The Department of Health and Human Services (HHS) recently rescinded its policy dating back to 1971 to now allow its agencies and offices to quickly alter certain rules and regulations without public notice and comment. The Nixon-era policy had waived the statutory exemption from procedural rulemaking requirements for rules and regulations relating to public property, loans, grants, benefits, or contracts. HHS’ new Policy on Adhering to the Text of the Administrative Procedure Act (APA) will enable such regulatory changes as well as matters relating to agency management or personnel to proceed without public participation via notice and comment rulemaking.
Blizzard of Executive Orders Signals Trump Administration’s Healthcare Priorities
Posted in UncategorizedAs harsh winter weather swept the nation’s capital, President Donald Trump commenced his second term by signing a blizzard of Executive Orders (EOs) that span many hot-button issues. Several of the EOs signal President Trump’s agenda for the U.S. healthcare system. These EOs rescind former President Joe Biden’s directives aimed at expanding healthcare coverage under the Affordable Care Act (ACA) and Medicaid and at lowering drug costs. They also instruct federal agencies to take certain steps with respect to sex and gender identity, which will change how the healthcare industry is regulated. One new EO draws an incomplete picture of a spectrum between purportedly lawful efforts to ensure compliance with the Civil Rights Act of 1964 and purportedly unlawful “diversity, equity, and inclusion” (DEI) and “diversity, equity, inclusion, and accessibility” (DEIA) practices. Federal agencies must now adopt new contractual provisions that could increase federal False Claims Act (FCA) enforcement risks for government contractors, healthcare, and downstream vendors. This practice group update summarizes President Trump’s key EOs from a healthcare perspective and discusses their broader implications. Critically, this is an evolving area of what appears to be a focal point for the new Administration. We expect to revise this practice group update as appropriate.
False Claims Act Enforcement Trends in Healthcare: FY 2024
Posted in Fraud & Abuse & False Claims ActThe Department of Justice (DOJ) released its annual False Claims Act (FCA) enforcement statistics on January 15, 2025, announcing that it had recovered in excess of $2.9 billion from FCA resolutions during Fiscal Year (FY) 2024 (ending September 30, 2024).
Update: Appellate Showdown Over FCA Qui Tam Provision’s Constitutionality Reaches Eleventh Circuit
Posted in Fraud & Abuse & False Claims Act, Healthcare LitigationAs we anticipated in our October 17, 2024, blog, both the Government and the Relator have appealed the district court’s decision in U.S. ex rel. Zafirov v. Florida Medical Associates, LLC, et al. (Zafirov), the first case to hold that the qui tam provision of the federal False Claims Act violates the Appointments Clause of the U.S. Constitution. Briefly, on September 30, 2024, the United States District Court for the Middle District of Florida reasoned that qui tam relators, as whistleblowers, step into the shoes of the federal Government to prosecute such claims. In so doing, the District Court held, relators wield executive power and exercise government authority when litigating FCA claims on the Government’s behalf, thus triggering the Appointments Clause’s requirement that the President, an executive agency department head, or a court appoint them as “officers of the United States.”
New Year, New HIPAA Security Rule Requirements? OCR Proposes Sweeping Changes for HIPAA Security Rule To Bolster Cybersecurity
Posted in HIPAA, Privacy, and Data SecurityThe U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their Business Associates (Regulated Entities) invest significant resources to comply with new, less flexible requirements designed to strengthen the cybersecurity posture of the American healthcare system. We discuss below several aspects of OCR’s comprehensive overhaul of the Security Rule published in its Notice of Proposed Rulemaking (NPRM) on January 6, 2025, the first proposed revisions to the Security Rule since 2013. The 60-day notice and comment period closes on March 7, 2025.
Year-End Watch List: Possible Simplification to Employer Group Health Plan Reporting
Posted in Affordable Care Act and Other Healthcare Reform Legislation, Health Plans2024 might almost be over, but the Senate recently passed two bills that are intended to ease at least some employer burdens under the Patient Protection and Affordable Care Act (ACA). The bills, both of which are pending signature by President Biden, are:
Don’t Be Suspicious, Don’t Be Suspicious: New OIG Special Fraud Alert Warns About Suspect Payments in Medicare Advantage Marketing Arrangements
Posted in Fraud & Abuse & False Claims Act, Medicare & MedicaidThe latest Special Fraud Alert from the U.S. Department of Health and Human Services Office of Inspector General (OIG) warns about marketing schemes involving questionable payments and referrals among Medicare Advantage plans, health care professionals, and third-party marketers, such as agents and brokers. Issued on December 11, 2024, this new Special Fraud Alert focuses on two types of problematic payments that implicate the Federal Anti-Kickback Statute (AKS) and have been the subject of recent False Claims Act (FCA) settlements:
NYDFS Highlights Strategies to Combat AI Cybersecurity Risks
Posted in Digital Health, HIPAA, Privacy, and Data SecurityThe increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on October 16, 2024, that highlights cybersecurity risks resulting from the use of AI, the dangers posed by threat actors utilizing AI, and strategies to address these concerns (the Guidance).
New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities
Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, UncategorizedThe healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal cybersecurity program as part of its settlement of cybersecurity breach claims.
Zafirov Decision Sets Stage for Appellate Showdown Over Constitutionality of FCA’s Qui Tam Provision
Posted in Fraud & Abuse & False Claims Act, Healthcare LitigationFor the first time ever, a judge has ruled that the qui tam provision of the False Claims Act (FCA), which whistleblowers have used to recover $52 billion on behalf of the government since 1986, is unconstitutional.
