Tag: Health and Human Services

Mental Health Parity and Addiction Equity Act Final Rules (“Final Rules”) Are Released: Plans and Issuers Must Prepare for January 1, 2025 Effective Date (US)

The long-awaited Final Rules amending the Mental Health Parity and Addiction Equity Act (“MHPAEA”) were released on September 9, 2024, with the bulk of the requirements going into effect on January 1, 2025. As we previously reported here, in August 2023, the Departments of Labor, Health and Human Services (“HHS”) and Treasury (together, the “Departments”) published proposed rules further regulating insurance coverage for treatment for mental health and substance use disorders. Although the Final Rules appear less burdensome than the proposed rules, they do impose significant changes to the obligations of group health plans and health insurance issuers with a short time to achieve compliance. The key provisions are summarized below.

Key Changes in the Final Rules

The Final Rules’ stated intent is to “strengthen consumer protections consistent with MHPAEA’s fundamental purpose,” which includes reducing burdens on access to benefits for individuals in group health plans or with group or individual health insurance coverage seeking treatment for mental health and substance use disorders (“MH/SUD”) as compared to accessing benefits for the treatment of medical/surgical (“M/S”) conditions.

The Final Rules purport to achieve that goal through four key changes to the MHPAEA:

  • Mandating content requirements for performing a comparative analysis of the design and application of each non-quantitative treatment limitation (“NQTL”) applicable to MH/SUD benefits.
  • Setting forth design and application requirements and relevant data evaluation requirements to ensure compliance with NQTL rules.
  • Increasing scrutiny of network adequacy for MH/SUD benefits.
  • Introducing core treatment coverage requirements to the meaningful benefit standard.

Comparative Analysis Content Requirements

Since 2021, insurance plans and issuers offering plans that cover both M/S and MH/SUD benefits and impose NQTLs on MH/SUD benefits must have a written comparative analysis demonstrating that the factors used to apply an NQTL to MH/SUD benefits are comparable to and applied no more stringently than those used to apply that same NQTL to M/S benefits, as set forth in the 2021 Consolidated Appropriations Act (“CAA”). The Final Rules expand upon the NQTL analysis required by the CAA and include six specific content elements:

  1. a description of the NQTL;
  2. identification and definition of the factors and evidentiary standards used to design or apply the NQTL;
  3. a description of how factors are used in the design or application of the NQTL;
  4. a demonstration of comparability and stringency, as written;
  5. a demonstration of comparability and stringency, in operation, including the required data, evaluation of that data, explanation of any material differences in access, and description of reasonable actions taken to address such differences; and
  6. findings and conclusions.

Upon request, plans and issuers must provide written comparative analyses to U.S. regulators, plan beneficiaries, participants, or enrollees who have received an adverse benefit determination related to MH/SUD benefits, and participants and beneficiaries in plans governed by ERISA at any time. Plans and issuers only have 10 business days to respond to a request from the relevant Secretary to review its comparative analyses and, if an initial determination of noncompliance is made, the plan or issuer only has 45 calendar days to respond with specific actions it will take to bring the plan into compliance and provide additional comparative analyses that demonstrate compliance. Upon a final determination of noncompliance, notice must be given to all participants, beneficiaries, and enrollees within seven business days after the relevant Secretary’s determination.

Demonstrating Compliance with NQTL Rules

The Final Rules also require that a NQTL applicable to MH/SUD benefits in a classification is no more restrictive than the predominant NQTL applied to M/S benefits in the same classification. In order to ensure compliance with NQTL rules, plans and issuers must satisfy two sets of requirements: (1) the design and application requirements, and (2) the relevant data evaluation requirements. For example, under the design and application requirements, a plan cannot reimburse non-physician providers of MH/SUD services by reducing the rates for physician providers of MH/SUD services unless it applies the same reduction to non-physician providers of M/S services from the rate for physician providers of such services. Under the relevant data evaluation requirements, to compare the impact of NQTLs related to network composition on access to MH/SUD versus M/S benefits, a plan should evaluate metrics relating to the time and distance from plan participants and beneficiaries to network providers, the number of network providers accepting new patients, provider reimbursement rates, and in-network and out-of-network utilization rates.

Design and Application

Plans and issuers must examine the factors used to design and apply an NQTL to MH/SUD benefits to ensure such factors are comparable to those used with respect to M/S benefits in the same classification. The Final Rules also prohibit using information that discriminates against MH/SUD benefits as compared to M/S benefits, meaning information that systematically disfavors or was specifically designed to disfavor access to MH/SUD benefits. Appropriate information and other factors to use in designing and applying an NQTL to MH/SUD benefits include generally recognized independent professional medical or clinical standards.

Relevant Data Evaluation

The relevant data evaluation requirement means plans and issuers must collect and evaluate data to ensure, in operation, that an NQTL applicable to MH/SUD benefits is not more restrictive than the NQTL applied to M/S benefits in the same classification. The Final Rules anticipate that the relevant data for any given NQTL will depend on the facts and circumstances and provide flexibility for plans to determine what should be collected and evaluated. Examples of relevant data provided in the Final Rules include the number and percentage of claim denials, utilization rates, and network adequacy rates.

Network Adequacy

The Final Rules demonstrate the Departments’ increased scrutiny of network adequacy issues for MH/SUD benefits. For NQTLs related to network composition standards, a plan or issuer must collect data to assess the NQTLs’ aggregate impact on access to MH/SUD benefits and M/S benefits. By way of example, suppose the evaluated data suggests that an NQTL contributes to a material difference in access to MH/SUD benefits compared to M/S benefits. In that case, plans and issuers must act to address any material differences in access. The Final Rules provide examples of reasonable compliance actions, including increased recruiting efforts for MH/SUD providers, expanding telehealth options under the plan, and ensuring that provider directories are accurate and reliable. A plan must document the actions that it takes to address differences in access to in-network MH/SUD providers as compared to in-network M/S providers.

Meaningful Benefit Standard

The Final Rules require plans to provide “meaningful” benefits for MH/SUD disorders in every classification in which the plan provides M/S benefits. Benefits are “meaningful,” for MHPAEA purposes, when they cover core treatments for that condition, meaning a standard treatment or course of treatment, therapy, service, or intervention indicated by generally recognized independent standards of current medical practice.

The Final Rules provide examples to demonstrate the application of the meaningful benefits standard. In one example, a plan covers the full range of outpatient treatments (including core treatments) and treatment settings for M/S benefits when provided on an out-of-network basis. The same plan covers outpatient, out-of-network developmental screenings for a mental health condition but excludes all other benefits, such as therapeutic intervention, for outpatient treatment when provided on an out-of-network basis. The Departments view therapeutic intervention, however, as a core treatment for the mental health condition under generally recognized independent standards of current medical practice. Per the Final Rules, the Departments interpret such exclusion as a violation because the plan does not cover a core treatment for the mental health disorder in the outpatient, out-of-network classification. Since the plan’s coverage for M/S benefits includes a core treatment in the classification, the Final Rules opine that the plan fails to provide meaningful benefits for treatment of the mental health disorder.

Effective Dates

The new requirements of the Final Rules will go into effect on different dates. Plans and issuers have until January 1, 2026, to comply with the meaningful benefits standard, the prohibition on discriminatory factors and evidentiary standards, the relevant data evaluation requirements, and the related requirements in the provisions for comparative analyses. During this time, plans and issuers should assess whether their mental health provider networks are adequate, and also consider expanding the scope of MH/SUD benefits across classifications to meet new parity requirements.

The other requirements, including most of the new requirements affecting comparative analyses, go into effect on January 1, 2025. Accordingly, plans and issuers should the time remaining this year to develop a plan to prepare NQTL comparative analyses within the three-month compliance period, and have processes in place to quickly address any material changes to benefit design in the future.

© Copyright 2024 Squire Patton Boggs (US) LLP
For more on MHPAEA, visit the NLR Health Law Managed Care section.

Application of New Mental Health Parity Rules to Provider Network Composition and Reimbursement: Perspective and Analysis

On September 23, 2024, the U.S. Departments of Labor, the Treasury, and Health and Human Services (collectively, the “Departments”) released final rules (the “Final Rules”) that implement requirements under the Mental Health Parity and Addiction Equity Act (MHPAEA).

The primary focus of the Final Rules is to implement new statutory requirements under the Consolidated Appropriations Act of 2021, which amended MHPAEA to require health plans and issuers to develop comparative analyses to determine whether nonquantitative treatment limitations (NQTLs)—which are non-financial restrictions on health care benefits that can limit the length or scope of treatment—for mental health and substance use disorder (MH/SUD) benefits are comparable to and applied no more stringently than NQTLs for medical/surgical (M/S) benefits.

Last month, Epstein Becker Green published an Insight entitled “Mental Health Parity: Federal Departments of Labor, Treasury, and Health Release Landmark Regulations,” which provides an overview of the Final Rules. This Insight takes a closer look at the application of the Final Rules to NQTLs related to provider network composition and reimbursement rates.

Provider Network Composition and Reimbursement NQTL Types

A key focus of the Final Rules is to ensure that NQTLs related to provider network composition and reimbursement rates do not impose greater restrictions on access to MH/SUD benefits than they do for M/S benefits.

In the Final Rules, the Departments decline to specify which strategies and functions they expect to be analyzed as separate NQTL types, instead requiring health plans and issuers to identify, define, and analyze the NQTL types that they apply to MH/SUD benefits. However, the Final Rules set out that the general category of “provider network composition” NQTL types includes, but is not limited to, “standards for provider and facility admission to participate in a network or for continued network participation, including methods for determining reimbursement rates, credentialing standards, and procedures for ensuring the network includes an adequate number of each category of provider and facility to provide services under the plan or coverage.”[1]

For NQTLs related to out-of-network rates, the Departments note that NQTLs would include “[p]lan or issuer methods for determining out-of-network rates, such as allowed amounts; usual, customary, and reasonable charges; or application of other external benchmarks for out-of-network rates.”[2]

Requirements for Comparative Analyses and Outcomes Data Evaluation

For each NQTL type, plans must perform and document a six-step comparative analysis that must be provided to federal and state regulators, members, and authorized representatives upon request. The Final Rules divide the NQTL test into two parts: (1) the “design and application” requirement and (2) the “relevant data evaluation” requirement.

The “design and application” requirement, which builds directly on existing guidance, requires the “processes, strategies, evidentiary standards, or other factors” used in designing and applying an NQTL to MH/SUD benefits to be comparable to, and applied no more stringently than, those used for M/S benefits. Although these aspects of the comparative analysis should be generally familiar, the Final Rules and accompanying preamble provide extensive new guidance about how to interpret and implement these requirements.

The Final Rules also set out a second prong to the analysis: the requirement to collect and evaluate “relevant data” for each NQTL. If such analysis shows a “material difference” in access, then the Final Rules also require the plan to take “reasonable” action to remedy the disparity.

The Final Rules provide that relevant data measures for network composition NQTLs may include, but are not limited to:

  • in-network and out-of-network utilization rates, including data related to provider claim submissions;
  • network adequacy metrics, including time and distance data, data on providers accepting new patients, and the proportions of available MH/SUD and M/S providers that participate in the plan’s network; and
  • provider reimbursement rates for comparable services and as benchmarked to a reference standard, such as Medicare fee schedules.

Although the Final Rules do not describe relevant data for out-of-network rates, these data measures may parallel measures to evaluate in-network rates, including measures that benchmark MH/SUD and M/S rates against a common standard, such as Medicare fee schedule rates.

Under the current guidance, plans have broad flexibility to determine what measures must be used, though the plan must ensure that the metrics that are selected reasonably measure the actual stringency of design and application of the NQTL with regard to the impact on member access to MH/SUD and M/S benefits. However, additional guidance is expected to further clarify the data evaluation requirements that may require the use of specific measures, likely in the form of additional frequently asked questions as well as updates to the Self-Compliance Tool published by the Departments to help plans and issuers assess whether their NQTLs satisfy parity requirements.

The Final Rules require plans to look at relevant data for network composition NQTLs in the aggregate—meaning that the same relevant data must be used for all NQTL types (however defined). As such, the in-operation data component of the comparative analysis for network composition NQTLs will be aggregated.

If the relevant data indicates a “material difference,” the threshold for which the plan must establish and define reasonably, the plan must take “reasonable actions” to address the difference in access and document those actions.

Examples of a “reasonable action” that plans can take to comply with network composition requirements “include, but are not limited to:

  1. Strengthening efforts to recruit and encourage a broad range of available mental health and substance use disorder providers and facilities to join the plan’s or issuer’s network of providers, including taking actions to increase compensation or other inducements, streamline credentialing processes, or contact providers reimbursed for items and services provided on an out-of-network basis to offer participation in the network;
  2. Expanding the availability of telehealth arrangements to mitigate any overall mental health and substance use disorder provider shortages in a geographic area;
  3. Providing additional outreach and assistance to participants and beneficiaries enrolled in the plan or coverage to assist them in finding available in-network mental health and substance use disorder providers and facilities; and
  4. Ensuring that provider directories are accurate and reliable.”

These examples of potential corrective actions and related discussion in the Final Rules provide an ambitious vision for a robust suite of strategies that the Departments believe that plans should undertake to address material disparities in access as defined in the relevant data. However, the Final Rules put the onus on the plan to design the strategy that it will use to define “material differences” and remedy any identified disparity in access. Future guidance and enforcement may provide examples of how this qualitative assessment will play out in practice and establish both what the Departments will expect with regard to the definition of “material differences” and what remedial actions they consider to be sufficient. In the interim, it is highly uncertain what the practical impact of these new requirements will be.

Examples of Network Analyses Included in the Final Rules

The Final Rules include several examples to clarify the application of the new requirements to provider network composition NQTLs. Unfortunately, the value of these examples for understanding how the Final Rules will impact MH/SUD provider networks in practice may be limited. As a result, given the lack of detail regarding the complexity of analyzing these requirements for actual provider networks, as well as the fact that the examples fail to engage in any meaningful discussion of where to identify the threshold for compliance with these requirements, it remains to be seen how regulators will interpret and enforce these requirements in practice.

  • Example 1 demonstrates that it would violate the NQTL requirements to apply a percentage discount to physician fee schedule rates for non-physician MH/SUD providers if the same reduction is not applied for non-physician M/S providers. Our takeaways from this example include the following:
    • This example is comparable to the facts that were alleged by the U.S. Department of Labor in Walsh v. United Behavioral Health, E.D.N.Y., No. 1:21-cv-04519 (8/11/21).
    • Example 1 is useful to the extent that it clarifies that a reimbursement strategy that specifically reduces MH/SUD provider rates in ways that do not apply to M/S provider rates would violate MHPAEA. However, such cut-and-dried examples may be rare in practice, and a full review of the strategies for developing provider reimbursement rates is necessary.
  • Example 4 demonstrates that plans may not simply rely on periodic historic fee schedules as the sole basis for their current fee schedules. Here are some key takeaways from this example:
    • Even though this methodology may be neutral and non-discriminatory on its face, given that the historic fee schedules are not themselves a non-biased source of evidence, to meet the new requirements for evidentiary standards and sources, the plan would have to demonstrate that these historic fee schedules were based on sources that were objective and not biased against MH/SUD providers.
    • If the plan cannot demonstrate that the evidentiary standard used to develop its fee schedule does not systematically disfavor access to MH/SUD benefits, it can still pass the NQTL test if it takes steps to cure the discriminatory factor.
    • Example 4 loosely describes a scenario where a plan supplements a historic fee schedule that is found to discriminate against MH/SUD access by accounting for the current demand for MH/SUD services and attracting “sufficient” MH/SUD providers to the network. Unfortunately, however, the facts provided do not clarify what steps were taken to achieve this enhanced access or how the plan or regulator determined that access had become “sufficient” following the implementation of the corrective actions.
  • Example 10 provides that if a plan’s data measures indicate a “material difference” in access to MH/SUD benefits relative to M/S benefits that are attributable to these NQTLs, the plan can still achieve compliance by taking corrective actions. Our takeaways from this example include the following:
    • The facts in this example stipulate that the plan evaluates all of the measure types that are identified above as examples. Example 10 also states that a “material difference” exists but does not identify the measure or measures for which a difference exists or what facts lead to the conclusion that the difference was “material.” To remedy the material difference, this example states that the plan undertakes all of the corrective actions to strengthen its MH/SUD provider network that are identified above as examples and, therefore, achieves compliance. However, this example fails to clarify how potentially inconsistent outcomes across the robust suite of identified measures were balanced to determine that the “material difference” standard was ultimately met. Example 10 also does not provide any details about what specific corrective actions the plan takes or what changes result from these actions.

Epstein Becker Green’s Perspective

The new requirements of the Final Rules will significantly increase the focus of the comparative analyses on the outcomes of the provider network NQTLs. For many years, the focus of the comparative analyses was primarily on determining whether any definable aspect of the plan’s provider contracting and reimbursement rate-setting strategies could be demonstrated to discriminate against MH/SUD providers. The Final Rules retain those requirements but now put greater emphasis on the results of network composition activities with regard to member access and require plans to pursue corrective actions to remediate any material disparities in that data. This focus on a robust “disparate impact” form of anti-discrimination analysis may lead to a meaningful increase in reimbursement for MH/SUD providers or other actions to more aggressively recruit them to participate in commercial health plan networks.

However, at present, it remains unclear which measures the Departments will ultimately require for reporting. Concurrent with the release of their Notice of Proposed Rulemaking on July 23, 2023, the Departments published Technical Release 2023-01P to solicit comments on key approaches to evaluating comparability and stringency for provider network access and reimbursement rates (including some that are referenced as examples in the Final Rules). Comments to the Technical Release highlighted significant concerns with nearly all of the proposed measures. For example, proposals to require analysis of MH/SUD and M/S provider reimbursement rates for commercial markets that are benchmarked to Medicare fee schedules in a simplistic way may fail to account for differences in population health and utilization, value-based reimbursement strategies, and a range of other factors with significant implications for financial and clinical models for both M/S and MH/SUD providers. Requirements to analyze the numbers or proportions of MH/SUD and M/S providers that are accepting new patients may be onerous for providers to report on and for plans to collect and may obscure significant nuances with regard to wait times, the urgency of the service, and the match between the provider’s training and service offerings to the patient’s need. Time and mileage standards highlighted by the Departments not only often fail to capture important access challenges experienced by patients who need MH/SUD care from sub-specialty providers or facilities but also fail to account for evolving service delivery models that may include options such as mobile units, school-based services, home visits, and telehealth. Among the measures identified in the Technical Release, minor differences in measure definitions and specifications can have significant impacts on the data outcomes, and few (if any) of the proposed measures have undergone any form of testing for reliability and validity.

Also, it is still not clear where the Departments will draw the lines for making final determinations of noncompliance with the Final Rules. For example, where a range of different data measures is evaluated, how will the Departments resolve data outcomes that are noisy, conflicting, or inconclusive? Similarly, where regulators do conclude that the data that are provided suggest a disparity in access, the Final Rules identify a highly robust set of potential corrective actions. However, it remains to be seen what scope of actions the Departments will determine to be “good enough” in practice.

Finally, we are interested in seeing what role private litigation will play in driving health plan compliance efforts and practical impacts for providers. To date, plaintiffs have found it challenging to pursue litigation on the basis of claims under MHPAEA, due in part to the highly complex arguments that must be made to evaluate MHPAEA compliance and in part to the challenge for plaintiffs to have adequate insight into plan policies, operations, and data across MH/SUD and M/S benefits to adequately assert a complaint under MHPAEA. Very few class action lawsuits or large settlements have occurred to date. These challenges for potential litigants may continue to limit the volume of litigation. However, to the extent that the additional guidance in the Final Rules does give rise to an uptick in successful litigation, it is possible that the courts may end up having a greater impact on health plan compliance strategies than regulators.

ENDNOTES

[1] 26 CFR 54.9812- 1(c)(4)(ii)(D), 29 CFR 2590.712(c)(4)(ii)(D), and 45 CFR 146.136(c)(4)(ii)(D).

[2] 26 CFR 54.9812- 1(c)(4)(ii)(E), 29 CFR 2590.712(c)(4)(ii)(E), and 45 CFR 146.136(c)(4)(ii)(E).

©2024 Epstein Becker & Green, P.C. All rights reserved.
For more on Mental Health, visit the NLR Health Law Managed Care section

Top Questions Health Care Providers Should Consider in a Post-Chevron World – A Polsinelli Round Table Discussion

Health Care is one of the most regulated industries in the country, and for many years, one of the key administrative agencies overseeing health care in the United States, the Department of Health and Human Services’ (“HHS”) Centers for Medicare & Medicaid Services (“CMS”), has enjoyed broad authority to regulate health care under the “Chevron doctrine.” Under this doctrine, CMS and other federal agencies were granted broad discretion to interpret and implement the law, thus allowing them to drive how care is delivered and paid for in the United States. It was difficult for providers to successfully challenge agency rulemaking in federal court, even if they thought the agency’s interpretation of the law was incorrect. The Supreme Court’s dismantling of Chevron doctrine will have a significant impact on health care providers, which we may begin to see as we move into CMS’s annual rulemaking cycle.

The Supreme Court’s decision to overturn Chevron was expected, but it is still too soon to truly understand the full impact of the decisions on the health care industry. A round table of attorneys and policy advisors from Polsinelli’s Health Care, Public Policy and Government Investigations Department discussed the potential short and long-term implications of the decision and offer the following insights for health care providers across this ever-changing industry for navigating the web of statutes, rules and other sub-regulatory guidance post-Chevron.

1. What do the Loper/Relentless Decisions Change for Health Care Organizations in the Short-Term? Has CMS’s Authority to Regulate Health Care Gone Away or Been Substantially Limited?

“Likely, not. Many of the health care regulations are based on clear statutory language and will continue to give providers the rules for the road from a compliance standpoint. More controversial rules – like mental health parity, payment cuts, surprise billing, antidiscrimination, etc. – may be further delayed or even tabled for the short term while we learn more about how these challenges will be viewed by the courts. To the extent health care providers are struggling with a rulemaking negatively impacting them, it is worth beginning to evaluate whether challenging it may be warranted.” – Bragg Hemme

“CMS’s authority to regulate today is just like yesterday and probably tomorrow. Without a challenger to a rule, any rule continues unchanged – at least for the short-term. We have already seen; however, some regulated entities challenge a particular rule to a federal court and get some immediate regulatory relief. Members of Congress who want to see large scale changes to regulatory authority may well pursue identification of rules that were upheld in lower courts citing Chevron with an eye towards vitiating those rules with broad Congressional action. There are thousands of such cases and potentially impacted rules.” – Jennifer Evans

“Where the crux of Loper Bright unravels the courts’ existing practice of deferring to regulators’ interpretation of a statute that is unclear or ambiguous, we can expect to see increased litigation that challenges agency action arguing that the foundational law for such action was ambiguous and the agency has exceeded its statutory authority. It is unlikely we will see any change in regulator action or regulatory enforcement unless and until courts begin to overturn agency action on the basis that a statute is ambiguous and the agency that interpretated the statute was incorrect. We can also expect to see increased legislation explicitly delegating more authority to agencies.” – Meredith Duncan and Sara Avakian

2. What are Some Specific Areas of Health Care Regulation that may be Impacted?  

Health Care Fraud, Waste, and Abuse Laws

“The overruling of Chevron may have a significant effect on the application of the health care fraud and abuse laws, particularly the Physician Self-Referral Law (“Stark Law”) and Anti-Kickback Statute (“AKS”). Over the years, agencies including the HHS Office of Inspector General (“OIG”) and CMS have published hundreds of pages of rules, preamble language, and explanatory sub-regulatory guidance regarding the application of these laws. Some of these interpretations favor regulated entities, while others favor enforcers. To the extent Loper Bright represents a fundamental change in the role of agencies in clarifying or refining the scope and effect of statutory language, these implementing regulations and, thus, some longstanding health care industry practices could be impacted.” – Neal Shah

Reimbursement

“Coverage and payment rules from CMS (Medicare and Medicaid) and DHA (TriCare) may be ripe for attack. It will be interesting to see if the agencies are able or willing to engage in active negotiations to avoid or settle litigation that they did not face with Chevron deference.” – Jennifer Evans

“I anticipate that many of the routine Medicare reimbursement-related rulemakings (e.g., IPPS, OPPS, Physician Fee Schedule) will continue as they have in the past. Certain aspects of those rules or any controversial rulemakings may now be up for challenge. For instance, rules related to Disproportionate Share Hospitals have already been challenged since the Loper Bright decision. Any type of payment cut or agency effort to rein in health care costs, like Medicare drug pricing rules, surprise billing, mental health parity will also be closely scrutinized and likely challenged.” – Bragg Hemme

FDA

“Immediate impact is likely to be felt by the Lab Developed Test rule FDA is trying to finalize. Congress tried, but failed, to give the FDA statutory authority in this space via the VALID Act. The FDA went ahead and went through the rulemaking process in one year. This was lightspeed for the FDA. The rule was challenged prior to the reversal of Chevron. I expect to see the plaintiff amending their complaint now.”  – Michael Gaba

Surprise Billing

“I expect the Loper/Relentless decisions will impact the continued rollout of the regulations implementing the No Surprises Act. Since the law went into effect in 2022, regulations and guidance implementing the No Surprises Act have been vacated following challenges under the Administrative Procedures Act on four separate occasions – and that was under the prior Chevron standard, which of course was more deferential to agency decisions. But there are more rules that the Agencies are expected to issue – both as a result of the prior lawsuits and as part of their ongoing obligation to implement the law – that will have a significant impact on how the No Surprises Act functions in practice. These rules will also likely depend on the Departments’ interpretation of the No Surprises Act, and such interpretation will now not be afforded the deference that existed in the pre-Loper/Relentless landscape.” – Josh Arters

3. What Areas of Health Care Regulation are less Likely to be Impacted?

HIPAA

“From an HHS data privacy/security/breach perspective, the Jarkesy and Chevron decisions will arguably have very little impact unless parties are willing to challenge HHS HIPAA decisions in court. In other words, HHS OCR is proceeding as normal, and will continue to do so, particularly given that the HIPAA Rules were codified and specifically modified by Congress in the HITECH Act in 2009. However, to the extent a client would like to appeal a civil money penalty directly to a district court (Jarkesy) or attack a specific provision of sub regulatory guidance post-Chevron (Loper Bright), we could certainly attempt to do so.” – Iliana Peters

Long-Term Care

“Long term care providers are unlikely to see any immediate changes in regulation or enforcement. In most authorizing statutes, Congress delegated authority to CMS to develop and implement conditions of participation, and the guidance that has been provided interpreting those rules. It is unlikely the Loper Bright decision will cause CMS to change its survey process or the remedies imposed therefrom. However, any regulation or sub-regulatory guidance, such as the State Operations Manual, which is not expressly authorized by statute or otherwise interprets an ambiguous statute could be ripe for litigation to challenge CMS’ authority and/or CMS’ interpretation of the statute. To determine whether specific regulations and guidance is subject to challenge will require careful consideration of the Social Security Act and the deference, if any, afforded to CMS for rulemaking.” – Meredith Duncan and Sara Avakian

State Licensing & Practice Rules

“Many of the laws that impact health care providers, such as professional or facility licensing requirements and corporate practice of medicine prohibitions, are state laws that are unlikely to be immediately impacted by Loper Bright. However, Loper Bright may become a catalyst for new challenges to state-level administrative actions, which could create uncertainty related to state agency actions, such as Medical Board rules or guidance.”  – Kathleen Sutton

4. What Issues Should Health Care Organizations Anticipate in the Long-Term?

“It is unclear if there will be rule/no rule ‘chaos’ for health care organizations. When we think of all of the arrangements that default to ‘compliance with laws’ those provisions may lose meaning and effectiveness if the underlying legal rule-structure is threatened” – Jennifer Evans

“With the rise of litigation to combat potentially adverse rulemakings, we may see disagreement within the provider community to the extent some providers are ’winners’ and others are ‘losers.’ Further, we could see the same rulemaking get treated differently by courts depending on where the rules are being challenged. This will be very difficult to navigate for national providers. Hopefully, this ruling will cause regulatory agencies to take more shareholder feedback in their rulemaking. We will likely see more work needed at a Congressional level, however, if a statute is required for things that have historically been dealt with at a regulatory level, causing a slowdown.  This will be a challenge, particularly for innovative providers that are changing care models or adopting new technology, for instance. Health care rules often were behind the evolution of health care. Requiring Congressional action may present some opportunities but will not make things move faster.” – Bragg Hemme

“In the long-term, health care organizations should anticipate an increased opportunity to challenge unlawful regulations that run afoul of Congressional action. That is generally a good thing. But a negative consequence of the Loper Bright decisions is the likely impact on the agency rulemaking process, and the time it might take for agencies to issue regulations. Agencies are likely to move a bit slower when issuing new regulations in light of the dramatic change to how their rulemaking will be scrutinized by the courts going forward.” – Josh Arters

“It is likely that Congress will carefully craft new statutes and delegate more clear authority to the administrative agencies charged with enforcement. We also anticipate agencies taking more time to carefully craft their rules and guidance to mitigate the challenges that could arise based on these decisions. For providers, this will only further delay an already backlogged process.” – Meredith Duncan and Sara Avakian

Loper Bright creates opportunities for health care organizations to challenge agency actions, but this opportunity comes at the expense of clarity and certainty that came from deference to agencies. The health care regulatory landscape is already complex and ever-changing, but the lack of uniformity that may result from different courts interpreting the same set of rules is going to create further complexity and confusion. The aftermath of Loper Bright may create a chilling effect for innovation or growth for health care businesses. Health care organizations will have to be strategic and stay up-to-date on the changing laws to maintain and grow their businesses while navigating this uncertainty.” – Kathleen Sutton

5. What can Health Care Organizations do if a CMS Rulemaking Has a Significant Impact on their Organization?

“If a rule isn’t working and there is a reasonable interpretation that the statue enabling the rule offers a better outcome, it may be time for health care organizations to start their engines and challenge rules that don’t match specific statutory requirements and fundamental principles. For example, think about adequate reimbursement and access to care. Does this reopen a provider’s ability to litigate payment rules that do not ensure access to care? Maybe.” – Jennifer Evans

“When faced with rulemaking that has a significant impact on operations, health care organizations might be presented with an opportunity to work with federal agencies to find a resolution without having to resort to litigation. Now that agencies understand that their rulemaking may be challenged under a less deferential standard, and, at least for now, most courts have held that a district court may vacate unlawful rules nationally, agencies might be more willing to find more creative and/or individualized solutions to the unique impact their rules might have on a particular health care organization.” – Josh Arters

6. Does this Decision Provide a Greater Ability for Health Care Providers to Advocate for Laws and Regulations to CMS and/or Congress?

“Providers have always had the opportunity to make a contribution in the public policy process; Loper means it is even more important. Engagement in the public policy process does not guarantee success, but lack of involvement almost certainly means a loss.  Both the legislature and agencies may be more open to negotiated laws and regulations. These processes will take longer, however.” – Julius Hobson

“Being part of the debate in the US Congress on health care legislation (and any legislation for that matter) is now more crucial than ever. Members of Congress will no longer be able to write laws that are ambiguous, which would give the agency of jurisdiction the authority to legislate through regulatory fiat. Congress now will be required to be more prescriptive in their laws, outlining specifically in statute the intent of the law. Congress currently relies on ‘report language’ that accompanies legislation, which expresses the legislative intent; however, the report language is not the black letter of the law and more often than not, the agency of jurisdiction ignores report language.  Finally, now that the Congress will need to be more prescriptive in its drafting of legislation Congress will be required be even more deliberative in crafting a bill. This will mean that laws will require more consensus to get the bills it works on approved.”  – Harry Sporidis

“In 2019, when the Supreme Court issued the Azar v. Allina Health Services decision, every component in CMS was tasked with reviewing, analyzing, and verifying that all the guidance materials had regulatory and/or statutory support. For a few years after the decision, CMS went through the rulemaking process for any guidance/policy that was not clearly articulated or supported by regulation. Now that the Supreme Court has overturned Chevron, CMS will likely conduct a similar exercise to determine all of the policy areas where the law is ambiguous, and the Agency has made the determination on how best to carry out the law. CMS will also likely consult with its legislative arm to work with Congress to clarify such laws. This undertaking will take CMS several years to complete. While CMS is engaged its review, there is an opportunity for health care organizations to engage with CMS to review policy position that result from an ambiguous statute and reconsider a more favorable interpretation on of the law.” – Ronke Fabayo

Sara Avakian, Iliana L. Peters, Kathleen Snow Sutton, Julius W. Hobson, Jr., Harry Sporidis, and Ronke Fabayo also contributed to this article.

© Polsinelli PC, Polsinelli LLP in California
by: Bragg E. HemmeJennifer L. EvansMeredith A. DuncanNeal D. Shah Michael M. Gaba, and Joshua D. Arters of Polsinelli PC

For more news on the Health Care Industry Post-Chevron, visit the NLR Health Law & Managed Care section.

HHS Publishes Final Rule to Support Reproductive Health Care Privacy

The Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization to eliminate the federal constitutional right to abortion continues to alter the legal landscape across the country. On April 26, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published the “HIPAA Privacy Rule to Support Reproductive Health Care Privacy” (the “Final Rule”).

The Final Rule—amending the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as well as the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act)—strengthens privacy protections related to the use and disclosure of reproductive health care information. HIPAA’s Privacy Rule limits the disclosure of protected health information (PHI) and is part of HHS’s efforts to ensure that patients will not be afraid to seek health care from, or share important information with, health care providers.

The Final Rule:

  • Prohibits the use or disclosure of PHI when it is sought to investigate or impose liability on individuals, health care providers, or others who seek, obtain, provide, or facilitate reproductive health care that is lawful under the circumstances in which such health care is provided, or to identify persons for such activities.
  • Requires covered entities and business associates to obtain a signed attestation that certain requests for PHI potentially related to reproductive health care are not for these prohibited purposes.
  • Requires covered entities to modify their NPPs to support reproductive health care privacy.

“Since the fall of Roe v. Wade, providers have shared concerns that when patients travel to their clinics for lawful care, their patients’ records will be sought, including when the patient goes home,” OCR Director Melanie Fontes Rainer said in a news release. OCR administers the Privacy Rule, which requires most health care providers, health plans, health care clearinghouses (“covered entities”) and business associates to safeguard the privacy of PHI.

Commenters to an earlier notice of proposed rulemaking (“2023 NPRM”) raised concerns that PHI related to reproductive health care would be used and disclosed to expose both patients and providers to investigation and liability under state abortion laws, particularly new and revived laws. This Final Rule is intended to prohibit the disclosure of PHI related to lawful reproductive health care—a change from the current Privacy Rule where an entity is generally permitted, but not required, to disclose relevant and material information in a legitimate law enforcement inquiry.

Key Takeaways

New Category of Protected Health Information. The Final Rule changes the HIPAA Privacy Rule by defining a new category of protected health information and adds a new “prohibited use and disclosure” under the HIPAA Privacy Rule at 45 CFR 164.502—mandating that a covered entity or business associate may not use or disclose PHI:

  • To conduct a criminal, civil, or administrative investigation into any person for the mere act of seeking, obtaining, providing, or facilitating “reproductive health care”;
  • To impose criminal, civil, or administrative liability on any “person” for the mere act of seeking, obtaining, providing or facilitating “reproductive health care”; and
  • To identify any “person” for any of those above described purposes.

Prohibition. Under the Final Rule, HIPAA-covered entities and business associates who receive requests for protected health information must make a reasonable determination that one or more of the following conditions exists:

  • The reproductive health care is lawful in the state in which such health care is provided under the circumstances in which it is provided (e.g., if a resident of one state traveled to another state to receive reproductive health care, such as an abortion, that is lawful in the state where such health care was provided).
  • The reproductive health care is protected, required, or authorized by federal law, including the U.S. Constitution, regardless of the state in which such health care is provided (e.g., reproductive health care such as contraception is protected by the Constitution).

Presumption. Such care is presumed lawful unless the HIPAA-covered entity or business associate has

  • actual knowledge that the reproductive care was not lawful under the circumstances it was provided; or
  • factual information supplied by the requester demonstrating a substantial factual basis that the reproductive health care was not lawful under the specific circumstances in which it was provided.

Attestation Requirement. The Final Rule adds 45 CFR § 164.509(c) to require a covered entity or business associate, when it receives a request for PHI potentially related to reproductive health care, to obtain a signed attestation from the requester. However, obtaining the attestation does not relieve a covered entity or business associate from its responsibility to determine whether the reproductive health care that may be the subject of the requested information was lawful. An attestation must contain the following elements:

  • A description of the information requested that identifies the information in a specific fashion, including one of the following:
    • The name(s) of any individual(s) whose protected health information is sought, if practicable;
    • If that name is not practicable, the name(s) or other specific identification of the person(s) or class of person(s) who are requested to make the use or disclosure;
  • The name or other specific identification of the person(s) or class of persons to whom the covered entity is to make the requested use or disclosure;
  • A clear statement that the use or disclosure is not for a purpose prohibited under 45 CFR § 164.502(a)(5)(iii)(i.e., identifying any person under the newly added prohibition);
  • A statement that a person may be subject to criminal penalties if they use or disclose the reproductive health information improperly;
  • Must be in plain language and contain the elements set forth in 45 CFR § 164.509(c) (inclusion of other elements not set forth in 45 CFR § 164.509(c) is prohibited); and
  • Must be signed by the person requesting the disclosure (which may take an electronic format).

The Final Rule prohibits the attestation from being “combined with” any other document (yet allows additional supporting information or documentation needed for the request to be submitted with the attestation (for example, a clearly labelled subpoena). While covered entities can develop their own attestation form, to reduce the compliance burden, HHS plans to publish a model attestation form prior to the compliance date.

Notices of Policy Practices. With the new processes for using and disclosing reproductive health information, covered entities must update their Notices of Privacy Practices (NPPs) required under 45 CFR § 164.520. For purposes of this Final Rule, updates to the NPPs must describe among other things the types and uses of disclosures of PHI that are prohibited under 45 CFR 164.502(a)(5)(iii). The notice should also contain a description of the uses and disclosures for which an attestation is required under the new 45 CFR § 164.509. Further, the Office of Management and Budget’s (OMB’s) Office of Information and Regulatory Affairs determined that this Final Rule meets the criteria in 5 USC § 804(2) for being a major rule because it is projected to have an annualized impact of more than $100,000,000 based on the number of covered entities and business associates that will have to implement these changes.

Practical Implications for HIPAA Covered Entities & Business Associates

Considering the significant changes this Final Rule introduces, there is no time like the present for covered entities and business associates to consider the compliance implications that a new category of PHI will have on existing HIPAA policies and procedures. In addition to developing and/or obtaining new attestation forms, making reasonable determinations of the lawfulness of reproductive health care and updating notices of privacy practices, privacy and security officers will likely need to evaluate the impact these changes will have on the policies that govern data dissemination, and the processes and procedures that may change as well. Covered entities and business associates will also likely want to include these changes into training for employees involved in these activities.

The Final Rule goes into effect on June 25, 2024, with a compliance date of December 23, 2024. The NPP requirements, however, take effect on February 16, 2026—consistent with OCR’s 42 CFR Part 2 Rule of February 16, 2024, so that covered entities regulated under both rules can implement changes to their NPPs at the same time.

HIPAA covered entities and business associates should consider the context and framework of the HIPAA Privacy Rule and these new modifications as they consider third-party requests for any PHI that may include reproductive health information (the current HIPAA Privacy Rule remains in effect until the new rule takes effect). If the new reproductive health prohibition is not applicable, HIPAA covered entities should still consider the fact that HIPAA otherwise permits, but does not require, them to disclose PHI under most of the HIPAA exceptions contained in 45 CFR § 164.512. Therefore, HIPAA affords covered entities the ability to protect the privacy interests of their patients, especially in the current post-Dobbs environment.

Covered entities and business associates now face the challenge of implementing these new requirements and training their workforce members on how to analyze and respond to requests that include reproductive health care information. Questions remain surrounding a covered entity or business associate’s burden of determining that the reproductive health care provided to an individual was in fact lawful. For example, if a complaint follows, does a covered entity have to account for the disclosures that are made? While the Final Rule is gender-neutral, what is the likelihood that it would be applied to men—could it? In any case, we will continue to monitor developments, including questions of how HIPAA and other privacy concerns interact with reproductive health care, in the wake of Dobbs. For more on the subject, please see our past blog on the 2023 proposed rule.

Ann W. Parks contributed to this article.

©2024 Epstein Becker & Green, P.C. All rights reserved.
For more on Reproductive Health Care, visit the NLR Health Law & Managed Care section.

Medicare Advantage: OIG Report Finds Improper Denials

On April 27,2022, the Office of Inspector General of the Department of Health and Human Services (OIG), Office of Evaluations and Inspections, issued a report on the performance of Medicare Advantage Organizations (MAOs) in approving care and payment consistently with Medicare coverage rules. In its review, OIG found that 13% of MAO denials of prior authorization requests should have been approved and that 18% of payment requests from providers were improperly denied. OIG also made a number of recommendations to the Center of Medicare and Medicaid Services (CMS) with respect to its oversight of MAOs.

Purpose and Method of the Study

OIG undertook the study to assess whether MAOs are appropriately providing access to medically necessary services and making payment to providers consistently with Medicare coverage rules. Since CMS pays MAOs principally by capitation, MAOs have a potential incentive to increase their profits by denying access to care of beneficiaries or by denying payments to providers. CMS’s annual audits of MAOs have indicated some persistent problems related to inappropriate denials of service and payment. As enrollment in Medicare Advantage continues to grow, OIG viewed it as important to ensure that medically necessary care is provided and that providers are paid appropriately.

OIG conducted the review by randomly selecting 250 denials of prior authorization requests and 250 payment request denials by 15 of the largest MAOs during a week in June of 2019. OIG had coding experts review the cases and had physician reviewers examine the medical records. Based on these reviews, OIG estimated the rates at which MAOs issued denials of services or payment that met Medicare coverage rules and MAO billing rules. OIG also examined the reasons for the inappropriate denials and the types of services involved.

Standards

MAOs must cover items and services included in fee-for-service Medicare, and may also elect to include additional items and services. MAOs are required to follow Medicare coverage rules that define what items and services are covered and under what circumstances. As the OIG states in the Report, MAOs “may not impose limitations – such as waiting periods or exclusions from coverage due to pre-existing conditions — that are not present in original Medicare.” In following Medicare coverage rules, MAOs are permitted to use additional denial criteria that were not developed by Medicare when they are deciding to authorize or pay for a service, provided the clinical criteria are “no more restrictive than original Medicare national and local coverage policies.” MAOs may also have their own billing and payment procedures, provided all providers are paid accurately, timely, and with an audit trial.

MAOs utilize prior authorization requests before care is furnished to manage care and payment requests from providers to approve payment for services provided. Beneficiaries and providers may appeal such decisions, and beneficiaries and providers are successful in many of the appeals (for a one-time period, as many as 75% of the appeals were granted).

Findings

Prior Authorization Denials

In the study, OIG found that 13% of prior authorization denials were for services that met Medicare coverage rules, thus delaying or denying care that likely should have been approved. MAOs made many of the denials by applying MAO clinical criteria that are not part of Medicare coverage rules. As an example, a follow-up MRI was denied for a beneficiary who had an adrenal lesion that was 1.5 cm in size, because the MAO required the beneficiary to wait one year for such lesions that are under 2 cm in size. OIG’s experts found such a requirement was not contained in Medicare coverage rules and was therefore inappropriate. Rather, the MRI was medically necessary to determine if the lesion was malignant.

OIG also found instances where MAOs requested further documentation that led to a denial of care when it was not furnished, as such additional documentation was not required to determine medical necessity. OIG’s reviewers found that either sufficient clinical information was in the medical record to authorize the care or the documentation requested was already contained in the medical record.

Payment Denials

OIG found in the study that 18% of payment denials fully met Medicare coverage rules and MAO payment policies. As a result of these denials, payment was delayed or precluded for services that should have been paid.

OIG found that common reasons for these inappropriate payment denials were human error in conducting manual reviews (for example, the reviewer not recognizing that a skilled nursing facility (SNF) was an in-network provider), and inaccurate programming.

OIG also found that advanced imaging services (including MRIs and CT scans), stays in post-acute facilities (including SNFs and inpatient rehabilitation facilities), and injections were the services that were most prominent in the inappropriate denials that should have been authorized for care and payment in accordance with Medicare coverage rules.

OIG Recommendations

Based on the study, OIG recommended that:

  • CMS should issue new guidance on both the appropriate and inappropriate use of MAO clinical criteria that are not contained in Medicare coverage rules. In particular, OIG recommended that CMS should more clearly define what it means when it states that MAO clinical criteria may not be “more restrictive” than Medicare coverage rules.

  • CMS should update its audit protocols to address issues identified in the report such as MAO use of clinical criteria and/or examine particular service types that led to more denials. OIG suggests CMS should consider enforcement actions for MAOs that demonstrate a pattern of inappropriate payment denials.

  • CMS should direct MAOs to identify and address the reasons that led to human errors.

CMS reviewed the OIG report and concurred with each of OIG’s recommendations. Those recommendations can affect future coverage decisions as well as utilization of prior authorization tools. AHIP, a national association of health care insurers, challenged the OIG’s sample size as inappropriate to support the agency’s conclusions, and defended prior authorization tools.

Takeaways

Given CMS’s concurrence with the report’s findings, we recommend that MAOs track these issues over the next several months in advance of CMS’s Final Rate Announcement for CY 2024.

MAOs should also be aware of potential False Claims Act (FCA) exposure in this area. FCA exposure can arise when a company seeks and receives payments despite being out of compliance with the basic terms for its participation. If an MAO knew it was denying claims that should be paid because they would be covered under traditional Medicare, but the MAO was still collecting full capitation, it is possible that a whistleblower or the government may pursue FCA liability. This risk warrants attention because whistleblowers can bring qui tam suits under the FCA, with resulting high costs for defense and potentially high penalties if a violation is proven (or settled to avoid further litigation). That said, an FCA suit based on this theory would raise serious questions, including whether any non-payment actually met the FCA’s “knowingly” standard (which includes reckless disregard), or whether any non-payment met the materiality threshold necessary to demonstrate a violation of the FCA.

Article By Alexis Finkelberg Bortniker, C. Frederick Geilfuss II, Matthew D. Krueger, Maureen F. Kwiecinski, and Kinal M. Patel at Foley & Lardner LLP

For more health law and managed care news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP