Categories
Health Law Highlights

Health Plan Services Firm Notifying 2.4 Million of PHI Theft

Summary of article from GovInfo Security, by Marianne Kolbasuk McGee:

Texas-based health plan administration services firm, WebTPA, is notifying over 2.4 million individuals about a hacking incident that occurred in 2023, which was detected in December of the same year. The breach potentially compromised personal data including names, contact information, birthdates, Social Security numbers, and insurance details. WebTPA has offered two years of free identity and credit monitoring services to those affected and has bolstered its network security. The delay in identifying and responding to the breach highlights the challenges organizations face in incident response and breach analysis. This incident is the third-largest breach reported in 2024 and emphasizes the increasing targeting of business associates that provide administrative services to health plans and other healthcare sector entities.

Categories
Health Law Highlights

Don’t Call It a Breach Rule: FTC Health Breach Notification Rule Has Been Here for Years, Now Updated to Serve as a Backdoor Privacy Regulation

Summary of article from Wyrick Robbins Yates & Ponton LLP, by Lynn Percival IV:

In December 2021, the Federal Trade Commission (FTC) began a rulemaking process to update the Health Breach Notification Rule (HBNR), which mandates notice following a security breach of unsecured personal health records. The FTC has now finalized these updates, expanding the definition of a “breach of security” to include unauthorized uses and disclosures of health information. The updated rule also broadens the terms “personal health records” and “PHR identifiable health information,” potentially encompassing more websites, apps, and data repositories. The definition of “PHR related entity” has also been clarified, expanding the types of organizations subject to the rule. The updated rule will be effective 60 days after its publication in the Federal Register, with violations potentially resulting in significant civil penalties.

Categories
Health Law Highlights

Telehealth: Regulatory Questions Amid Legislative Uncertainty

Summary of article from McDermott+Consulting, by Jeffrey Davis, Rachel Stauffer:

The article discusses the potential expiration of temporary Medicare waivers for telehealth services, which were instated during the COVID-19 pandemic and are set to expire by the end of 2024. Without further action from Congress, Medicare telehealth will revert to a rural-only benefit from 2025, and patients will have to visit an “originating” site to receive services. Congress is currently considering another extension, but the uncertainty is causing confusion among patients and providers. The Centers for Medicare & Medicaid Services (CMS) must establish payment policies for 2025, but the legislative uncertainty makes it challenging. Key issues include determining which telehealth services will be added to the Medicare list, the reimbursement rates for these services, the adoption of new telehealth codes, and decisions about other telehealth flexibilities.

Categories
Health Law Highlights

HHS Issues New Affordable Care Act Section 1557 Nondiscrimination Regulations

Summary of article from Seyfarth Shaw LLP, by Kristina Launey, Leon Rodriguez:

Section 1557 of the Affordable Care Act prohibits discrimination in health programs receiving federal financial assistance. It has been subject to changes across different Presidential administrations since its inception in 2016. The latest regulations, effective from August 6, 2024, restore some repealed provisions and enhance nondiscrimination requirements. The Final Rule restores protections against discrimination based on sexual orientation, gender identity, disability, and religious objections, and expands its reach to include Medicare Part B providers, private insurance plans, and AI patient decision-making tools. It also mandates language assistance and accessibility services, and re-states federal protections for religious freedom and conscience.

Categories
Health Law Highlights

OCR HIPAA Audit Program to Commence in 2024

Summary of article from The HIPAA Journal, by Steve Adler:

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 mandates periodic audits of HIPAA-regulated entities by the Office for Civil Rights (OCR) to assess HIPAA compliance, with a focus on the HIPAA Security Rule. OCR has confirmed that audits will be conducted in 2024. The increasing rate and scale of data breaches suggest inadequate compliance with the HIPAA Security Rule among healthcare organizations. OCR aims to improve future audit programs and cybersecurity across the healthcare sector, with a particular focus on risk analysis and management provisions of the HIPAA Security Rule. OCR is working on an update to the HIPAA Security Rule, expected to be finalized by the end of the year, to reflect changes in technology and working practices, including the adoption of cloud technology, encryption, and multifactor authentication.

Categories
Health Law Highlights

Health Care, AI and Antitrust: Analysis and Next Steps

Summary of article from Manatt, Phelps & Phillips, LLP, by Dylan Carson, Harvey Rochman:

As artificial intelligence (AI) becomes more prevalent in the health care industry, there are growing concerns about potential anticompetitive conduct, including algorithmic price fixing. This issue was highlighted in a recent New York Times report alleging that certain health plans and administrators were using the same company’s algorithmic tools to set out-of-network rates, potentially leading to higher costs for patients. Antitrust enforcers argue that using the same AI systems to set prices could be seen as collusion and therefore a violation of antitrust laws. Health care companies are advised to closely monitor these developments and consider the potential legal risks associated with their use of AI.

Categories
Health Law Highlights

DOJ Introduces Task Force on Health Care Monopolies and Collusion

Summary of article from King & Spalding, by Catherine Behnke:

The Department of Justice (DOJ) recently announced the establishment of a Health Care Monopolies and Collusion (HCMC) Task Force. This initiative is part of the Biden administration’s broader effort to enhance antitrust enforcement in the health care sector, including measures aimed at increasing transparency, promoting competition, and curbing corporate greed. The HCMC Task Force will identify and address monopolistic and collusive practices that contribute to rising health care costs and decreased quality of care. The Task Force will focus on issues such as payer-provider consolidation, serial acquisitions, labor and quality of care, medical billing, health care IT services, and misuse of health care data. The HCMC Task Force will include a multi-disciplinary team of civil and criminal prosecutors, economists, health care industry experts, technologists, data scientists, investigators, and policy advisors.

Categories
Health Law Highlights

Cracking the Whip: The FTC’s Clampdown on Healthcare Marketing

Summary of article from Nelson Hardiman, LLP, by Harry Nelson:

The U.S. healthcare system, driven by a complex mix of economic considerations, permits direct-to-consumer pharmaceutical advertising, unlike many other Western nations. However, this practice can lead to misleading claims and deceptive marketing, especially affecting vulnerable individuals. Recently, the Federal Trade Commission (FTC) has increased scrutiny on such practices, as evidenced by lawsuits against companies like AWAREmed and Rejuvika for misleading advertising. In 2024, the FTC also penalized telehealth providers, Cerebral and Monument, for violating confidentiality and misusing personal data. The FTC’s actions signal a shift towards protecting consumers from deceptive healthcare marketing practices.

Categories
Health Law Highlights

Medicaid: CMS Final Rules Aim to Expand Access, Provide Parity with Commercial Markets

Summary of article from Foley & Lardner LLP, by Anil Shankar:

The Centers for Medicare & Medicaid Services (CMS) introduced two significant updates to its Medicaid regulations on May 10, 2024: the Medicaid Access Rule and the Medicaid Managed Care Rule. These updates aim to enhance and standardize reporting, monitoring, and evaluation of Medicaid services, potentially increasing Medicaid reimbursement. The new rules require states and Medicaid managed care plans to report and analyze payment rates and access to services, and to implement corrective action plans for identified access deficiencies. The Managed Care Rule introduces federal “appointment wait time” standards and allows states to increase Medicaid reimbursement to match commercial plan rates. Lastly, the Access Rule establishes a numerical floor for Medicaid rates and requires at least 80% of Medicaid payments to home and community-based service providers to be spent on direct care workers’ compensation.

Categories
Health Law Highlights

FTC Cleared To Sue Texas Anesthesia Co., But Not PE Firm

Summary of article from Law360, by Bryan Koenig:

A Texas federal judge has ruled that the Federal Trade Commission (FTC) lacks the authority to pursue antitrust claims against private equity firm Welsh Carson Anderson & Stowe, but can proceed against the anesthesia group the firm created, U.S. Anesthesia Partners Inc (USAP). The judge ruled that the FTC could not prove an ongoing or likely future antitrust violation by Welsh Carson, which had sold off its controlling stake in USAP in 2017. This decision could impact the FTC’s efforts to challenge private equity strategies of acquiring entire sectors through individual transactions. The ruling also underscores the FTC’s ongoing struggle to expand its authority under Section 13(b) of the FTC Act. Despite this, the judge found sufficient evidence of ongoing violations by USAP, allowing the FTC’s case against it to proceed.