As we anticipated in our October 17, 2024, blog, both the Government and the Relator have appealed the district court’s decision in U.S. ex rel. Zafirov v. Florida Medical Associates, LLC, et al. (Zafirov), the first case to hold that the qui tam provision of the federal False Claims Act violates the Appointments Clause of the U.S. Constitution. Briefly, on September 30, 2024, the United States District Court for the Middle District of Florida reasoned that qui tam relators, as whistleblowers, step into the shoes of the federal Government to prosecute such claims. In so doing, the District Court held, relators wield executive power and exercise government authority when litigating FCA claims on the Government’s behalf, thus triggering the Appointments Clause’s requirement that the President, an executive agency department head, or a court appoint them as “officers of the United States.”
New Year, New HIPAA Security Rule Requirements? OCR Proposes Sweeping Changes for HIPAA Security Rule To Bolster Cybersecurity
Posted in HIPAA, Privacy, and Data SecurityThe U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their Business Associates (Regulated Entities) invest significant resources to comply with new, less flexible requirements designed to strengthen the cybersecurity posture of the American healthcare system. We discuss below several aspects of OCR’s comprehensive overhaul of the Security Rule published in its Notice of Proposed Rulemaking (NPRM) on January 6, 2025, the first proposed revisions to the Security Rule since 2013. The 60-day notice and comment period closes on March 7, 2025.
Year-End Watch List: Possible Simplification to Employer Group Health Plan Reporting
Posted in Affordable Care Act and Other Healthcare Reform Legislation, Health Plans2024 might almost be over, but the Senate recently passed two bills that are intended to ease at least some employer burdens under the Patient Protection and Affordable Care Act (ACA). The bills, both of which are pending signature by President Biden, are:
Don’t Be Suspicious, Don’t Be Suspicious: New OIG Special Fraud Alert Warns About Suspect Payments in Medicare Advantage Marketing Arrangements
Posted in Fraud & Abuse & False Claims Act, Medicare & MedicaidThe latest Special Fraud Alert from the U.S. Department of Health and Human Services Office of Inspector General (OIG) warns about marketing schemes involving questionable payments and referrals among Medicare Advantage plans, health care professionals, and third-party marketers, such as agents and brokers. Issued on December 11, 2024, this new Special Fraud Alert focuses on two types of problematic payments that implicate the Federal Anti-Kickback Statute (AKS) and have been the subject of recent False Claims Act (FCA) settlements:
NYDFS Highlights Strategies to Combat AI Cybersecurity Risks
Posted in Digital Health, HIPAA, Privacy, and Data SecurityThe increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on October 16, 2024, that highlights cybersecurity risks resulting from the use of AI, the dangers posed by threat actors utilizing AI, and strategies to address these concerns (the Guidance).
New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities
Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, UncategorizedThe healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal cybersecurity program as part of its settlement of cybersecurity breach claims.
Zafirov Decision Sets Stage for Appellate Showdown Over Constitutionality of FCA’s Qui Tam Provision
Posted in Fraud & Abuse & False Claims Act, Healthcare LitigationFor the first time ever, a judge has ruled that the qui tam provision of the False Claims Act (FCA), which whistleblowers have used to recover $52 billion on behalf of the government since 1986, is unconstitutional.
MHPAEA Final Rule: Clarity on Mental Health Parity?
Posted in Government Affairs, Licensure & Regulatory, Health Care Providers, Health Insurers & Managed Care Organizations, Health Plans, Healthcare Law, Hospitals & Health Systems, PhysiciansThe three federal agencies tasked with enforcement of the Mental Health Parity and Addiction Equity Act (MHPAEA) — the Departments of Labor, Health & Human Services (through CMS), and Treasury (the Departments) — issued their Final Rule to implement the MHPAEA on September 9, 2024, to mixed reviews.
Groups composed of providers, such as the American Medical Association and American Hospital Association, responded with support for the Final Rule and welcomed any infusion of certainty that such guidance could provide. However, representatives of the large employer benefit plan sponsor industry and the insurance industry, such as the ERISA Industry Committee and America’s Health Insurance Plans, expressed grave concerns about the Final Rule’s unintended consequences, including raised costs and, ironically, the potential decrease in access to mental health and substance use services. Litigation regarding the Final Rule is considered likely.
A comprehensive review of the 536-page Final Rule is beyond the scope of this blog, but we highlight here some of the Rule’s most significant impacts on health plans, including guidance regarding NQTLs and comparative analyses, the role of third-party administrators (TPAs) in MHPAEA compliance, and an expansion of the statute’s scope.
The Admera Health Settlement Is a Cautionary Tale for Paying Outside Sales Staff on a Commission Basis
Posted in UncategorizedThe Office of Inspector General recently announced the more than $5.5 million settlement of a qui tam action brought against Admera Health, LLC (Admera). In addition to the fine incurred, the legal fees typically incurred for defending such claims and negotiating such settlements often reach six figures or more.
FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice
Posted in Digital Health, HIPAA, Privacy, and Data Security, TechnologyThe Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30, 2024, the FTC published its final rule implementing the HBNR. And so begins a new robust enforcement landscape for health and wellness app developers and vendors.