Articles Posted in Health Law

Published on:

The Food and Drug Administration (FDA) and the Centers for Medicare and Medicaid Services (CMS) recently released a joint statement suggesting that the FDA is about to end its decades-long policy of declining to regulate lab-developed tests (LDTs). The statement casts the policy as outdated and suggests that the FDA is about to impose regulation to treat LDTs with the same approach as all other laboratory tests.

Testing by clinical laboratories is regulated by both the FDA and by the Clinical Laboratory Improvement Amendments (CLIA), as administered by CMS. The FDA regulates medical devices, including in vitro diagnostic products (“IVDs”). The FDA considers LDTs to be IVDs that are intended for clinical use and are designed, manufactured, and used within a single laboratory. CLIA, on the other hand, regulates the laboratory itself and classifies LDTs as “high complexity tests,” with corresponding standards imposed on the laboratory. Importantly, regarding the LDT itself, CLIA generally requires only analytical validation, which can occur after testing has already begun. LDTs may also be subject to more stringent state and private sector oversight.

Historically, the FDA had exercised enforcement discretion and not regulated LTDs, but this began to change in recent decades and accelerated during the COVID-19 pandemic. The pandemic caused an explosion in the need for quick, accurate, and cost-effective means to detect the virus that causes COVID-19. Many clinical labs responded by developing LDTs to detect COVID-19. As LDTs, labs were quickly able to innovate and begin bringing tests for COVID-19 to market. FDA responded by muddying the waters and adding regulatory burden. Initially, the Department of Health and Human Services (HHS), then under the Trump administration, released guidance that, during the public health emergency (PHE), LDTs for COVID-19 would not require pre-market approval. FDA then, in seeming contradiction of HHS, determined that the at-home collection kit of a COVID-19 LDT was distinct from the test itself and subject to FDA regulation. Later in the pandemic, HHS, now under the Biden administration, changed policy again and allowed the FDA to regulate all COVID-19 LDTs.

Published on:

The Michigan Medicaid program recently sent a program-wide email to healthcare providers and suppliers reminding them of certain duties under the Michigan Medicaid program. Specifically, the Michigan Department of Health and Human Services (“MDHHS”), which oversees the Michigan Medicaid program, emailed providers that:

“As a reminder, all Medicaid-reimbursed services are subject to review for conformity with accepted medical practice and Medicaid coverage and limitations. The Michigan Department of Health and Human Services (MDHHS) conducts post-payment reviews to verify services, providers, settings, and appropriate billing. Providers must, upon request from authorized agents of the state or federal government, make available for examination and photocopying all medical records, quality assurance documents, financial records, administrative records, and other documents and records that must be maintained. Providers must maintain, in English and a legible manner, written or electronic records necessary to fully disclose and document the extent of services provided to beneficiaries. The records are to be retained for a period of not less than seven years from the date of service, regardless of a change in ownership or termination of participation in Medicaid for any reason.”

Generally, each of these is a basic program requirement applicable to all providers and suppliers who submit claims to the Michigan Medicaid program and are found in state statute, regulation, policy, participation agreement, or other sources.

Published on:

Earlier this month, the Department of Health and Human Services (HHS) released a concept paper that outlines the Department’s cybersecurity strategy for the healthcare sector. The concept paper builds on the Biden Administration’s National Cybersecurity Strategy, specifically focusing on strengthening resilience for hospitals, patients, and communities threatened by cyber-attacks. The paper arrives at a crucial time for healthcare providers since, according to the HHS Office for Civil Rights (OCR), large breach cyber incidents in the healthcare sector have increased 93% from 2018-2022, with a 278% increase in large breaches involving ransomware.

The HHS healthcare cybersecurity strategy is comprised of four concurrent components, with the overarching goal of strengthening cyber resiliency in the healthcare sector. The four components established by HHS are:

  • Establish voluntary cybersecurity performance goals for the healthcare sector;
Published on:

Recently, the Centers for Medicare & Medicaid Services (CMS) published the calendar year (CY) 2024 physician fee schedule (PFS) final rule, which solidified certain proposed changes to Medicare provider enrollment requirements. The changes discussed below go into effect January 1, 2024.

The final rule expands CMS’s current revocation and denial authorities in two significant ways. First, CMS now has the ability to revoke enrollment if a provider, supplier, or any owner, managing employee or organization, officer, or director has been convicted of a misdemeanor under federal or state law within the previous 10 years that CMS deems detrimental to the best interests of the Medicare program and its beneficiaries. Previously, CMS only had the authority to revoke a provider’s Medicare enrollment in the event of a conviction for certain felonies. CMS has stated that this could include any misdemeanor that, in its judgment, places the Medicare program or its beneficiaries at immediate risk, such as a malpractice suit that results in a conviction of criminal neglect or misconduct.

Second, the final rule expands CMS’s authority to revoke and deny enrollment if a provider, supplier, or any owner, managing employee or organization, officer, or director has had a civil judgment under the False Claims Act (FCA) imposed against them within the previous 10 years. Prior to the CY 2024 final rule, CMS did not have the authority to revoke a provider’s Medicare enrollment solely related to FCA activity. For purposes of this ground for revocation or denial, the term “civil judgment” would not include FCA settlement agreements – the provision requires a judgment against the provider or supplier.

Published on:

The Centers for Medicare & Medicaid Services (CMS) recently issued the final rule for the physician fee schedule (PFS) for calendar year (CY) 2024, which implements new evaluation and management (E/M) policies and solidifies certain existing telehealth policies.

In the final rule, CMS reduced overall payment rates under the PFS by 1.25% in CY 2024 compared to CY 2023. The final CY 2024 PFS conversion factor is $32.74, which is a decrease of $1.15 (or 3.4%) from the current CY 2023 conversion factor of $33.89, representing a decrease in overall pay to physicians.

CMS has also finalized a new payment code to reflect changes in policies regarding evaluation and management (E/M) services. Beginning January 1, 2024, a separate add-on payment for healthcare common procedure coding system (HCPCS) code G2211 is being implemented for billing split (or shared) visits. Split (or shared) E/M visits refer to visits provided in part by physicians and in part by other non-physician practitioners in hospitals and other institutional settings. The new code reflects the resource costs associated with E/M visits for primary care and longitudinal care. Generally, it will be applicable for outpatient and office visits as an additional payment, recognizing the inherent costs involved when clinicians are the continuing focal point for all needed services, or are part of ongoing care related to a patient’s single, serious condition or a complex condition.

Published on:

The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) recently entered into a first of its kind resolution agreement and corrective action plan to settle potential HIPAA violations arising out of a ransomware attack. The agreement to settle alleged HIPAA violations was entered into with Doctors’ Management Services (DMS), a practice management company acting as a business associate to several covered entities.

By way of background, in April 2019, OCR opened an investigation based on a breach report from DMS. The report stated that approximately 206,695 individuals were affected when the DMS network server was infected with ransomware. The initial unauthorized access to the network occurred several years prior. However, DMS did not detect the intrusion until late 2018 after ransomware was used to encrypt their files. Based on its investigation, OCR alleged that:

  • DMS failed to conduct an accurate and thorough risk analysis that assessed technical, physical, and environmental risks and vulnerabilities associated with handling electronic patient health information (ePHI);
Published on:

A recent report published by the Syntellis Performance Solutions and the American Hospital Association demonstrated a shocking 56% increase in Medicare Advantage (MA) claim denials from January 2022 to July 2023. The report was based on an analysis of data from over 1,300 health systems and hospitals, and further showed a 20% increase in commercial payor denials. The findings are especially concerning given that healthcare systems across the U.S. experienced drastic increased in operating expenses over the period, with a nearly 90% increase in maintenance costs, 33% increase in professional fees costs, 24% increase in labor costs, and a 35% increase in utility costs.

The substantial decrease in payments and significant increase in costs has put several health systems in the precarious position of being less equipped to navigate unforeseen market shifts. The serious physician and nursing labor shortage currently seen in the United States compounds the problem even further. Beneficiaries have also seen an increase in MA denials, which has led to increased congressional and regulatory scrutiny.

The increase of MA claim denials has led to increased scrutiny over the use of AI by insurance companies to evaluate claims for denial. A recent class action lawsuit was filed against UnitedHealth Group by MA beneficiaries, who claim the company’s AI algorithm systematically denies elderly patient’s claims. UnitedHealth began using an AI algorithm developed by its subsidiary NaviHealth, known as nH Predict, which the lawsuit alleges is used to “prematurely and in bad faith discontinue payment for healthcare services.”

Published on:

In November 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its General Compliance Program Guidance (GCPG). This guidance was released as part of OIG’s Modernization Initiative, which seeks to make compliance program guidance more user friendly and accessible. The document does not include new information but instead summarizes existing guidance regarding fraud and abuse risk, serving as an up-to-date comprehensive reference guide for the general healthcare community and industry stakeholders. OIG also noted that in 2024 it will begin publishing industry segment-specific CPGs (ICPGs) which will address compliance measures for industry subsectors.

The GCPG is not legally binding on any individual or entity, but contains valuable information regarding compliance with federal fraud and abuse statutes and regulations. The OIG guidance includes information regarding key fraud and abuse laws, the primary elements of an effective compliance program, program adaptations for small and large entities, other compliance considerations, and OIG resources and processes.

The GCPG begins with an overview of the principal federal fraud and abuse laws including the Anti-Kickback Statute (AKS), the Physician Self-Referral Law (PSL; also known as the “Stark law”), the False Claims Act (FCA), and the Civil Monetary Penalty law (CMP). Their stated goal in summarizing these laws is to “create awareness and provide tools and resources to aid compliance efforts in both preventing violations and identifying potential red flags early with respect to these laws and regulations.”

Published on:

On November 2, 2023, the Centers for Medicare & Medicaid Services (CMS) issued a final rule outlining the 2024 Medicare payment rates and policy updates for hospital outpatient and Ambulatory Surgical Center (ASC) services. The CMS final rule represents an annual update to the Medicare payment system and includes updates to the Outpatient Prospective Payment System (OPPS) and ASC payment rates, implementation of regulations aimed to improve hospital price transparency, and expansion of behavioral health services through the establishment of new payments and policies.

For calendar year (CY) 2024, CMS finalized an increased payment rate of 3.1% for OPPS and ASC services. This update reflects a projected hospital market basket increase of 3.3%, reduced by 0.2% for the productivity adjustment. This rate has been criticized by many leaders in the healthcare industry as inadequate to meet the financial burdens faced by hospitals and ASCs. American Hospital Association (AHA) Executive Vice President Stacey Hughes released the following statement in response to the final rule: “The AHA is concerned that CMS has again finalized an inadequate update to hospital payments…  Most hospitals across the country continue to operate on negative or very thin margins that make providing care and investing in their workforce very challenging day to day. Hospitals’ and health systems’ ability to continue caring for patients and providing essential services for their communities may be in jeopardy, which is why the AHA is urging Congress for additional support by the end of the year.”

The final rule also made changes to the CMS hospital price transparency requirements. All hospitals will now be required to display standard charge information through the use of a CMS template. The template is offered in various formats and requires hospitals to encode its standard charge information into the template. The rule also requires hospitals to place a “footer” at the bottom of their homepage linking users to the Hospital Price Transparency machine readable file (MRF). There will also be an affirmation statement requirement in which hospitals affirm they have made a good faith effort to ensure the MRF data is true, accurate, and complete.

Published on:

In light of the rapid technological advancements and increasing utilizations of artificial intelligence (AI), the World Health Organization (WHO) issued a publication outlining key regulatory considerations on AI for healthcare. The publication highlights emerging best practices for the development and use of AI in healthcare and aims to lay out an overview of regulatory considerations on AI for healthcare covering six general topic areas discussed below.

As the publication explains in greater detail, the WHO recommends that stakeholders take into account the following considerations as they continue to develop frameworks and best practices for the use of AI in healthcare:

  1. Documentation and transparency: Pre-specifying and documenting the intended medical purpose and development process should be considered in a manner that allows for the tracing of the development steps as appropriate. A risk-based approach should also be considered for the level of documentation and record-keeping utilized for the development and validation of AI systems.
Contact Information