On March 18, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued updated guidance regarding the use of online tracking technologies by entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
The updated guidance replaced OCR’s original guidance issued in December 2022, both of which warn companies subject to HIPAA, Covered Entities and their Business Associates (collectively “Regulated Entities”), that use of online tracking technologies, such as cookies and pixels, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of HIPAA, including “individually identifiable health information” (“IIHI”). The guidance explained that covered entities’ HIPAA obligations are triggered where an online tracking technology connects an individual’s IP address with a visit to an unauthenticated public webpage addressing specific health conditions or health care providers (the “Proscribed Combination”).
The Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization to eliminate the federal constitutional right to abortion continues to alter the legal landscape across the country. On April 26, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published the “HIPAA Privacy Rule to Support Reproductive Health Care Privacy” (the “Final Rule”).
The Final Rule—amending the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance ...
On April 1, 2024, the U.S. Department of Health and Human Services (“HHS”) released new guidance which requires hospitals to obtain informed consent from patients before practitioners, or medical or other students, perform important surgical tasks or sensitive or invasive procedures or examinations (“Guidance”). The Guidance aims to address increasing concerns over patient privacy, in particular the performance of sensitive examinations and invasive procedures on anesthetized patients.
The Guidance both revises the Hospital Interpretive Guidelines regarding ...
On March 18, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued updated guidance regarding the use of online tracking technologies by entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Notably, the updated guidance replaces OCR’s original guidance issued in December 2022, both of which warn companies subject to HIPAA, Covered Entities and their Business Associates (collectively “Regulated Entities”), that use of online tracking technologies, such ...
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent and well-publicized cybersecurity incident affecting Change Healthcare further evidences these risks. As a result of the widespread and disruptive impact of this most recent cyberattack on the healthcare ecosystem, on March 5, 2024 the U.S. Department of Human Services (HHS) issued a public statement and has also announced that it opened an ...
On October 30, 2023, President Joe Biden signed the first ever Executive Order (EO) that specifically directs federal agencies on the use and regulation of Artificial Intelligence (AI). A Fact Sheet for this EO is also available.
This EO is a significant milestone as companies and other organizations globally grapple with the trustworthy use and creation of AI. Previous Biden-Harris Administration action on AI have been guidance of principles (e.g., the AI Bill of Rights) or have been targeted guidance on a particular aspect of AI such as the Executive Order Addressing Racial ...
Introduction
Following the Supreme Court decision in Dobbs v. Jackson Women’s Health Organization overturning Roe v. Wade, the federal government, pursuant to President Biden’s Executive Order (the EO) took several steps to protect reproductive health privacy, some of which we previously discussed here. Specifically, the EO called for agencies to protect “women’s fundamental right to make reproductive health decisions.” Shortly following issuance of the EO, the Biden Administration created its HHS Reproductive Healthcare Access Task Force, requiring all relevant federal agencies to draft measurable actions that they could undertake “to protect and bolster access to sexual and reproductive health care.”
On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.
It has been four years since Congress enacted the Eliminating Kickbacks in Recovery Act (“EKRA”), codified at 18 U.S.C. § 220. EKRA initially targeted patient brokering and kickback schemes within the addiction treatment and recovery spaces. However, since EKRA was expansively drafted to also apply to clinical laboratories (it applies to improper referrals for any “service”, regardless of the payor), public as well as private insurance plans and even self-pay patients fall within the reach of the statute.
The past several years have proven difficult for healthcare entities due to increasing cybersecurity threats, breaches and regulatory enforcement. Following these trends, on April 6, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) soliciting public comment on how regulated entities are voluntarily implementing security practices under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) and also seeking public input on sharing funds collected through enforcement with individuals who are harmed by Health Insurance Portability and Accountability Act of 1996 (HIPAA) rule violations.
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently submitted two reports to Congress setting forth the HIPAA breaches and complaints reported to OCR during calendar year 2020 as well as the enforcement actions taken by OCR in response to those reports. HIPAA covered entities should be aware of the trends identified in these reports and should examine their own compliance in these areas.
In this episode of the Diagnosing Health Care Podcast: The Centers for Medicare & Medicaid Services ("CMS") and the Office of Inspector General ("OIG") of the Department of Health and Human Services have at last published their long-awaited companion final rules advancing value-based care. The rules present significant changes to the regulatory framework of the federal physician self-referral law (commonly referred to as the “Stark Law”) and to the federal health care program’s Anti-Kickback Statute, or “AKS.”
Epstein Becker Green attorneys Anjali ...
The U.S. Supreme Court will consider whether the federal government can approve state programs that force Medicaid participants to work, go to school, or volunteer to get benefits. Both Arkansas and the Justice Department sought review of the issue. Epstein Becker Green attorney Clifford Barnes provides potential paths for the Biden administration to best position itself in the case.
The U.S. Supreme Court will hear oral argument in a case involving the authority of the Department of Health and Human Services to approve Medicaid work requirements programs in Arkansas and New Hampshire that were struck down by the U.S. Court of Appeals for the District of Columbia Circuit.
The high court has agreed to determine whether the HHS can allow states to impose work requirements in its Medicaid program even though all lower courts ruled against HHS’s approval of states’ Section 1115 work requirement waivers, based on the Trump administration’s refusal to consider the impact of the waivers on the core purpose of Medicaid—which is to increase health insurance coverage.
Unlike the narrow question considered by the lower courts, however, the court granted certiorari on a much broader issue. The question presented concerns the entire Section 1115 process and asks whether the HHS secretary has the power to establish additional purposes for Medicaid, beyond coverage.
Should the court rule that the HHS secretary does indeed possess this unbounded power, the entire Section 1115 landscape could shift, potentially allowing states to implement waivers like Arkansas, so long as they meet such additional purpose.
The case establishes an effective deadline for the Biden administration to take action to mitigate or eliminate the work requirements, in light of the administration’s commitment to expanding, rather than rolling back, Medicaid insurance coverage.
On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or mitigation remedies. The new law provides a strong incentive to covered entities and business associates to adopt “recognized cybersecurity practices” and risk reduction frameworks when complying ...
In a previous post, we discussed the appropriate use of the Provider Relief Funds authorized and appropriated by Congress under the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act, Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. Within that post, we specifically discussed the limitation imposed on use of the Relief Funds for payment of salaries, a topic of great interest to many recipients. Under the Terms and Conditions, recipients are prohibited from using the funds for salaries in excess of the Senior Executive Service Executive Level II amount – an annual salary of $197,300 – or $16,441 a month. We noted that, although the Department of Health and Human Services (“HHS”) had not spoken to this requirement with respect to the Provider Relief Funds, HHS permits other HHS grant Recipients to pay individuals’ salaries in excess of the $197,300 limit with non-federal funds.[1] Also, HHS’ federal contract regulations similarly limit use of federal contract funds for salary costs to the Executive Level II amount, but allow for amounts in excess of that limit to be paid with non-federal funds.[2]
To address the COVID-19 public health emergency fiscal burdens, Congress authorized and appropriated the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act[1], Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. The Department of Health and Human Services (“HHS”) has begun to distribute several tranches of the Relief Funds. All totaled, Congress provided $175 billion to the Public Health and Social Services Emergency Fund (“Relief Fund”) through the CARES Act and the Payroll Protection Program and Health Care Act.[2]
As of May 7, 2020, HHS identified $50 billion for general distribution to Medicare providers. HHS distributed to Medicare providers the Relief Fund’s initial $45 billion tranche in April 2020, and is distributing the Relief Fund’s second $20 billion tranche. Also, HHS allocated Relief Funds to: hospitals in COVID-19 high impact areas ($10 billion); rural providers ($10 billion); Indian Health Services ($400 million), and skilled nursing facilities, dentists, and providers that take solely Medicaid (unidentified amounts).[3]
The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020 (the Act), signed by the President on Friday, March 6, provides $8.3 billion in much needed multi-year funds to battle the coronavirus public health crisis. While there are many important aspects of the Act, below we focus on the Act’s grants for construction, alteration, or renovation of non-federally owned facilities.
State and Local Level Preparedness and Response Capability - The Act allocates $3.1 billion to the Secretary of Health and Human Services (the Secretary) for the Public Health and ...
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019. A potential unintended side effect of the SHIELD Act may require health care companies to provide notification to the NY Attorney General for events that occurred well before its enforcement date. While the SHIELD Act’s data security requirements, which are covered under §4, will not come into effect until March 21, 2020, all other requirements, including the breach notification requirement, became effective on October 23, 2019. The notification enforcement date is important for any Covered Entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that has suffered a Breach, as defined by HIPAA, involving fewer than 500 individuals (“Minor HHS Breach”), was a breach of computerized data, and involved a New York resident.
On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) rule relating to the third-party requests for patient records. In Ciox Health, LLC v. Azar,[1] the court invalidated the 2013 Omnibus Rule’s mandate that all protected health information (“PHI”) maintained in any format (not just that in the electronic health record) by a covered entity be delivered to third parties at the request of an individual, as well as the 2016 limitation on fees that can be charged to third parties for copies of protected health information (“PHI”).
As enacted, HIPAA’s Privacy Rule limits what covered entities (or business associates acting on behalf of covered entities)[2] may charge an “individual” requesting a copy of their medical record to a “reasonable, cost-based fee”[3] (the “Patient Rate”). The Privacy Rule did not, however, place limitations on the fees that can be charged to other requestors of this information, such as other covered entities that need copies of the records for treatment purposes or for disclosures to attorneys or other third parties. In order for some of these third parties to obtain the records, the patient would have to provide the covered entity with a valid HIPAA authorization.
In an effort to address the challenge of increasing drug prices for patients and families, the U.S. Food and Drug Administration (“FDA”) and the U.S. Department of Health and Human Services (“HHS”) recently outlined a proposal for facilitating the importation of pharmaceuticals originally intended for foreign markets. The Safe Importation Action Plan (the “Action Plan”), jointly announced on July 31, 2019, describes two different potential pathways for importing certain drugs. The Action Plan offers only a limited overview of the proposed pathways and does not ...
On Friday April 26, 2019, the US Department of Health and Human Services (“HHS”) issued a notification regarding HHS’ use of Civil Monetary Penalties (“CMP”) under the Health Insurance Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. https://www.federalregister.gov/documents/2019/04/30/2019-08530/enforcement-discretion-regarding-hipaa-civil-money-penalties. The notice provides: “As a matter of enforcement discretion, and pending further ...
The healthcare industry is still struggling to address its cybersecurity issues as 31 data breaches were reported in February 2019, exposing data from more than 2 million people. However, the emergence of artificial intelligence (AI) may provide tools to reduce cyber risk.
AI cybersecurity tools can enable organizations to improve data security by detecting and thwarting potential threats through automated systems that continuously monitor network behavior and identify network abnormalities. For example, AI may offer assistance in breach prevention by proactively ...
Recently, the U.S. Department of Health & Human Services (“HHS”) issued guidance for healthcare cybersecurity best practices. As required under the Cybersecurity Act (CSA) of 2015, this four-part guidance was generated by a Task Group charged with the following:
- Examining current cybersecurity threats affecting the healthcare and public health sector;
- Identifying specific weaknesses that make healthcare and public health organizations more vulnerable to cybersecurity threats; and
- Providing certain practices that cybersecurity experts rank as most effective ...
On November 30, 2018, the Department for Health and Human Services (“HHS”) Health Resources and Services Administration (“HRSA”) will publish its final rule to change the effective date for its 340B Drug Pricing Program ceiling price and manufacturer civil monetary penalty final rule to January 1, 2019.
After two years of proposed rulemaking, HHS published a final rule on January 5, 2017 outlining requirements of manufacturers to calculate the 340B ceiling price for a covered outpatient drug and the process by which HRSA can levy civil monetary penalties on drug ...
A dental practice and related dental management company have become the first two entities to make their way on to the newly created “High Risk – Heightened Scrutiny” list from the Office of Inspector General for the United States Department of Health and Human Services (the “OIG”).[1]
ImmediaDent of Indiana, LLC, a professional dental practice (“ImmediaDent”), and Samson Dental Partners, LLC, a dental management company which provides management and administrative services to ImmediaDent and other dental practices in Indiana, Kentucky and Ohio ...
On November 1, 2018, the Office of the Inspector General (“OIG”) for the U.S. Department of Health and Human Services (“HHS”) published an audit report finding that the U.S. Food and Drug Administration’s (“FDA”) policies and procedures were “deficient for addressing medical device cybersecurity compromises.” (A copy of OIG’s complete report is available here and Report in Brief is available here.) Specifically, the OIG found that FDA’s policies and procedures were “insufficient for handling postmarket medical device cybersecurity events” and ...
The American Clinical Laboratory Association (“ACLA”) challenged the final rules promulgated by the Department for Health and Human Services (“HHS”) pertaining to how the Medicare Clinical Laboratory Fee Schedule (“CLFS”) payment rates are established for laboratory services (Am. Clinical Lab. Ass’n v. Azar, No. 17-2645 ABJ, 2018 U.S. Dist. LEXIS 161639, 2018 WL 4539681 (D.D.C. Sept. 21, 2018)). The U.S. District Court of the District of Columbia granted HHS’ motion for summary judgment to dismiss the complaint after concluding that the court lacked subject ...
On June 20, 2018, the Centers for Medicare and Medicaid Services (“CMS”) published an advance copy of a request for information seeking public input on reforms to the Physician Self-Referral Law (or “Stark Law”).
The request for information stems from on-going efforts by the Department of Health and Human Services (“HHS”) to accelerate the government’s transformation from a fee-for-service to a value-based system focused on care coordination. Dubbed the “Regulatory Sprint to Coordinated Care” (#RS2CC), HHS expressed an intent to first identify regulatory ...
The Health Care Compliance Association (HCCA) kicked off its 22nd Annual Compliance Institute on Monday, April 16, 2018. During the opening remarks, Inspector General Daniel Levinson, of the Department of Health and Human Services (HHS) Office of Inspector General Office (OIG), announced the rollout of a new public resource to assist companies in ensuring compliance with Federal health care laws. The Compliance Resource Portal on the OIG’s website features:
- Toolkits
- Advisory opinions
- Provider Compliance Resource and Training
- Voluntary Compliance and Exclusions ...
In the midst of one of the worst flu seasons to date, many hospitals and other health care organizations enforced mandatory flu vaccine policies for their employees to boost vaccination rates. However, recent litigation and governmental actions should serve as a reminder that health care entities should carefully consider safeguards whenever implementing mandatory vaccine policies and to not categorically deny all requests for religious exemptions based on anti-vaccination beliefs.
In January, the Department of Health and Human Services (HHS) announced the formation of a ...
Last week, the federal Department of Health and Human Services (HHS) made two announcements aimed at providing additional protections for health care workers who object to providing services on moral or religious grounds.
On January 18, 2018, HHS announced the formation of a new Conscience and Religious Freedom Division in the HHS Office for Civil Rights (OCR). The stated goal of the new division is to “restore federal enforcement of our nation’s laws that protect the fundamental and unalienable rights of conscience and religious freedom.”
The next day, on January 19, HHS ...
Throughout the campaign season and the first months of Donald Trump’s presidency, the current Administration has voiced a commitment to furthering telehealth advancement. For example, during the campaign, then-candidate Trump emphasized the importance of telehealth tools in reforming the U.S. Department of Veterans Affairs ("VA"). More recently, both U.S. Department of Health and Human Services Secretary Tom Price and Centers for Medicare and Medicaid Services Administrator Seema Verma stated in their confirmation hearings that they were interested in promoting the ...
In May 2016, the U.S. Department of Health and Human Services (“HHS”) published a final rule implementing Section 1557 of the ACA. Section 1557 prohibits discrimination in the health programs and activities of “Covered Entities” on the basis of race, color, national origin, sex, age, or disability. Section 1557 also imposes detailed and specific notice and disclosure requirements on Covered Entities, including, among other things, the requirement to provide information about the use of auxiliary aids and services, the adoption of grievance procedures, and access for ...
On August 31, 2016, FDA issued a notification of public hearing and request for comments on manufacturer communications regarding unapproved uses of approved or cleared medical products. The hearing will be held on November 9-10, 2016, and individuals wishing to present information at the hearing must register by October 19, 2016. The deadline for written comments is January 9, 2017.
In the notice, FDA posed a series of questions on which it is seeking input from a broad group of stakeholders, including manufacturers, health care providers, patient advocates, payors, academics ...
As requested by Congress as part of an appropriations bill signed into law late last year, this month, the Department of Health and Human Services (HHS) released a report highlighting its e-health and telemedicine efforts. The report makes for interesting reading, and while there are no significant surprises in the report, it offers a clear snapshot of some of the agency’s thinking regarding virtual care.
The first thing I noted in the report is the agency’s view that “telehealth holds promise as a means of increasing access to care and improving health outcomes.” This is ...
Last week, the U.S. Department of Health and Human Services ("HHS") announced that FDA intends to update its regulations governing clinical studies of new drugs. More specifically, FDA intends to update Parts 312 and 16 of Title 21 of the Code of Federal Regulations (the "Code" or "CFR"). In its announcement, HHS stated that the revisions will be focused on defining and clarifying "the roles and responsibilities of the various persons engaged in the initiation, conduct, and oversight of clinical investigations subject to [investigational new drug] requirements." The ...
[caption id="attachment_1475" align="alignright" width="113"] Robert E. Wanerman[/caption]
Even after the Secretary of HHS admitted that the current backlog of Medicare Part B appeals would take ten years to adjudicate at current staffing and funding levels, that was not enough for a hospital to obtain any relief from a court. Cumberland County Hospital System, Inc. v. Burwell, No. 15-1393 (4th Cir., Mar. 7, 2016). In that case, a North Carolina hospital had initially been paid for over 900 claims, but those claims were subsequently determined to be ineligible after a ...
The last year has seen a flurry of lawsuits and demand letters to health care and other companies, and even a variety of nonprofits, alleging that those entities have websites that are not accessible to those who are blind or have low vision and thus allegedly violate the Americans With Disabilities Act (ADA). The U.S. Department of Health and Human Services’(HHS) Office for Civil Rights (OCR) enforces nondiscrimination and accommodation obligations as to health care entities providing services to Medicare and Medicaid recipients with disabilities. In an ironic twist, the ...
2016 is poised to be a major year in network adequacy developments across public and private insurance markets. Changes are ahead in the Medicare and Medicaid managed care programs, the Exchange markets and the state-regulated group and individual markets, including state-run Exchanges. The developing standards and enforcement will vary significantly across these markets.
Through 2014 and 2015, major news stories discussed concerns over the growing use of narrow provider networks by issuers on the Affordable Care Act's insurance exchanges ("Exchanges"). Others reported on ...
On Wednesday, October 14, 2015, the U.S. District Court for the District of Columbia (the "Court"), Judge Rudolph Contreras, vacated the Health Resources and Services Administration's ("HRSA") interpretive rule on Orphan Drugs ("the Interpretative Rule") as "arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law."[1] As a result of the ruling, pharmaceutical manufacturers are not required to provide 340B discounts to certain types of covered entities for Orphan Drugs, even when the drugs are prescribed for uses other than to treat the rare ...
By Arthur J. Fried, Patricia M. Wagner, Adam C. Solander, Evan Nagler, and Jonathan Hoerner
On September 2, 2015, the U. S. Department of Health and Human Services ("HHS") announced a $750,000 settlement with Cancer Care Group, P.C. ("CCG"), a radiation oncology practice in Indiana, for Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules violations. The alleged violations occurred in 2012, but a subsequent HHS Office for Civil Rights (OCR) investigation led to allegations from OCR that there was a lack of compliance with HIPAA Privacy and ...
By Alan J. Arville, Constance A. Wilkinson and Selena M. Brady
The House of Representatives Energy and Commerce Committee ("the Committee") circulated draft language to include in its 21st Century Cures legislation earlier this week to reform the 340B drug discount program (the "340B Program"). Although the draft 340B language was pulled from the legislation yesterday, the language proposed provides insight into what future legislative reform may include. The draft language, if adopted, would have a substantial impact on all 340B Program stakeholders, including, covered ...
By Arthur J. Fried.
In what is being called an historic announcement, Department of Health and Human Services Secretary Sylvia Mathews Burwell announced on Monday the setting of clear goals and timeframes for moving Medicare from volume to value payments. The stated goals are to tie 30% of all Medicare provider payments to quality and cost of care by 2016, moving to 50% by 2018. Nearly all fee-for-service payments will be aligned with quality and value – 85% by 2016 and 90% in 2018. This transformation will be achieved by the expansion of mechanisms already in use – Accountable Care ...
Stakeholders received insight on the Obama administration's expected approach to the certification and oversight of qualified health plans ("QHPs") late Friday, December 19, 2014, with the release by the Centers for Medicare & Medicaid Services ("CMS") of its Draft 2016 Letter to Issuers in the Federally-facilitated Marketplaces ("Draft Letter"). This annual release comes more than a month earlier than the release of the 2015 version of this document.
While the Draft Letter largely mirrors the provisions of its 2015 predecessor, or restates earlier proposals, CMS does ...
The Office of the Inspector General ("OIG") of the U.S. Department of Health and Human Services ("HHS") has extended the deadline, to December 28, 2014, for comments to the non-binding criteria used by OIG in assessing whether to impose a permissive exclusion, which were first published in 1997. See our previous blog post for information on the OIG's initial solicitation for comments.
Please reach out to George Breen, Jonah Retzinger, or Marshall E. Jackson, Jr., for assistance with the preparation and submission of comments.
The Food and Drug Administration ("FDA") recently announced that it will be hosting a public workshop on October 21 and 22, 2014, in Arlington, Virginia, entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity."
Officials from FDA, the Department of Health and Human Services ("HHS"), and the Department of Homeland Security ("DHS") will bring together medical device manufacturers, insurers, cybersecurity researchers, trade organizations, government officials, and other stakeholders to discuss the numerous challenges faced in medical device ...
The Office of the Inspector General ("OIG") of the U.S. Department of Health and Human Services ("HHS") is soliciting comments, recommendations, and other suggestions on the non-binding criteria used by OIG in assessing whether to impose a permissive exclusion, which were first published in 1997 (https://oig.hhs.gov/authorities/docs/2014/2014-16222.pdf). The OIG's permissive exclusion criteria currently are organized into four general categories, including: (1) the circumstances and seriousness of the underlying misconduct; (2) the defendant's response to the ...
By Brandon Ge and Alaap Shah
The Department of Health and Human Services (“HHS”) is taking laudable steps to improve notices of privacy practices (“NPPs”) and make them more clear, understandable, and user-friendly. Under the HIPAA Privacy Rule, individuals are entitled to a receive an NPP informing them of how their health information may be used and shared, as well as how to exercise their health privacy rights. Health plans and health care providers must develop and distribute NPPs that clearly explain these rights and practices. Unfortunately, to date NPPs have been ...
Our colleagues at Epstein Becker Green have issued a client alert: "Key Compliance Actions for the New HIPAA Privacy Regulations," by Patricia M. Wagner, Pamela D. Tyner, and Leah A. Roffman.
Following is an excerpt:
As noted in previous Epstein Becker Green health reform alerts, on January 25, 2013, the long-awaited final omnibus rule (“Omnibus Rule”) issued by the U.S. Department of Health and Human Services was published in the Federal Register. The Omnibus Rule makes sweeping changes to the privacy and security regulations under the Health Insurance Portability and ...
As we ended the summer of 2012, the Obama administration touted one of the more popular aspects of the Affordable Care Act – the requirement that health insurers spend at least 80 cents of every premium dollar on medical care and health care quality (85 cents for large employer groups purchasing health insurance), and if they do not, requiring these insurers to rebate the difference back to subscribers or their employers. According to the Administration, the “80/20 Rule” or the “Medical Loss Ratio (MLR) Rule,” as it alternately known, resulted in 12.8 million Americans ...
by Gretchen Harders, Daly D.E. Temchine, and Joseph J. Kempf, Jr.
On December 7, 2011, final rules on the medical loss ratio (“MLR”) requirements for insured health plans (and an interim final rule for non-federal governmental plans) were issued by the U.S. Department of Health and Human Services and the Centers for Medicare & Medicaid Services under the Patient Protection and Affordable Care Act. The MLR requirements are effective January 1, 2012, and any issuer who does not meet the MLR requirements for the 2011 MLR reporting year must pay rebates by August 1, 2012. This alert ...
EBG Introduces Interactive National Rate Review Scorecard
by Jesse M. Caplan and Lynn Shapiro Snyder
Shortly after the September 1st effective date for the Centers for Medicare & Medicaid Services (CMS) Rate Review Regulations, the U.S. Department of Health and Human Services published an Amendment to the Final Rule that revises the definitions of “Individual Market” and “Small Group Market” to include insurance policies sold to individuals and small groups through associations, whether or not the applicable state includes association coverage in its own definitions ...
EBG Introduces Interactive National Rate Review Scorecard
by Jesse M. Caplan and Lynn Shapiro Snyder
On May 23, 2011, the Center for Consumer Information & Insurance Oversight (CCIIO), in the Centers for Medicare & Medicaid Services (CMS) of the United States Department of Health and Human Services (HHS) published its Final Rule implementing Section 2794 of the Public Health Service Act (PHSA). This Section requires HHS to establish a process for the review of “unreasonable” health insurance premium rate increases in the individual and small group markets. The Final Rule ...
Blog Editors
Recent Updates
- OCR Withdraws Appeal of District Court Order Declaring Unlawful and Vacating the “Proscribed Combination” Portion of Its HIPAA Online Tracking Technologies Guidance
- As the Window for Comments Closes on ONC/ASTP’s HTI-2 Proposed Rule: What’s in HTI-2 and What Does It Mean for You?
- Unpacking Averages: Assessing FDA’s Postmarket Surveillance Under Section 522
- Video: New State Legislation Increases Oversight of Health Care Transactions – Thought Leaders in Health Law
- Video: New HIPAA Final Rule - Key Changes to Reproductive Health Care Privacy – Thought Leaders in Health Law