Surprisingly amidst the Federal Bureau of Investigation (FBI) uproar, President Trump today signed an executive order addressing cybersecurity for the federal government and critical infrastructure, along with international coordination and cyber deterrence. The substance of the order, which is about to be made public, comes from various press releases and interviews with administration officials. The order is composed of three sections on cybersecurity and IT modernization within the federal government, protecting critical infrastructure, and establishing a cyber deterrence policy and coordinating internationally on cyber issues. In directing cabinet agencies to protect critical infrastructure, the order references the Obama administration’s “section 9” list of most critical entities, which already has prompted questions from industry.  Specifically, the order directs the Commerce Department and the Department of Homeland Security to coordinate an effort to reduce botnet cyber-attacks through a voluntary partnership with industry. This effort mirrors health industry association comments to Commerce’s National Institute of Standards and Technology (NIST), which next week will have an open forum to address the many comments made to its  rulemaking proposals. Interestingly, the Order directs the cabinet agencies to coordinate their own efforts with NIST.  The White House staff has been quoted as saying that “it is about time” the federal government was held to the same standard as private industry in addressing cybersecurity. Consistent with Industry requests, the framework is a voluntary tool actually developed in collaboration with industry, which argues that flexibility is required because policies must be adapted to the needs of different entities.

On the health care cyber front, it is interesting to note that James Comey’s last formal speech was given on May 8th to the American Hospital Association in which he raised concerns about the ability of the FBI to combat cyber-attacks and urged cooperation with hospitals and health systems not to get patient records but “fingerprints of digital intrusion.” I note that this is the point of the work of InfraGard, a cooperative effort between industry and the FBI, and is consistent with the public proposals of the Information Sharing and Analysis Organization Standards Organization (ISAO-SO), established by executive order.  Further information regarding those efforts, in which this author is active, can be provided at sgerson@ebglaw.com.

Comey’s abrupt departure suggests that his statements may quickly become passing memories, but the cooperative tone struck is more than a little inconsistent with proposals, for example, from the Department of Health & Human Services’ Office of Civil Rights (OCR), the enforcement agency for Health Insurance Portability and Accountability Act (HIPAA) matters, and from the Federal Trade Commission (FTC), which soon may inherit enhanced powers as the Federa l Communications Commission is attempting to leave the cyber security enforcement field.  Both the Office of Human Rights and the FTC stress enforcement as the optimal mode of gaining cyber compliance.

In the coming days, you may expect further analysis by Epstein Becker Green of OCR’s developing enforcement stance and other emergent government policies in the wake of the new Executive Order.

On May 9, 2017, Scott Gottlieb, M.D. was confirmed by the Senate as the new Commissioner of the Food and Drug Administration (“FDA”).  As Commissioner, he will be immediately responsible for shaping FDA policy on a number of current issues, including addressing and implementing several mandates stemming from the 21st Century Cures Act, (“Cures Act”), which was signed into law on December 13, 2016 with tremendous bipartisan support. The Cures Act contains over 200 sections that create new obligations for FDA; however, most pressing for Commissioner Gottlieb are three requirements that must be fulfilled within 180 days of the Cures Act’s passage (June 11th, 2017).

These requirements are:

  • Submission of a work plan to the Committee on Health, Education, Labor, and Pensions and the Committee on Appropriations of the Senate and the Committee on Energy and Commerce and the Committee on Appropriations of the House of Representatives for any projects, which will use funding from the FDA Innovation Account created under Section 1002 of the Cures Act;
  • Development of “a plan to issue draft and final versions of one or more guidance documents, over a period of 5 years, regarding the collection of patient experience data, and the use of such data and related information in drug development” pursuant to Section 3002 of the Cures Act, which is codified at 21 U.S.C. 360bbb-8c; and
  •  Publication of “a list of reusable device types” pursuant to Section 3059 of the Cures Act, which is codified at 21 U.S.C. 360.

Commissioner Gottlieb has a long professional history in the pharmaceutical industry working in both the public and private sectors. His firsthand experience as a former Deputy Commissioner at the FDA provides him with unique insights into the internal workings of the administration. As a former consultant advising on FDA policies to the pharmaceutical industry, Commissioner Gottlieb is also familiar with recent issues and trends affecting the industry, many of which are addressed within the Cures Act.  Despite having only one month to organize and address the mandates of the three above-referenced sections of the Cures Act, we believe Commissioner Gottlieb will likely meet these deadlines based on his prior knowledge and experience.

We will continue to monitor and provide insight on Commissioner Gottlieb’s activity as FDA Commissioner, and the implementation of key Cures Act provisions as they develop. For insight into how Commissioner Gottlieb has historically viewed key issues impacting the FDA, and mandates under the Cures Act, please view our previously published client alert.

A recent settlement demonstrates the importance of compliant structuring of lending arrangements in the health care industry. The failure to consider health care fraud and abuse risks in connection with lending arrangements can lead to extremely costly consequences.

On April 27, 2017, the Department of Justice (“DOJ”) announced that it reached an $18 Million settlement with a hospital operated by Indiana University Health and a federally qualified health center (“FQHC”) operated by HealthNet. United States et al. ex rel. Robinson v. Indiana University Health, Inc. et al., Case No. 1:13-cv-2009-TWP-MJD (S.D. Ind.).  As alleged by Judith Robinson, the qui tam relator (“Relator”), from May 1, 2013 through Aug. 30, 2016, Indiana University Health provided HealthNet with an interest free line of credit, which consistently exceeded $10 million.  It was further alleged that HealthNet was not expected to repay a substantial portion of the loan and that the transaction was intended to induce HealthNet to refer its OB/GYN patients to Indiana University.

While neither Indiana University Health nor HealthNet have made any admissions of wrongdoing, each will pay approximately $5.1 million to the United States and $3.9 million to the State of Indiana. According to the DOJ and the Relator, the alleged conduct violated the Federal Anti-Kickback Statute and the Federal False Claims Act.

For more details on the underlying arrangement and practical takeaways . . .

Continue Reading Avoiding Fraud and Abuse in Health Care Lending Arrangements

Executive Order Delay Trumps Administration Policy Development

President Trump’s first hundred days did not produce the event that most people in the cybersecurity community expected – a Presidential Executive Order supplanting or supplementing the Obama administration’s cyber policy – but that doesn’t mean that this period has been uneventful, particularly for those in the health care space.

The events of the period have cautioned us not to look for an imminent Executive Order. While White House cybersecurity coordinator Robert Joyce recently stated that a forthcoming executive order will reflect the Trump administration’s focus on improving the security of federal networks, protecting critical infrastructure, and establishing a global cyber strategy based on international law and deterrence, other policy demands have intruded. Indeed as the 100-day mark approached, President Trump announced that he has charged his son-in-law, Jared Kushner, with developing a strategy for “innovation” and modernizing the government’s information technology networks. This is further complicating an already arduous process for drafting the long-awaited executive order on cybersecurity, sources and administration officials say.

The Importance of NIST Has Been Manifested Throughout the Hundred Days

The expected cyber order likely will direct federal agencies to assess risks to the government and critical infrastructure by using the framework of cybersecurity standards issued by the National Institute of Standards and Technology, a component of the Department of Commerce.

The NIST framework, which was developed with heavy industry input and released in 2014, was intended as a voluntary process for organizations to manage cybersecurity risks. It is not unlikely that regulatory agencies, including the Office of Civil Rights of the Department of Health and Human Services, the enforcement agency for HIPAA, will mandate the NIST framework, either overtly or by implication, as a compliance hallmark and possible defense against sanctions.

NIST has posted online the extensive public comments on its proposed update to the federal framework of cybersecurity standards that includes new provisions on metrics and supply chain risk management. The comments are part of an ongoing effort to further revise the cybersecurity framework. NIST will host a public workshop on May 16-17, 2017

Health Industry Groups Are Urging NIST to Set up a ‘Common’ Framework for Cybersecurity Compliance

Various health care industry organizations including the College of Healthcare Information Management Executives and the Association for Executives in Healthcare Information Security have asked NIST to help the industry develop a “common” approach for determining compliance with numerous requirements for protecting patient data. Looking for a common security standard for compliance purposes, commenters also argue that the multiplicity of requirements for handling patient data is driving up healthcare costs. Thus, the groups urge NIST to work with the Department of Health and Human Services and the Food and Drug Administration “to push for a consistent standard” on cybersecurity. One expects this effort, given strong voice in the First Hundred Days, to succeed.

The Federal Trade Commission is Emerging as the Pre-eminent Enforcement Agency for Data Security and Privacy

With administration approval, the Federal Communications Commission is about to release today a regulatory proposal to reverse Obama-era rules for the internet that is intended to re-establish the Federal Trade Commission as the pre-eminent regulatory agency for consumer data security and privacy. In repealing the Obama’s “net neutrality” order, ending common carrier treatment for ISP and their concomitant consumer privacy and security rules adopted by the FCC, the result would be, according to FCC Chairman Pai, to “restore FTC to police privacy practices” on the internet in the same way that it did prior to 2015. Federal Trade Commission authority, especially with regard to health care, is not without question, especially considering that the FTC’s enforcement action against LabMD is still pending decision in the 9th Circuit. However, the FTC has settled an increasing number of the largest data breach cases The Federal Trade Commission’s acting bureau chief for consumer protection, Thomas Pahl, this week warned telecom companies against trying to take advantage of any perceived regulatory gap if Congress rolls back the Federal Communications Commission’s recently approved privacy and security rules for internet providers.

OCR Isn’t Abandoning the Field; Neither is DoJ

While there have been no signal actions during the First Hundred Days in either agency. The career leadership of both has signaled their intentions not to make any major changes in enforcement policy.  OCR is considering expanding its policies with respect to overseeing compliance programs and extending that oversight to the conduct off Boards of Directors.

The Supreme Court Reaches Nine

Many would argue that the most important, or at least most durable, accomplishment of the Trump Administration to date is the nomination and confirmation of Neil Gorsuch to the Supreme Court. Justice Gorsuch is a conservative in the Scalia mold and is expected to case a critical eye on agency regulatory actions. There is no cybersecurity matter currently on the Supreme Court’s docket, but there will be as the actions and regulations of agencies like the FTC, FCC and DHHS are challenged.

Both the Department of Justice and the Department of Health and Human Services Inspector General have long urged (and in many cases, mandated through settlements that include Corporate Integrity Agreements and through court judgments) that health care organizations have “top-down” compliance programs with vigorous board of directors implementation and oversight. Governmental reach only increased with the publication by DoJ of the so-called Yates Memorandum, which focused government enforcers on potential individual liability for corporate management and directors in fraud cases. Thus, if it isn’t the case already, compliance officers should assure that senior management and directors are aware of their oversight responsibilities and the possible consequences if they are found not to have fulfilled them.

The OIG’s views regarding board oversight and accountability are discussed in white papers issued by the OIG and also the American Health Lawyers Association. See: “An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors“; “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors“; and “Practical Guidance for Health Care Governing Boards on Compliance Oversight.”

Directors are not only subject to government actions, but to private ones as well. For example, several months ago, a pension system shareholder in Tenet Healthcare Corp. filed a derivative suit claiming that Tenet’s board members shirked their fiduciary duties by not stopping a kickback scheme that led to a $513 million False Claims Act settlement.  The City of Warren Police and Fire Retirement System is seeking to impose a constructive trust on all salaries, bonuses, fees and insider sales proceeds paid to eight of Tenet’s fourteen board members, along with damages for alleged corporate waste and gross mismanagement of the company. It’s also seeking uncapped punitive damages for what it says was Tenet’s act of securing the execution of documents by deception and the misapplication of fiduciary property.  The Michigan-based pension system says Tenet and its board breached their fiduciary duties by failing to adopt internal policies and controls to detect, deter and prevent illegal kickbacks and bribes. And the board participated in efforts to conceal or disguise those wrongs from Tenet’s shareholders, it said.

Cases like this, both private and public (in the wake of the Yates memorandum), likely will proliferate. Indeed, notwithstanding the transition to a new Presidential administration that many hoped would lessen the intensity of its enforcement actions, the current leaders of the DoJ and various U.S. Attorneys’ offices as well as the OIG have signaled their intention to keep the pressure on.

A significant compliance resource of value to health care organizations’ boards recently was issued by the Baldrige Performance Excellence Program of The National Institute of Standards and Technology. The Baldrige Excellence Framework for health care organizations which sets out seven criteria for performance excellence and the means for success. A copy of the document is available for purchase here.

Frequently, parties in both civil and criminal cases where fraud or corporate misconduct is being alleged attempt to defend themselves by arguing that they lacked unlawful intent because they relied upon the advice of counsel. Such an assertion instantly raises two fundamental questions:  1) what advice did the party’s attorney actually give?;  and 2) what facts and circumstances did the party disclose, or fail to disclose, in order to obtain that opinion?  It is well understood that raising an advice of counsel defense consequently waives attorney/client privilege.  Moreover, because a limited waiver of the privilege is rarely recognized, the door likely will open to an examination of any relevant communication between the party and the attorney, even beyond the area that encompasses the particular alleged advice of counsel at issue. But what about the so-called “attorney work product” doctrine?  While attorney/client privilege protects confidential communications between clients and their lawyers related to seeking or obtaining legal advice, attorney work product is protected because it includes, among other things, the sense impressions, analyses and strategies prepared and recorded by and for the attorneys themselves in anticipation of litigation or other adversarial engagements. To what extent, if any, does assertion of advice of counsel expose the attorney’s work product to discovery?

An interesting and cautionary analysis of that question was provided recently by the United States District Court for the District of South Carolina, where the defendants in a False Claims Act lawsuit who asserted an advice of counsel defense were ordered to hand over to government prosecutors all attorney communications related to an alleged Medicare kickback scheme. United States ex reI. Lutz v. Berkeley Heartlab, Inc., 2017 BL 111755, D.S.C., No. 9:14-cv-230, April 5, 2017).

While the court did not explain its thinking in great depth, particularly with regard to the facts of the case itself, one suggests that it still reached a respectable decision. The court readily acknowledged that there is a difference between attorney/client privilege and the work product doctrine (though I note, in some contexts like that presented in Upjohn Co. v. United States, 449 U.S. 383 (1981) concerning corporate internal investigations, the difference can be immaterial) but it went on to hold that, in the case at bar, work-product protection was waived.  As noted, it is unexceptionable that, when a party relies upon an advice of counsel defense, attorney/client privilege necessarily is waived.  After all, one of the determinative issues – what advice did the attorneys actually give – necessarily depends upon getting past the privilege, which is not absolute in any event. The Lutz court recognized that the same rationale logically applies to any work-product materials that actually were shared with the client as part of the advice process. Thus, there is little exception to be taken with the court’s extension of the waiver to such materials. Accordingly, the point of controversy comes down to whether work product protection is to be held waived as to materials prepared by the lawyers that never were shared with the client.  Here, the court recognizes that there is competing authority on the subject

Ultimately, the court relies upon a line of cases holding that, when a party asserts an advice of counsel defense, the waiver of the work product protection extends to “uncommunicated work product.”  In the case at bar the court concluded that to rebut the defense, the government was entitled to  discover ” what facts were provided by [Defendants] to [their counsel]; discover what facts [Defendants’ counsel] may have obtained from any other sources other than Defendants; discover the legal research conducted by and considered by [Defendants’ counsel]; discover the opinions that [Defendants’ counsel] gave [Defendants] and discover whether [Defendants] selectively ignored any of the facts and opinions given [them] by [their counsel] in reaching a decision …”   While a defense lawyer would be unlikely to express any agreement with this if he or she were representing a client who was asserting an advice of counsel defense, one recognizes that an experienced judge is logically dealing with the reality of litigating the frequent situation where the client might have given the lawyer incomplete or misleading information about the facts, and the lawyer’s opinion very well would not have been given, or would have been different, if a more complete rendition of what was to be relied on in opining had been made. Indeed, adversaries frequently ask opinion witnesses – both lawyers and acknowledged experts —  that very question:  “If you had known X which had not been revealed to you by your client, your opinion would not have been the same; isn’t  that right.” Attorney notes very well may contain narrative information from client interviews that usefully addresses the issue of what the client actually disclosed when asking for advice.

In sum, while less scholarly and comprehensive than it might have been, the Lutz opinion did appropriately enunciate the issues, distinguish the two doctrines and reached a supportable conclusion.  One could, however, envision a case in which a trial court would be upheld for not ordering disclosed work product materials that had not been shared with the client.  But as Lutz warns:  don’t count on it.  Advice of counsel is a risky defense that must be approached carefully.  Problems are best avoided by attorneys asking searching questions and assuring that all relevant matters have been disclosed before opining.

The Information Sharing and Analysis Organization-Standards Organization (ISAO-SO) was set up under the aegis of the Department of Homeland Security pursuant to a Presidential Executive Order intended to foster threat vector sharing among private entities and with the government. ISAOs are proliferating in many critical infrastructure fields, including health care, where cybersecurity and data privacy are particularly sensitive issues given HIPAA requirements and disproportionate industry human and systems vulnerabilities.  Therefore, in advising their companies’ management, general counsel and others  might benefit from reviewing the FAQ’s and answers contained in the draft document that can be accessed at the link below.

Announcing the April 20 – May 5, 2017 comment period, the Standards Organization has noted the following:

Broadening participation in voluntary information sharing is an important goal, the success of which will fuel the creation of an increasing number of Information Sharing and Analysis Organizations (ISAOs) across a wide range of corporate, institutional and governmental sectors. While information sharing had been occurring for many years, the Cybersecurity Act of 2015 (Pub. L. No. 114-113) (CISA) was intended to encourage participation by even more entities by adding certain express liability protections that apply in several certain circumstances. As such proliferation continues, it likely will be organizational general counsel who will be called upon to recommend to their superiors whether to participate in such an effort.

With the growth of the ISAO movement, it is possible that joint private-public information exchange as contemplated under CISA will result in expanded liability protection and government policy that favors cooperation over an enforcement mentality.

To aid in that decision making, we have set forth a compilation of frequently asked questions and related guidance that might shed light on evaluating the potential risks and rewards of information sharing and the development of policies and procedures to succeed in it. We do not pretend that the listing of either is exhaustive, and nothing contained therein should be considered to contain legal advice. That is the ultimate prerogative of the in-house and outside counsel of each organization. And while this memorandum is targeted at general counsels, we hope that it also might be useful to others who contribute to decisions about cyber-threat information sharing and participation in ISAOs.

The draft FAQ’s can be accessed at :  https://www.isao.org/drafts/isao-sp-8000-frequently-asked-questions-for-isao-general-counsels-v0-01/

On March 15, 2017, the United States District Court for the Western District of Pennsylvania issued an opinion that sheds insight on how courts view the “writing” requirement of various exceptions under the federal physician self-referral law (or “Stark Law”). The ruling involved the FCA qui tam case, United States ex rel. Emanuele v. Medicor Assocs., No. 1:10-cv-245, 2017 U.S. Dist. LEXIS 36593 (W.D. Pa. Mar. 15, 2017), involving a cardiology practice (Medicor Associates, Inc.) and the Hamot Medical Center. The Court’s detailed discussion of the Stark Law in its summary judgment opinion provides guidance as to what may or may not constitute a “collection of documents” for purposes of satisfying a Stark Law exception.

This opinion is of particular note because it marks the first time that a physician arrangement has been analyzed since the Stark Law was most recently amended in November 2015, at which time the Centers for Medicare and Medicaid Services (“CMS”) clarified and codified its longstanding interpretation of when the writing requirement is satisfied under various exceptions.

Arrangements Established by a “Collection of Documents”

Both the “professional services arrangement” and “fair market value” exceptions were potentially applicable, and require that the arrangement be “in writing” and signed. However, two of the medical directorships were not reduced to a formal written agreement. The Defendants identified the following collection of documents as evidence that the writing requirement was satisfied:

  • Emails regarding a general initiative between Hamot and Medicor for cardiac services, but without any specific information regarding directorship positions, duties or compensation.
  • Letter correspondence between Hamot and Medicor discussing the potential establishment of a director position for the women’s cardiac program.
  • Internal summary that identified a Medicor physician as the director of the women’s cardiac program.
  • Unsigned draft Agreement for Medical Supervision and Direction of the Women’s Cardiac Services Program.
  • A one page letter appointing a Medicor physician as the CV Chair and identifying a three-year term that expired June 30, 2008.

The Court said that although “these kinds of documents may generally be considered in determining whether the writing requirement is satisfied, it is essential that the documents outline, at an absolute minimum, identifiable services, a timeframe, and a rate of compensation.” (emphasis added). In addition, the Court noted that CMS requires that at least one of the documents in the collection be signed by each party. After confirming that these “critical” terms were missing from the documents described above, the Court concluded that no reasonable jury could find that either arrangement was set forth in writing in order to satisfy Stark’s fair market value exception or personal service arrangement exception.

Expired Arrangements

Other directorships were initially memorialized in signed, formal written contracts, but they all terminated pursuant to their terms on December 31, 2006 and were not formally extended or renewed in writing on or prior to their termination. Thereafter, Medicor continued to provide services and Hamot continued to make payments under the agreements. The parties eventually executed a series of “addendums” to extend the term of each arrangement, although these addenda had a prior effective date. During the timeframe between when the agreements expired and when the addenda were executed, invoices were continuously submitted and paid.

Plaintiff argued that the failure to execute timely written extensions in advance of renewals resulted in a failure of all six arrangements to meet the “writing” requirement under a relevant Stark Law exception. The Court disagreed, explaining that there is no requirement that the “writing” be a single formal agreement and CMS has provided guidance as to the type of collection of documents that could be considered when determining if the writing requirement is met at the time of the physician referral. In this case, the Defendants specifically relied upon the invoices from Medicor to Hamot and the checks that were sent in payment thereof.

In deciding that a reasonable jury could find that there was a sufficient collection of documents, the Court denied Plaintiff/Relator’s motion for summary judgment with respect to these six ‘expiring” directorships, and the case will proceed to trial on these claims.

Hospitals should carefully consider this opinion when auditing Stark Law compliance of their physician arrangements. A more detailed article analyzing this case will be published in the July edition of Compliance Today.

The Medicare Payment Advisory Commission (“MedPAC”) met in Washington, DC, on April 6-7, 2017. The purpose of this and other public meetings of MedPAC is for the commissioners to review the issues and challenges facing the Medicare program and then make policy recommendations to Congress. MedPAC issues these recommendations in two annual reports, one in March and another in June. MedPAC’s meetings can provide valuable insight into the state of Medicare, the direction of the program moving forward, and the content of MedPAC’s next report to Congress.

As thought leaders in health law, Epstein Becker Green monitors MedPAC developments to gauge the direction of the health care marketplace. Our five biggest takeaways from the April meeting are as follows:

1. MedPAC unanimously passes a draft recommendation aimed at improving the current ASP payment system and developing the Drug Value Program as an alternative, voluntary program.

In the March meeting, MedPAC discussed a proposed recommendation to address the rapid growth in Part B drug spending. The short-term policy reforms for the current ASP payment system would be made in 2018, while the Drug Value Program would be created and phased in no later than 2022. MedPAC passes this draft recommendation unanimously with no changes. In the June report to Congress, MedPAC intends to add text to reflect more detail on certain issues, as well as other approaches and ideas for reducing Part B drug spending.

2. MedPAC discusses key issues addressed in a draft chapter on premium support in Medicare to appear in MedPAC’s June report.

MedPAC has developed a draft chapter on premium support in Medicare to serve as guidance if such a model were to be adopted. MedPAC does not take a position on whether such a model should be adopted for Medicare. A premium support model would include Medicare making a fixed payment for each beneficiary’s Part A and Part B coverage, regardless of whether the beneficiary enrolls in fee-for-service or a managed care plan. The beneficiary premium for each option would reflect the difference between its total cost and the Medicare contribution. The draft chapter addresses key issues for this model from previous MedPAC sessions, including the treatment of the fee-for-service program, standardization of coverage options, the calculation of benchmarks and beneficiary premiums, as well as a new proposal regarding premium subsidies for low-income beneficiaries. The draft chapter will be included in MedPAC’s June report to Congress.

3. MedPAC unanimously passes a draft recommendation for the implementation of a unified prospective payment system for post-acute care.

In the March meeting, MedPAC proposed a draft recommendation regarding a PAC PPS. During the discussion in the previous meeting, the percent of the reduction in aggregate payments was the largest point of contention. MedPAC decided the proposed 3% reduction was too low, and increased the reduction to aggregate payments to 5% for the finalized draft recommendation. MedPAC passes this draft recommendation unanimously with the change to the reduction of aggregate payments.

4. Regional variation in Medicare Part A, Part B, and Part D spending and service use

MedPAC compared its most current evaluation of geographic differences in Medicare Program spending and service use with calculations from previous years. The primary takeaway from the current data was that there was much less variation in service use relative to variation in spending.  Most of the service use variation in Part A and B services came from post-acute care.  Among Prescription Drug Plan (PDP) enrollees, drug use also varied less than drug spending.

5. Measuring low-value care in Medicare

MedPAC has been measuring the issue of low-value care, meaning services considered to have little or no clinical benefit, for the last three years. In June 2012, MedPAC had also recommended value-based insurance design, in which the Secretary could alter cost-sharing based on evidence of the value of services. In order to do so, however, CMS would first need information on how to define and measure low-value care.  MedPAC has been using 31 claims-based measures for low value care developed by researchers and published in JAMA. For 2014, MedPAC’s analysis found that 37% of beneficiaries received at least one low-value service.  Medicare spending for these services was estimated to be $6.5 billion.  MedPAC acknowledges that this estimate is conservative because the measures used do not also include downstream services that may result from the initial low-value service.  MedPAC also briefly discussed the issues associated with formulating performance measures in general, including for the merit-based incentive payment system (MIPS) included in Medicare Access and CHIP Reauthorization Act.

In a previous blog post, we discussed a City of Chicago Ordinance, set to take effect on July 1, 2017, that will require pharmaceutical sales representatives to obtain a license before being able to operate within city limits. The draft rules for this ordinance were released on March 17, 2017.

These rules provide additional detail regarding the licensure requirements as well as other associated education and disclosure requirements with which pharmaceutical representatives will be expected to comply beginning in July of this year. In order to obtain initial licensure as a pharmaceutical representative, applicants must complete an online course that will provide an overview of these requirements.  Proof of course completion must be submitted along with the license application, which will cost $750.  To maintain the license, representatives must complete a minimum of 5 hours of continuing professional education every year thereafter.  Approved providers will be listed at www.cityofchicago.org/health.  Notably, continuing education provided by pharmaceutical manufacturers to their employees will not be accepted to fulfill the requirement. A licensed representative who does not meet these continuing education requirements may face substantial penalties, including suspension or revocation of the license, inclusion in a public list of representatives whose licenses have been revoked, and/or a fine between $1,000 and $3,000 per day of violation.

In addition to the professional education requirement, pharmaceutical representatives will also be required to track and report certain sales information on an annual basis or upon request by the Commissioner of Public Health. This information must include: a list of the health care professionals who were contacted, the location and duration of each contact, the pharmaceuticals that were promoted, and whether product samples or any other compensation was offered in exchange for the contact.[1]  For applicants who receive initial licensure, the time period for the data that must be collected and reported shall cover an 11-month period, starting on the day of licensure and ending one month before its expiration.  For representatives with a renewed license, the data shall cover a 12-month period that will begin one month before the license renewal and will end one more before its expiration.  If the Commissioner of Public Health requests the information at any other time, the request will designate the time period the submission must cover, and it will be due within 30 days of the request.

A pharmaceutical representative who is found to have violated any provision of the Ordinance or these rules will be subject to suspension or revocation of licensure and/or a fine of $1,000 to $3,000 per day of violation. Once a license is revoked, it cannot be reinstated for a period of two years from the date of revocation.[2]

These new requirements will undoubtedly place a significant burden on pharmaceutical manufacturers and their sales representatives who work in Chicago.[3]  The public is invited to submit any comments it may have on the proposed rules by April 2, 2017.

____

[1] Section 4-6-310(g)(1)

[2] Section 4-6-310(j)

[3] The requirements have already drawn considerable criticism from affected members of the pharmaceutical industry, who state that they will impose an unnecessary and harmful tax on one of the most important sectors of the city’s economy.