Category: Health Care Law

Behind the Curtain: Shkreli was NOT the Big Story on the Hill Today

Congress’s complex relationship with prescription drugs was on display today in the House of Representatives.  In the House Committee on Oversight and Government Reform (OGR), Martin Shkreli pleaded the 5th at a hearing investigating drug pricing.  Meanwhile, the Energy and Commerce Committee (E&C) held a hearing regarding implementation of biosimilars.  While all the attention will be on the former, the latter was more important, especially for participants in the biosimilar space.

First, the OGR Committee was a media show built around the flamboyant Shkreli.  Shkreli took the 5th when given the opportunity to testify and later tweeted – after being excused from the hearing for refusing to answer any of the Members questions – that the Committee Members were ‘imbeciles’.  The tone of the hearing was very aggressive towards drug pricing and what were described as unsavory business practices. Members were also critical of the FDA generic drug programs.  However, Member interest in strengthening the program to bring competition to the marketplace was clear. Dr. Janet Woodcock, Director of the Center for Drug Evaluation and Research at the FDA,  stated that funds collected as a result of the Generic Drug User Free Amendments (GDUFA) helped expedite the review process and that by October there will be a 10-month review process on all new applications. The Senate HELP Committee held a hearing last week on reauthorization of GDUFA, which will expire next year, and this bipartisan interest, coupled with the prescription drug cost crisis, could lead to increased resources for the FDA review process. Beyond some public shaming of specific drug companies, there was little suggestion of substantive action on drug pricing.

Second, the E&C Committee was less about drug pricing, but more so about the ability of manufacturers to get new biosimilar products to the market. Notably, Committee Members on BOTH sides of the aisle were critical of CMS for trying to price biosimilars more like generic drugs and categorize different products under a single billing code.  They said the CMS ruling undermines the intent of the Biologics Price Competition and Innovation Act of 2010 (BPCIA) by removing incentives for a robust marketplace. Biologics make up a $200 billion market, so the consequences of policy decisions are significant. Members were also critical of delays in approving more biosimilars and issuing guidance on product labeling. Rep. Frank Pallone (D-NJ) asked if additional appropriations would address these problems, to which Dr. Woodcock replied that she’s more concerned the FDA will be unprepared for a rapid expansion of the biosimilar market.

While 2016 may be devoted to campaigning against drug prices, the Committees responsible for the regulatory regimes for drugs are still very focused on preserving the ability of manufacturers to successfully bring drugs to the market.  That is a much bigger deal than the plethora of Martin Shkreli smirks you will be subjected to in the media.

Article By Rodney L. Whitlock of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

HHS Issues Final Rule on HIPAA and Firearm Background Check Reporting

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS).

Background:  The NICS, maintained by the Federal Bureau of Investigation (FBI), is the national database used to conduct background checks on persons who may be disqualified from receiving firearms based on federal or state law.  Federal law identifies several categories of potential disqualifiers, known as “prohibitors” including a federal mental health prohibitor.  By statute, the federal mental health prohibitor applies to individuals who have been committed to a mental institution or adjudicated as a mental defective.  The Department of Justice has promulgated regulations that defines these categories to include the following individuals:

  • individuals committed to a mental institution for reasons such as mental illness or drug use;

  • individuals found incompetent to stand trial or not guilty by reason of insanity, or

  • individuals who have been otherwise determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease.

However, there is currently no federal law that requires state agencies to report data to the NICS, including the identity of individuals who are subject to the mental health prohibitor.  HHS believes that HIPAA poses a potential barrier to such reporting. Under current law, HIPAA only permits covered entities (e.g., state mental health agencies) to disclose such information to the NICS in limited circumstances: when the entity is a “hybrid” entity under HIPAA (and the Privacy Rule does not apply to these functions) or when state law otherwise requires disclosure, and thus disclosure is permitted under HIPAA’s “required by law” category.

Final Rule:  HHS finalized its proposed rule without any substantive changes. Under the final rule, a new section 164.512(k)(7) of the HIPAA Privacy Rule expressly permits certain covered entities to disclose information relevant to the federal mental health prohibitor to the NICS.

The permitted disclosure applies only to those covered entities that function as repositories of information relevant to the federal mental health prohibitor on behalf of a State or are responsible for ordering the involuntary commitments or the adjudications that would make someone subject to the prohibitor.  Thus, most treating providers may not disclose protected health information about their own patients to the NICS, unless otherwise permitted by the HIPAA Privacy Rule.  HHS also clarifies that individuals who seek voluntary treatment are not subject to the prohibitor.

The rule limits disclosure only to the NICS or an entity designated by the State to report data to the NICS.  And only that information that is “needed for purposes of reporting to the NICS” may be disclosed, though HHS gives States the flexibility to determine which data elements are “needed” to create a NICS record (consistent with requirements of the FBI, which maintains the NICS).  At present, the required data elements for the NICS are: name; date of birth; sex; and codes identifying the relevant prohibitor, the submitting state agency, and the supporting record.  The NICS also allows disclosure of certain optional data elements (e.g., social security number and identifying characteristics).  HHS notes that applicable covered entities may disclose such optional data elements “to the extent necessary to exclude false matches.”

HHS declined many commenters’ suggestion to expand the rule to permit the disclosure of information about individuals who are subject to state-only mental health prohibitors. HHS fears that expanding the scope of the permitted disclosure would disrupt the careful balance between public safety and encouraging patients to seek mental health care.

Finally, in the preamble, HHS defended its statutory authority to make this change, despite the fact that Congress did not address HIPAA in recent legislation to strengthen the NICS.  HHS explained that the “HIPAA statute confers broad authority on the Department to specify the permitted uses and disclosures of PHI by HIPAA covered entities.”

Article By Dena Feldman of Covington & Burling LLP

© 2015 Covington & Burling LLP

Gun Control: HIPAA Final Rule Targets Background Checks and Mental Health Reporting

President Obama has announced plans to tighten gun control regulations, including applying the background check requirement to dealers at gun shows and on websites.  Federal law already requires that those “engaged in the business” of selling guns must have a Federal Firearms License (FFL) and conduct background checks at the time of every purchase.  Some sellers assert they are not gun dealers but collectors or hobbyists who do not sell regularly and, therefore, are not “engaged in the business” of selling firearms and not required to have a FFL and conduct background checks.  The Obama administration has clarified that people who claim to be hobbyists may be engaged in the business if, for example, they operate an online gun store, frequently sell guns in their original packaging, or pass out business cards.  The Bureau of Alcohol, Tobacco and Firearms (“ATF”) issued Guidance to help individuals understand when a FFL is required.

Consistent with this initiative, the Office for Civil Rights (“OCR”) released a Final Rule modifying the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule to permit certain covered entities to disclose identifying information on persons subject to a “Federal mental health prohibitor “ to the National Instant Criminal Background Check System (“NICS”).

Intersection of NICS and HIPAA

As background, the NICS is a national system mandated by the Brady Handgun Violence Prevention Act of 1993.  Maintained by the FBI since November 1998, NICS is used by Federal Firearms Licensees to instantly determine whether an individual seeking to buy firearms is eligible to do so.  Federal law provides that it is unlawful for certain categories of persons to ship, transport, possess, or receive a firearm.  These categories are referred to as “prohibitors.” Among them  are the following mental health prohibitors, which provide that it is unlawful for the following individuals to possess a firearm:

  • individuals who have been involuntarily committed to a mental institution, for reasons such as mental illness or drug use;

  • individuals found incompetent to stand trial or not guilty by reason of insanity; or

  • those otherwise determined by a court, board, commission or other lawful authority to be a danger to themselves or unable to manage their own affairs as a result of marked subnormal intelligence, or mental illness, incompetency, condition or disease.

Many of the records qualifying an individual for a Federal mental health prohibitor are maintained by the criminal justice system, which does not generally include HIPAA covered entities.  However, some qualifying information may be housed within HIPAA covered entities that are either (i) involved in involuntary commitments or mental health adjudications; or (ii) have been designated by states to serve as repositories to collect applicable mental health data and report it to the NICS.

In balancing individuals’ privacy with public safety, the Final Rule modifies HIPAA to permit the disclosure of select demographic information to the NICS by covered entities that either (i) function as repositories of information relevant to the Federal mental health prohibitor on behalf of the state; or (ii) are responsible for ordering the involuntary commitments or other adjudications.  The Final Rule limits disclosure to demographic and other information needed for purposes of reporting to the NICS, and disclosure of diagnostic or clinical information is not permitted.

Potential Impact on Mental Health Legislation

This Final Rule is one aspect of a multi-faceted approach the Obama administration is taking on gun control.  An open question remains as to whether Congress will act with respect to gun control and mental health, and if so, how?  Certain Republicans are already looking for ways to halt President Obama’s actions, while, others in Congress do not believe that the actions go far enough and seek additional gun control measures.

At a minimum, the President’s decision to take action related to gun controls is certain to have an impact on mental health legislation.  Congressional Republicans have been discussing improving the nation’s mental health system since 2013.  Many see this focus on mental health as an effort to redirect the conversation away from gun control.  As such, the President’s recent actions propose adding $500 million to increase access to mental health care.

The combination of Republicans seeking to dismantle the recent executive actions, while redirecting the conversation to mental health may place Senate Democrats in a tough position.  The President’s action increases the likelihood that gun control measures may be attached to mental health legislation.  The issue is whether Senate Democrats are willing to filibuster mental health legislation in order to keep the focus on gun control and prevent the unraveling of some of the President’s executive actions.

Article By Lauren M. MoldawerM. Daria Niewenhous & Rodney L. Whitlock of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

©1994-2015 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Extension of 2015 Affordable Care Act Reporting Deadlines

On December 28, 2015, the Internal Revenue Service issued Notice 2016-4 extending the deadline for information reporting requirements under the Patient Protection and Affordable Care Act (the “ACA”). The reporting requirements are intended to assist the IRS in application of ACA penalties and were two-fold: an initial disclosure to the employee and a final report to the IRS. These requirements were to be satisfied by the filing of Form 1095 (with different filings under Form 1095-B or 1095-C dependent on the type of insurance arrangement sponsored by the employer). The deadline for furnishing the form to the employee had been set for February 1, 2016. The deadline for filing Form 1095 with the IRS was to be February 29 for non-electronic filers and March 31 for all employers who are “electronic filers” (filing greater than 250 single 1095 forms).

Notice 2016-4 has now extended those deadlines as follows:

New deadline for furnishing Form 1095 to employees: March 31, 2016.

New deadline for filing Form 1095 with the Service:

Non-electronic filers: May 31, 2016.

Electronic filers: June 30, 2016.

Article By Nicole M. Hanna of Dinsmore & Shohl LLP

© 2015 Dinsmore & Shohl LLP. All rights reserved.

Center for Devices and Radiological Health (CDRH) Schedules January 2016 Cybersecurity Workshop

Center for Devices and Radiological Health, CDRH has scheduled a cybersecurity workshop entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity,” on January 20-21, 2016 (see here for the Federal Register announcement).

Background and Workshop Context

As we discussed in a previous post, cybersecurity vulnerability is an increasing concern as medical devices are becoming more connected to the Internet, hospital networks, and other medical devices. Cybersecurity vulnerabilities may result in device malfunction, interruption of healthcare services including treatment interventions, inappropriate access to patient information, and breached electronic health record data integrity.

In the Federal Register announcement for the workshop, FDA states protecting the Healthcare and Public Health (HPH) critical infrastructure from attack by strengthening cybersecurity is a “high priority” of the Federal Government. For example, two recent Executive Orders (here and here) address enhancing cybersecurity infrastructure and increasing cybersecurity information sharing. Additionally, Presidential Policy Directive 21 states that the Federal Government shall work with the private sector to manage risk and strengthen the security and resilience of critical infrastructure against cyber threats.

Given this context, FDA, other governmental agencies, and public/private partnerships have sought to address cybersecurity vulnerability in recent years. For example, last year, CDRH finalized its guidance for industry entitled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” Also in 2014, the National Institute of Standards and Technology (NIST) published a voluntary, risk-based framework focusing on enhanced cybersecurity. According to FDA, the HPH sector has utilized the framework to help manage and limit cybersecurity risks.

Workshop Objectives

At the public workshop, CDRH hopes to address vulnerability management throughout the medical device total product lifecycle. According to the Federal Register announcement, vulnerability management includes: analyzing how a vulnerability may affect device functionality, evaluating the vulnerability effect across product types, and selecting temporary solutions that may be employed until a permanent fix can be implemented. Vulnerabilities can be identified by the device manufacturer or external entities, including healthcare facilities, researchers, and other sectors of critical infrastructure.

The Agency believes an important component of vulnerability management is coordinated vulnerability disclosure (also known as responsible disclosure). Under coordinated vulnerability disclosure, all stakeholders agree to delay publicizing vulnerability details for a certain period of time, while the affected manufacturer works to rectify the vulnerability.

Further, CDRH states that one of the tools medical device manufacturers or healthcare facilities may use to evaluate and manage vulnerability is the Common Vulnerability Scoring System (CVSS). CVSS is a risk assessment tool that “provides an open and standardized method for rating information technology vulnerabilities.” CDRH notes, however, that CVSS does not directly incorporate patient risk and public health impact factors.

Workshop Themes

CDRH states that it hopes to address the following general themes during the workshop:

  • Envisioning a roadmap for coordinated vulnerability disclosure and vulnerability management as part of the broader effect to create a trusted environment for information sharing.

  • Sharing FDA’s current thinking on the implementation of the NIST framework in the medical device total product lifecycle.

  • Adapting cybersecurity and/or risk assessment tools such as CVSS for the medical device operational environment.

  • Adapting and/or implementing existing cybersecurity standards for medical devices.

  • Understanding the challenges that manufacturers face as they increase collaboration with external third parties (cybersecurity researchers, Information Sharing and Analysis Organizations (ISAOs), and end users), to resolve cybersecurity vulnerabilities that impact their devices.

  • Gaining situational awareness of the current activities of the HPH sector to enhance medical device cybersecurity.

  • Identifying cybersecurity gaps and challenges that persist in the medical device ecosystem and begin crafting action plans to address them.

Persons interested in attending the workshop must register online by January 13, 2016. Public comments concerning the workshop’s objectives or general themes can be submitted online or by mail.

Article By Christopher Hanson of Covington & Burling LLP

© 2015 Covington & Burling LLP

HHS Recognizes Changing Environment of Research: Still Time to Comment

Late last month the Department of Health and Human Services (HHS) and other Federal Departments and Agencies announced an extension until January 6, 2016  to the comment period for the Federal Policy for the Protection of Human Subjects notice of proposed rulemaking (NPRM). The proposed rulemaking is the most sweeping since 1991 when HHS codified The Common Rule, 45 C. F. R. part 46,  and  recognizes the changed research environment with many multisite studies and the  expansion of research with more data accessible through technology.  The NPRM seeks to further the principles of autonomy and  beneficence by protecting privacy and improving the consent process  in the new world of research while creating avenues to lessen the administrative burden  and to promote research.

The NPRM proposes to apply The Common Rule to all studies, regardless of funding source, conducted by a U.S. institution that receives federal funding for human subjects research.  Currently, The Common Rule applies to studies funded by certain federal agencies. Most significantly, the proposed rules impact the following areas:

Streamlined process  – To streamline the process of initiating certain activities the NPRM creates a  new category not currently in The Common Rule, exclusions.  Exclusions are for activity that is not research, that is low risk and for which there may be statutory protections.  Accordingly,  no procedures need to occur under the Common Rule to approve of the activity.  An example of an exclusion would include quality assurance activities.

The exemptions under The Common Rule are expanded in the NPRM. Exemptions are different than exclusions in that certain procedures need to occur for them to proceed such as recording, privacy safeguards, broad consent, or notice.  How HHS ultimately defines adequate notice will be critical in protecting privacy and autonomy rights in exempt research.

As well, a single institutional review board (IRB) would approve all multisite research. Independent IRBs would be held directly responsible for compliance with The Common Rule.

In addition, another streamline in the IRB process is not requiring continuing review of research where there is minimal risk. For instance, continuing review would not be required if a study undergoes expedited review or if there are completed interventions where only data continues to be analyzed. There would need only to be an annual confirmation that there are no changes.  An IRB would be able to require continuing review  with documentation of  the reason for the increased requirement.

Informed Consent  – The NPRM mandates a simplified  informed consent form with appendices with more detailed information. The goal is to provide potential research subjects all the essential information  that a reasonable person would need to consent to participation in research.  The NPRM suggests using the reasonable person standard as a means to gauge the protections in the process.  Currently, there are recommendations that informed consent forms should to be at no higher than an eighth grade education level, but the consent forms are often mired in so much detail human subjects may not easily comprehend the forms.

Research with Biospecimens – A particularly sweeping area of the NPRM is the protection of biospecimens (e.g., blood or urine) which is reflected in a proposed change in the definition of human subjects to include unidentified biospecimens. Hospitals, providers and laboratories  collect biospecimens from patients as part of medical care. Those biospecimens may be stored and used as part of research without the patient’s knowledge. The ethical issue regarding the use of biospecimens in research is well described by Professor Ellen Wright Clayton of Vanderbilt University, “[a] tremendous amount of epidemiological  research and other types of investigations have been done in the United States for decades without any informed consent or notification whatsoever….” [i] The proposed rule would require a broad consent  template covering the consent for storage  and maintenance of the biospecimens and the consent for future unspecified research. An alternative to the broad consent for the use of biospecimens would be a potential waiver of consent by the IRB for compelling scientific research, but consent could not be waived if the human subject declined to sign the broad consent form. Use of the IRB waiver of consent mostly likely would be rare, as proposed in the NPRM.

Secondary Research Use of Data – The NPRM also recognizes the growing business of information technology and the availability of data available for secondary use.  Researchers often can find data from sources such as the internet or through mHealth devices. The goal of the NPRM seems to be able to allow the secondary use of data in research or other activities while creating a balance for privacy protections. Secondary research activity excluded from The Common Rule would be a) publically available data (not biospecimens) or data recorded without identifiers; b) data protected through the provisions of the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA); c) data confined to a single institution and its internal quality assurance programs and d)  data through federally conducted research.

Exempt secondary use research proposed in the NPRM would include a) identifiable private information where there is notice, privacy safeguards and use solely for specific research and b) storage and maintenance of data for secondary use where there are privacy safeguards, limited IRB review of the consent process, and  specific studies where the individual results will not be provided to the subjects.  Again, the procedures for notice will be a critical component of privacy protections with secondary use research.

There has been an overwhelming response to the NPRM which proposes comprehensive changes to The Common Rule. While there is seemingly a streamlined process to allowing certain activities or research to occur in the NPRM, there are areas in need of additional guidance such as the lack of clarity on certain privacy protections. A copy of the NPRM as well as details on how to submit comments can be found in this link.

Article By Dawn R. Crumel & Sonja S. Carlson of Sheppard, Mullin, Richter & Hampton LLP

© 2015, Sheppard Mullin Richter & Hampton LLP.

[i] Institute of Medicine (US) Roundtable on Translating Genomic-Based Research for Health, Establishing Precompetitive Collaborations to Stimulate Genomics-Driven Product Development: Workshop Summary, Washington (DC): National Academies Press (US); 2011, 6, Ethical Challenges in the Use of Biospecimens.

CMS’s Top 7 Changes to Stark Law

On November 16, 2015, the Department of Health and Human Services, Centers for Medicare and Medicaid Services, issued a final rule revising, clarifying, and adding exceptions to the Physician Self-referral Law (“Stark”) in order to (1) accommodate delivery and payment system reform; (2) reduce burdens; and (3) ensure and facilitate compliance. These changes include two new exceptions, clarifications adding additional explanations to existing policies, and revisions to existing definitions and exceptions.

Below are the top 7 changes providers and physicians should note:

  1. New “assistance to compensate a nonphysician practitioner (NPP)” exception: allows remuneration from a hospital, federally qualified health center, or rural health clinic to a physician to recruit a NPP, where substantially all (i.e., 75%) of the services furnished by the NPP to the patients of the physician’s practice are for primary care services or mental health care services. Please note this exception applies to the following NPPs: (1) physician assistants; (2) nurse practitioners; (3) clinical nurse specialists; (4) certified nurse midwives; (5) clinical social workers; and (6) clinical psychologists.

  2. New “timeshare arrangements” exception: this exception covers “use” arrangements only, which includes the use of premises, equipment (excluding advanced imaging equipment, radiation therapy equipment, and (most) clinical or pathology laboratory equipment), personnel, items, supplies, or services. Traditional office space leases and arrangements conveying a possessory leasehold interest in office space are not covered under this exception. Compensation for such arrangements must be carefully structured, as percentage compensation and per-unit services fees (i.e., “per-use” and “per-patient” rates) are prohibited but hourly or half day rates are acceptable.

  3. Clarification on the writing requirement: exceptions containing a writing requirement for certain compensation arrangements use “arrangement” and “agreement” interchangeably. The rule now clarifies that this requirement only requires an arrangement be set out in writing. Although CMS recommends having one signed written contract that satisfies every requirement of the exception, the preamble clarifies that this requirement may also be satisfied through a collection of documents that relate to one another and to the exact arrangement.

  4. Clarification on the 1-year term requirement for office space rental, equipment rental, and personal service arrangements exceptions: the final rule clarifies the arrangement itself must have a duration of at least one year, but a formal “term” provision in a contract is not required. Instead, the duration requirement can be shown through contemporaneous documents establishing the arrangement lasted for at least one year. However, if the arrangement was terminated during the first year, the parties must be able to show they did not enter into a new arrangement for the same space, equipment, or services during the first year.

  5. Clarification regarding “split bill” arrangements: “split bill” arrangements do not involve remuneration between physicians and designated health services (DHS) entities, for items or services such as examination rooms, nursing personnel, and supplies, “because the physician and DSH entity do not provide items, services, or other benefits to one another.” 80 Fed. Reg. 70,886, 71,321 (Nov. 16, 2015). However, outpatient departments billing a payor in one single bill will establish a compensation arrangement and must fit under an exception.

  6. Revision to “temporary noncompliance with signature” requirement: prior to this final rule, parties who inadvertently failed to comply with the signature requirement had 90 days to comply and others had 30 days. Now, there is a blanket 90 day period to comply with this requirement, regardless of whether the failure to obtain a signature was inadvertent or not.

  7. Indefinite holdover provisions: expired arrangements under the office space and equipment rental exceptions and the personal service arrangements exception can be “heldover” indefinitely rather than for only six months, provided the arrangement: (1) satisfies all of the requirements at the time of expiration; (2) continues on the same terms and conditions; and (3) continues to satisfy all of the requirements during the holdover. Current arrangements in a valid holdover under the current six month holdover provisions on January 1, 2016 may qualify for an indefinite holdover.

Article By

Bryna S. Hummel
Robert D. Nauman
John E. Wyand
Squire Patton Boggs (US) LLP

© Copyright 2015 Squire Patton Boggs (US) LLP

Hacking Health Care: When Cybersecurity Can Mean Life or Death

cybersecurityMillions of Americans rely on implantable medical devices to stay alive. These battery-operated devices communicate through wireless transmissions — and can be hacked like any other wireless device. For example, a wireless pacemaker regulates a person’s heartbeat and records the heart’s activity, and then transmits this information to doctors who can reprogram the pacemaker. The interconnectivity between medical devices and clinical systems leaves wireless medical devices vulnerable to security breaches.

Cybersecurity no longer just applies to computer networks and financial data; modern implantable medical devices have the same vulnerability and also require cybersecurity. In fact, in a span of six months, hackers attempted to log into MRI and defibrillator machines over ten thousand times and attempted to download malware approximately 300 times. Had these hackers been successful, they could have accessed patients’ personal information or reprogrammed the defibrillators to deliver deadly jolts of electricity to patients’ hearts.

The government is already taking action. In 2014, the U.S. Food and Drug Administration (FDA) responded to these threats with guidance on how medical device manufacturers could improve the safety of implantable medical devices. The FDA advised manufacturers that their failure to develop cybersecurity controls could lead to repercussions including “compromised device functionality, loss of data (medical or personal) availability or integrity, or exposure of other connected devices or networks to security threats. This in turn may have the potential to result in patient illness, injury, or death.”

[I]n a span of six months, hackers attempted to log into MRI and defibrillator machines . . .

Further, as manufacturers well know, when a device malfunctions and causes bodily injury, consumers typically allege product liability claims. Patients whose devices are hacked could raise claims for design defects and failure to warn of the risk of cyber-vulnerabilities. These potential victims likely never considered their life-saving medical devices could be used as a weapon. For most people, the idea that someone would attack a medical device seems unfathomable.

So, what motivates attacks on implanted medical devices? According to Dr. William Maisel, “[m]otivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer’s reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker’s ego.” Medical data can be worth ten times as much as a credit card number. Added to that, the medical device market was a $25.2 billion industry in 2012 and is expected to be a $33.6 billion industry by 2018. That’s a vast market of potential victims.

Article By Amy M. Rubenstein & Brittany Robbins of Schiff Hardin LLP
© 2015 Schiff Hardin LLP

Five Telemedicine Trends Transforming Health Care in 2016

Telemedicine is a key component in the health care industry shift to value-based care as a way to generate additional revenue, cut costs and enhance patient satisfaction. One of the biggest changes to health care in the last decade, telemedicine is experiencing rapid growth and deployment across a variety of applications.

The quick market adoption of telemedicine is fueled by powerful economic, social, and political forces — most notably, the growing consumer demand for more affordable and accessible care. These forces are pushing health care providers to grow and adapt their business models to the new health care marketplace.

Simultaneously changing is the misconception that telemedicine creates a financial strain or relies on grant funding. Smart health system leadership are creating sustainable telemedicine arrangements that generate revenue, not just cost savings, while improving patient care and satisfaction. Research conducted by the American Telemedicine Association reveals that telemedicine saves money for patients, providers, and payers compared to traditional health care practices, particularly by helping reduce the frequency and duration of hospital visits.

It is expected that the global telemedicine market will expand at a compound annual growth rate of 14.3 percent through 2020, eventually reaching $36.2 billion, as compared to $14.3 billion in 2014. And while the growing demand for convenience, innovation, and a personalized health care experience may be the greatest factor, other forces are at work as well.

These five trends will drive telemedicine’s continued growth and transformation of health care delivery in 2016:

1. Expanding Reimbursement and Payment Opportunities

Both private and government payers will continue to expand telemedicine coverage as consumers gain experience with the technology and increasingly demand access to telemedicine-based services. Some health plans have already begun bolstering their coverage of telemedicine, which they view as a form of value-based care that can improve the patient experience and offer substantial cost savings. On the government side, 2016 will particularly see more coverage among Medicaid managed care organizations and Medicare Advantage plans.

While reimbursement was the primary obstacle to telemedicine implementation, new laws requiring coverage of telemedicine-based services have been implemented at the state level, and 2016 will be the year these laws drive implementation in those states. Similarly, providers are becoming increasingly receptive to exploring payment models beyond fee-for-service reimbursement, and 2016 will continue the growth of these arrangements. Examples include institution-to-institution contracts and greater willingness by patients to pay out-of-pocket for these convenient, valuable services.

2. Uptick in International Arrangements

In 2016, more U.S. hospitals and health care providers will forge ties with overseas medical institutions, spreading U.S. health care expertise abroad. These cross-border partnerships will provide access to more patients, create additional revenue and help bolster international brands. According to the American Telemedicine Association, more than 200 academic medical centers in the U.S. already offer video-based consulting in other parts of the world. While many of these are pilot programs, 2016 will see a maturation and commercialization of much of these international arrangements, as they are a win-win for participants in both countries.

The growing purchasing power of middle-class populations in countries like China is giving more patients the means and opportunity to pursue treatment from Western medical centers. We have seen both for-profit and non-profit models for international telemedicine — hospitals partnering with organizations in the developing world to expand health care availability or offering commercial care to customers in nations with areas of concentrated wealth but lacking the capabilities and access of Western health care.

3. Continued Momentum at the State Level

State governments across the U.S. are leading the way in telemedicine expansion. According to a study by the Center for Connected Health Policy, during the 2015 legislative session, more than 200 pieces of telemedicine-related legislation were introduced in 42 states. Currently, 29 states and the District of Columbia have enacted laws requiring that health plans cover telemedicine services. In 2016, we will see more bills supporting health insurance coverage for telemedicine-based services introduced in various state legislatures.

While state lawmakers are leading the way in incorporating telemedicine into the health care system, two recent developments point to a burgeoning interest at the federal level. The Centers for Medicare and Medicaid Services (CMS) is considering expansion of Medicare coverage for telemedicine, and a bill working its way through the U.S. House of Representatives would pay physicians for delivering telemedicine services to Medicare beneficiaries in any location.

4. Retail Clinics and Employer Onsite Health Centers on the Rise

A recent Towers Watson study found that more than 35 percent of employers with onsite health facilities offer telemedicine services, and another 12 percent plan to add these services in the next two years. Other studies suggest that nearly 70 percent of employers will offer telemedicine services as an employee benefit by 2017. The growth of nation-spanning telemedicine companies such as MDLIVE and the now publicly-traded Teladoc, which offer health services tailored to the specific needs of employers and other groups, is a reflection of the demand for these services.

Additionally, consumers are increasingly willing to visit retail medical clinics and pay out-of-pocket for the convenience and multiple benefits of telemedicine services when telemedicine is not covered by their insurance plans. Both CVS Health and Walgreens have publicly announced plans to incorporate telemedicine-based service components in their brick and mortar locations.

5. More ACOs Using Technology to Improve Care and Cut Costs

2016 will be the year of telemedicine and ACOs. Since the advent of Medicare Accountable Care Organizations (ACOs), the number of Medicare beneficiaries served has consistently grown from year to year, and early indications suggest the number of beneficiaries served by ACOs is likely to continue to increase in 2016. These organizations present an ideal avenue for the growth of telemedicine.

While CMS offers heavy cost-reduction incentives in the form of shared-saving payments, only 27 percent of ACOs achieved enough savings to qualify for those incentives last year. Meanwhile, only 20 percent of ACOs use telemedicine services, according to a recent study. We believe the widespread need to hit the incentive payment metrics, coupled with the low adoption rate will lead to significantly greater telemedicine use among ACOs in 2016.

Article By Nathaniel M. Lacktman of Foley & Lardner LLP
© 2015 Foley & Lardner LLP

Going Before a Higher Power – Nuns Take on Obamacare

On Nov. 6, 2015, the U.S. Supreme Court agreed to hear the appeals of several religious employers challenging the contraceptive mandate under the Patient Protection and Affordable Care Act (ACA).  The court will consolidate seven cases, the most prominent of which was brought by the Little Sisters of the Poor, an order of Catholic nuns who dedicate their lives to helping the elderly poor.  The other employers include several Catholic dioceses, a religious non-profit group and several Christian colleges.

The contraception mandate requires religious employers who object to providing contraceptive services to notify the government of their objection, which transfers the responsibility of providing those services to the employer’s insurer.  The petitioners argue that this procedure violates the Religious Freedom Restoration Act because it effectively forces the employer’s health plan to cover services the employer finds objectionable.  They argue that the government has less restrictive means available to provide these services.

The consolidation of these seven cases is particularly interesting because the employers have varied insurance arrangements.  While some of the employers are insured by large insurance carriers, others are self-insured, or have “church plans” as defined by ERISA.  It is unclear whether these different arrangements will affect the outcomes for the particular employers.

The court is expected to hear oral argument in the case in March 2016.

Article By Mark D. Scudder of Barnes & Thornburg LLP

© 2015 BARNES & THORNBURG LLP