Department of Health and Human Services

Subscribe to Department of Health and Human Services
Health-law-Privacy

Establishing and maintaining effective systems to protect sensitive personal data and confidential business information from outside interference while also assuring that privacy interests are protected is among an organization’s highest priorities. Our security and privacy team at Epstein Becker & Green has written extensively about the guidance and best practices issued by federal and state regulatory and enforcement agencies. Execution, monitoring and continually updating these preventive practices define an organization’s first line of defense. But what happens in the event that an organization actually suffers a breach? Is there guidance that might be available, particularly to healthcare organizations, to deal with continuity and disaster planning (BC/DR) directed towards assuring resilience and recovery in the event of a potentially-disastrous cyberattack?

Continue Reading Hacking Healthcare: Cyberattack Contingency Planning and Response

Health-law-Medical-Payment

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently submitted two reports to Congress setting forth the HIPAA breaches and complaints reported to OCR during calendar year 2020 as well as the enforcement actions taken by OCR in response to those reports. HIPAA covered entities should be aware of the trends identified in these reports and should examine their own compliance in these areas.

Continue Reading HHS OCR Issues Annual HIPAA Reports to Congress

HEAL-Laptop

The Federal Trade Commission (“FTC”) recently issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by so-called “health apps.” The FTC press release indicated it has approved a policy statement by a vote of 3-2 offering guidance that organizations using “health applications and connected devices” to “collect or use” consumers’ personal health

health care-cost-calculator-shutterstock_515008156

The U.S. Supreme Court will consider whether the federal government can approve state programs that force Medicaid participants to work, go to school, or volunteer to get benefits. Both Arkansas and the Justice Department sought review of the issue. Epstein Becker Green attorney Clifford Barnes provides potential paths for the Biden administration to best position itself in the case.

The U.S. Supreme Court will hear oral argument in a case involving the authority of the Department of Health and Human Services to approve Medicaid work requirements programs in Arkansas and New Hampshire that were struck down by the U.S. Court of Appeals for the District of Columbia Circuit.

The high court has agreed to determine whether the HHS can allow states to impose work requirements in its Medicaid program even though all lower courts ruled against HHS’s approval of states’ Section 1115 work requirement waivers, based on the Trump administration’s refusal to consider the impact of the waivers on the core purpose of Medicaid—which is to increase health insurance coverage.

Unlike the narrow question considered by the lower courts, however, the court granted certiorari on a much broader issue. The question presented concerns the entire Section 1115 process and asks whether the HHS secretary has the power to establish additional purposes for Medicaid, beyond coverage.

Should the court rule that the HHS secretary does indeed possess this unbounded power, the entire Section 1115 landscape could shift, potentially allowing states to implement waivers like Arkansas, so long as they meet such additional purpose.

The case establishes an effective deadline for the Biden administration to take action to mitigate or eliminate the work requirements, in light of the administration’s commitment to expanding, rather than rolling back, Medicaid insurance coverage.

Continue Reading How the Biden Administration Can Reverse Trump’s Medicaid Work Requirements

HHS-1280-shutterstock_245503777

In a previous post, we discussed the appropriate use of the Provider Relief Funds authorized and appropriated by Congress under the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act, Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. Within that post, we specifically discussed the limitation imposed on use of the Relief Funds for payment of salaries, a topic of great interest to many recipients. Under the Terms and Conditions, recipients are prohibited from using the funds for salaries in excess of the Senior Executive Service Executive Level II amount – an annual salary of $197,300 – or $16,441 a month. We noted that, although the Department of Health and Human Services (“HHS”) had not spoken to this requirement with respect to the Provider Relief Funds, HHS permits other HHS grant Recipients to pay individuals’ salaries in excess of the $197,300 limit with non-federal funds.[1] Also, HHS’ federal contract regulations similarly limit use of federal contract funds for salary costs to the Executive Level II amount, but allow for amounts in excess of that limit to be paid with non-federal funds.[2]

Continue Reading Acceptable Use of CARES Act Provider Relief Funds – Salary Limitation Update

HHS-1280-shutterstock_245503777

To address the COVID-19 public health emergency fiscal burdens, Congress authorized and appropriated the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act[1], Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. The Department of Health and Human Services (“HHS”) has begun to distribute several tranches of the Relief Funds. All totaled, Congress provided $175 billion to the Public Health and Social Services Emergency Fund (“Relief Fund”) through the CARES Act and the Payroll Protection Program and Health Care Act.[2]

As of May 7, 2020, HHS identified $50 billion for general distribution to Medicare providers. HHS distributed to Medicare providers the Relief Fund’s initial $45 billion tranche in April 2020, and is distributing the Relief Fund’s second $20 billion tranche. Also, HHS allocated Relief Funds to: hospitals in COVID-19 high impact areas ($10 billion); rural providers ($10 billion); Indian Health Services ($400 million), and skilled nursing facilities, dentists, and providers that take solely Medicaid (unidentified amounts).[3]

Continue Reading Appropriate Use of CARES Act Provider Relief Funds

telemedicine-1280-shutterstock_655998274

On March 17, 2020 the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that it would “exercise its enforcement discretion and will waive any potential penalties for HIPAA violations” for health care providers who are serving patients using “everyday communications technologies.”  The OCR issued this guidance to ensure providers could make

Medicare Advantage- 691352827 Social

Based on findings of the Payment Accuracy Report recently issued by the Department of Health and Human Services (DHHS), six Democratic United States Senators questioned the Centers of Medicare and Medicaid Services’ (CMS) oversight and enforcement of Medicare Advantage (MA) plans. In a letter dated September 13, 2019, the Senators highlighted their belief that MA

tennesse_map_shutterstock_685265071_1280x720

On February 27, 2019, Tennessee-based holding company Vanguard Healthcare, LLC (“Vanguard”), agreed to pay over $18 million to settle a False Claims Act (“FCA”) action brought by the United States and the state of Tennessee for “grossly substandard nursing home services.” The settlement stems from allegations that five Vanguard-operated facilities failed to do the following:

civil_monetary_penalties_gavel_money_law_legal_fees_fines_shutterstock_437025370_1280x720

On Friday April 26, 2019, the US Department of Health and Human Services (“HHS”) issued a notification regarding HHS’ use of Civil Monetary Penalties (“CMP”) under the Health Insurance Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  https://www.federalregister.gov/documents/2019/04/30/2019-08530/enforcement-discretion-regarding-hipaa-civil-money-penalties.  The notice provides: “As a