In this episode of the Diagnosing Health Care Podcast:  The Centers for Medicare & Medicaid Services (“CMS”) and the Office of Inspector General (“OIG”) of the Department of Health and Human Services have at last published their long-awaited companion final rules advancing value-based care. The rules present significant changes to the regulatory framework of

The U.S. Supreme Court will consider whether the federal government can approve state programs that force Medicaid participants to work, go to school, or volunteer to get benefits. Both Arkansas and the Justice Department sought review of the issue. Epstein Becker Green attorney Clifford Barnes provides potential paths for the Biden administration to best position itself in the case.


The U.S. Supreme Court will hear oral argument in a case involving the authority of the Department of Health and Human Services to approve Medicaid work requirements programs in Arkansas and New Hampshire that were struck down by the U.S. Court of Appeals for the District of Columbia Circuit.

The high court has agreed to determine whether the HHS can allow states to impose work requirements in its Medicaid program even though all lower courts ruled against HHS’s approval of states’ Section 1115 work requirement waivers, based on the Trump administration’s refusal to consider the impact of the waivers on the core purpose of Medicaid—which is to increase health insurance coverage.

Unlike the narrow question considered by the lower courts, however, the court granted certiorari on a much broader issue. The question presented concerns the entire Section 1115 process and asks whether the HHS secretary has the power to establish additional purposes for Medicaid, beyond coverage.

Should the court rule that the HHS secretary does indeed possess this unbounded power, the entire Section 1115 landscape could shift, potentially allowing states to implement waivers like Arkansas, so long as they meet such additional purpose.

The case establishes an effective deadline for the Biden administration to take action to mitigate or eliminate the work requirements, in light of the administration’s commitment to expanding, rather than rolling back, Medicaid insurance coverage.


Continue Reading How the Biden Administration Can Reverse Trump’s Medicaid Work Requirements

On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit

In a previous post, we discussed the appropriate use of the Provider Relief Funds authorized and appropriated by Congress under the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act, Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. Within that post, we specifically discussed the limitation imposed on use of the Relief Funds for payment of salaries, a topic of great interest to many recipients. Under the Terms and Conditions, recipients are prohibited from using the funds for salaries in excess of the Senior Executive Service Executive Level II amount – an annual salary of $197,300 – or $16,441 a month. We noted that, although the Department of Health and Human Services (“HHS”) had not spoken to this requirement with respect to the Provider Relief Funds, HHS permits other HHS grant Recipients to pay individuals’ salaries in excess of the $197,300 limit with non-federal funds.[1] Also, HHS’ federal contract regulations similarly limit use of federal contract funds for salary costs to the Executive Level II amount, but allow for amounts in excess of that limit to be paid with non-federal funds.[2]

Continue Reading Acceptable Use of CARES Act Provider Relief Funds – Salary Limitation Update

To address the COVID-19 public health emergency fiscal burdens, Congress authorized and appropriated the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act[1], Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. The Department of Health and Human Services (“HHS”) has begun to distribute several tranches of the Relief Funds. All totaled, Congress provided $175 billion to the Public Health and Social Services Emergency Fund (“Relief Fund”) through the CARES Act and the Payroll Protection Program and Health Care Act.[2]

As of May 7, 2020, HHS identified $50 billion for general distribution to Medicare providers. HHS distributed to Medicare providers the Relief Fund’s initial $45 billion tranche in April 2020, and is distributing the Relief Fund’s second $20 billion tranche. Also, HHS allocated Relief Funds to: hospitals in COVID-19 high impact areas ($10 billion); rural providers ($10 billion); Indian Health Services ($400 million), and skilled nursing facilities, dentists, and providers that take solely Medicaid (unidentified amounts).[3]


Continue Reading Appropriate Use of CARES Act Provider Relief Funds

The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020 (the Act), signed by the President on Friday, March 6, provides $8.3 billion in much needed multi-year funds to battle the coronavirus public health crisis. While there are many important aspects of the Act, below we focus on the Act’s grants for construction, alteration, or renovation

As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019.  A potential unintended side effect of the SHIELD Act may require health care companies to provide notification to the NY Attorney General for events that occurred well before its enforcement date. While the SHIELD Act’s data security requirements, which are covered under §4, will not come into effect until March 21, 2020, all other requirements, including the breach notification requirement, became effective on October 23, 2019.  The notification enforcement date is important for any Covered Entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that has suffered a Breach, as defined by HIPAA, involving fewer than 500 individuals (“Minor HHS Breach”), was a breach of computerized data, and involved a New York resident.
Continue Reading Annual Breach Reporting Required Under NY SHIELD Act for Some Health Care Companies

On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) rule relating to the third-party requests for patient records. In Ciox Health, LLC v. Azar,[1] the court invalidated the 2013 Omnibus Rule’s mandate that all protected health information (“PHI”) maintained in any format (not just that in the electronic health record) by a covered entity be delivered to third parties at the request of an individual, as well as the 2016 limitation on fees that can be charged to third parties for copies of protected health information (“PHI”).

As enacted, HIPAA’s Privacy Rule limits what covered entities (or business associates acting on behalf of covered entities)[2] may charge an “individual” requesting a copy of their medical record to a “reasonable, cost-based fee”[3] (the “Patient Rate”). The Privacy Rule did not, however, place limitations on the fees that can be charged to other requestors of this information, such as other covered entities that need copies of the records for treatment purposes or for disclosures to attorneys or other third parties.  In order for some of these third parties to obtain the records, the patient would have to provide the covered entity with a valid HIPAA authorization.  
Continue Reading HHS Addresses Federal Court Invalidation of Certain Provisions of the HIPAA Rule Relating to the Third-Party Requests for Patient Records

In an effort to address the challenge of increasing drug prices for patients and families, the U.S. Food and Drug Administration (“FDA”) and the U.S. Department of Health and Human Services (“HHS”) recently outlined a proposal for facilitating the importation of pharmaceuticals originally intended for foreign markets.  The Safe Importation Action Plan (the “Action Plan”),

On Friday April 26, 2019, the US Department of Health and Human Services (“HHS”) issued a notification regarding HHS’ use of Civil Monetary Penalties (“CMP”) under the Health Insurance Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  https://www.federalregister.gov/documents/2019/04/30/2019-08530/enforcement-discretion-regarding-hipaa-civil-money-penalties.  The notice provides: “As a