On April 11, 2022, the Drug Enforcement Administration (DEA) released a final rule which amends DEA regulations to now require all applications for DEA registrations, and renewal of those registrations, to be submitted online. The final rule is effective May 11, 2022.

On January 7, 2021, DEA published a notice of proposed rulemaking (NPRM) that proposed requiring that all applications for DEA registrations, and renewal of those registrations, be submitted online. DEA is promulgating this rule as proposed in the NPRM with one exception: DEA is clarifying that Automated Clearing House (ACH) fund transfers will be accepted as payment for registrations and renewals. Continue Reading DEA Finalizes Rule Requiring All Registrations and Renewal Applications to Be Completed Online

The past several years have proven difficult for healthcare entities due to increasing cybersecurity threats, breaches and regulatory enforcement. Following these trends, on April 6, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) soliciting public comment on how regulated entities are voluntarily implementing security practices under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) and also seeking public input on sharing funds collected through enforcement with individuals who are harmed by Health Insurance Portability and Accountability Act of 1996 (HIPAA) rule violations.

Continue Reading HIPAA Enforcers Seek Public Input on Recognized Security Practices and Sharing Enforcement Recoveries with Affected Individuals

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently submitted two reports to Congress setting forth the HIPAA breaches and complaints reported to OCR during calendar year 2020 as well as the enforcement actions taken by OCR in response to those reports. HIPAA covered entities should be aware of the trends identified in these reports and should examine their own compliance in these areas.

Continue Reading HHS OCR Issues Annual HIPAA Reports to Congress

On April 7, 2022, the Centers for Medicare and Medicaid Services (CMS) issued guidance terminating numerous blanket waivers applicable to skilled nursing facilities (SNFs), inpatient hospices, intermediate care facilities for individuals with intellectual disabilities (ICF/IIDs), and end stage renal disease (ESRD) facilities.  The amount of blanket waivers ending is notable; while there have been terminations of waivers previously, these were usually limited to a single waiver.

CMS expressed concern “about how residents’ health and safety has been impacted by the regulations that have been waived, and the length of time for which they have been waived.” CMS reported that findings from onsite surveys at these facilities “revealed significant concerns with resident care that are unrelated to infection control.” Accordingly, CMS is acting to remove certain operational flexibilities not directly related to infection control.

Continue Reading CMS Ending Numerous COVID-19 Blanket Waivers for SNFs, Inpatient Hospice, ICF/IIDs, and ESRD Facilities

On March 28, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of two additional cases as part of OCR’s HIPAA Right of Access Initiative.

Continue Reading HIPAA Enforcement Continues Under Right of Access Initiative

This month’s post focuses on how timely FDA decisions are in categorizing new diagnostics under the Clinical Laboratory Improvements Amendments of 1988 (CLIA). The answer is that, on average, the agency does okay, but they also sometimes may miss their own guideline by a wide margin.  I use the word “may” there because the FDA data set is inadequate to support a firm conclusion.  I’ll explain more about that below, but this is another case of FDA releasing incomplete data that frustrates data analytics.

Continue Reading Unpacking Averages: Assessing FDA’s Performance Categorizing New Diagnostic Tests Under CLIA

In this episode of the Diagnosing Health Care Podcast:  How does the U.S. Department of Justice (DOJ) intend to leverage its enforcement authority under the False Claims Act to advance DOJ’s recently announced Civil Cyber-Fraud Initiative?

Continue Reading <em>Podcast:</em> DOJ Goes After Civil Cyber-Fraud – <em>Diagnosing Health Care</em>

On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.

Continue Reading President Biden Signs into Law the Cyber Incident Reporting Act, Imposing Reporting Requirements for Cyber Incidents and Ransomware Payments

In this episode of the Diagnosing Health Care Podcast:  The interoperability and information-blocking rules have imposed new regulations and requirements on health information exchanges (HIEs). How are HIEs responding to these new regulations in a space they have been in for decades? In this episode of our special series on interoperability, hear from Dan Paoletti, CEO of the Ohio Health Information Partnership.

Continue Reading <em>Podcast:</em> Interoperability: The Role of Health Information Exchanges – <em>Diagnosing Health Care</em>

From our Thought Leaders in Health Law video series:  The U.S. Department of Justice (DOJ) collected $5.6 billion in False Claims Act recoveries in fiscal year (FY) 2021.

That is over twice as much as 2020, and a record 90 percent of the total was collected from the health care and life sciences industries.

Continue Reading <em>Video:</em> Record-Shattering Year for FCA Recoveries in Health Care – <em>Thought Leaders in Health Law</em>