention with the goal of lowering prices, promoting competition, and benefiting consumers.

The U.S. Department of Justice (the “DOJ”) recently settled whistleblower False Claims Act (“FCA”) allegations against The University of Miami (“UMiami”) for $22 million, which resolves claims from three separate lawsuits related to billing practices at UMiami’s off-campus hospital-based facilities (“Off-Campus Hospital Facilities”) and fraudulent claims for laboratory services.

In a prior blog post, we discussed CMS’ Hospital Price Transparency Rule at 45 C.F.R. § 180.10 et. seq., effective January 1, 2021 (the “Rule”), which requires hospitals to make public “a machine-readable file containing a list of all standard charges for all items and services.” Specifically, the Rule requires hospitals to post (1) a description of each item or service provided by the hospital; (2) the gross charge that applies to each individual item or service; (3) payer-specific negotiated rates that apply to each item or service for which a payer negotiated rate has been established. Each payer negotiated price must be clearly associated with the name of the applicable third-party payer and plan; (4) de-identified minimum negotiated rates that apply to each item or service; (5) de-identified maximum negotiated rates that apply to each item or service; (6) discounted cash prices that apply to each item or service; and (7) CPT, HCPCS, or other billing codes used by the hospital for purposes of accounting or billing for the item or service.

In a study published on March 16, 2021, Health Affairs found that out of the largest 100 hospitals in the U.S. (by certified bed count), 65 were “unambiguously noncompliant.” 12 of these 65 (18%) did not post any files or provided links to searchable databases that were not downloadable and 53 (82%) either did not include the payer-specific negotiated rates with the name of payer and plan clearly associated with the charges or were in some other way noncompliant. The data informing this study was pulled from late January 2021 to early February 2021.

As is the case with most new technologies or significant industry innovations, companies embracing and driving the disruptions often move very fast in a legal and political landscape that is always playing catch-up. This is very true for the fast-growing telemedicine and digital health industries. However, likely motivated by COVID-19, state governments are moving faster than they traditionally do to pass new regulations and to extend certain regulatory waivers.

COVID-19 required a shift in the delivery of medical care with the state and local lockdowns. During the pandemic, the United States Department of Health and Human Services (HHS) has issued guidance on various compliance waivers and enhanced flexibility. Governors across the country issued executive orders to help address the requirements of providing ongoing medical care while maintaining proper social distancing (e.g., New Mexico, Texas, etc.). The result was more people receiving medical care remotely. Similar to the realization by many that working from home was not only feasible but in some cases preferable, many also came to the conclusion that a trip to the doctors’ office was not necessary for the treatment of certain conditions.

Although vaccine rollout began slowly in the United States, millions of people are now being vaccinated against COVID-19 per day. As individuals receive the vaccine, states have been collecting personal health data in individual immunization registries. Experts say this data collection is essential to effectively monitor vaccination progress, report adverse reactions, compare vaccine efficacy in cross sections of the population, and keep track of who needs second doses and when.