By maintaining a robust compliance program, healthcare companies are better able to identify potential red flags early and to prevent violations of fraud and abuse laws. A failure to maintain an effective compliance program may become particularly problematic for companies with business transactions on the horizon as the government increasingly incentivizes business professionals to give compliance a seat at the deal table.
The Florida Office of Insurance Regulation Amends the Application for Certificate of Authority for Health Maintenance Organizations
Posted in Government Affairs, Licensure & Regulatory, Healthcare LawApplicants for a health maintenance organization (HMO) certificate of authority (COA) in Florida must use a new application form effective January 28, 2024. After rule development by the Florida Office of Insurance Regulation, the Florida Department of Financial Services adopted amendments to Rule 69O-C1-942, F.A.C. The amendment incorporates changes to the Florida HMO COA application (Form OIR-C1-942). The prior version of the application includes the revision number “REV 5/22″ below the form number in the lower left corner of the application. The revised version will have revision number “Rev.: 07/23.”
OCR Will Focus on You if You Don’t Focus on Cybersecurity
Posted in Health Insurers & Managed Care Organizations, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, TechnologyWith a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity vulnerabilities as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules). On October 31, 2023, OCR issued its first settlement agreement under the HIPAA Rules related to a ransomware attack (the Ransomware Settlement) and on December 7, 2023, its first settlement under the HIPAA Rules arising from a phishing cyber-attack (the Phishing Settlement). In the press release for its first settlement agreement, OCR made clear that cybersecurity awareness is a top concern for OCR, with hacking accounting for 77 percent of the large breaches reported to OCR in 2023.
Compliance Officers: Read the New OIG General Compliance Program Guidance!
Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, PhysiciansThe Office of Inspector General of the U.S. Department of Health and Human Services (the OIG) recently released an updated General Compliance Program Guidance document (GCPG). The GCPG has been anticipated since the OIG announced on April 25, 2023, that it planned to modernize the accessibility and usability of its publicly available resources, including the OIG’s Compliance Program Guidance (CPG) documents. We recommend that the healthcare compliance community and other healthcare stakeholders review the GCPG carefully, and, in particular, that all healthcare compliance officers ensure they use the GCPG as a guidebook going forward.
ACTION REQUIRED TO AVOID FINES! DEADLINE APPROACHING: Florida Pharmacy Benefit Managers Must Be Licensed as a Third-Party Administrator by January 1, 2024
Posted in Government Affairs, Licensure & Regulatory, Healthcare Law, Pharmacy, Drugs, Medical Devices & EquipmentPharmacy Benefit Managers (PBMs) take note! Under Florida’s new Prescription Drug Reform Act, PBMs must be licensed as an insurance administrator (also known as a third-party administrator, or TPA). Under this new law, any entity that wishes to provide PBM services after January 1, 2024, must be licensed as a TPA.
THE NO SURPRISES ACT: Hoping for an End to the Surprises
Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, PhysiciansBy looking at the events that have transpired since the Consolidated Appropriations Act, 2021, which includes the No Surprises Act (the Act), was signed into law, it is clear that the Departments of Health and Human Services, Labor, and Treasury (collectively, the Departments) have lost their way. The United States District Court for the Eastern District of Texas (the Texas court) has consistently agreed with providers and ruled against the Departments because they have repeatedly violated the Administrative Procedure Act (APA) and disregarded the original intent of the Act: to protect consumers from surprise medical bills and to streamline disputes between payors and providers through an independent dispute resolution process (IDR).
Surprise… No Surprises Act Arbitration Is Too Expensive
Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, PhysiciansProviders finally obtained court ordered relief to the $350 administrative fee each party was required to pay as part of the Federal Independent Dispute Resolution (IDR) Process under the No Surprises Act. Until the Departments of Health and Human Services, Labor, and the Treasury (collectively, the Departments) set a new administrative fee amount, the administrative fee for disputes initiated on or after August 3, 2023, will be $50 per party per dispute.
Teva FCA Decision Sheds Light on Varying Interpretations of the Elements of an FCA Claim
Posted in Fraud & Abuse & False Claims Act, Healthcare LitigationHow could alleged kickbacks threaten to render insolvent a publicly traded company with assets (taken from its latest SEC filing) in excess of $43 billion? The answer stems from a recent decision by the United States District Court for the District of Massachusetts. In its ruling denying the motion for summary judgment filed by defendants Teva Pharmaceuticals USA, Inc. and Teva Neuroscience, Inc. (collectively Teva) and granting the government’s partial summary judgment motion, the court ruled that
OCR and FTC Issue Warning to Hospital Systems and Telehealth Providers about Tracking Technologies
Posted in Health Care Providers, HIPAA, Privacy, and Data Security, TechnologyOn July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) announced they were sending a joint letter to approximately 130 unidentified hospital systems and telehealth providers highlighting the agencies’ concerns about the use of tracking technologies on websites and mobile apps in violation of HIPAA. While the joint letter was directed to a small number of recipients, in the announcement OCR and the FTC encouraged all companies they regulate to review their data-tracking practices and ensure that their tracking technologies are not impermissibly disclosing consumers’ sensitive personal health data to third parties. The letter — and the decision to publicly announce its existence — suggests that OCR and the FTC are likely to prioritize the enforcement of HIPAA and other laws against those entities that the agencies believe are impermissibly using tracking technologies.
OIG Issues Information Blocking Penalties Final Rule: Health IT Developers and Health Information Exchanges/Networks Have a Million Reasons to Care
Posted in Electronic Health Records & Medical Records, Fraud & Abuse & False Claims Act, TechnologyOn June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to information blocking (CMP Final Rule or Rule). The CMP Final Rule was published in the Federal Register on July 3, 2023. The Rule applies to entities that develop or offer certified health IT (collectively, Developers) and health information networks and health information exchanges (collectively, HIN/HIEs). Those subject to the CMP Final Rule should consider prioritizing their compliance efforts because the OIG will begin enforcing the Rule on September 1, 2023. Below we discuss the applicability of the CMP Final Rule, the assessment of penalties under the Rule, and the OIG’s enforcement priorities moving forward.