Category: Health

Privacy Tip #335 – Health Care Sector Continues to Be Hit with Ransomware

According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care sector shared that 66 percent of them had experienced a ransomware attack in 2021, which was an increase of 69 percent over 2020. This was the largest increase of all sectors surveyed.

If you look at the Office for Civil Rights data breach portal, you will see that a vast majority of breaches reported by health care providers and business associates are related to “Hacking/IT incident.” This confirms that the health care sector continues to be attacked by threat actors seeking to steal protected health information of patients.

If you are a patient who receives a breach notification letter from a health care provider or business associate, the letter will provide guidance on how to protect yourself following a data breach and may offer some protection guidance, including credit monitoring or fraud resolution. Such a letter has been sent to patients to comply with the breach notification requirements of HIPAA and state law. Part of those requirements includes that the patients be provided mitigation steps following the breach to protect themselves from fraud. Avail yourself of these protections in the event your information is compromised. Take the time to sign up for the mitigation offered. It is clear that these attacks will not subside any time soon.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity and media legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

States Target Infant Formula Price Gouging

There has been a nationwide shortage of infant formula following a recall and temporary closure of a major infant formula manufacturing facility in February 2022. This facility supplied as much as 40% of the nation’s infant formula. In the wake of these events, state attorneys general are on the lookout for unlawful price gouging of infant formula. Sellers of infant formula should make sure that they do not inadvertently run afoul of state price gouging restrictions.

State price gouging laws prohibit price increases above certain thresholds during a period of emergency. Several state governments have recently issued declarations or proclamations that trigger price increase limitations for infant formula, including in California (CA Exec. Order N-10-22, 6/7/2022), Oregon (OR Exec. Procl., 5/13/2022), Colorado (CO Exec. Order D-2022-021, 5/25/2022), New Jersey (NJ Exec. Order No. 296, 5/17/2022), and Kentucky (KY Exec. Order 2022-321, 6/9/2022). Each of these states has a different price gouging restriction. For instance, infant formula sold in California cannot exceed the February 17, 2022 price by more than 10% except in certain limited circumstances. Other states may have a different price increase threshold or a different benchmark date. Multi-state sellers must take care to comply with the restrictions in each state.

Several states, such as Colorado and Nevada, enacted new price gouging laws in the wake of the COVID-19 pandemic. See Colo. Rev. Stat. § 6-1-730; NRS § 598.09235. Enforcers have not had much experience enforcing these statutes, which may mean greater uncertainty for sellers in those states.

Most, but not all states have a price gouging law. In states that do not have a price gouging law, attorneys general will often seek to enforce their state’s unfair or deceptive trade practices act against reports of price gouging. For example, the attorney general of New Mexico, a state without a price gouging law, issued a press release on May 31, 2022 announcing that he is investigating complaints regarding infant formula price gouging. Similar to the COVID-19 pandemic, the infant formula shortage is triggering a variety of different price gouging restrictions in different states at the same time. Navigating the differences from state-to-state can be challenging, particularly in light of the new laws and amended laws that have been recently enacted. Sellers should review their normal pricing practices and make necessary changes to avoid inadvertently running afoul of the restrictions in a particular state.

Article By Leo Caseria and Thomas L. Tyson of Sheppard, Mullin, Richter & Hampton LLP

For more antitrust and trade regulation legal news, click here to visit the National Law Review.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

ERIC Files Amicus Brief Rebutting DOL Attempt to Create New Regulations in Lawsuit, Petitions US Supreme Court on Seattle Healthcare Case

Read on below for coverage of recent law firm news from McDermott Will & Emery.

ERIC Files Amicus Brief Rebutting DOL Attempt to Create New Regulations in Lawsuit

McDermott Will & Emery’s Andrew C. LiazosMichael B. Kimberly and Charlie Seidell recently filed an amicus brief in the US Court of Appeals for the 10th Circuit on behalf of the ERISA Industry Committee (ERIC). McDermott filed the brief in response to a US Department of Labor (DOL) amicus brief that advanced a novel interpretation of its regulations which, if adopted through litigation, would change longstanding procedures for benefit determinations under self-funded medical plans sponsored by large employers. The amicus brief focuses on key arguments against the DOL’s attempted regulatory reinterpretation, including that:

  • DOL may not rewrite its regulations outside of notice-and-comment rulemaking;
  • DOL’s interpretation of its own regulations is inconsistent with the plain text of the regulations;
  • There are good policy reasons underlying differential treatment of healthcare and disability benefits determinations; and
  • DOL’s interpretation of the regulations in its amicus brief is not entitled to deference under the Supreme Court decision in Kisor.

Read ERIC’s amicus brief here.

Read ERIC’s statement here.

ERIC Petitions US Supreme Court on Seattle Healthcare Case

McDermott Will & Emery’s Michael B. KimberlySarah P. Hogarth and Andrew C. Liazos, are co-counsel on a petition for certiorari before the Supreme Court of the United States on behalf of the ERISA Industry Committee (ERIC). The petition calls for review of ERIC’s legal challenge to the City of Seattle’s hotel healthcare “play or pay” ordinance. The ordinance mandates hospitality employers make specified monthly healthcare expenditures for their covered local employees if their healthcare plans do not meet certain requirements. The petition demonstrates that Seattle’s ordinance is a clear attempt to control the benefits provided under medical plans in violation of the preemption provision under the Employee Retirement Income Security Act of 1974, as amended (ERISA). This case is of significant national importance. Several other cities have proposed making similar changes, and complying with these types of ordinances will substantially constrain the ability of employers to control the terms of their medical plans on a uniform basis. ERIC’s petition is joined by several trade associations, including the US Chamber of Commerce, the American Benefits Council and the Retail Industry Leaders Association.

Read ERIC’s petition for writ of certiorari here.

Read ERIC’s statement here.

 

Article by , and .

Attorney Advertising © 2022 McDermott Will & Emery

For more legal industry news, click here to visit the National Law Review.

 

Senate Bill to Revise and Reassess GRAS Program

  • On May 27, Senator Edward J. Markey (D-Mass.), alongside Senators Richard Blumenthal (D-Conn.) and Elizabeth Warren (D-Mass)., introduced the Ensuring Safe and Toxic-Free Foods Act, which is described as “comprehensive legislation that ensures the Department of Health and Human Services (HHS) fulfills its responsibility to promote the health and well-being of American families by directing the Food and Drug Administration (FDA) to strengthen the Substances Generally Recognized as Safe (GRAS) Rule, which exempts companies from seeking pre-market approval for food chemicals.” A summary of the legislation is available here.
  • The legislation would prohibit manufacturers from independently designating substances as GRAS (or manufacturing or selling food containing those substances) without supplying notice and supporting information to the Secretary of HHS. Substances that are carcinogenic or that have evidence of reproductive or developmental toxicity would be prohibited from receiving a GRAS designation. Further, the legislation would require that a GRAS Notice and all supporting information be publicly available online and subject to a 90-day review period.
  • The legislation would also direct the Secretary to create an Office of Food Chemical Safety Reassessment within FDA’s CFSAN. The new office would be responsible for reassessing the safety of existing food additives, food contact substances, color additives, and substances that had already received GRAS status. The office would be required to reassess at least 10 substances (or class of substances) once every three years. As included in the bill, the first 10 substances to be reviewed would be:
    • Perfluoroalkyl substances and polyfluoroalkyl substances
    • Ortho-phthalates
    • The class of bisphenols
    • Titanium dioxide
    • Potassium bromate
    • Perchlorate
    • Butylated hydroxyanisole (BHA)
    • Butylated hydroxytoluene (BHT)
    • Brominated vegetable oil (BVO)
    • Propyl paraben
  • With regard to the legislation, Senator Markey has said “The FDA too often falls short on their responsibility to promote food safety, highlighted recently by the baby formula crisis where FDA’s deputy commissioner for food policy did not learn about the whistleblower complaint for four months. It is long past time we revise existing food safety measures and close the loophole allowing manufacturers to self-regulate what new substances can enter our food supply.”

Article By Food and Drug Law at Keller and Heckman of Keller and Heckman LLP

For more biotechnology, life sciences, food and drug law news, click here to visit the National Law Review.
© 2022 Keller and Heckman LLP

Employers Beware: Take-Home COVID Cases are on the Rise (US)

You’ve just been informed that an employee who apparently contracted COVID-19 from exposure in your workplace brought the virus home, and now his spouse, who is in a high-risk category, has contracted the virus and is in the hospital.  Do you as the employer face potential liability for the spouse’s illness?

More than two dozen so-called “take-home” COVID-19 lawsuits have been filed across the country, including against some of the largest employers in the US. This alarming pattern has prompted trade groups to warn employers of the potential for lawsuits stemming from COVID infections filed not only by workers’ family and friends but by anyone infected by that circle of people, creating a seemingly endless chain of liability for employers. Some states have enacted laws shielding employers from such suits, but where that is not the case, the legal theories and procedural paths under which these suits have proceeded vary – including some being brought in state courts, some in federal courts, and others brought under claims within the worker’s compensation system.

The issue is currently being tested in California, where the US Court of Appeals for the Ninth Circuit recently certified questions to the California Supreme Court seeking guidance on the state’s laws. The case, Kuciemba v. Victory Woodworks, Inc., arose after Mr. Kuciemba allegedly was exposed to COVID-19 through his work at one of his employer’s job sites.  According to the Kuciembas, Victory knowingly transferred workers from an infected construction site to the job site where Mr. Kuciemba was assigned without following the safety procedures required by the San Francisco Health Order. He was forced to work in close contact with these employees, and soon developed COVID-19, which he brought back home. His wife is over 65 years old and was at high risk from COVID-19, and the family had been careful to limit their exposure to the virus, with the exception of Mr. Kuciemba going to work. Mrs. Kuciemba subsequently tested positive for the disease and was hospitalized for over a month after developing severe symptoms. The Kuciembas filed suit, alleging that Victory caused Mrs. Kuciemba’s injuries by violating the Health Orders, and negligently allowed COVID-19 to spread from its worksite into their household.

The lower court dismissed the case, which was then appealed to the federal appeals court. After hearing the argument, the court asked the California Supreme Court to answer two questions of state law. First, whether Mrs. Kuciemba’s illness was an “injury” that was “derivative” of Mr. Kuciemba’s work-related injury, and therefore, Mrs. Kuciemba’s claims would be subject to the exclusive jurisdiction of the Worker’s Compensation Act (“WCA”); and second, assuming that the WCA is not the exclusive remedy, whether the employer owed a duty to the households of its employees to exercise ordinary care to prevent the spread of COVID-19. Neither question has been squarely answered by the California Supreme Court, although, as noted by the federal appeals court, in a somewhat analogous situation, California courts have allowed suits against employers who negligently allowed their employees to carry asbestos fibers home to their families.

While the Kuciemba case was pending, a California Court of Appeal in another case, See’s Candies v. Superior Court, ruled that the derivative injury doctrine does not bar third-party COVID-related claims. Under a similar fact pattern, the court allowed the negligence case to go forward while noting that the plaintiff would still need to prove that the employer owed a duty of care to non-employees infected with COVID-19 due to an employee contracting the virus at work. Acknowledging that an analysis of this duty “appear[s] worthy of exploration,” the state appellate court said the analysis would include an assessment of “public policy concerns that might support excluding certain kinds of plaintiffs or injuries from relief.” The California Supreme Court declined to review the See’s case, meaning that it’s holding still stands.

The California Supreme Court has not yet announced whether it will use its discretion to respond to the Ninth Circuit’s certified questions in the Kuciembas’ case. In the meantime, California employers cannot automatically rely on the exclusive remedial scheme provided under the worker’s compensation system to cover these claims and are not necessarily shielded from COVID-19 lawsuits brought by employees’ family members (and perhaps others). That said, even if employers owe their employees’ families a duty of care, affected employees will still have to prove that it was the employer’s negligence that caused the illness and that the virus was not contracted from another source – a tall order for a highly transmissible virus like COVID-19. In the meantime, however, it behooves all California employers to continue maintaining health and safety measures to prevent the spread of COVID-19, and react quickly and appropriately in the event of an outbreak of COVID-19 in the workplace.

Article By Karen E. Wentzel and Cristen R. Hintze of Squire Patton Boggs (US) LLP

For more Coronavirus news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP

Monkeypox—Do Employers Need to Worry?

Several cases of monkeypox have now been found in the United States. We do not yet know whether employers will need to worry about monkeypox in the context of their workforces and workplace, but it may be wise to be informed.

Monkeypox is a viral illness that has symptoms including body aches, headaches, fatigue, and, notably, a bumpy skin rash. It is primarily found in Africa, most particularly in the Democratic Republic of the Congo. Monkeypox has an incubation period that generally lasts 7-14 days but can be as long as 5-21 days. It has now recently been found in the United States, according to the U.S. Centers for Disease Control and Prevention (CDC). The first case reported was in Massachusetts in a man who had been to Canada. The second was in New York City by another individual who had a virus similar to monkeypox. And the third was a “presumptive case” involving a Broward County, Florida, man who had traveled internationally, the CDC said.

Unlike what we have been through with COVID-19, wearing a mask will likely not be an issue with monkeypox. It is spread through infected animals, prolonged person-to-person contact, direct contact with lesion materials, or indirect contact through contaminated items, such as contaminated clothing. Avoiding these will help avoid the possibility of infection. Since frequent handwashing continues to be a good hygiene practice, continuing to make this an easy and frequent practice for employees is generally a good health practice, according to health officials.

Monkeypox has also recently been found in Australia, Belgium, Canada, France, Germany, Italy, the Netherlands, Portugal, Spain, Sweden, and the United Kingdom. According to public health officials, the risk of exposure remains low although there are expected to be more cases in the United States. Health officials believe the smallpox vaccination will offer some amount of protection from monkeypox.

Employers that have employees who are soon to travel internationally, either for personal or business reasons, may want to consider educating them on the symptoms, how the virus is transmitted, and the fact that they may wish to consult with their own healthcare practitioners about the smallpox vaccination. There is no indication that travel should be avoided or prohibited.

Article By Katherine Dudley Helms of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more labor and employment legal news, click here to visit the National Law Review.

© 2022, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

Medicare Advantage: OIG Report Finds Improper Denials

On April 27,2022, the Office of Inspector General of the Department of Health and Human Services (OIG), Office of Evaluations and Inspections, issued a report on the performance of Medicare Advantage Organizations (MAOs) in approving care and payment consistently with Medicare coverage rules. In its review, OIG found that 13% of MAO denials of prior authorization requests should have been approved and that 18% of payment requests from providers were improperly denied. OIG also made a number of recommendations to the Center of Medicare and Medicaid Services (CMS) with respect to its oversight of MAOs.

Purpose and Method of the Study

OIG undertook the study to assess whether MAOs are appropriately providing access to medically necessary services and making payment to providers consistently with Medicare coverage rules. Since CMS pays MAOs principally by capitation, MAOs have a potential incentive to increase their profits by denying access to care of beneficiaries or by denying payments to providers. CMS’s annual audits of MAOs have indicated some persistent problems related to inappropriate denials of service and payment. As enrollment in Medicare Advantage continues to grow, OIG viewed it as important to ensure that medically necessary care is provided and that providers are paid appropriately.

OIG conducted the review by randomly selecting 250 denials of prior authorization requests and 250 payment request denials by 15 of the largest MAOs during a week in June of 2019. OIG had coding experts review the cases and had physician reviewers examine the medical records. Based on these reviews, OIG estimated the rates at which MAOs issued denials of services or payment that met Medicare coverage rules and MAO billing rules. OIG also examined the reasons for the inappropriate denials and the types of services involved.

Standards

MAOs must cover items and services included in fee-for-service Medicare, and may also elect to include additional items and services. MAOs are required to follow Medicare coverage rules that define what items and services are covered and under what circumstances. As the OIG states in the Report, MAOs “may not impose limitations – such as waiting periods or exclusions from coverage due to pre-existing conditions — that are not present in original Medicare.” In following Medicare coverage rules, MAOs are permitted to use additional denial criteria that were not developed by Medicare when they are deciding to authorize or pay for a service, provided the clinical criteria are “no more restrictive than original Medicare national and local coverage policies.” MAOs may also have their own billing and payment procedures, provided all providers are paid accurately, timely, and with an audit trial.

MAOs utilize prior authorization requests before care is furnished to manage care and payment requests from providers to approve payment for services provided. Beneficiaries and providers may appeal such decisions, and beneficiaries and providers are successful in many of the appeals (for a one-time period, as many as 75% of the appeals were granted).

Findings

Prior Authorization Denials

In the study, OIG found that 13% of prior authorization denials were for services that met Medicare coverage rules, thus delaying or denying care that likely should have been approved. MAOs made many of the denials by applying MAO clinical criteria that are not part of Medicare coverage rules. As an example, a follow-up MRI was denied for a beneficiary who had an adrenal lesion that was 1.5 cm in size, because the MAO required the beneficiary to wait one year for such lesions that are under 2 cm in size. OIG’s experts found such a requirement was not contained in Medicare coverage rules and was therefore inappropriate. Rather, the MRI was medically necessary to determine if the lesion was malignant.

OIG also found instances where MAOs requested further documentation that led to a denial of care when it was not furnished, as such additional documentation was not required to determine medical necessity. OIG’s reviewers found that either sufficient clinical information was in the medical record to authorize the care or the documentation requested was already contained in the medical record.

Payment Denials

OIG found in the study that 18% of payment denials fully met Medicare coverage rules and MAO payment policies. As a result of these denials, payment was delayed or precluded for services that should have been paid.

OIG found that common reasons for these inappropriate payment denials were human error in conducting manual reviews (for example, the reviewer not recognizing that a skilled nursing facility (SNF) was an in-network provider), and inaccurate programming.

OIG also found that advanced imaging services (including MRIs and CT scans), stays in post-acute facilities (including SNFs and inpatient rehabilitation facilities), and injections were the services that were most prominent in the inappropriate denials that should have been authorized for care and payment in accordance with Medicare coverage rules.

OIG Recommendations

Based on the study, OIG recommended that:

  • CMS should issue new guidance on both the appropriate and inappropriate use of MAO clinical criteria that are not contained in Medicare coverage rules. In particular, OIG recommended that CMS should more clearly define what it means when it states that MAO clinical criteria may not be “more restrictive” than Medicare coverage rules.

  • CMS should update its audit protocols to address issues identified in the report such as MAO use of clinical criteria and/or examine particular service types that led to more denials. OIG suggests CMS should consider enforcement actions for MAOs that demonstrate a pattern of inappropriate payment denials.

  • CMS should direct MAOs to identify and address the reasons that led to human errors.

CMS reviewed the OIG report and concurred with each of OIG’s recommendations. Those recommendations can affect future coverage decisions as well as utilization of prior authorization tools. AHIP, a national association of health care insurers, challenged the OIG’s sample size as inappropriate to support the agency’s conclusions, and defended prior authorization tools.

Takeaways

Given CMS’s concurrence with the report’s findings, we recommend that MAOs track these issues over the next several months in advance of CMS’s Final Rate Announcement for CY 2024.

MAOs should also be aware of potential False Claims Act (FCA) exposure in this area. FCA exposure can arise when a company seeks and receives payments despite being out of compliance with the basic terms for its participation. If an MAO knew it was denying claims that should be paid because they would be covered under traditional Medicare, but the MAO was still collecting full capitation, it is possible that a whistleblower or the government may pursue FCA liability. This risk warrants attention because whistleblowers can bring qui tam suits under the FCA, with resulting high costs for defense and potentially high penalties if a violation is proven (or settled to avoid further litigation). That said, an FCA suit based on this theory would raise serious questions, including whether any non-payment actually met the FCA’s “knowingly” standard (which includes reckless disregard), or whether any non-payment met the materiality threshold necessary to demonstrate a violation of the FCA.

Article By Alexis Finkelberg Bortniker, C. Frederick Geilfuss II, Matthew D. Krueger, Maureen F. Kwiecinski, and Kinal M. Patel at Foley & Lardner LLP

For more health law and managed care news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

NCLC Tells FCC “Callers can easily avoid making calls to telephone numbers that have been reassigned….” – But Is it That Simple?

The National Consumer Law Center is at it again.

In response to the Department of Health and Human Services’ recent letter to the FCC seeking clarity on whether the TCPA applies to texts it would like to make to alert Americans of certain medical benefits, the NCLC–an organization that nominally represents consumers, but really seems to represent the interests of the plaintiff’s bar–has filed a comment.

Unsurprisingly, the NCLC takes the position that HHS needs no relief. Government contractors are covered by the TCPA–it says–but the texts at issue in HHS’ letter are consented, so they’re fine. (Although it later clarifies that only “many” but not “all” of the enrollees whom HHS wishes to call have “probably” given their telephone numbers as part of written enrollment agreements–so perhaps not.)

Hmmmm. Feels like a trap. But we’ll ignore that for now.

The critical piece here though is what the NCLC–very powerful voice, for better or (often) worse–is telling the FCC about the effectiveness of the new Reassigned Number Database:

3. Callers can easily avoid making calls to telephone numbers that have been reassigned to someone other than the enrollee

A primary source of TCPA litigation risk has been calls inadvertently made to numbers that are no longer assigned to the person who provided consent. Courts have held the caller liable for making automated calls to a cell phone number that has been reassigned to someone other than the person who provided consent to be called.29

The Commission has implemented the Reassigned Number Database specifically to address that risk of liability, as well as to limit the number of unwanted robocalls:

The FCC’s Reassigned Numbers Database (RND) is designed to prevent a consumer from getting unwanted calls intended for someone who previously held their phone number. Callers can use the database to determine whether a telephone number may have been reassigned so they can avoid calling consumers who do not want to receive the calls. Callers that use the database can also reduce their potential Telephone Consumer Protection Act (TCPA) liability by avoiding inadvertent calls to consumers who have not given consent for the call.31

The database has been fully operational since November 1, 2021. It provides a means for callers to find out before making a call if the phone number has been reassigned. If the database wrongly indicates that the number has not been reassigned, so long as the caller has used the database correctly, no TCPA liability will apply for reaching the wrong party. 32 Thus, as long as HHS’s callers make use of this simple, readily available database, they can be confident that they will not be held liable for making calls to reassigned numbers.

While I steadfastly support both the creation and use of the RND, it also must be observed that there are myriad problems with the RND as it currently exists. Most importantly, the data sets in the RND are only comprehensive through October 1, 2021 and spotty back to February, 2021 (beyond which there are no records!)

So for folks like HHS–and servicers of mortgages, and retailers, and credit card companies–who want to reach customers who provided their contact information before 10/2021 or 2/2021 the RND is simply not helpful.

The NCLC’s over simplification of a critical issue is not surprising. They once told Congress that the TCPA is “Straightforward and Clear” after all.

Full comment here: NCLC Comments-c3

We’ll keep an eye on developments on HHS’ letter and all the FCC goings ons.

Article By Eric J. Troutman of Troutman Firm

For more TCPA and communications legal news, click here to visit the National Law Review.

© 2022 Troutman Firm

House Bill To Give FDA More Funding to Address Formula Shortage

  • On May 17, House Appropriations Committee Chair Rosa DeLauro (D-CT) introduced H.R. 7790, a supplemental appropriations bill to provide $28 million in emergency funding to address the shortage of infant formula in the US for the fiscal year ending September 30, 2022. The bill is intended to provide the FDA with needed resources to address the shortage, prevent fraudulent products from being sold, acquire better data on the infant formula marketplace, and to help prevent a future recurrence.

  • Representative DeLauro stated that FDA does not currently have an adequate inspection force to inspect more plants if it approves additional applications to sell formula in the US. Thus, the supplemental appropriations are intended for “salaries and expenses.”

  • Relatedly, the House Appropriations Committee will hold two hearings this week to examine the recent recall of infant formula, the FDA’s handling of the recall, and the nationwide infant formula shortage.

Article By Food and Drug Law Practice Group at Keller and Heckman LLP

For more food and drug law legal news, click here to visit the National Law Review.

© 2022 Keller and Heckman LLP