NYDFS Highlights Strategies to Combat AI Cybersecurity Risks

Posted in Digital Health, HIPAA, Privacy, and Data Security

The increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on October 16, 2024, that highlights cybersecurity risks resulting from the use of AI, the dangers posed by threat actors utilizing AI, and strategies to address these concerns (the Guidance).

Continue Reading

New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities

Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, Uncategorized

The healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal cybersecurity program as part of its settlement of cybersecurity breach claims.

Continue Reading

Zafirov Decision Sets Stage for Appellate Showdown Over Constitutionality of FCA’s Qui Tam Provision

Posted in Fraud & Abuse & False Claims Act, Healthcare Litigation

For the first time ever, a judge has ruled that the qui tam provision of the False Claims Act (FCA), which whistleblowers have used to recover $52 billion on behalf of the government since 1986, is unconstitutional. 

Continue Reading

MHPAEA Final Rule: Clarity on Mental Health Parity?

Posted in Government Affairs, Licensure & Regulatory, Health Care Providers, Health Insurers & Managed Care Organizations, Health Plans, Healthcare Law, Hospitals & Health Systems, Physicians

The three federal agencies tasked with enforcement of the Mental Health Parity and Addiction Equity Act (MHPAEA) — the Departments of Labor, Health & Human Services (through CMS), and Treasury (the Departments) — issued their Final Rule to implement the MHPAEA on September 9, 2024, to mixed reviews. 

Groups composed of providers, such as the American Medical Association and American Hospital Association, responded with support for the Final Rule and welcomed any infusion of certainty that such guidance could provide. However, representatives of the large employer benefit plan sponsor industry and the insurance industry, such as the ERISA Industry Committee and America’s Health Insurance Plans, expressed grave concerns about the Final Rule’s unintended consequences, including raised costs and, ironically, the potential decrease in access to mental health and substance use services. Litigation regarding the Final Rule is considered likely. 

A comprehensive review of the 536-page Final Rule is beyond the scope of this blog, but we highlight here some of the Rule’s most significant impacts on health plans, including guidance regarding NQTLs and comparative analyses, the role of third-party administrators (TPAs) in MHPAEA compliance, and an expansion of the statute’s scope. 

Continue Reading

The Admera Health Settlement Is a Cautionary Tale for Paying Outside Sales Staff on a Commission Basis

Posted in Uncategorized

The Office of Inspector General recently announced the more than $5.5 million settlement of a qui tam action brought against Admera Health, LLC (Admera). In addition to the fine incurred, the legal fees typically incurred for defending such claims and negotiating such settlements often reach six figures or more. 

Continue Reading

FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice

Posted in Digital Health, HIPAA, Privacy, and Data Security, Technology

The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30, 2024, the FTC published its final rule implementing the HBNR. And so begins a new robust enforcement landscape for health and wellness app developers and vendors.

Continue Reading

What’s it to You? Justice Scalia’s 41-Year-Old Gatekeeping Question on “Standing” Influences Court to Uphold FDA’s Regulation of Mifepristone

Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, Physicians

Mifepristone is safe for now. On June 13, 2024, the Supreme Court unanimously held that the plaintiffs — doctors and medical associations alike — lacked standing to challenge 2000 and 2019 FDA approvals of mifepristone (brand name: Mifeprex), a drug used to terminate pregnancies through ten weeks gestation. Avoiding a substantive decision on the merits of the plaintiffs’ case, the Court held that the plaintiffs’ legal and moral objections to elective abortion and the FDA’s increasingly relaxed regulation of mifepristone are not sufficient to establish Article III standing to advance this lawsuit. The Court noted that a win for the plaintiffs would have had widespread repercussions, not only to the ability of patients to use mifepristone, but also to the regulatory authority of Executive branch agencies to fulfill their regulatory obligations amidst an increasingly divided American citizenry.

Continue Reading

Attention, Group Health Plans: New HIPAA Privacy Rule Governing Reproductive Health Care Information Imposes Obligations, Deadlines

Posted in HIPAA, Privacy, and Data Security

It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s industry or size — are considered covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Therefore, individually identifiable medical information that group health plans create, use, store, or transmit is “protected health information” (PHI) pursuant to HIPAA. This update narrowly focuses on the enhanced HIPAA rules in the nationwide politically charged space of “reproductive health information” within group health plans, including attempted access by state law enforcement agencies. 

Continue Reading

When a Gift Becomes a Kickback: Gifts from Florida Pharmacies to Long-Term Care Facilities

Posted in Pharmacy, Drugs, Medical Devices & Equipment

The Florida Board of Pharmacy permits pharmacies serving residents and patients at long-term care facilities (nursing homes, ALFs, homes for DD residents, etc.) as either Special Closed System Pharmacies or Community Pharmacies. Normally the pharmacy and the long-term care (LTC) facility have a written agreement that governs the relationship between them. The pharmacy sends the patients’ prescription medications to the facility for administration, but the facility does not actually pay for pharmacy services itself. Instead, the pharmacy relies on patients/residents and their insurance plans for reimbursement.

Continue Reading

On the Basis of Sex…Discrimination in Group Health Plans and What Employers Should Know

Posted in Health Plans

In just a few days’ time, recently promulgated federal final rules addressing sex-based nondiscrimination in the administration of health care benefits have created a flurry of healthcare industry activity. The angst arises from providers, payers, and certain health plans alike. While the spotlight shines brightest on healthcare providers and health insurers, the focus of this post is on employer group health plans and the evolving definition of sex discrimination.

Continue Reading

LexBlog