Yesterday, the United States Supreme Court held that a False Claims Act (FCA) defendant cannot rely on an objectively reasonable interpretation of a law, regulation, or rule to negate the scienter element of the FCA. In United States ex rel. Schutte v. SuperValu Inc., the Court emphasized the importance of a defendant’s subjective belief in resolving the scienter element. [1] In so doing, the Court has removed a valuable argument from the FCA defense toolkit.
OCR’s Proposed Rule Finds Fertile Ground for Enhanced Reproductive Privacy Protection
Posted in Health Plans, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, PhysiciansThe Department of Health and Human Services Office for Civil Rights (OCR) issued a proposed rule on April 17, 2023, to amend provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen privacy protections for individuals’ protected health information (PHI) related to reproductive healthcare (the Proposed Rule). The Proposed Rule would prohibit covered entities and business associates (collectively “regulated entities”) from using and disclosing PHI for criminal, civil, or administrative investigations or proceedings against individuals for seeking, obtaining, providing, or facilitating reproductive healthcare that is lawful under the circumstances in which it is provided. Comments on the Proposed Rule are due on or before June 16, 2023.
New Florida Law Will Impose A Third-Party Administrator Licensing Requirement for Pharmacy Benefit Managers
Posted in Government Affairs, Licensure & Regulatory, Healthcare Law, Pharmacy, Drugs, Medical Devices & EquipmentOn May 3, 2023, the Florida governor signed a comprehensive law (SB 1550) regarding pharmacy benefit managers (PBMs). This new law imposes significant new requirements on PBMs. This article discusses only one of these new requirements: a PBM must obtain a license, called a certificate of authority, to act as an insurance administrator, which is commonly referred to as a third-party administrator, or TPA.
All Good Things Must Come to an End: The Expiration of OCR’s Enforcement Discretion
Posted in UncategorizedOn April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA rules) during the COVID-19 public health emergency (PHE) will expire at the end of the PHE.1 The notifications, which address (i) telehealth services, (ii) COVID-19 community-based testing sites, (iii) business associate disclosures of COVID-19 data to public health and health oversight agencies, and (iv) web-based scheduling applications for vaccinations, will expire at 11:59 pm on May 11, 2023.2 After that date, OCR will no longer rely on the notifications to exercise enforcement discretion with respect to the HIPAA violations addressed in each notification.
The FTC Sends Another Warning to Digital Healthcare Platforms About Use of Tracking Pixels
Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Pharmacy, Drugs, Medical Devices & Equipment, TechnologyThe Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for sharing consumer health information for advertising purposes (see our blog posts on each respective action here and here), and in a post published by the FTC Office of Technology on March 16, 2023, titled “Lurking Beneath the Surface: Hidden Impacts of Pixel Tracking.” The FTC post provides a deep dive on the technical aspects of the GoodRx and BetterHelp enforcement actions, including a primer on pixel tracking technology and how it works to collect data and personal information of website visitors and users of mobile apps. The post also confirms that the GoodRx and BetterHelp enforcement actions arose from the companies’ sharing of consumers’ health information with tracking technology vendors. In light of these recent developments, digital healthcare platforms must understand how they collect, use, and share consumer health information.
The Trebling Effect of (Some) False Claims Act Trials
Posted in Fraud & Abuse & False Claims Act, Healthcare LitigationThere are multiple components to the risk defendants must consider when faced with going to trial for a matter involving the False Claims Act (FCA). Setting aside the incalculable impact that litigation can have on business operations, the statute itself anticipates repayment of the proven overpayment, treble damages, and exposure to a civil statutory penalty equal to a range between $13,508 and $27,018 per false claim. Combined, the trebling effect of a jury award plus the draconian statutory penalties in FCA matters could create an existential crisis for a defendant that opts to take an FCA matter to trial and then loses.
FTC Cracks Down on BetterHelp’s Sharing of Health Information for Advertising
Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Pharmacy, Drugs, Medical Devices & Equipment, TechnologyFollowing its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC announced a consent order with BetterHelp, Inc., an online mental health counseling service, to resolve alleged violations of the Federal Trade Commission Act (FTC Act) related to the company’s collection, use, and sharing of customers’ health information.
Stop – Go – Stop Again – Now GO… Surprised by the No Surprises Act?
Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, PhysiciansWe are not surprised by the continued stop-and-go regarding guidance surrounding the No Surprises Act. Most recently, a Texas court vacated portions of the No Surprises Act’s updated final rule (the final rules were discussed in our most recent blog on the subject). This created a domino effect, leading to the Departments of the Treasury, Labor, and Health and Human Services (the Departments) to inform certified independent dispute resolution (IDR) entities to halt, and then semi-halt, and then re-start payment determinations.
FTC’s Enforcement Action Against GoodRx Breathes New Life into Decade Old Regulation
Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Pharmacy, Drugs, Medical Devices & Equipment, TechnologyThe Federal Trade Commission (FTC) didn’t mince words. On September 2021, it called out the health app industry for failing to understand the agency’s Health Breach Notification Rule (HBNR) and for not disclosing its breaches. Apparently dissatisfied with the industry’s response, the agency enforced the HBNR against GoodRx for the first time since the rule was released more than a decade ago.
May Resident Physicians Use Hospital DEA Registration Numbers Off-Site?
Posted in Hospitals & Health Systems, Pharmacy, Drugs, Medical Devices & Equipment, PhysiciansA Florida “resident physician” is someone who has completed their internship and graduated from medical school but is not yet licensed as a Florida medical doctor or osteopathic physician and who registers with the Department of Health as a resident physician. Resident physicians have to complete at least a one-year residency before they can take the licensing examination and become licensed physicians. As part of the process of training new physicians, Florida allows resident physicians to utilize the hospital’s Drug Enforcement Administration (DEA) registration number to prescribe controlled substances listed in Chapter 893, FS, in the normal course of their employment. (Section 458.345, FS). The hospital assigns a suffix to the hospital’s number for each resident. But where can these registrations be used?