Health Law Advisor

Throughout the course of the pandemic, the Health Resources and Services Administration (HRSA) distributed $178 billion in Provider Relief Funds (PRF) to hospitals and health care providers.  The Public Health Emergency has ended, and HRSA is now turning an eye to how the money was spent, and whether it was spent properly. 

PRF funds were distributed with nearly no-strings-attached; hospitals and providers had to simply agree to a few terms and conditions.  Yet a number of facilities and providers have received one of two types of letters from HRSA: (1) a Final Repayment Notice stating the money must be returned, or (2) a letter stating that HRSA will be conducting an audit.  

Recently, Florida Governor Ron DeSantis signed Senate Bill 262 and Senate Bill 264 into law. These new laws grant Floridians greater control over their personal data and establish a new standard for data handling and protection. Senate Bills 262 and 264 take effect on July 1, 2023.

On June 8, 2023, the New York City Council passed a bill focused on healthcare accountability, with the goal of increasing access to healthcare services for New Yorkers. Entitled the Healthcare Accountability & Consumer Protection Act (the “Act”), this legislation includes Introduction 844, which establishes an Office of Healthcare Accountability, whose work would allow patients to see through a website what they would be charged for procedures at hospitals throughout New York City. As part of the Act, this Office would also report on insurance and pharmaceutical pricing, as well as monitor the amount of money the City is spending on healthcare services. In addition, the Act includes Resolution 512, which calls on New York State to create an independent commission to oversee hospital pricing and to increase access to healthcare services. This local law, referred to as Local Law 78, was signed by Mayor Adams on June 23, 2023, and will be effective beginning on February 22, 2024.

A recent enforcement action by the Federal Trade Commission (“FTC”) against 1Health.io—which sells “DNA Health Test Kits” to consumers for health and ancestry insights—serves as a reminder that the FTC is increasingly exercising its consumer protection authority in the context of privacy and data protection. This is especially true where the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not reach. The FTC’s settlement with 1Health.io highlights a wide-range of privacy and security issues companies should consider relating to best practices for updating privacy policies, data retention policies, configuration of cloud storage and vendor management, especially when handling sensitive genetic data. 

Summertime, for many, marks the beginning of longer days and more sunshine. As an academic medical institution, it also marks the end of one academic year and the commencement of another, and with a new academic year comes new agreements or contracts of appointment for its residents and fellows, as each are promoted to a new program year. For programs accredited by the Accreditation Council of Graduate Medical Education (“ACGME”), there are specific requirements for what can and should be included in its resident and fellow agreements. Aside from its ACGME requirements, it is also important for an institution to consider what additional contractual provisions it should include in its resident and fellow contracts. Below are ACGME’s requirements and other contract provisions that an institution should review and include in such contracts prior to the beginning of each academic year.

In this episode of the Diagnosing Health Care Podcast:  The Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization one year ago overturned 50 years of legal precedent protecting the constitutional right to abortion in the United States, leaving the question of whether and how to regulate abortion to individual states.

What has happened since and what is to come?

Epstein Becker Green attorneys Amy Dow, Erin Sutton, and Jessika Tuazon examine how the Dobbs decision has impacted the legal landscape for patient access to abortion, discuss the challenges facing the health care industry, and explore how industries can manage their compliance efforts moving forward as the legal landscape continues to evolve.

Introduction

Following the Supreme Court decision in Dobbs v. Jackson Women’s Health Organization overturning Roe v. Wade, the federal government, pursuant to President Biden’s Executive Order (the EO) took several steps to protect reproductive health privacy, some of which we previously discussed here. Specifically, the EO called for agencies to protect “women’s fundamental right to make reproductive health decisions.” Shortly following issuance of the EO, the Biden Administration created its HHS Reproductive Healthcare Access Task Force, requiring all relevant federal agencies to draft measurable actions that they could undertake “to protect and bolster access to sexual and reproductive health care.”  

Revisions to Ohio’s Health Care Services rules have been in the works since last September, as part of the required five-year of review Ohio Administrative Code Chapter 3701-84 by the Ohio Department of Health (ODH). Without much publicity, the finalized rules became effective on May 15, 2023. 

“Health Care Services” include: (1) adult cardiac catheterization; (2) adult open heart surgery; (3) pediatric cardiac catheterization; (4) pediatric cardiovascular surgery; (5) pediatric intensive care; (6) a linear accelerator, cobalt radiation, or gamma knife service; (7) solid organ transplant services, and (8) blood and bone marrow transplant service. The revised Health Care Services rules make changes to nearly every regulation in Chapter 3701-84, many of a substantial nature. 

Of particular interest to Ohio hospitals, changes to the adult cardiac catheterization services requirements include:

Would it surprise you if I told you that a popular and well-respected machine learning algorithm developed to predict the onset of sepsis has shown some evidence of racial bias?[1]  How can that be, you might ask, for an algorithm that is simply grounded in biology and medical data?  I’ll tell you, but I’m not going to focus on one particular algorithm.  Instead, I will use this opportunity to talk about the dozens and dozens of sepsis algorithms out there.  And frankly, because the design of these algorithms mimics many other clinical algorithms, these comments will be applicable to clinical algorithms generally.

On May 18, 2023, the Federal Trade Commission (FTC) filed a Notice of Proposed Rulemaking and Request for Public Comment (“NPRM”) seeking to amend the Health Breach Notification Rule (“HBNR”). We previously wrote about the FTC’s policy statement, in which the FTC took the position that mobile health applications that are not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) are covered by the HBNR. In our post, we highlighted concerns raised in dissent by commissioner Noah Joshua Phillips that the FTC’s interpretation of “breach of security” was too broad. Commissioner Phillips has since resigned.