Category: Administrative & Regulatory

Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health (HIPAA/HITECH) Compliance Strategies for Medical Device Manufacturers

Sheppard Mullin 2012

As computing power continues to become cheaper and more powerful, medical devices are increasingly capable of handling larger and larger sets of data. This provides the ability to log ever expanding amounts of information about medical device use and patient health. Whereas once the data that could be obtained from a therapeutic or diagnostic device would be limited to time and error codes, medical devices now have the potential to store personal patient health information. Interoperability between medical devices and electronic health record systems only increases the potential for medical devices to store personal information.

The concern has become so significant that the U.S. Food and Drug Administration recently issued a draft guidance and letter to industry noting concerns associated with theft or loss of medical information by cybersecurity vulnerable devices. For a more detailed discussion of this issue, see last month’s blog post.

This raises another important issue for medical device manufacturers and health care providers: medical device compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Compliance with HIPAA and HITECH has become a major concern for hospitals and health care providers, and will increasingly be an issue that medical device manufacturers will need to deal with.

A medical device manufacturer needs to answer three questions in order to determine whether the collection of patient information by a medical device is subject to HIPAA and HITECH:

  • Does the information qualify as Protected Health Information?
  • Is a Covered Entity involved?
  • Does a Business Associate relationship exist with a Covered Entity?

Protected Health Information

Protected Health Information (PHI) is individually identifiable health information transmitted or maintained in any form or medium.[1] Special treatment is given to electronic PHI, which is subject to both the HIPAA Privacy Rule, and the Security Rule (which only applies to electronic PHI). To be “individually identifiable,” the PHI must either identify the individual outright, or there must be a reasonable basis to believe that the information can be used to identify the individual.[2]

“Health information” is any information (including genetic information) that is oral or recorded in any form or medium, and meets two conditions.[3] First, the information must be created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.[4] Second, the information must relate to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual.[5]

If data collected by a medical device does not meet the definition of “individually identifiable,” or “health information,” it is not covered under HIPAA and HITECH. For example, a medical device that logs detailed medical diagnostic information about a patient, but includes no means by which that information may be traced to the patient, the data would likely fall outside of HIPAA and HITECH. Alternatively, a medical device, such as a mobile medical app, may request that a user provide detailed medical information about himself or herself. Provided that information is requested outside of the context of a health care provider, health plan, public health authority, employer, life insurer, school or university, HIPAA and HITECH similarly would likely not apply.

Covered Entities and Business Associates

There are two types of persons regulated by HIPAA and HITECH: “Covered Entities” and “Business Associates.” A Covered Entity is a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a covered transaction.[6] A Business Associate is a person who either creates, receives, maintains, or transmits PHI for a regulated activity on behalf of a covered entity, or provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to a covered entity, where the service involves the disclosure of PHI.[7]

Therefore, at a minimum, in order to be subject to HIPAA and HITECH a Covered Entity needs to be involved. For example, medical devices sold directly to consumers for personal use would generally not be subject to HIPAA and HITECH.

Conversely, just because a medical device manufacturer is not a “Covered Entity,” HIPAA and HITECH may apply through a Business Associate relationship. Business Associates include Health Information Organizations, E-prescribing Gateways, and others that provide data transmission services with respect to PHI to a covered entity, and that require access on a routine basis to PHI.[8] Business Associates also include persons that offer PHI to others on the behalf of a covered entity, or that subcontract with a Business Associate to create, receive, maintain, or transmit PHI.[9]

[1] 45 C.F.R. § 160.103 “Protected health information”.

[2] 45 C.F.R. § 160.103 “Individually identifiable health information” (2)(i) and (ii).

[3] 45 C.F.R. § 160.103 “Health information”.

[4] 45 C.F.R. § 160.103 “Health information” (1).

[5] 45 C.F.R. § 160.103 “Health information” (2).

[6] 45 C.F.R. § 160.103 “Covered entity”.

[7] 45 C.F.R. § 160.103 “Business associate” (1).

[8] 45 C.F.R. § 160.103 “Business associate” (3)(i).

[9] 45 C.F.R. § 160.103 “Business associate” (3)(ii) and (iii).

Article By:

 of

White House Previews List of Incentives to Support Adoption of its Cybersecurity Framework

Bracewell & Giuliani Logo

As its latest step in a broader effort to prioritize cybersecurity, the White House released last week a list of possible incentives that may be offered to companies that own or operate critical infrastructure systems and assets to encourage adoption of a national Cybersecurity Framework, scheduled for release in February 2014. The list of possible incentives—which the Departments of Homeland Security, Commerce, and Treasury identified in response to a February 12, 2013 Executive Order—includes grants, liability limitation, public recognition, and cybersecurity investment rate recovery, among others. Some of the identified incentives could be created from existing federal agency authorities, while others would require legislative action from Congress. Over the next few months, agencies will seek input from critical infrastructure stakeholders in examining their preliminary lists and determining which to implement and how.

In the same February 12, 2013 Executive Order, the President directed the National Institute of Standards and Technology (NIST), an agency of the Department of Commerce, to lead the development of a national Cybersecurity Framework to reduce cyber risks to critical infrastructure. The President called for the Framework to include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks, and directed NIST to incorporate voluntary consensus standards and industry best practices to the fullest extent possible. NIST released a draft outline of the Framework on July 1, 2013, and a full draft of the Framework is scheduled for release in October.

Exactly how the Cybersecurity Framework will interact with or complement the North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards is unclear. The Cybersecurity Framework is intended to provide cross-sector security standards, while the NERC CIP standards were developed by, and for the use of, the electricity sub-sector. The Administration intends for NIST to consult its peers, as the President directed the Secretary of Homeland Security to “engage and consider the advice” of sector-specific and other relevant agencies. The Secretary must also identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations, which would presumably include NERC. Whether NERC has been consulted and how their input thus far has been considered is unclear.

In its draft outline of the Cybersecurity Framework, NIST indicates that the voluntary program is intended to complement rather than to conflict with current regulatory authorities, and the draft compendium, attached to the outline, includes reference to the NERC CIP Standards. In fact, NERC submitted comments in response to NIST’s February 26, 2013 Request for Information seeking input to help shape the draft Framework. However, the content of the Framework is still unknown, and until the draft is released in October, the exact relationship between the two sets of standards remains uncertain. In the meantime, as NERC stated in its comments to NIST, NERC feels strongly that a second set of potentially conflicting or redundant standards could create undue hardship on the electricity sub-sector. NERC also stated that, “while a framework of cybersecurity standards that is applicable to all sectors is possible, the framework may need flexibility to have certain common elements to be valuable or effective. Some sectors, such as the electricity sub-sector, are far more advanced in their cybersecurity efforts; other sectors may need time to meet minimum (voluntary) standards. The framework must build on existing standards and programs to develop a comprehensive approach to cybersecurity.”

As national-level cybersecurity efforts have progressed this year, so have NERC’s efforts to improve the CIP standards. NERC Reliability Standards are generally written as performance standards; that is, they prescribe a measurable end-state or goal, and attempt to remain technology- and method-neutral. However, utilities widely criticized earlier versions of the standards as being focused primarily on compliance documentation as opposed to security principles. With input from stakeholders, NERC significantly revised its CIP standards in Version 5, which were filed with FERC on January 31, 2013. Much of industry considers the revised CIP program to be an improved framework for critical asset cybersecurity protection, with a renewed risk-based focus on security. NERC stated that it stands ready to share its industry-driven approach with NIST as it endeavors to develop the Cybersecurity Framework.

Commodity Futures Trading Commission (CFTC) Proposes Rules for Systemically Important Derivatives Clearing Organizations (SIDCO) to Conform to International Standards

Katten Muchin

The Commodity Futures Trading Commission has proposed additional standards for systemically important derivatives clearing organizations (SIDCOs) that are consistent with the Principles for Financial Market Infrastructures published by the Committee on Payment and Settlement Systems of the Bank for International Settlements (BIS) and the Board of the International Organization of Securities Commissions. The proposed rules include new or revised standards for governance, financial resources, system safeguards, default rules and procedures for uncovered losses or shortfalls, risk management, disclosure, efficiency, and recovery and wind-down procedures.

The proposed rules are designed to assure that SIDCOs will be deemed to be qualifying central counterparties (QCCPs) for purposes of international bank capital standards set by the BIS’ Basel Committee for Banking Supervision. The proposed rules would also allow a derivatives clearing organization (DCO) that is not a SIDCO to elect to opt in to the SIDCO regulatory requirements, thereby allowing the DCO to be deemed a QCCP.

The CFTC’s proposing release is available here.

Article By:

 of

Consumer Financial Protection Bureau (CFPB) Releases Exam Procedure Updates For Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA)

Sheppard Mullin 2012

On August 15 the Consumer Financial Protection Bureau released updates to its examination procedures in connection with the new mortgage regulations that were issued in January. These updates offer valuable guidance on how the CFPB will conduct examinations for compliance with the Truth in Lending Act and the Real Estate Settlement Procedures Act.

The updates incorporate the first set of interim TILA exam procedures from June. The CFPB Examination manual now contains updated interim exam procedures for RESPA, covering final rules issued by the CFPB through July 10, procedures for TILA, covering final rules issued by the CFPB through May 29, and the previously released interim exam procedures for the Equal Credit Opportunity Act, covering final rules issued by the CFPB through January 18.

A copy of the RESPA exam procedures released on August 15 can be found at:http://files.consumerfinance.gov/f/201308_cfpb_respa_narrative-exam-procedures.pdf

A copy of the TILA exam procedures released on August 15 can be found at: http://files.consumerfinance.gov/f/201308_cfpb_tila-narrative-exam-procedures.pdf

Article By:

of

Federal Energy Regulatory Commission (FERC) Initial Decision Lowers Return on Equity (ROEs) for New England Transmission Owners

SchiffHardin-logo_4c_LLP_www

On August 6, 2013, FERC Administrative Law Judge Michael J. Cianci issued an initial decision on the complaint filed against the New England Transmission Owners (NETOs) seeking to reduce their currently effective 11.14% base return on equity (ROE) (FERC Docket Nos. EL11-66-000, et al.). Applying FERC’s traditional discounted cash flow (DCF) analysis to financial data largely for the period May 2012 – October 2012, Judge Cianci would require the NETOs to use a 10.6% base ROE to make refunds for transmission service provided between October 1, 2011 and December 31, 2012. Applying the same DCF analysis to financial data largely for the period October 2012 – March 2013, Judge Cianci would allow the NETOs a 9.7% ROE that would apply prospectively once FERC ultimately issues its order in the case (assuming FERC sustains Judge Cianci’s rulings; see PP* 544, 559-560). These rulings undoubtedly are disappointing both to the NETOs, who opposed any reduction in the 11.14% base ROE, and the complainants, who advocated substantially lower ROEs (8.3% to 8.9%) than Judge Cianci would allow.

On the positive side for the NETOs, Judge Cianci found that reducing utility ROEs below 10% for a prolonged period could be harmful to the industry (P 576). He also resolved virtually all conventional DCF methodological issues in the NETOs’ favor and his 10.6% and 9.7% ROEs were the ROEs developed in the NETOs’ conventional DCF analysis (PP 551, 552, 557). This would suggest that the 10.6% and 9.7% ROEs represent the maximum possible ROEs given the financial market data and the constraints of FERC precedent.

Judge Cianci expressly declined to rule on an issue that was hotly contested by both the NETOs and the complainants. The issue is whether post-2007 financial market conditions cause the DCF method to understate ROE costs and require modification of FERC’s conventional DCF analysis by use of alternative ROE methodologies (e.g., CAPM) to determine the NETOs’ actual common equity costs. A related issue, also hotly disputed by the parties, is whether the billions of dollars of required new transmission investment should also impact the ROE calculus.

The NETOs and the complainants are free to dispute all aspects of Judge Cianci’s decision through the FERC appeal process. The initial appellate briefs (known as briefs on exceptions) are due September 20, 2013, and briefs opposing exceptions are due October 24, 2013. The ultimate FERC ruling in this case will clarify and/or modify FERC’s ROE policy and is likely to be of extreme importance not only to the NETOs and their customers but to all utilities who charge or pay FERC jurisdictional transmission rates.

Two elements of Judge Cianci’s decision merit additional comment.

First, his decision concerned the NETOs collectively with the result that the ROE benchmark was the so-called “mid-point” of the zone of reasonableness (the mid-point is the average of the highest and lowest returns within the zone). The benchmark for an individual utility would be the “median” (the median is the point within the zone of reasonableness where half the returns are higher and half the returns are lower). Under current conditions, the median would be somewhat lower than the midpoint. Thus, other things being equal (they never are), a hypothetical Judge Cianci decision in an individual utility rate case would result in somewhat lower ROEs.

Second, due to the statutory fifteen-month limitation on retroactive refunds, the NETOs will not be required to make Docket No. EL11-66-000 refunds for the period between January 1, 2013 and the issuance date of the final FERC order. However, FERC has not yet acted on a second ROE complaint currently pending against the NETOs (Docket No. EL13-33-000). Although FERC would need to make new ROE findings in the new docket, this second complaint could close the Docket No. EL11-66-000 gap, and expose the NETOs to “back-to-back” ROE refunds for a 15-month period beginning January 1, 2013.

The initial decision is available here.

* “P” refers to the relevant numbered paragraph in the initial decision.

Article By:

 of

A Review of Centers for Medicare & Medicaid Services' (CMS) Approach to $125 Million Recoupment of Payments to Providers for Services to Incarcerated / Unlawfully Present Beneficiaries

Sheppard Mullin 2012

CMS seeks to recover from providers $125 million in alleged overpayments for services to beneficiaries who are belatedly identified as ineligible (incarcerated/unlawfully present). This post examines the recovery process CMS has put in place, noting CMS procedural shortcomings and reviewing some substantive defenses available to providers facing such demands.

In January 2013, CMS’ Office of Investigator General released two parallel reports, criticizing CMS for making improper payments to providers for services rendered to beneficiaries who, according to updated Social Security Administration records, were either incarcerated or unlawfully present in the United States at the time of such service.[1]

OIG concluded that between 2010-2012, CMS made more than $125 million in improper payments to providers (including hospitals, outpatient facilities, physicians, skilled nurses, DME suppliers, home health, and hospice). OIG recommended that CMS take steps to recover such funds and avoid such payments in future.

In response, CMS noted that it already had in place a system that checks, at the time a claim is submitted, the eligibility status of each beneficiary. If data indicates that a patient is not eligible, the claim is rejected. As a result, all overpayments identified by OIG resulted from changes to SSA data after claims were processed.

Apparently anticipating these OIG reports, in November 2012, CMS published two change requests[2] to implement an Informational Unsolicited Response Process (IUR). Through an IUR, the Common Working File system would automatically flag and report to the MACs any previously paid claims where subsequent data updates indicated that the beneficiary was not eligible at time of service due to incarceration or unlawfully present status. In Spring 2013, CMS began implementing the incarcerated patient IUR.

Although CMS has Regional Audit Contractors (RACs) in place to perform post payment technical bill review, CMS has bypassed the RAC process; instead, using the IUR, CMS has instructed the MACs to “initiate recoupment procedures” upon receipt of an IUR to recover these funds. MACs, acting upon this instruction, immediately initiated recoupment through remittance advice[3] based simply upon the subsequent SSA data change. By acting in this way, CMS:

Failed to provide any explanation of the reason for the overpayment redetermination;
Failed to provide the required 15 day opportunity for rebuttal;
Failed to defer recoupment pending the 15 day rebuttal period and through reconsideration;
Failed to address whether provider liability should be waived under section 1870 of the Social Security Act (no fault waiver); and
Failed to advise providers of their appeal rights.[4]

Providers reacted with surprise, placing many calls to the MACs and SSA (to address mistakes in data). In many cases, SSA data indicating incarceration of a patient was simply erroneous; even if valid, it appears that, like CMS, provider were generally unaware of ineligibility at the time of service.

CMS initially took the position that notice letters were not required and there would be no appeal rights; CMS at first indicated that any erroneous findings would be addressed by “data revisions” (presumably through a discretionary reopening by the MAC).

CMS has modified some of its positions based upon provider objection.

In recent FAQs,[5] CMS now concedes that providers do have appeal rights.

But CMS says most errors won’t be fixed until October 2013.

Critically, CMS has not yet addressed its failure to give providers proper notice, explanation of findings, rebuttal rights, its failure to consider no fault waiver. CMS also has so far failed to honor the post payment restrictions on recoupment pending rebuttal and appeal.

The SSA database is not perfect. In one case, a hospice was put on recoupment for months of service to a female beneficiary in 2010-2011 who was mistakenly identified in the SSA database with an unrelated incarcerated male patient. Notice and thoughtful consideration of rebuttal evidence would have prevented this error.

Perhaps more importantly for the general provider community, at the time each provider filed claims for services previously rendered, SSA data showed that the patient was eligible (or the claim would not have been paid). This fact presents a strong case for waiver of provider overpayment liability under the no fault provisions of section 1870 of the Social Security Act.

[1]http://oig.hhs.gov/oas/reports/region7/70203008.htm and https://oig.hhs.gov/oas/reports/region7/71201116.asp

[2] CR 8007 and CR 8009; eg: http://www.cms.gov/Regulations-and-Guidance/Guidance/Transmittals/Downloads/R1134OTN.pdf

[3] Incarcerated Patient shows ANSI Code 81G.

[4] Key Authorities Include: 42 USC §§ 1395ff, 1395gg, 1395ddd(f); 42 CFR §§ 405.373, 405.379, 405.982; and the Medicare Financial Management Manual, Ch. 34, § 90.

[5] http://www.cms.gov/Medicare/Medicare-Contracting/FFSProvCustSvcGen/Downloads/Incarcerated-Beneficiary-FAQs-8-1-13.pdf

Article By:

 of

First Post-Supreme Court Defense of Marriage Act (DOMA) Case Rules in Favor of Same-Sex Spouse

SchiffHardin-logo_4c_LLP_www

In one of the first post-Supreme Court DOMA cases, the Eastern District of Pennsylvania, applying Illinois state law, held that the surviving same-sex spouse of a deceased participant in an employer sponsored pension plan was entitled to the spousal death benefit offered under the plan. See Cozen O’Connor, P.C. v. Tobits, Civil Action No. 11-0045; 2013 WL 3878688 (E.D. Pa., July 29, 2013).

This case is significant because it is the first case after the Supreme Court’s June 26, 2013 decision in United States v. Windsor, 133 S. Ct. 2675 (2013) to grapple with choice of law in determining whether a marriage is valid for purposes of obtaining spousal benefits under an ERISA-covered plan. While Windsor ruled that Section 3 of DOMA defining marriage only as between persons of the opposite sex unconstitutional for purposes of applying federal law, it did not address or invalidate Section 2, which permits states to decline to recognize same-sex marriages performed in other states.

Case Background

In 2006, Sarah Farley and Jean Tobits were married in Canada. Shortly after they were married, Ms. Farley was diagnosed with cancer, and she died in 2010. At the time of her death, Ms. Farley was employed by the law firm of Cozen O’Connor and a participant in the firm’s profit sharing plan (the Plan). The Plan provided that a participant’s surviving spouse would receive a death benefit if the participant died before the participant’s retirement date. If the participant was not married or the participant’s spouse waived his or her right to the death benefit, the participant’s designated beneficiary would be entitled to the death benefits. The Plan defined “Spouse” as “the person to whom the Participant has been married throughout the one-year period ending on the earlier of (1) the Participant’s annuity starting date or (2) the date of the Participant’s death.”

Ms. Farley’s parents and Ms. Tobits both claimed a right to the Plan’s death benefits. Ms. Farley’s parents claimed that they had been designated as the beneficiaries, but it was undisputed that Ms. Tobits had not waived her rights to the death benefits. Cozen O’Connor filed an interpleader action in the Eastern District of Pennsylvania asking the court to determine who was entitled to the benefits. Therefore, the case focused on whether Ms. Tobits qualified as a “Spouse” under the Plan and thus was entitled to the death benefits.

The Court’s Ruling

The court noted that Windsor “makes clear that where a state has recognized a marriage as valid, the United States Constitution requires that the federal laws and regulations of this country acknowledge that marriage” irrespective of whether the marriage is between a same-sex couple or a heterosexual couple. With Windsor’s emphasis on states’ rights to define marriage, lower courts are left with the complicated task of deciding which state law applies when determining whether a same-sex spouse is entitled to benefits under federal law in those instances, as in Cozen, where multiple jurisdictions with different laws on same-sex marriage are implicated.

Apparently, because Cozen O’Connor is headquartered in Pennsylvania, the Plan is administered there, and the Plan’s choice of law provision references Pennsylvania law, the Farleys asked the court to apply Pennsylvania state law to determine the validity of the marriage. Pennsylvania’s mini-DOMA statute expressly defines marriage as between a man and a woman. The court concluded that ERISA preempted Pennsylvania law. It reasoned that if courts were required to look at the state in which the plans were drafted, plan administrators might be encouraged to forum shop for states with mini-DOMA laws to avoid paying benefits to same-sex couples. The court thought this kind of forum shopping would upset ERISA’s principle of maintaining national uniformity among benefit plans. Without further analysis, the court concluded Pennsylvania state law was not an option for determining Ms. Tobits’ status as a spouse within the meaning of the Plan.

Instead, the court applied Illinois law, the state where Ms. Farley and Ms. Tobits had jointly resided until Ms. Farley’s death. It was undisputed that Ms. Farley and Ms. Tobits had a valid Canadian marriage certificate. The court concluded that the marriage was valid in Illinois and that Ms. Tobits was Ms. Farley’s spouse within the Plan’s definition. Accordingly, the court held that Ms. Tobits was entitled to the Plan’s death benefit. Although not entirely clear, the court presumably came to this conclusion based on Illinois’ civil union statute (even though it was enacted after Ms. Farley’s death). The statute provides that (i) same-sex marriages and civil unions legally entered into in other jurisdictions will be recognized in Illinois as civil unions and (ii) persons entering into civil unions will be afforded the benefits recognized by Illinois law to spouses. See 750 Ill. Comp. Stat. An. 75/5 and 75/60 (West 2011).

Impact of Cozen on ERISA Benefit Plans

Cozen is the first ruling in the wake of Windsor to address which state law might apply when there are conflicting state laws as to whether a valid marriage is recognized for the purpose of being a “spouse,” and therefore whether the spouse is entitled to benefits under an ERISA-covered plan. In Cozen, Ms. Farley and Ms. Tobits were lawfully married in Canada, and the court ruled that Illinois’s civil union law recognizes lawful marriages performed in other jurisdictions. The court applied the law of the domicile state to support its holding that Ms. Tobits was a surviving spouse entitled to the Plan’s death benefit.

The Cozen decision may have little value outside of cases where a valid same-sex marriage is performed in one state (the “state of celebration”) and the state where the couple is domiciled recognizes same-sex marriages. In other situations, faced with a choice of law where the law of the state of domicile conflicts with the law of the state of celebration, the outcome could be different, because Section 2 of DOMA survives after the Windsor decision. Unless the federal government creates a uniform method of determining the choice of law question, ERISA cases raising benefit entitlement questions in the context of same-sex marriages are likely to continue to complicate plan administration, and ERISA’s goal of maintaining national uniformity in the administration of benefits will remain elusive.

Article By:

 of

US Government Accountability Office (GAO) Advocates for Increased Attention on Adapting to the Effects of Climate Change

Beveridge Diamond Logo

The US Government Accountability Office (GAO), the federal government’s non-partisan internal auditor, has jumped into the climate change fray, arguing that the federal government must improve how it is addressing the effects of climate change, in addition to and irrespective of any actions taken to prevent or reverse it. In two reports issued earlier this year, the GAO describes shortcomings in federal efforts to address the “significant financial risks” from climate change and recommends both macro and micro level changes to address these risks.

The first of the two reports is the biennial update to GAO’s list of federal programs and operations at “high risk” for waste, fraud, abuse, and mismanagement or needing broad-based transformation (High Risk List).[1] The High Risk List was originally compiled in 1990 and is released at the start of each new Congress to help in setting oversight agendas. An issue is added to the High Risk List if it meets the following four criteria:

  • the issue is of national significance;
  • it is key to government performance and accountability;
  • the associated risk involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens’ rights; and
  • the issue could result in significant impaired service, program failure, injury or loss of life, or significantly reduced economy, efficiency, or effectiveness.

The 2013 High Risk List adds climate change to the list of now 30 issues that meet these “high risk” criteria.[2] According to the GAO, the federal government allocates greater sums of money each year to climate change adaptation activities, but it is “not well organized to address the fiscal exposure presented by climate change, partly because of the inherently complicated, crosscutting nature of the issue.” In particular, the GAO is concerned that the federal government is exposed to “significant financial risks” from climate change: (1) as a property owner of extensive infrastructure; (2) as an insurer through the National Flood Insurance Program; (3) as an investor in infrastructure projects that state and local governments prioritize and supervise; and (4) as a provider of emergency aid in response to natural disasters.

In determining the scope of its policy recommendations, the GAO considered whether to focus on responses to prevent or reverse climate change or responses to adapt to the effects of climate change. In choosing to focus on adaptation strategies, GAO cites research from the National Research Council (NRC) and the United States Global Change Research Program (USGCRP) concluding that greenhouse gases already in the atmosphere will irrevocably alter the climate system for many decades.[3] The resulting policy recommendations advocate for key entities within the Executive Office of the President, including the Council on Environmental Quality (CEQ) and the Office of Science and Technology Policy, in consultation with federal, state, and local stakeholders, to develop “a government-wide strategic approach with strong leadership and the authority to manage climate change risks that encompasses the entire range of related federal activities and addresses all key elements of strategic planning.” The GAO anticipates that this centralized approach will increase efficiencies in these efforts and take advantage of economies of scale. Private entities that operate in the infrastructure sector, and in related industries, should monitor the executive and legislative responses to these broad-based recommendations.

The second report centers on one of the areas of concern from the climate change addition to the High Risk List — the federal government’s role in supporting state and local governments in their efforts to strengthen infrastructure vulnerable to the effects of climate change.[4] In it, the GAO examines (1) the impacts of climate change on infrastructure; (2) the extent to which climate change is incorporated into infrastructure planning; (3) factors that enabled some decision makers to implement adaptive measures; and (4) federal efforts to address local adaptation needs, as well as potential opportunities for improvement. Similar to the recommendations made in the climate change portion of the High Risk List, GAO advocates for a centralized system of information and data, as well as streamlined access to that data for local infrastructure decision makers, as one of the primary means to increasing and improving climate-related adaptions in infrastructure planning. Of the specific projects that GAO studied in order to prepare the report, those that had easy access to climate data and expertise to help interpret that data were more likely to incorporate adaptions to address the effects of climate change into their plans.

Furthermore, the GAO specifically recommends that CEQ finalize its 2010 guidance on how federal agencies should consider the effects of climate change in their evaluations of proposed federal actions under the National Environmental Policy Act (NEPA). Until the guidance is final, it is “unclear how, if at all, agencies are to consistently consider climate change in the NEPA process, creating the potential for inconsistent consideration of the effects of climate change in the NEPA process across the federal government.”[5] Therefore, entities involved in projects that fall under NEPA’s purview should monitor CEQ’s activities on this issue and consider submitting comments on any resulting guidance or regulation.

[1] GAO, High-Risk Series: An Update, Report No. GAO-13-283 (Feb. 2013)

[2] Id. at 61-76 (“Limiting the Federal Government’s Fiscal Exposure by Better Managing Climate Change Risks”).

[3] Id. at 63 (“[L]imiting the federal government’s fiscal exposure to climate change risks will present a challenge no matter the outcome of domestic and international efforts to reduce emissions”).

[4] GAO, Climate Change: Future Federal Adaptation Efforts Could Better Support Local Infrastructure Decision Makers, Report No. GAO-13-242 (Apr. 2013).

[5] Id. at 87. 

Article By:

 of

U.S. Medical Oncology Practice Sentenced for Use and Medicare Billing of Cancer Drugs Intended for Foreign Markets

GT Law

In a June 28, 2013 news release by the Office of the United States Attorney for the Southern District of Californiain San Diego, it was reported that a La Jolla, California medical oncology practice pleaded guilty and was sentenced to pay a $500,000 fine, forfeit $1.2 million in gross proceeds received from the Medicare program, and make restitution to Medicare in the amount of $1.7 million for purchasing unapproved foreign cancer drugs and billing the Medicare program as if the drugs were legitimate. Although the drugs contained the same active ingredients as drugs sold in the U.S. under the brand names Abraxane®, Alimta®, Aloxi®, Boniva®, Eloxatin®, Gemzar®, Neulasta®, Rituxan®, Taxotere®, Venofer® and Zometa®), the drugs purchased by the corporation were meant for markets outside the United States, and were not drugs approved by the FDA for use in the United States. Medicare provides reimbursement only for drugs approved by the Food and Drug Administration (FDA) for use in the United States. To conceal the scheme, the oncology practice fraudulently used and billed the Medicare program using reimbursement codes for FDA approved cancer drugs.

In pleading guilty, the practice admitted that from 2007 to 2011 it had purchased $3.4 million of foreign cancer drugs, knowing they had not been approved by the U.S. Food and Drug Administration for use in the United States. The practice admitted that it was aware that the drugs were intended for markets other than the United States and were not the drugs approved by the FDA for use in the United States because: (a) the packaging and shipping documents indicated that drugs were shipped to the office from outside the United States; (b) many of the invoices identified the origin of the drugs and intended markets for the drugs as countries other than the United States; (c) the labels did not bear the “Rx Only” language required by the FDA; (d) the labels did not bear the National Drug Code (NDC) numbers found on the versions of the drugs intended for the U.S. market; (e) many of the labels had information in foreign languages; (f) the drugs were purchased at a substantial discount; (g) the packing slips indicated that the drugs came from the United Kingdom; and (h) in October, 2008 the practice had received a notice from the FDA that a shipment of drugs had been detained because the drugs were unapproved.

In a related False Claims Act lawsuit filed by the United States, the physician and his medical practice corporation paid in excess of $2.2 million to settle allegations that they submitted false claims to the Medicare program. The corporation was allowed to apply that sum toward the amount owed in the criminal restitution to Medicare. The physician pleaded guilty to a misdemeanor charge of introducing unapproved drugs into interstate commerce, admitting that on July 8, 2010, he purchased the prescription drug MabThera (intended for market in Turkey and shipped from a source in Canada) and administered it to patients. Rituxan®, a product with the same active ingredient, is approved by the Food and Drug Administration for use in the United States.

Article By:

 of

ALERT: Fraud Scheme Targets Foreign Nationals

GT Law

Foreign nationals are advised to be aware of a reported fraud scheme that is currently being perpetrated in the United States.

Individuals purporting to be officers of U.S. Citizenship and Immigration Services (USCIS) are reportedly telephoning foreign nationals to falsely claim a discrepancy or problem in such individuals’ immigration records and pressure victims to pay a “penalty” to rectify the issue. Victims are told to wire funds to an address the caller provides.

The perpetrators may possess personal information about the victim and may ask victims to provide or confirm immigration information, including an I-94 number, an alien registration number or a visa control number.

Foreign nationals who receive such calls should not forward any funds as instructed by the caller or disclose any personal information. Those targeted by the scheme should contact law enforcement, the Federal Trade Commission Bureau of Consumer Protection, and an attorney.

Article By:

 of