Epstein-Becker-Green-ClientAlertHCLS_gif_pagespeed_ce_KdBznDCAW4In February 2012, two years after the passage of the Affordable Care Act (“ACA”), the Centers for Medicare & Medicaid Services (“CMS”) issued a proposed rule, which was subject to significant public comment, concerning reporting and returning certain Medicare overpayments (“Proposed Rule”). On February 12, 2016, four years from the issuance of the Proposed Rule (and six years after passage of the ACA), CMS issued the final rule, which becomes effective on March 14, 2016 (“A and B Final Rule”).

The A and B Final Rule applies only to providers and suppliers under Medicare Parts A and B. The return of overpayments under Medicare Parts C and D are addressed in a final rule that was published by CMS in May 2014 (“C and D Final Rule”). To date, no final regulations have been adopted that address Medicaid requirements.

Among other things, the A and B Final Rule and its preamble provide:

  • a six-year lookback period;
  • that providers and suppliers must exercise “reasonable diligence” in connection with identifying potential overpayments;
  • that the time period to conduct “reasonable diligence” should be no more than six months, except in extraordinary circumstances; and
  • that “identification” includes quantifying the amount of the overpayment.

Kirsten M. Backstrom, George B. Breen, Anjali N.C. Downs, David E. Matyas, and Meghan F. Weinberg coauthored a Health Care and Life Sciences Client Alert that addresses a number of the significant provisions of the A and B Final Rule, describes an important difference between the two final rules, and sets forth a list of nine key “takeaways” that we believe all Medicare providers and suppliers should be aware of.

Click here to read the full Health Care and Life Sciences Client Alert.

Epstein Becker Green’s Peter M. Panken and Frank C. Morris, Jr. have authored a post on the Hospitality Labor and Employment Law blog entitled, “Loose Lips Sink Ships: New Liabilities Under The Affordable Care Act.”

Following is an excerpt:

The Affordable Care Act (“ACA”) requires larger employers (50 or more full time equivalents) to offer “affordable” “minimum value” health care to employees working thirty (30) or more hours per week or face the possibility of significant penalties in some cases.  Thus the cost of staffing with part time employees may be far less than paying for health insurance for workers working 30 or more hours.

At the same time, ERISA Section 510 (29 USC Section 1140) prohibits discrimination against an employee “for exercising any rights to which he is entitled under the provisions of any employee benefit plan…or for the purpose of interfering with the attainment of any right  to which such participant may become entitled under the plan…”

The full post can be accessed here.

 

2016 is poised to be a major year in network adequacy developments across public and private insurance markets.  Changes are ahead in the Medicare and Medicaid managed care programs, the Exchange markets and the state-regulated group and individual markets, including state-run Exchanges.  The developing standards and enforcement will vary significantly across these markets.

Through 2014 and 2015, major news stories discussed concerns over the growing use of narrow provider networks by issuers on the Affordable Care Act’s insurance exchanges (“Exchanges”).  Others reported on enrollees’ frustration with receipt of unexpected charges from out-of-network practitioners when receiving treatment at in-network facilities (often referred to as “surprise bills”).  As a result, calls for improved network adequacy and transparency mounted.  A September 2014 HHS Office of Inspector General (OIG) report was critical of variation in state oversight of the Medicaid managed care market.  An August 2015 Government Accountability Office (GAO) report called for greater CMS network oversight in the Medicare Advantage market.  In response, a series of proposed rules and other changes have accumulated –

Medicare Advantage (MA) – In April 2015, CMS announced in a Call Letter that it will impose more stringent network adequacy requirements in the application process for MA plans.  To address surprise provider terminations, CMS will require 90 days notice of any significant mid-year changes.  Additionally, plans must establish and maintain a process to keep provider directories current in real-time.  CMS intends to monitor compliance and is considering a CY2017 requirement for standardized electronic submission for inclusion in a nationwide provider database.  CMS has also expressed its intent to review network adequacy as part of its regular program audits, as a pilot in 2016 and as a standard feature in 2017.

Medicaid Managed Care – In May 2015, CMS released the first proposed rule to make comprehensive changes to its Medicaid managed care rules in 12 years, including new quantitative network adequacy standards.  Once finalized, states would be required to establish time and distance standards for specific provider types, including primary care (adult and pediatric), OB/GYN, behavioral health, specialists (adult and pediatric), hospital, pharmacy, pediatric dental, and any “additional provider types when it promotes the objectives of the Medicaid program for the provider type to be subject to such time and distance standards.”[1]  Interestingly, CMS suggested in its proposed rule that states look to MA and state commercial standards as models.

Federal Exchanges – In December 2015, CMS, through its Center for Consumer Information and Insurance Oversight (CCIIO), released a proposed rule that featured more prescriptive network adequacy standards for Qualified Health Plans (QHPs) offered on the federal Exchange.  Where CCIIO is satisfied that a state uses “an acceptable quantifiable metric,” it will defer to their review of QHPs.  In other states, a default federal standard would apply.  Starting in 2017, CMS expects to take a similar approach as to MA and apply time and distance standards, with an emphasis on high-utilization specialties.  While CMS says it will not “prohibit certification of plans with narrow networks or otherwise impede innovation in plan design,”[2] it intends to set a floor with the federal Exchange default standards and it seeks greater network transparency.  Toward that end, ratings on QHP network coverage may be a future feature of HealthCare.gov.

State Regulated Group and Individual Markets – In November 2015, the National Association of Insurance Commissioners (NAIC) released a long-awaited network adequacy model act with more detailed requirements than federal and many state standards.  While the act would not impose quantitative standards such as provider number and type requirements, it does include reimbursement parity provisions for emergency and out-of-network facility-based providers.

Looking Ahead

With legislative sessions underway in all but four states this year, there are several important developments to watch for in 2016.  Some states will adopt the NAIC model act, in whole or in part, or use the act as a baseline from which to tailor its own standards.  Other states will decline to adopt it, leaving existing standards intact that range from minimal to highly detailed and prescriptive.  With increasing pressure from CMS across markets, some states may seek to aggressively increase the specificity of their network adequacy standards, adding number and type requirements or legislating that their insurance commissioners do so through an administrative process.  Some states may consider aligning standards across markets to ensure regulatory uniformity.  While there is nothing in the model act that suggests states increase oversight and enforcement activities, CMS is clearly increasing its own oversight and is pushing states to set a floor for state level access standards.  Changes to the landscape will come better into focus as CMS releases its final rules for all of the above proposed changes.

 

[1] 80 Fed. Reg. at 31145.

[2] 80 Fed. Reg. at 75550.

Epstein Becker Green’s Lynn Shapiro Snyder, Senior Member of the Firm, and Tanya Vanderbilt Cramer, Of Counsel, will present “Accountable Care Organizations and Other Provider Risk Sharing Arrangements — a Legal and Regulatory Overview,” a webinar hosted by Bloomberg BNA.

While the federal government has encouraged the growth of accountable care organizations (ACOs) through the Affordable Care Act, the regulation of ACOs and other provider risk sharing arrangements remains a patchwork of federal and state requirements that span many different areas of law. This webinar will explore some of the regulatory issues faced by ACOs, integrated delivery systems, and other provider organizations that assume some or all of the financial risk for providing covered health care benefits to patients through reimbursement arrangements such as capitation or shared savings.

Epstein Becker Green would like to offer you a 25% discount off the registration fees for this program.  To sign up at this discounted rate, please follow the steps below:

  1. Go to http://www.bna.com/accountable-care-organizations-m17179934019/
  2. Click on “add to cart.”
  3. Sign in to your bna.com account – if you do not have a bna.com account, please click “create an account & continue”
  4. On the checkout screen you will see a box on the right side labeled “promotion code”.  Please enter the code FIRMDISC25 in this box and click submit.  Then click proceed to checkout.

By Arthur J. Fried, Patricia M. Wagner, Adam C. Solander, Evan Nagler, and Jonathan Hoerner

On September 2, 2015, the U. S. Department of Health and Human Services (“HHS”) announced a $750,000 settlement with Cancer Care Group, P.C. (“CCG”), a radiation oncology practice in Indiana, for Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules violations. The alleged violations occurred in 2012, but a subsequent HHS Office for Civil Rights (OCR) investigation led to allegations from OCR that there was a lack of compliance with HIPAA Privacy and Security Rules requirements dating back to 2005.

CCG notified OCR on August 29, 2012 of a data breach of electronic protected health information (ePHI) resulting from the theft of a laptop bag that was left unattended in an employee’s car.  The bag contained a laptop computer and unencrypted backup storage media.  OCR estimated that the stolen data included the names, addresses, dates of birth, Social Security numbers, insurance information, and clinical information of approximately 55,000 current and former patients.

After receiving notification of the breach, OCR conducted an investigation that OCR alleged revealed CCG was in “widespread non-compliance with the HIPAA security rule.”  Specifically, OCR determined that CCG failed to conduct an enterprise-wide risk analysis at any time between April 21, 2005 (the compliance date of the Security Rule) and November 5, 2012, almost 5 months after the data breach.  OCR also determined that CCG also failed to have in place a written policy covering the removal of hardware and electronic media containing ePHI from CCG facilities.  OCR noted that an enterprise-wide risk analysis would have determined that removal of unencrypted media was a high risk to the group’s ePHI security.

In addition to the $750,000 payment, the settlement requires CCG to adopt a robust corrective action plan to correct HIPAA compliance program deficiencies. The entire Resolution Agreement can be viewed here.

This case highlights the need for all covered entities and business associates to conduct regular risk assessments and vulnerability testing.  A proper risk assessment will help organizations to identify vulnerabilities to the ePHI they store. While the Security Rule does not mandate encryption, as it is an addressable implementation specification, this settlement again reinforces OCR’s position that unencrypted computer hard drives, mobile devices, and electronic media will be under intense scrutiny should a breach occur. Thus, in most instances it is advisable for those types of devices to be encrypted.

Joshua A. Stein, a Member of the Firm in the Labor and Employment practice at Epstein Becker Green, has a Hospitality Labor and Employment Law blog post that will be of interest to many of our readers: “DOJ Further Delays Release of Highly Anticipated Proposed Website Accessibility Regulations for Public Accommodations.”

Following is an excerpt:

For those who have been eagerly anticipating the release of the U.S. Department of Justice’s proposed website accessibility regulations for public keyboard-4x3_jpgaccommodations under Title III of the ADA (the “Public Accommodation Website Regulations”), the wait just got even longer.  The recently released Spring 2015 Unified Agenda of Federal Regulatory and Deregulatory Actions reveals that DOJ’s Public Accommodation Website Regulations are now not expected until April 2016.  This delay moves back the release date nearly a year from what most had previously anticipated; this summer in advance of July’s 25th Anniversary of the ADA.  While there was no public statement explaining the release, most insiders believe it has to do with the difficulty of appropriately quantifying the costs and benefits of complying with any promulgated regulations – a necessary step by DOJ for such a rulemaking.

Read the full original post here.

On March 24, 2015, the House of Representatives Energy and Commerce Health Subcommittee[1] (the “Subcommittee”) held a 340B Program hearing with testimony from the Deputy Administrator of Health Resources and Services Administration (“HRSA”), the Director of the Office of Pharmacy Affairs (“OPA”) of HRSA,[2] the Director of Health Care of the Government Accountability Office (“GAO”), and Assistant Inspector General of the Office of Evaluation and Inspection of the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”).

The purpose of the hearing was to assess the functionality of the 340B Program, and, in particular, HRSA’s activities to address the findings in the GAO report, issued in September 2011, titled “Manufacturer Discounts in the 340B Program Offer Benefits, but Federal Oversight Needs Improvement,”[3] and OIG report, issued in February, 2014, titled “Contract Pharmacy Arrangements in the 340B Program.”[4]

The GAO issued a follow-up report on March 24, 2015, titled “Drug Discount Program, Status of GAO Recommendations to Improve 340B Pricing Program Oversight.”  The follow-up report stated that HRSA had implemented two of the GAO’s four recommendations and that HRSA plans to address the remaining two recommendations to clarify the patient definition and hospital criteria for eligibility.  The OIG also recommended that HRSA clarify patient definition, particularly in to the context of contract pharmacies.  The OIG provided examples of how eligibility determinations in the contract pharmacy setting can result in diversion based on the lack of clarity in the patient definition.  Additionally, the OIG stated that HRSA could increase 340B Program transparency by sharing 340B ceiling prices with providers and Medicaid state agencies (though the OIG acknowledged that HRSA lacked the authority to share 340B prices with Medicaid state agencies).

Throughout the hearing, several members of the Subcommittee expressed their support for the Program and acknowledged that the 340B Program is necessary for hospitals, health centers, and other Covered Entities to serve underserved populations.  At the same time, Subcommittee members expressed concerns that the 340B Program needs greater clarity, oversight by HRSA, and transparency.  Subcommittee Chairman Joseph R. Pitts’ (R.-PA) opening statement sums up the message delivered by Congress:

“This program, designed to stretch scarce federal dollars, is critically important for indigent and low-income patients who may otherwise be unable to access needed drugs or afford treatment. . . . One thing I hope we can all agree on, is that to preserve the 340B program and ensure that it is serving those who most need help, greater oversight and transparency is needed to increase the program’s accountability. Today’s hearing marks the first step in that direction.”[5]

The following are several themes that were discussed during the hearing:

  • Chairman Pitts suggested that Medicaid expansion as a result of the Affordable Care Act may lead to more hospitals meeting the disproportionate share hospital (“DSH Hospitals”) percentage, and thus, becoming Covered Entities under the 340B Program. Chairman Pitts questioned whether the DSH percentage was an appropriate proxy for determining the extent to which a hospital serves low income populations and whether a different methodology would be more appropriate.
  • A few Subcommittee members expressed concern that DSH Hospitals have no obligation to report how 340B savings are used to benefit underserved patients. One member expressed the more specific concern that there was no transparency to determine the extent to which the 340B discount is passed on to uninsured individuals.   The Subcommittee members contrasted this with HRSA grantees, such as health centers, which are required to reinvest proceeds to advance grant purposes. HRSA’s Deputy Administrator noted that such reporting and use of 340B savings by DSH hospitals is not required by the statute and, in response, a member of the Subcommittee suggested that this was an issue being discussed among the members that could potentially require a legislative fix.
  • A few Subcommittee members broached the topic whether, in light of HRSA’s limited rulemaking authority, whether HRSA’s issuance of guidance was a “long term solution” and whether HRSA needed more expansive rulemaking authority. Although HRSA’s Deputy Administrator acknowledged that enforcement of rules would strengthen HRSA’s oversight, the Deputy Administrator did not explicitly request rulemaking authority or other legislative change and stated simply that HRSA would use all the tools at its disposal to enforce 340B Program compliance.
  • Certain Subcommittee members expressed concern over the lack of clarity surrounding the patient eligibility definition; noting that compliance cannot be enforced if the definition is unclear.
  • Several Subcommittee members expressed concern and asked questions regarding the transparency of 340B ceiling prices to Covered Entities and the length of time it has taken HRSA to implement the pricing database. HRSA noted that the secure website would be operational later this year. Other Subcommittee members posed questions regarding whether the ceiling prices needed to be shared with state Medicaid agencies, even though HRSA does not have such authority.

Based on the Subcommittee’s questions and the testimony, it appears that the Subcommittee is intent on “preserving” the 340B Program, and exploring whether legislative “fixes” are needed.  The Subcommittee discussed some areas that can only be addressed through the legislative process, such a change of methodology to 340B hospitals, and transparency requirements with respect to the utilization of 340B savings.

However, there currently does not appear to be any consensus on the scope of such legislation, or even whether legislation is needed.  Ultimately, legislation will likely depend on HRSA’s ability to ensure 340B Program compliance with its current tools, including Covered Entity and manufacturer audits, limited rulemaking authority, and the issuance of guidance.

[1] The full Energy and Commerce committee has primary jurisdiction over the 340B Program in the House of Representatives.

[2] The Office of Pharmacy Affairs is tasked with Administratoring the 340B Program.

[3] http://www.gao.gov/products/GAO-11-836

[4] http://oig.hhs.gov/oei/reports/oei-05-13-00431.pdf

[5] Opening Statement of Subcommittee Chairman Joseph R. Pitts, available at http://energycommerce.house.gov/hearing/examining-340b-drug-pricing-program.

My colleagues Frank C. Morris, Jr., Adam C. Solander, and August Emil Huelle co-authored a Health Care and Life Sciences Client Alert concerning the EEOC’s proposed amendments to its ADA regulations and it is a topic of interest to many of our readers.

Following is an excerpt:

On April 16, 2015, the Equal Employment Opportunity Commission (“EEOC”) released its highly anticipated proposed regulations (to be published in the Federal Register on April 20, 2015, for notice and comment) setting forth the EEOC’s interpretation of the term “voluntary” as to the disability-related inquiries and medical examination provisions of the American with Disabilities Act (“ADA”). Under the ADA, employers are generally barred from making disability-related inquiries to employees or requiring employees to undergo medical examinations. There is an exception to this prohibition, however, for disability-related inquiries and medical examinations that are “voluntary.”

Click here to read the full Health Care and Life Sciences Client Alert.

The U.S. Equal Employment Opportunity Commission issued proposed regulations addressing how the Americans with Disabilities Act (“ADA”) applies to corporate wellness programs.  Namely, the proposed rule amends the ADA regulations to provide guidance on the extent to which employers may use incentives to encourage employees to participate in wellness programs that include disability-related inquiries and/or medical examinations.  The proposed rule will be published in the Federal Register on April 20, 2015.  Comments will be due 60 days from the date of publication.  The pre-publication version of the proposed rule can be viewed here. For additional information, visit Epstein Becker Green’s website to sign up for our upcoming webinar:  EEOC Wellness Regulations – What Do They Mean for Employer-Sponsored Programs?

 

At the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C. on March 5th and March 6th, the Federal Trade Commission (“FTC”) was clear in its message that privacy was a top priority for the agency.  The FTC had a strong presence at the conference.  Three of the five Commissioners and the Director of the Bureau of Consumer Protection (Jessica Rich) all spoke at the conference and relayed a message of the importance of consumer privacy and security.  In that regard, the FTC speakers stressed the importance of:

  • informing consumers of the collection of consumer information;
  • informing consumers how such collected information will be used; and
  • providing strong safeguards for information collected.

The FTC speakers also announced that the FTC will be beginning a new security campaign to engage businesses of all sizes in understanding the importance of securing consumer information.  The FTC speakers also emphasized the FTC’s concern and focus on the collection of health information by organizations that are not covered under HIPAA (for example organizations developing wearable devices or other consumer driven apps).  Given the tenor of the discussions, there is no question that FTC will continue to make privacy enforcement a top priority.  As a result, device manufacturers, pharmaceutical manufacturers, and mobile health developers should remember to think beyond HIPAA when they think of U.S. privacy compliance.  For a listing of prior privacy enforcement actions by the FTC see, https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/enforcing-privacy-promises.