Health Law Advisor

Our colleague Nathaniel M. Glasser and Jennifer Barna of Epstein Becker Green have co-authored an article in Bloomberg Law that will be of interest to our readers: "COVID-19 Vaccines and Workplace Challenges."

The following is an excerpt:

As COVID-19 vaccines become widely available, employers will face a critical set of challenges, ranging from whether they can—or will want to—mandate all or some employees get vaccinated, to what liability may attach to mandating vaccination, and even whether the Occupational Safety and Health Administration (OSHA) could require a ...

Our colleague Melissa L. Jampol of Epstein Becker Green has a new post on the Commercial Litigation Update blog that will be interest to our readers: “Opioids, Sober Homes and ‘Telefraud’: An Overview of the DOJ 2020 Healthcare Fraud Takedown.”

The following is an excerpt:

As we have previously reported, opioids have been a large focus of DOJ in the past few years in an attempt to stem the opioid epidemic through increased enforcement and this takedown is a continuation of those efforts. DOJ stated that the charges involved in the opioid-related takedown involved the ...

Ransomware basics

Ransomware is a serious form of cyber extortion that employs malware to prevent users from accessing their systems or data, either by locking the system or encrypting critical files until a ransom is paid. The hacker holds the key to unlock the system and usually demands payment in cryptocurrency.

Ransomware has been a known cyber threat vector for over a decade. In recent years, hackers have embraced increasingly sophisticated methods to exploit vulnerabilities and introduce ransomware into systems. They have also expanded the scope of impact by targeting ...

As employers continue their efforts to safely bring employees back to the workplace, many have moved beyond initial pre-entry wellness checks or questionnaires and are considering technology solutions that monitor social distancing and conduct contact tracing in real-time. Along with introducing these enhanced capabilities, the question of the privacy and security of employee personally identifiable information (“PII”) and protected health information (“PHI”) continues to loom.

In order to isolate and contain the spread of COVID-19, one critical component of an ...

On October 12, 2020, the California Attorney General issued its notice and third set of proposed modifications to the regulations implementing the California Consumer Protection Act (“CCPA”). These proposed modifications would change the regulations that were approved by the California Office of Administrative Law on August 14, 2020. The California Department of Justice is accepting written comments from the public on these proposed revisions to the regulations until October 28, 2020 at 5:00 p.m. PST.

Notable changes in these regulations include:

• A requirement for ...

Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, obtained two large breach-related settlements: one from a HIPAA Covered Entity and one from a HIPAA Business Associate.  These enforcement actions signal that despite COVID-19 related challenges, organizations continue to face rampant data breaches and ensuing HIPAA enforcement.

On September 25, 2020, OCR settled an investigation into a breach suffered by a large health insurer by obtaining the second-largest resolution payment in HIPAA enforcement history ($6.85 million).  This enforcement action resolved an investigation concerning potential violations of HIPAA Privacy and Security Rules related to a breach affecting the electronic protected health information (ePHI) of more than 10.4 million people.  The breach resulted from a phishing attack that introduced malware into the insurer’s IT systems and allowed unauthorized actors to gain access and remain undetected for nearly nine months.  Similarly on September 23, 2020, a business associate providing IT and health information management services to hospitals and physicians clinics entered a settlement ($2.3 million) with OCR for potential violations of HIPAA Privacy and Security Rules related to a breach affecting over 6 million people.  Essentially, these cyberattacks were advanced persistent threats that compromised the privacy and security of ePHI and PHI and revealed longstanding gaps in the companies’ cybersecurity controls.

Our colleagues David M. Prager, Jennifer L. Nutter, Alice Kwak, and Mary T. Vu at Epstein Becker Green recently published an Act Now Advisory that will be of interest to our readers in the health care industry: “Annual California Employment Law Update: New Laws for 2021 Provide COVID-19 Protections and Expand Family Leave.” This year, Governor Gavin Newsom signed numerous employment-related bills passed by the California Legislature. Major changes affecting employers with California operations in the coming year include:

• requiring COVID-19 supplemental paid sick ...

I knew Justice Ginsburg had been seriously ill, so I shouldn’t have been surprised when I heard the news of her passing. But it was still a big shock, and tears started falling. I thought to myself, “I don’t even personally know her—why am I crying?” It was because of all that she represented. She was truly inspirational. She had a tough life—losing her mother at a young age and trying to get her foot in the door and succeed in a male-dominated profession, not to mention numerous serious health issues. Yet she persevered, and she became a “first” in so many ways, even in ...

"My mother told me to be a lady. And for her, that meant be your own person, be independent." - Ruth Bader Ginsburg

A couple days after Ruth Bader Ginsburg passed away, my eight year old daughter asked me, when I was her age, what I wanted to be when I grew up. I paused and swallowed hard. I had wanted to be a doctor, but despite how well I performed in school, the more conservative environment I grew up in did not support such dreams because it was “not something that moms did”.

My daughter’s question allowed me to explain to her how lucky she is to grow up in the world we now live in where women ...

On Tuesday, September 1, 2020, the Drug Enforcement Agency (“DEA”) proposed 2021 aggregate production quotas (APQs) for controlled substances in schedules I and II of the Controlled Substances Act (“CSA”) and an Assessment of Annual Needs (“AAN”) for the List I Chemicals pseudoephedrine, ephedrine, and phenylpropanolamine. This marks the second year that DEA has issued APQs pursuant to Congress’s changes to the CSA via the SUPPORT Act.  After assessing the diversion rates for the five covered controlled substances, DEA reduced the quotas for four: oxycodone, hydrocodone, hydromorphone and fentanyl.

DEA recently increased the APQ to allow for the additional manufacture of certain controlled substances in response to the COVID-19 pandemic and the need to provide greater access to these medications for patients on ventilator treatment.  According to DEA, that increased demand has been factored into the proposed APQs for 2021.

Comments are due by October 1, 2020.  Because DEA’s APQs determine the amount of quota DEA can allocate to individual manufacturers in 2021, adversely impacted parties should file comments soon.

Background on APQs

The CSA requires the establishment of aggregate production quotas for schedule I and II controlled substances, and an assessment of annual needs for the list I chemicals ephedrine, pseudoephedrine, and phenylpropanolamine.  These aggregate quotas limit the quantities of these substances to be manufactured – and with respect to the listed chemicals, imported –  in the United States in a calendar year, to provide for the estimated medical, scientific, research, and industrial needs of the United States, for lawful export requirements, and for the establishment and maintenance of reserve stocks.

Changes in Setting APQs Under The SUPPORT Act

The Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (“SUPPORT Act”) signed into law October 24, 2018, provided significant changes to the process for setting APQs.  First, under the CSA, aggregate production quotas are established in terms of quantities of each basic class of controlled substance, and not in terms of individual pharmaceutical dosage forms prepared from or containing such a controlled substance.  However, the SUPPORT Act provides an exception to that general rule by giving the DEA the authority to establish quotas in terms of pharmaceutical dosage forms if the agency determines that doing so will assist in avoiding the overproduction, shortages, or diversion of a controlled substance.

Additionally, the SUPPORT Act changed the way the DEA establishes APQs with respect to five “covered controlled substances”: fentanyl, oxycodone, hydrocodone, oxymorphone, and hydromorphone.  Under the SUPPORT Act, when setting the APQ for any of the “covered controlled substances,” DEA must estimate the amount of diversion.  The SUPPORT Act requires DEA to make appropriate quota reductions “as determined by the [DEA] from the quota the [DEA] would have otherwise established had such diversion not been considered.”  Furthermore, when estimating the amount of diversion, the DEA must consider reliable “rates of overdose deaths and abuse and overall public health impact related to the covered controlled substance in the United States,” and may take into consideration other sources of information the DEA determines reliable.

Estimating Diversion  

In accordance with this mandate under the SUPPORT Act, in setting the proposed APQs for 2021 DEA requested information from various agencies within the Department of Health and Human Services (“HHS"), including the U.S. Food and Drug Administration (“FDA”), Centers for Disease Control and Prevention (“CDC”), and the Centers for Medicare and Medicaid Services (“CMS”), regarding overdose deaths, overprescribing, and the public health impact of covered controlled substances.  DEA also solicited information from each state’s Prescription Drug Monitoring Program (“PDMP”), and any additional analysis of prescription data that would assist DEA in estimating diversion of covered controlled substances.

After soliciting input from these sources, DEA extracted data on drug theft and loss from its internal databases and seizure data by law enforcement nationwide.  DEA then calculated the estimated amount of diversion by multiplying the strength of the active pharmaceutical ingredient (“API”) listed for each finished dosage form by the total amount of units reported to estimate the metric weight in kilograms of the controlled substance being diverted.