Health Law Advisor

Thought Leaders On Laws And Regulations Affecting Health Care And Life Sciences

Five ACA Issues that Employers Should Be Following

LinkedIn Tweet Like Email Comment

 

Our Epstein Becker Green colleagues have released a new Take 5 newsletter: “Five ACA Issues that Employers Should Be Following” by David W. Garland, Adam C. Solander, and  Brandon C. Ge.  Below is an excerpt:

Employers have about three months to finalize their employer mandate compliance plans under the Affordable Care Act (“ACA”). While most employers are in the final stages of planning, this month’s Take 5 will address five ACA issues that employers should be aware of as they move forward:

  1. ACA-related litigation
  2. Employer mandate reporting
  3. Section 510 liability
  4. Alternatives to traditional plan offerings
  5. The looming Cadillac tax

Read the full newsletter here.

Epstein Becker Green Enhances Its West Coast Health Care and Transactional Capabilities with the Addition of Paul A. Gomez

LinkedIn Tweet Like Email Comment

Epstein Becker Green is pleased to announce that Paul A. Gomez has joined as a Member of the Firm in the Health Care and Life Sciences and Corporate Service practices, in the Los Angeles office.  Paul’s arrival brings added strength to Epstein Becker Green’s health care practice, particularly its transactional work, on the West Coast.  His experience representing a wide array of providers complements the services that the firm provides in that area, from structuring mergers and acquisitions, joint ventures and strategic affiliations, to counseling on compliance with fraud and abuse laws, and advising on provider licensing and reimbursement matters. For further information please click here.

Complimentary Webinar to Address Key Health Care Reforms and Its Impact on Population Health Management

LinkedIn Tweet Like Email Comment

 

Epstein Becker Green and EBG Advisors, as part of the Thought Leaders in Population Health Speaker Series, will host a complimentary webinar on September 30, 2014 on emerging trends in value-based purchasing in health care. The next session will feature a former key official from the U.S. Department of Health and Human Services (HHS), Gary Cohen, JD, who played a central role in the implementation of the Affordable Care Act over the past several years and is moderated by Lynn Shapiro Snyder, Senior Member, Epstein Becker Green.  The session, The Impact of the Affordable Care Act on Population Health Management, will assess how much progress the federal and state governments have made expanding health care coverage and bending the cost curve.  Specific insurance reforms to the individual and small group markets will be examined along with emerging trends such as the role of accountable care organizations (ACOs), patient accessibility issues, and the drive towards integrated population health solutions.

For more information, please visit:  http://www.ebgadvisors.com/cciio-director-gary-cohen-address-key-health-care-reforms-impact-population-health-management/.

 

 

 

 

DC Circuit Will Rehear Halbig

LinkedIn Tweet Like Email Comment

An update from our colleague Stuart Gerson.

As we noted in our various blogs and communications on the subject (HEAL Advisory and HEAL Blog), the United States Court of Appeals for the District of Columbia Circuit’s action today, to rehear in December the Halbig case (Halbig v. Burwell, D.C. Cir., No. 14-508 ), challenging  Obamacare subsidies in the federal health exchange, is not unexpected given the current makeup of the Court. This development now makes it more likely that the Supreme Court will not take action on the King cert petition (King v. Burwell, U.S. 4th Circuit , No. 14-1158) until after the DC Circuit decides the Halbig case, which will be argued on December 17th.  The DC Circuit’s likely action (either vacating the panel opinion or overturning it) also will erase the split in the circuits and thus make it less likely that there will be four SCOTUS  Justices who will vote to take the case.

In re Kellogg Brown & Root Update

LinkedIn Tweet Like Email Comment

An update from our colleague Stuart Gerson.

In this blog and subsequently in an article on the subject under the aegis  of the American Health Lawyers Association that can be found at http://www.lexology.com/library/detail.aspx?g=b68c51ae-2bdb-490e-ac3d-02c351a19310 EBG analyzed the DC Circuit’s decision  in  In re Kellogg Brown & Root, 2014 U.S. App. LEXIS 12115 (D.C. Cir. 2014).  The DC Circuit’s holding reinforces the protections established by the Supreme Court 30 years ago in Upjohn Co. v. United States, 449 U.S. 383 (1981), that afford privilege to confidential employee communications made during a corporation’s internal investigation led by company lawyers. 

Given the fact that this case is getting wide notice and that courts in other jurisdictions are actively considering similar privilege claims, it might be helpful to know that, on September 2, 2014,  all nine active judges of the DC Circuit (now tilting decidedly liberal, given recent Obama appointments) rejected  en banc consideration of the case.  That strong statement from an influential court is worth noting with reference to the increasing number of challenges to privilege brought by plaintiffs’ attorneys and the government.

Hobby Lobby Update

LinkedIn Tweet Like Email Comment

An update on Hobby Lobby by our colleague Stuart Gerson.

In the wake of the Hobby Lobby ruling with respect to the Affordable Care Act’s contraceptive coverage mandate, the Administration (which already has taken steps to fund contraception for employees affected by their employers’ exemption) is attempting also to deal with the issue by a recently-published DHHS regulation setting forth the procedures that “religious” employers might follow to gain exemption from having to provide contraceptive coverage in their sponsored health plans. The proposed rule covers both religious not-for-profits and closely held religious for-profits.

The not-for-profit element has been spawned by religious employers, particularly Notre Dame University and the Little Sisters of the Poor Order, who have challenged the requirement that the ACA allows them to sign a form indicating their objection under a process that allows their employees to obtain contraceptives without the employer paying. These plaintiffs object even to signing the form, which they claim aids and abets the employees’ getting coverage.  The 7th Circuit ruled against them and they have petitioned for cert. The proposed reg would seem to moot the case as it provides that all the non-profit has to do is notify DHHS in writing and the government will do the rest.  One guesses that the plaintiffs won’t accept even this but that the Supreme Court will.

In the Hobby Lobby context  of closely held religiously motivated corporations, the proposed reg would treat them in the same way that non-profits would be treated, which the government believes would be the less-restrictive manner that the Supreme Court’s opinion would allow. The significant open question that remains is how to define how closely held such a company must be to qualify for the exemption. The proposed reg sets forth several possible definitions.

The public comment period runs until October 21

 

Expect Increased OCR HIPAA Security Rule Enforcement for Mobile Devices

LinkedIn Tweet Like Email Comment

By Adam Solander, Ali Lakhani and Wenxi Li

The increasing prevalence of mobile technology in the healthcare sector continues to create compliance concerns for physician practices and other health care entities.  While the Office of Civil Rights (OCR) of the Department of Health and Human Services, has traditionally focused on technology breaches within larger health systems, smaller physician practices and health care entities must also ensure that their policies and practices related to mobile technology do not foster non-compliance and create institutional risk.

Physicians Integrate Mobile Technology Into Daily Practice

The Physicians Practice’s 2014 Technology Survey found that only 31 percent of more than 1,400 survey respondents reported implementing policies and rules to address bring your own device (“BYOD”) practices.  With more than 80 percent of doctors using mobile devices at work and integrating their personal devices into their professional practice, these devices could potentially represent a significant privacy and security risk.

Traditional Safeguards Undermined By “Anywhere” Access

The HIPAA Security Rule applies when any protected health information (PHI) is accessed and communicated through a mobile device, such as texting a patient’s name and phone number for follow-up calls.  In the annual OCR report to Congress on breaches of unsecured PHI for calendar years 2011 and 2012, OCR reported that information loss or theft from mobile devices was among the top three sources of breached PHI in 117 of the 222 reported breaches in 2012. Additionally, the Physicians Practice’s 2014 Technology Survey indicated that only 61 percent of the respondents surveyed reported securely backing data on a second server or via another method, thereby not complying with the HIPAA Security Rule which requires covered entities to create and maintain retrievable copies of electronic protected health information (ePHI).

OCR Enforcement Areas, Especially Among Small Breaches, Continue to Grow

OCR officials routinely remind covered entities and business associates to understand their obligations with respect to mobile device security – obligations that continue to become more complex to satisfy as the use of mobile technology in the workplace proliferates.  Simultaneously, OCR continues to increase enforcement of data breaches by entities subject to the HIPAA Security Rule. Significantly, this enforcement expansion has included smaller entities and breaches affecting fewer than 500 individuals.  OCR expects HIPAA Security Rule enforcement to continue its trend and increase going forward in 2014

Be Prepared

Physician practices and health care entities should conduct a thorough risk assessment which addresses the use of mobile devices and storage of mobile device data in their environment.  Additionally, policies and procedures should be developed to manage the risk associated with mobile devices to a business tolerable level.  Risk management plans and security evaluations should be updated and conducted periodically.  Additionally, physician practices and health care entities must remember that their business associates must also comply with the HIPAA Security Rule.  Thus, some diligence on the use of mobile devices in their business associates environment is advisable.  In practice, over 20 percent of HIPAA data breaches have been traced to noncompliant business associates. While the risk may be significant, with proper staff training to identify and address questionable HIPAA behaviors, physician practices and health care entities can minimize the risk of OCR enforcement and large settlement costs associated with mobile devices.

 

Reviewing Trends in PHI Breaches & Enforcement

LinkedIn Tweet Like Email Comment

By Patricia WagnerAli Lakhani and Jonathan Hoerner

 

On May 20, 2014, the Secretary of the Department of Health and Human Services (HHS) submitted the agency’s Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Years 2011 and 2012 (“Breach Report”). This report provides valuable insight for healthcare entities regarding their data security and enforcement priorities.

Section 13402(i) of the Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Secretary of Health and Human Services to prepare an annual report regarding the number and nature of breaches report to HHS, as well as the actions taken in response to those breaches.

By way of background, HITECH requires that both covered entities and business associates (as defined under HIPAA) provide notifications after a breach of unsecured protected health information (PHI).  These required notifications include the affected individuals, HHS, and also media outlets in cases where the breach includes more than 500 residents of a state or jurisdiction.  However, HHS has issued guidance explaining that encryption and destruction make PHI “unusable, unreadable, or indecipherable to unauthorized persons” and, thus, loss of such secured PHI does not trigger the breach notification requirements.

Report Findings

                Healthcare providers accounted for the majority of breaches affecting 500 or more individuals in both 2011 and 2012 while business associates and health plans accounted for the remainder, as illustrated below.

Breaching Entity 2011 2012 Change
Providers 63% 68% 5%
Business Associates 27% 25% (2%)
Health Plans 10% 7% (3%)
Total 100% 100% -

 

Theft of PHI was the leading cause of a breach in both 2011 and 2012 followed by loss of PHI and unauthorized access/disclosures.  In 2011, theft was the cause for 24% of the total number of individuals affected by a breach and loss accounted for 54% of individuals affected. This high affected rate due to loss was the result of single breach incident involving a business associate and loss of back-up tapes containing information on 4.9 million individuals. In 2012, the causes of breach returned to expected rates with 36% of individuals affected due to theft and 13% due to loss. The below tables outline the frequency of breach causes in 2011 and 2012 as well as the sources of the breached information in each year.

 

Causes of Data Breach 2011 2012
Theft 50% 52%
Loss of PHI 17% 12%
Unauthorized Access 19% 18%
Hacking/IT incident 8% 27%

 

Sources of Breach 2011 2012 Change
Laptop 20% 27% 7%
Paper 27% 23% (4%)
Server 9% 13% 4%
Desktop Computer 14% 12% (2%)
Other Portable Device 13% 9% (4%)
Email 1% 4% 3%
Electronic Medical Records 2% 2% 0
Other 14% 10% (4%)

 

Audit Information

HITECH authorizes and requires HHS to conduct periodic audits of covered entities and business associates to ensure compliance with HIPAA rules. Unlike compliance reviews (which occur after a major breach) or compliance investigations, these audits are not triggered by an adverse event or incident.  Instead, they are “based on application of a set selection criteria.”

The Office for Civil Rights (OCR) (the office within HHS that is responsible for administering the Breach Notification Rules) implemented a pilot program of the audit process to assess the privacy and security compliance which was described in the Breach Report. The audit revealed that 31 out of 101 audited entities had at least one negative audit finding related to the Breach Notification Rule.  Specifically, the audit examined the following four areas:  (1) notification to individuals, (2) timeliness of notification, (3) methods of individual notification, and (4) burden of proof.  All four areas had a similar number of deficiencies noted.

Implications and Recommendations for Healthcare Entities

Breaches involving 500 or more individuals accounted for less than 1% of reports filed with HHS, yet represent almost 98% of the individuals affected by a PHI breach.  It is likely that OCR will continue investing significant resources into large scale PHI breaches due to the extensive impact of these breaches. Additionally, theft remains one of the top causes of PHI breaches and covered entities and business associates must take appropriate measures to ensure that any PHI stored or transported on portable electronic devices is properly safeguarded.  Chronic vulnerabilities include:

Encryption: Even if a device is stolen or misplaced, the Breach Notification Rule will not apply if the data is properly encrypted. Thus, it is imperative that covered entities and business associates encrypt portable electronic devices (such as laptops) and all CDs or USB thumb drives.

Access Control: Healthcare entities must pay close attention to the physical access to and proper disposal of devices that contain PHI.  Server rooms should be locked with limited access, and the physical access to buildings, floors, and offices should be secured to prevent theft of desktop computers containing PHI.

Disposal: Electronic devices need to be purged and the data securely erased (also known as “scrubbed”) prior to the device being discarded, recycled, sold, or transferred to a third party, such as a leasing company.  Such devices include computers, external storage media, and photocopiers.

Lastly, as explained in the Breach Report discussion of OCR’s audit pilot program, covered entities most often explain noncompliance with the various aspects of the Breach Notification Rule by pleading unawareness of the requirements of the Rules. Covered entities and business associates should ensure that comprehensive privacy and security policies and procedures are developed and implemented to mitigate the risks of a breach and to effectively respond to a breach should one occur.

Complimentary Webinar to Examine Population Health Strategies for Employer-Based Coverage

LinkedIn Tweet Like Email Comment

Epstein Becker Green and EBG Advisors, as part of the Thought Leaders in Population Health Speaker Series, will host a complimentary webinar in August on emerging trends in value-based purchasing in health care. The session, Population Health Strategies for Employer-Based Coverage, will assess how employers and other health plan sponsors are developing new programs to promote enhanced clinical and financial outcomes for the groups and populations they manage. In particular, speakers will highlight how the Affordable Care Act (ACA) is influencing population health management strategies for employer-based coverage.

The webinar, scheduled for August 26, 2014, at 12:00 p.m. ET, will be led by two thought leaders from the Health Care Incentives Improvement Institute (HCI3): Francois de Brantes, MS, MBA, Executive Director; and Douglas Emery, MS, Program Implementation Leader, Western Region. Gretchen K. Young, Senior Vice President, Health Policy, The ERISA Industry Committee (ERIC), will also serve as a panelist and Adam Solander, Associate, Epstein Becker Green, will moderate the session. To register, click here.

During the webinar, the panelists will discuss:

  • How ACA’s Cadillac tax on health benefits is changing the way employers pay for insurance coverage and how employees access and use insurance and wellness benefits.
  • How employers are creating and implementing new incentive programs to align prudent purchasing with proper care management techniques.
  • Emerging legal and reporting requirements based upon ACA and state requirements.

The Thought Leaders in Population Health Speaker Series offers participants informative and insightful guidance on how population health strategies are transforming the health care paradigm as the industry moves towards measurement and management of integrated delivery systems such as accountable care organizations (ACOs). All previous webinar programs can be viewed online. To register for this session, please click here.

“The Population Health Webinar Series attempts to find some common ground for health care professionals and other health care stakeholders by identifying best practices and creating a call to action for collaboration and outcomes improvement nationwide,” says Mark Lutes, Chair of Epstein Becker Green’s Board of Directors. “From the Affordable Care Act and data analytics to advancement in health IT systems, a number of factors are having a significant impact on the health care delivery system.”

________________________

The Speakers

Francois de Brantes, MS, MBA, Executive Director, Health Care Incentives Improvement Institute

As Executive Director of HCI3, Mr. de Brantes is responsible for setting and implementing the strategy of the organization. This includes supervising the implementations of Bridges To Excellence and PROMETHEUS Payment pilots, leading the development of new programs, and designing incentive efforts for employers, health plans and provider organizations.

Previously, Mr. de Brantes was the Program Leader for various health care initiatives at GE Corporate Health Care Programs, responsible for developing the conceptual framework and the implementation of GE’s Active Consumer strategy.

Mr. de Brantes attended the University of Paris IX – Dauphine where he earned a MS in Economics and Finance. After completing his military service as a platoon leader in a Light Cavalry Regiment, he attended the Tuck School of Business Administration at Dartmouth College, where he graduated with an MBA.

Douglas Emery, MS, Program Implementation Leader, Health Care Incentives Improvement Institute

Mr. Emery serves the Operations Manager for the Western Region for HCI3. He has been working in health care reform policy for over 15 years. Beginning in 1991, at the Institute of Political Economy, he and other colleagues began to work out a new microeconomic model for health care economics and episode of care purchasing.

Since then, Mr. Emery has worked in the public sector (Public Employees Health Program of Utah) and the private sector as an executive and consultant (Oxford Health Plans, HealthSouth, HealthMarket, Medstat, Definity Health, and others).  Mr. Emery has published many articles and two books on moving toward a more consumer-directed model and episode purchasing.

Gretchen K. Young, Senior Vice President, Health Policy, the ERISA Industry Committee

Ms. Young is the Senior Vice President, Health Policy, for the ERISA Industry Committee (ERIC). She works in Washington, D.C., where her primary responsibilities include working as a registered Congressional lobbyist on federal health issues and monitoring the work of Congress and the executive agencies with respect to health benefits.

Her primary focus over the past two years has been the Affordable Care Act and the accompanying regulations. She also has devoted considerable time and attention to employer wellness programs and the threats to them posted by the Genetic Information Nondiscrimination Act and the Americans with Disabilities Act.

Prior to her work at ERIC, Ms. Young covered both retirement and health issues for several large consulting forms. She has worked for over 25 years in the employee benefits field, including stints at three federal agencies that regulate ERISA plans – IRS, PBGC, and DOL.

Adam Solander, Associate, Epstein Becker Green

Session moderator Mr. Solander is an associate of Epstein Becker Green’s Health Care and Life Sciences practice, in the firm’s Washington, DC office. Mr. Solander advises health care clients on issues concerning ERISA preemption, obligations of plan fiduciaries and breach of fiduciary duties, prohibited transactions, and denial of benefits. He is also has experience advocating on behalf of health care trade associations and disease-specific patient advocacy groups, to the Congressional and Executive branches.

To learn more, log on to www.ebgadvisors.com or click here to register for any of these webinars. A Q&A period will follow the webinar, so don’t miss this unique opportunity for leading population health experts to answer your questions. To listen to the previous webinars from our Thought Leaders in Population Health Speaker Series, please click here.

 

 

HRSA Issues Interpretive Rule on 340b Orphan Drug in Response to Court Vacating Final Rule

LinkedIn Tweet Like Email Comment

By Constance Wilkinson, Alan Arville, and Jonathan Hoerner

On July 23, 2014, the Health Resources and Services Administration (“HRSA”) issued an “interpretive rule” entitled “Implementation of the Exclusion of Orphan Drugs for Certain Covered Entities under the 340B Program” (the “Interpretive Rule”).[1] The Interpretive Rule follows the ruling by the U.S. District Court for the District of Columbia on May 23, 2014, that vacated the final rule previously released by HRSA on the treatment of orphan drugs under the 340B program (the “Final Rule”).[2]

By way of background, the 340B program, created in 1992 and administered by HRSA, requires drug manufacturers to give discounts to entities covered under the law—known as “Covered Entities”—in order to have their drugs covered by Medicaid. The Affordable Care Act, along with the Medicare and Medicaid Extenders Act of 2010, expanded the definition of Covered Entities to include critical access hospitals, free-standing cancer hospitals, rural referral centers, and sole community hospitals. For these categories of Covered Entities only, drugs designated by the Food and Drug Administration as drugs “for a rare disease or condition” (“Orphan Drugs”) are excluded from covered outpatient drugs subject to mandatory 340B pricing requirements (the “340B Orphan Drug Exclusion”).[3] Other Covered Entities, such as disproportionate share hospitals, are not subject to the Orphan Drug Exclusion.

Interpretive Rule on Orphan Drugs in the 340B Drug Pricing Program

Consistent with the now vacated Final Rule, the Interpretive Rule states that the 340B Orphan Drug Exclusion only excludes Orphan Drugs when those drugs are “transferred, prescribed, sold, or otherwise used for the rare condition or disease,” for which the drug was designated orphan status. For example, even though Prozac (fluoxetine) is an Orphan Drug for the treatment of autism, under HRSA’s interpretation of the 340B Orphan Drug Exclusion, a Covered Entity subject to the 340B Orphan Drug Exclusion may purchase Prozac for its eligible patients at the 340B discount price when it is prescribed for depression, a non-orphan condition.[4] To support its position, HRSA states that its interpretation is consistent with the FDA’s interpretation of the orphan drug provisions in the Federal Food, Drug, and Cosmetic Act, including the FDA’s application of incentives for the development of orphan drugs (e.g., market exclusivity, tax credit, user fee exemption) to only the use of the drug intended to treat the rare disease or condition and not non-orphan drug indications.

The Interpretive Rule also discusses Section 340B’s requirement that prohibits certain hospitals, including free-standing cancer hospitals subject to the 340B Orphan Drug Exclusion, from purchasing covered outpatient drugs through a group purchasing organization (“GPO”). As with the Final Rule, the Interpretive Rule states that this prohibition does not apply to Orphan Drugs when they are used for the orphan designated rare condition or disease. Therefore, free-standing cancer hospitals can use a GPO to purchase an Orphan Drug for such rare condition or disease but cannot use a GPO when the drug is being used for other non-orphan purposes.

In order to facilitate the identification of drugs with an orphan designation for 340B Program purposes, the Interpretive Rule states that on the first day of the month prior to the end of the calendar quarter, HRSA will publish a listing of orphan drug designations, providing the name of the drug and the designated indication. HRSA also repeats its position in the Final Rule that a Covered Entity cannot purchase Orphan Drugs through the 340B program if the Covered Entity does not have the ability to track the indication for drug use. Notably, the Interpretive Rule does not include the requirement of the Final Rule that Covered Entities must notify HRSA if they cannot or do not wish to maintain auditable records sufficient to demonstrate compliance with the 340B Orphan Drug Exclusion.[5]

Previous Court Decision

After HRSA issued the Final Rule in July 2013, the Pharmaceutical Research and Manufacturers of America (“PhRMA”) brought suit against HRSA claiming that the rule was invalid because it contravened the plain language of the statute.[6] First, the court determined that the Final Rule was a legislative rule, a rule which carries the force of law. Next, the court concluded that HRSA lacked the statutory authority to promulgate the Final Rule as a legislative rule.

In addition to arguing that it had the requisite authority to issue a legislative rule, HRSA also took the alternative position that the Final Rule was not a legislative rule and should be viewed and upheld as an interpretive rule. As opposed to a legislative rule, an interpretive rule provides clarifications or explanations of a statute and does not create a new law, modify an existing law, or create an enforceable right. Even though an interpretive rule does not carry the force of law like a legislative rule, courts will generally give deference to an agency’s interpretive rule.

Calling HRSA’s argument “half-hearted,” the court noted that the Final Rule underwent notice and comment rulemaking and had a “legal effect” on the parties, two components of the D.C. Circuit’s test for a legislative rule. However, the court concluded that it lacked sufficient information to decide if the Final Rule could be considered a valid interpretive rule. HRSA declined the opportunity to make additional arguments on this issue and instead chose to separately promulgate the rule as the Interpretive Rule.

Future Implications

Immediately after HRSA released the Interpretive Rule, PhRMA filed a court document arguing that HRSA’s Interpretive Rule was an attempt to “evade the Court’s holding” that HRSA did not have authority to issue this rule.[7] Thus, it is likely that litigation will continue over the scope of HRSA’s ability to engage in rulemaking, which will likely impact HRSA’s issuance of the proposed 340B “mega-rule.” The “mega-rule” would address multiple key components of the 340B program including the definition of an eligible patient, compliance requirements for contract pharmacy arrangements, and hospital eligibility including criteria for off-site facilities. HRSA had planned to release the “mega-rule” as early as June 2014, but given the questions surrounding HRSA’s authority to engage in rule-making, the “mega-rule” will likely continue to be delayed.

In the absence of a grant of general rulemaking authority in the 340B statute, HRSA’s custom has been to administer the 340B program through a series of Notices issued through the Federal Register, as well as other sub-regulatory guidance. Whether HRSA reverts to this practice as a result of, or in the absence of, a judicial determination regarding its rulemaking authority remains to be seen.


ENDNOTES

[1] HHS HRSA, Interpretive Rule: Implementation of the Exclusion of Orphan Drugs for Certain Covered Entities Under the 340B Program, (July 21, 2014), http://www.hrsa.gov/opa/programrequirements/interpretiverule/.

[2] 340 Drug Pricing Program, 42 C.F.R. pt. 10 (2014).

[3] Public Health Service Act § 340B(e), 42 U.S.C. 256b(a) (2012).

[4] Pharm. Research & Mfrs. of Am. v. United States HHS, No. 13-1501, 2014 U.S. Dist. LEXIS 70894, at *2 (D.D.C. May 23, 2014).

[5] 340 Drug Pricing Program, 42 C.F.R. § 10.21(c)(3).

[6] Pharm. Research & Mfrs. of Am. v. United States HHS, No. 13-1501, 2014 U.S. Dist. LEXIS 70894 (D.D.C. May 23, 2014).

[7] Supplemental Memorandum in Support of PhRMA’s Motion for Miscellaneous Relief, ECF No. 52.