Health Law Advisor

New from the Diagnosing Health Care Podcast: One year ago, on October 30, 2023, President Joe Biden signed an executive order laying the groundwork both for how federal agencies should responsibly incorporate artificial intelligence (AI) within their workflows and how each agency should regulate the use of AI in the industries it oversees.

What has happened in the past year, and how might things change in the next?

On this episode, Epstein Becker Green attorneys Lynn Shapiro Snyder, Eleanor Chung, and Rachel Snyder Good reflect on what is new in health care AI as a result of the 2023 executive order and discuss what industry stakeholders should be doing to comply and prepare for future federal regulation of AI in health care.

The U.S. Supreme Court recently denied two certiorari petitions relating to the willfulness standard of the federal Anti-Kickback Statute, 42 U.S.C. § 1320a-7b (AKS), an issue with profound implications for health care companies and providers defending against AKS allegations.    

On October 7, 2024, the Supreme Court denied the petition for certiorari in U.S. ex rel. Hart v. McKesson Corporation, and on October 15, 2024, denied the cert petition in Sayeed v. Stop Illinois Health Care Fraud, LLC.^[1]

“Knowingly and Willfully”

 The AKS prohibits persons from, among other things, “knowingly and willfully” soliciting or receiving “any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind—

A. in return for referring an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a federal health care program, or

B. in return for purchasing, leasing, ordering, or arranging for or recommending purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program[.]”

In our ongoing series of blog posts, we have examined key negotiating points for tenants in triple net health care leases. We also have offered suggestions for certain lease provisions designed to protect tenants from overreaching and unfair expenses, overly burdensome obligations, and ambiguous terms with respect to the rights and responsibilities of the parties. These suggestions are intended to result in efficient lease negotiations and favorable lease terms from a tenant’s perspective. In our previous blog posts, we considered the importance of negotiating initial terms and renewal terms, operating expense provisions, assignment and subletting terms, maintenance and repair obligations, holdover provisions and surrender terms, and tenant improvement allowances. This latest blog post focuses on negotiating lease terms governing exclusivity, expansion and relocation.  A tenant should carefully negotiate these terms in order to protect its interest in the leased premises during the term.

Exclusivity provisions protect a tenant’s interest in leased premises by restricting landlords from leasing space in the same building or shopping center as tenant’s space for a similar permitted use. These provisions are not only important for retail tenants but should be negotiated for by healthcare tenants as well. For example, a tenant that operates a dermatology practice in a shopping center may want to restrict landlord form leasing space to other tenants who provide many of the same services. It is also important to define what tenant’s recourse is if landlord breaches the exclusivity or if another tenant operates outside of its permitted use in violation of the exclusivity provision. This may include a reduction in rent for a certain period of time while landlord attempts to resolve the violation, and eventually a termination right if landlord is unable to cause the rogue tenant to cease the violation.

Expansion provisions allow tenants the flexibility to expand into additional space that may become available for lease by landlord during the lease term, usually contiguous space or other space in the same building. Tenants should push for a right of first offer if such space should become available, even if the tenant is uncertain of what its future needs may be during the term.  Negotiated rent and coterminous terms should be included in the lease.

In September 2024, a group of Washington, D.C., legislators introduced the Certificate of Need (CON) Improvement Act of 2024, B25-0948. If passed, the measure will reform the requirements and process for health establishments in the District to obtain CONs from D.C.’s State Health Planning and Development Agency (SHPDA).

Background

D.C.’s CON requirements were originally established in 1980 to ensure that access to health care services is available to all D.C. residents and to contain the costs of such health care services. D.C. regulators have more recently argued that D.C. was experiencing an overabundance of primary care providers, which has led regulators to apply the CON process in an overly broad manner to prevent a doctor on every block.^[1] The CON requirements have been applied in an inconsistent manner such that similarly situated providers may or may not have a CON depending on enforcement by regulators. Stakeholders within the D.C. community have contested the overly broad interpretation and enforcement of the CON law in D.C. and have argued that such interpretations are in fact creating provider shortages, increasing health care costs, and decreasing access to care.

In addition, the time and expense of complying with the CON requirements is enough of a barrier to potentially send independent physician practices across the border into Maryland and Virginia.^[2] Stakeholders have asserted that rather than decrease health care costs and increase access to care, the CON laws have had the opposite effect.

Lastly, the current requirements for institutional and physician providers to apply for a CON for even routine projects or activities is unnecessary and overly burdensome. For example, hospitals must wait months to a year following the CON process to get non-patient improvements like heating, ventilation, and air conditioning (HVAC). Furthermore, under the current interpretation by regulators, a physician group could subject itself to requiring a CON simply by hiring a non-owner physician or maintain a separate room to perform non-surgical procedures.

On July 12, 2024, the FDA provided small dispensers—those employing 25 or fewer full-time pharmacists or pharmacy technicians—with an exemption from the Drug Supply Chain Security Act’s (“DSCSA”) enhanced drug distribution security (“EDDS”) requirements until November 27, 2026.^[1]  The FDA had previously announced a stabilization period effectively delaying enforcement of these EDDS requirements for all trading partners until November 27, 2024.^[2]   Generally, the EDDS requirements are the DSCSA compliance requirements that become effective once trading partners are required to exchange drug product data through an interoperable secure electronic system, as further summarized here. Recently, the FDA widened the exemption from the EDDS requirements to apply to other DSCSA stakeholders, though the length of time for the exemption varies by stakeholder type.

Missing and Incomplete Data Issues

On July 29, 2024, the National Association of Chain Drug Stores (“NACDS”) published a letter to the FDA raising the concern that only 25% to 50% of drug products received by pharmacies had accurate, consistent, and complete EPCIS data.^[3]  NACDS asked for staggered start dates for the EDDS requirements based on trading partner type.^[4]  The Healthcare Distribution Alliance (“HDA”) raised similar concerns and endorsed a similar approach in an August 19, 2024 letter to the FDA.^[5]  If incomplete or inaccurate DSCSA data is not received by a trading partner from an upstream trading partner, then the receiving trading partner should not accept or further distribute that drug product. With such a large volume of inaccurate data, the risk to patient access to drugs and shortages would be high.

Following these two letters, both NACDS and HDA engaged in separate listening sessions with the FDA in late September. During those sessions, they reiterated the concerns that they had outlined in their summer letters. The stakeholders noted that while the percentage of inaccurate or missing data had dropped to 25%, that still meant that on any given day a quarter of serialized drug packages had inaccurate data. The stakeholders also raised concerns that the large volume of independent waiver, exception, and exemption (“WEE”) requests that had been submitted to the FDA if granted, would make the November 27, 2024 transition complex and difficult, and emphasized that further stabilization would be necessary to avoid risks to patient drug access and public health.^[6] 

On October 23, 2024, Dr. Jill Biden, first lady of the United States,  announced the winners of $110 million in awards on behalf of the Advanced Research Projects Agency for Health (ARPA-H) to accelerate transformative research and development in women’s health.

“It’s time for investors, researchers, and business leaders to have [conversations about women’s health], not as an afterthought but as a first thought,” Dr. Biden said in her prepared remarks. “Those kinds of questions belong in your research proposals, in your laboratories, in your pitch decks.”

The awards will go to 23 teams from small startups to global innovators working to further developments in women’s health—with projects ranging from a non-invasive blood test to diagnose endometriosis to a revolutionary treatment for late-stage and metastatic ovarian cancer.

While we wait for long-anticipated federal regulations from the Occupational Safety and Health Administration (OSHA) addressing the issue of workplace violence in health care, activity continues at the state level.

California and North Carolina are among those currently filling the gaps—with the latter bringing law enforcement officers into hospital emergency departments to address the problem, and the former legislating to keep weapons out (through screening devices).

These laws are the latest developments in the national landscape of initiatives designed to address workplace violence in health care facilities. Though a federal OSHA standard is slated to issue by year-end, it remains to be seen whether that will happen and what effect, if any, the 2024 presidential election might have on those plans.

State courts continue to debate whether a state’s constitution recognizes a right to “liberty of privacy” or personal autonomy that would encompass the right to make personal health care decisions, including abortion.

In the post-Dobbs era, state supreme courts have been divided over whether state constitutions offer protections for abortion. Supreme courts in Florida and Iowa have rejected state constitutional protections for abortions, while those in Oklahoma and Montana have found or upheld certain constitutional protections for abortion. Recently, district court judges in Georgia and North Dakota have issued injunctions against their respective state’s abortion bans, finding that each state’s constitution protects a right to abortion.

On September 14, 2024, a district court judge in North Dakota enjoined North Dakota’s total prohibition on abortion, and on September 30, 2024, a superior court judge in Fulton County, Georgia, issued an injunction blocking the state’s six-week abortion ban. While the fate of the North Dakota injunction remains pending, on October 7, the Georgia Supreme Court stayed the lower court’s injunction, allowing Georgia’s six-week ban on abortion to once again take effect. One Georgia Supreme Court justice—Justice John J. Ellington—dissented in part from the decision, opining that “[t]he ‘status quo’ that should be maintained is the state of the law before the challenged law took effect.”

On March 18, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued updated guidance regarding the use of online tracking technologies by entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

The updated guidance replaced OCR’s original guidance issued in December 2022, both of which warn companies subject to HIPAA, Covered Entities and their Business Associates (collectively “Regulated Entities”), that use of online tracking technologies, such as cookies and pixels, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of HIPAA, including “individually identifiable health information” (“IIHI”). The guidance explained that covered entities’ HIPAA obligations are triggered where an online tracking technology connects an individual’s IP address with a visit to an unauthenticated public webpage addressing specific health conditions or health care providers (the “Proscribed Combination”).

On August 5, 2024, the Office of the National Coordinator for Health Information Technology— now known as the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (“ASTP/ONC”) within the U.S. Department of Health and Human Services (“HHS”)—issued a proposed rule titled “Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability” (the “HTI-2 Proposed Rule”), as part of its ongoing efforts to enhance health care interoperability and data sharing. The HTI-2 Proposed Rule builds on the January 2024 “Health Data, Technology, and Interoperability” final rule (the “HTI-1 Final Rule”). Comments on the HTI-2 Proposed Rule are due October 4.

Through the proposed changes, ASTP/ONC would (1) make sweeping changes to its Health Information Technology Certification Program (“HIT Certification Program”); (2) make revisions to the information blocking regulation, including implementing two new information blocking exceptions; and (3) codify and implement the statutory provisions regarding the Trusted Exchange Framework and Common Agreement (“TEFCA”) requirements.

New and Revised HIT Certification Criteria

The proposed changes in the HTI-2 Proposed Rule would significantly expand the scope of the HIT Certification Program to introduce additional functionality and new technology for developers of HIT used by health care providers and HIT that is intended to be used by payers and for public health agencies. The certification criteria introduced in HTI-2 for payers is the first time that the health IT certification program is being extended beyond the certified electronic health record (EHR) technology developers. Some notable changes include the following: