It has been four years since Congress enacted the Eliminating Kickbacks in Recovery Act (“EKRA”), codified at 18 U.S.C. § 220. EKRA initially targeted patient brokering and kickback schemes within the addiction treatment and recovery spaces. However, since EKRA was expansively drafted to also apply to clinical laboratories (it applies to improper referrals for any “service”, regardless of the payor), public as well as private insurance plans and even self-pay patients fall within the reach of the statute.
Continue Reading Four Years After EKRA: Reminders for Clinical Laboratories

The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) gives consumers increasingly more control over their personal information when collected by businesses subject to the law. We have previously discussed the compliance requirements of these data privacy laws on organizations doing business in California.[1] Significantly, CCPA/CPRA defines the term “consumer” to mean any California resident; which from a business perspective, such a broad definition encompasses not only the business’s individual customers, but also its employees, job-applicants or even business-to-business (B2B) contacts.  With the moratoriums currently in place for B2B and employee/applicant data sunsetting on January 1, 2023 and not likely to be extended, and the prospect for federal data privacy legislation with wide preemptive effect of state law looking less likely, businesses should be actively preparing to meet these expanded statutory obligations.

Continue Reading No More Exceptions: What to Do When the California Privacy Exemptions for Employee, Applicant and B2B Data Expire