The increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on October 16, 2024, that highlights cybersecurity risks resulting from the use of AI, the dangers posed by threat actors utilizing AI, and strategies to address these concerns (the Guidance).
New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities
Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, UncategorizedThe healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal cybersecurity program as part of its settlement of cybersecurity breach claims.
Zafirov Decision Sets Stage for Appellate Showdown Over Constitutionality of FCA’s Qui Tam Provision
Posted in Fraud & Abuse & False Claims Act, Healthcare LitigationFor the first time ever, a judge has ruled that the qui tam provision of the False Claims Act (FCA), which whistleblowers have used to recover $52 billion on behalf of the government since 1986, is unconstitutional.
MHPAEA Final Rule: Clarity on Mental Health Parity?
Posted in Government Affairs, Licensure & Regulatory, Health Care Providers, Health Insurers & Managed Care Organizations, Health Plans, Healthcare Law, Hospitals & Health Systems, PhysiciansThe three federal agencies tasked with enforcement of the Mental Health Parity and Addiction Equity Act (MHPAEA) — the Departments of Labor, Health & Human Services (through CMS), and Treasury (the Departments) — issued their Final Rule to implement the MHPAEA on September 9, 2024, to mixed reviews.
Groups composed of providers, such as the American Medical Association and American Hospital Association, responded with support for the Final Rule and welcomed any infusion of certainty that such guidance could provide. However, representatives of the large employer benefit plan sponsor industry and the insurance industry, such as the ERISA Industry Committee and America’s Health Insurance Plans, expressed grave concerns about the Final Rule’s unintended consequences, including raised costs and, ironically, the potential decrease in access to mental health and substance use services. Litigation regarding the Final Rule is considered likely.
A comprehensive review of the 536-page Final Rule is beyond the scope of this blog, but we highlight here some of the Rule’s most significant impacts on health plans, including guidance regarding NQTLs and comparative analyses, the role of third-party administrators (TPAs) in MHPAEA compliance, and an expansion of the statute’s scope.
The Admera Health Settlement Is a Cautionary Tale for Paying Outside Sales Staff on a Commission Basis
Posted in UncategorizedThe Office of Inspector General recently announced the more than $5.5 million settlement of a qui tam action brought against Admera Health, LLC (Admera). In addition to the fine incurred, the legal fees typically incurred for defending such claims and negotiating such settlements often reach six figures or more.
FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice
Posted in Digital Health, HIPAA, Privacy, and Data Security, TechnologyThe Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30, 2024, the FTC published its final rule implementing the HBNR. And so begins a new robust enforcement landscape for health and wellness app developers and vendors.
What’s it to You? Justice Scalia’s 41-Year-Old Gatekeeping Question on “Standing” Influences Court to Uphold FDA’s Regulation of Mifepristone
Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, PhysiciansMifepristone is safe for now. On June 13, 2024, the Supreme Court unanimously held that the plaintiffs — doctors and medical associations alike — lacked standing to challenge 2000 and 2019 FDA approvals of mifepristone (brand name: Mifeprex), a drug used to terminate pregnancies through ten weeks gestation. Avoiding a substantive decision on the merits of the plaintiffs’ case, the Court held that the plaintiffs’ legal and moral objections to elective abortion and the FDA’s increasingly relaxed regulation of mifepristone are not sufficient to establish Article III standing to advance this lawsuit. The Court noted that a win for the plaintiffs would have had widespread repercussions, not only to the ability of patients to use mifepristone, but also to the regulatory authority of Executive branch agencies to fulfill their regulatory obligations amidst an increasingly divided American citizenry.
Attention, Group Health Plans: New HIPAA Privacy Rule Governing Reproductive Health Care Information Imposes Obligations, Deadlines
Posted in HIPAA, Privacy, and Data SecurityIt is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s industry or size — are considered covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Therefore, individually identifiable medical information that group health plans create, use, store, or transmit is “protected health information” (PHI) pursuant to HIPAA. This update narrowly focuses on the enhanced HIPAA rules in the nationwide politically charged space of “reproductive health information” within group health plans, including attempted access by state law enforcement agencies.
When a Gift Becomes a Kickback: Gifts from Florida Pharmacies to Long-Term Care Facilities
Posted in Pharmacy, Drugs, Medical Devices & EquipmentThe Florida Board of Pharmacy permits pharmacies serving residents and patients at long-term care facilities (nursing homes, ALFs, homes for DD residents, etc.) as either Special Closed System Pharmacies or Community Pharmacies. Normally the pharmacy and the long-term care (LTC) facility have a written agreement that governs the relationship between them. The pharmacy sends the patients’ prescription medications to the facility for administration, but the facility does not actually pay for pharmacy services itself. Instead, the pharmacy relies on patients/residents and their insurance plans for reimbursement.
On the Basis of Sex…Discrimination in Group Health Plans and What Employers Should Know
Posted in Health PlansIn just a few days’ time, recently promulgated federal final rules addressing sex-based nondiscrimination in the administration of health care benefits have created a flurry of healthcare industry activity. The angst arises from providers, payers, and certain health plans alike. While the spotlight shines brightest on healthcare providers and health insurers, the focus of this post is on employer group health plans and the evolving definition of sex discrimination.