Tag: health care

Federal Court Strikes Down HIPAA Fee Limitations for Third-Party Medical Records Requests

On Jan. 29, 2020, OCR released a notice regarding a recent federal court ruling in the case of Ciox Health, LLC v. Azar, et al., where a federal judge in the District Court for the District of Columbia vacated the “third-party directive” within the individual right of access “insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to protected health information (“PHI”) of an individual … in an electronic format.”Additionally, the court held that the fee limitation set forth at 45 CFR § 164.524(c)(4) should only to an individual’s request for access to their own records, and does not apply to an individual’s request to transmit records to a third party.

The Ciox Health case centered on the restrictions the Department of Health and Human Services (“HHS”) and the Office for Civil Rights (“OCR”) put in place in the 2013 Omnibus Rule 2 and through informal guidance published in 2016 regarding fees that can be charged to patient in searching for, retrieving, and delivering their records and PHI as it pertains to third-party directives. Third-party directives are a mechanism promulgated by the HITECH Act that granted individuals the right to obtain a copy of their PHI maintained electronically, and “if the individual so chooses, to direct the covered entity to transmit such copy directly to an entity or person designed by the individual.”3 Additionally, the HIPAA Privacy Rule permits a reasonable cost-based fee to provide the individual (or the individual’s personal representative) with a copy of the individual’s PHI, or to direct a copy to a designated third party. The fee may include only the cost of certain labor, supplies, and postage (this fee is also referred to as the “Patient Rate”).4

The 2013 Omnibus Rule broadened the third-party directives to PHI maintained in any format, not just electronic records. Moreover, the 2013 Omnibus Rule amended the Patient Rate and required actual labor costs associated with the retrieval of electronic information to be excluded.5

In 2016, HHS issued a guidance document titled Individuals’ Right under HIPAA to Access their Health Information 45 C.F.R. § 164.524 (the “2016 Guidance”).6  The 2016 Guidance made two notable requirements that gave rise to the current litigation. Most significantly, HHS declared that the Patient Rate applies “when an individual directs a covered entity to send the PHI to a third party.”7

“This limitation,” HHS said, referring to the Patient Rate, “applies regardless of whether the individual has requested that the copy of PHI be sent to herself, or has directed that the covered entity send the copy directly to a third party designated by the individual (and it doesn’t matter who the third party is).”8

Additionally, in the 2016 Guidance, HHS provided a methodology to calculate the Patient Rate in requests for an electronic copy of PHI maintained electronically. The methodology would require the entity to determine a fee by calculating the actual allowable costs to fulfill each request or by using a schedule of costs based on the average allowable labor costs to fulfill standard requests. HHS also provided an option for entities to charge a flat rate for requests for electronic copies of PHI not to exceed $6.50 as an alternative to going through the process of calculating these costs.

In this case, HHS was sued by Ciox Health, a medical record retrieval company, over the changes to the Patient Rate set forth in both the 2013 Omnibus Rule and the 2016 Guidance. Ciox Health argued that the $6.50 flat fee is an arbitrary figure that bears no relation to the actual cost of honoring patient requests for copies of their health information, and such a low fee has negatively impacted its business. Ciox Health claims the 2013 Omnibus Rule and the 2016 Guidance, “unlawfully, unreasonably, arbitrarily and capriciously,” restrict the fees that can be charged by providers and their business associates for providing copies of the health information stored on patients.

The district court, in declaring the changes to the Patient Rate set forth in the 2013 Omnibus Rule unlawful, held that HHS cannot rely on its general rulemaking authority to supplement the limited-scope, third-party directive enacted by Congress in the HITECH Act. The court held that the 2013 Omnibus Rule’s expansion of the third-party directive is therefore arbitrary and capricious. Moreover, the district court held that the 2016 Guidance that worked a change into the Patient Rate was akin to a legislative rule that HHS had no authority to adopt without notice and comment. As a result, the court vacated the 2013 Omnibus Rule’s expansion of the HITECH Act’s third-party directive beyond requests for a copy of electronic records with respect to PHI of an individual in an electronic format. The court also declared unlawful and vacated the 2016 Guidance as it extended the Patient Rate to third-party directives without going through notice and comment.

Health care providers and medical records access companies are no longer required to limit the fees charged to their average costs, or charge a $6.50 flat fee, when a patient requests their medical records be transmitted to a third party. The fee limitations will still apply to individuals when they request their own records, however, as decided in the Ciox Health decision, on January 23, 2020.

OCR released a notice on Jan. 29, 2020 that the right of individuals to access their own records and any fee limitations that apply when exercising this right still apply. However, OCR appears to have at least accepted this ruling for now, as it pertains to third-party directives. OCR stated that it will continue to enforce the right of access provisions in 45 CFR § 164.524 that are not restricted by the court order. The court order can be viewed here.

[1] Ciox Health, LLC v. Azar, et al., No. 18-cv-0040 (D.D.C. January 23, 2020)

[2] See Modifications to the HIPAA Privacy, Security,

Enforcement, and Breach Notification Rules Under the [HITECH] Act and the Genetic

Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, 78 Fed. Reg. 5,566

(Jan. 25, 2013).

[3] 42 U.S.C. § 17935(e);

[4] 45 CFR § 164.524(c)(4)

[5] 78 Fed. Reg. at 5,636.

[6] This guidance is available at this link: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.

[7] Id. at 16.

[8] Id.

© 2020 Dinsmore & Shohl LLP. All rights reserved.

For more on HIPAA medical-records regulation, see the National Law Review Health Law & Managed Care section.

Growing Number of States Enact Drug Pricing Transparency Laws

Drug prices continue to be a hot button issue in American politics.  While many of the Trump Administration’s efforts to curb increasing drug prices stalled in 2019, a number of state legislatures have adopted drug price transparency laws in recent years.  Since 2015, Vermont, Nevada, California, Maryland, Louisiana, New York, Oregon, Colorado, Connecticut, Maine, Texas, and Washington have all adopted drug pricing transparency laws.  These laws are designed to incentivize manufactures to lower drug prices by requiring them to report information about drug price increases and their justification for how drug prices are set.  We have been tracking and summarizing these laws, and you can find our summary here.

Below is a brief overview of the trends that we’re seeing in state drug price transparency laws.

  • State Laws Requiring Manufacturer Reporting on Drug Price Increases.  The most prevalent type of drug price transparency laws requires manufacturers to report an extensive amount of information about drug price increases.  Generally, states require manufacturers to report the information to a state government agency (e.g., Oregon), but other states (e.g., California) require manufacturers to provide advance notice of drug price increases to purchasers.  Generally, reporting requirements are triggered when the wholesale acquisition cost (WAC) increases over a certain dollar threshold or when the net increase of the WAC increases a certain percentage over the course of a year.
  • State Laws Requiring Manufacturer Reporting for Specific Drugs Identified by the State or Certain Types of Drugs. Several states (e.g., Connecticut and Vermont) authorize an independent board to compile a list of drugs on which the state spends significant dollars and/or for which the WAC has increased significantly over the past year or past five years.  Manufacturers of the drugs identified by the board are required to report certain information about the drugs’ costs and pricing.  The reporting requirements in other state laws are specific to certain types of drugs.  For example, Nevada’s drug price transparency law initially applied only to forms of insulin and biguanides, which are essential for diabetes treatment.  In 2019, Nevada expanded the law to apply to prescription drugs essential for asthma treatment as well.
  • State Laws Requiring Pharmacy Benefit Managers (PBMs) to Disclose Manufacturer Rebates.  These laws place accountability for drug price increases on PBMs by requiring them to disclose the amount of rebates they negotiate and retain from manufacturers.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

ARTICLE BY Rachel E. Yount of Mintz.
For more drug pricing transparency developments see the National Law Review Biotech, Food & Drug law page.

Offered Free Cyber Services? You May Not Need to Look That Gift Horse in the Mouth Any Longer.

Cyberattacks continue to plague health care entities. In an effort to promote improved cybersecurity and prevent those attacks, HHS has proposed new rules under Stark and the Anti-Kickback Statute (“AKS”) to protect in-kind donations of cybersecurity technology and related services from hospitals to physician groups. There is already an EHR exception1 which protects certain donations of software, information technology and training associated with (and closely related to) an EHR, and HHS is now clarifying that this existing exception has always been available to protect certain cybersecurity software and services. However, the new proposed rule explicitly addresses cybersecurity and is designed to be more permissive then the existing EHR protection.

The proposed exception under Stark and safe harbor under AKS are substantially similar and unless noted, the following analysis applies to both. The proposed rules allow for the donation of cybersecurity technology such as malware prevention and encryption software. The donation of hardware is not currently contemplated, but HHS is soliciting comment on this matter as discussed below. Specifically, the proposed rules also allow for the donation of cybersecurity services that are necessary to implement and maintain cybersecurity of the recipient’s systems. Such services could include:

  • Services associated with developing, installing, and updating cybersecurity software;

  • Cybersecurity training, including breach response, troubleshooting and general “help desk” services;

  • Business continuity and data recovery services;

  • “Cybersecurity as a service” models that rely on a third-party service provider to manage, monitor, or operate cybersecurity of a recipient;

  • Services associated with performing a cybersecurity risk assessment or analysis, vulnerability analysis, or penetration test; or

  • Services associated with sharing information about known cyber threats, and assisting recipients responding to threats or attacks on their systems.

The intent of these rules is to allow the donation of these cybersecurity technology and services in order to encourage its proliferation throughout the health care community, and especially with providers who may not be able to afford to undertake such efforts on their own. Therefore, these rules are expressly intended to be less restrictive than the previous EHR exception and safe harbor. The proposed restrictions are as follows2:

  • The donation must be necessary to implement, maintain, or reestablish cybersecurity;

  • The donor cannot condition the donations on the making of referrals by the recipient, and the making of referrals by the recipient cannot be conditioned on receiving a donation; and

  • The donation arrangement must be documented in writing.

AKS has an additional requirement that the donor must not shift the costs of any technology or services to a Federal health care program. Currently, there are no “deeming provisions” within these proposed rules for the purpose of meeting the necessity requirement, but HHS is considering, and is seeking comment on, whether to add deeming provisions which essentially designate certain arrangements as acceptable. Some in the industry appreciate the safety of knowing what is expressly considered acceptable and others find this approach more restrictive out of fears that the list comes to be considered exhaustive.

HHS is also considering adding a restriction regarding what types of entities are eligible for the donation. Previously for other rules, HHS has distinguished between entities with direct and primary patient care relationships, such as hospitals and physician practices, and suppliers of ancillary services, such as laboratories and device manufacturers.

Additionally, HHS is soliciting comment on whether to allow the donation of cybersecurity hardware to entities for which a risk assessment identifies a risk to the donor’s cybersecurity. Under this potential rule, the recipient must also have a risk assessment stating that the hardware would reasonably address a threat.

1 AKS Safe Harbor 42 CFR §1001.952(y); Stark Exception §411.357(bb)
2 AKS Safe Harbor 42 CFR §1001.952(jj); Stark Exception §411.357(w)(4)

©2020 von Briesen & Roper, s.c

More on cybersecurity software donation regulation on the National Law Review Communications, Media & Internet law page.

Health Law Section Report – September-December 2019

  • On September 16, 2019, at 51 N.J.R. 1462(a), the Department of Human Services, Division of Medical Assistance and Health Services, published an adoption of a correction to an error in the text of the definition of “nurse delegation” in the definitions set forth in N.J.A.C. 10:60-1.2. During the comment period, Disability Rights New Jersey (DRNJ) submitted a comment pertaining to the definition of nurse delegation. As part of the comment, DRNJ requested DMAHS to add “pursuant to N.J.A.C. 13:37-6.2” after “selected nursing tasks” to clarify what selected nursing tasks referred to (see Comment 16). DMAHS agreed to the change; however, in making the addition upon adoption, DMAHS inadvertently added the cross-reference as “N.J.A.C. 10:37-6.2.” The adoption corrects the error and inputs pursuant to N.J.A.C. 13:37-6.2.
  • On October 7, 2019, at 51 N.J.R. 1493(a), the Department of Human Services, Division of Medical Assistance and Health Services, published a rule proposal for a new chapter, N.J.A.C. 10:52B, to implement The County Option Hospital Fee Pilot Program. The purpose of the pilot program is to increase financial resources through the Medicaid/NJ FamilyCare program to support local hospitals in providing necessary services to low-income residents. The pilot program shall be in effect for a period of five years from April 30, 2019 and will end on April 30, 2024.
  • On October 7, 2019, at 51 N.J.R 1514(a), the Department of Law and Public Safety, Division of Consumer Affairs, Board of Medical Examiners, adopted an amendment to the athletic trainer continuing legal education requirement at N.J.A.C. 13:35-10.21, to require one credit in topics concerning prescription opioid drugs, including the risks and signs of opioid abuse, addiction, and diversion, commencing with the biennial renewal period beginning on February 1, 2019.
  • On October 7, 2019, at 51 N.J.R 1546(a), the Commissioner of the Department of Health published a notice of petition for rulemaking submitted by the New Jersey Hospital Association to make certain amendments to N.J.A.C. 8:43G Hospital Licensing Standards, Subchapter 14 Infection Control, N.J.A.C. 8:43G-14.9, Sepsis protocols, as recommended by CMS and the Surviving Sepsis Campaign, known as Sepsis-1.
  • On October 21, 2019 at 51 N.J.R. 1568(a), the Department of Law and Public Safety, Division of Consumer Affairs, Board of Physical Therapy Examiners, published a proposal to amend rules for supervision of licensed physical therapy assistants to clarify the record keeping regulations (N.J.A.C. 13:39A-7.2 and 7.3) in a manner that in the event patient records are maintained on computer recordkeeping systems that do not permit a supervising licensed physical therapist to sign a licensed physical therapist assistant’s notes, the supervising licensed physical therapist will be able to enter a separate note in the record indicating that he or she reviewed the licensed physical therapist assistant’s notes or the plan of care with the physical therapist assistant. This is meant to avoid a de facto dual signature requirement.
  • On November 4, 2019 at 51 N.J.R. 1597(a), the Department of Law and Public Safety, Division of Consumer Affairs, Board of Medical Examiners proposed amendments to its existing rules concerning graduate medical education programs in order to update the eligibility requirements for graduates of international medical schools who seek licensure or authorization to engage in the practice of medicine as residents. The proposed amendments would replace outdated restrictions on graduates of international medical schools pursuing licensure or authorization in New Jersey and allow the Board to rely on recognized accrediting bodies for international medical schools that adhere to standards substantially similar to the bodies that accredit domestic medical schools. By expanding eligibility, the proposed amendments may positively affect the supply of physicians practicing in the State. The proposal seeks to amend N.J.A.C. 13:35-1.5, 3.11, and 3.11A.
  • On November 4, 2019 at 51 N.J.R. 1600(a) the Department of Law and Public Safety, Division of Consumer Affairs, Audiology and Speech-Language Pathology Advisory Committee (Committee) proposes new rules to effectuate the provisions of the telemedicine and telehealth statute for licensed audiologists and/or speech-language pathologists. The proposed new rules would be codified at N.J.A.C. 13:44C-11.
  • On November 18, 2019, at 51 N.J.R. 1638(a), the Department of Law and Public Safety, Division of Consumer Affairs, State Board of Dentistry, proposed amendments, repeals, and new rules to: 1) implement new laws; 2) update rules, terminology, citations, website addresses, and the names of the licensure examinations; and 3) clarify and codify current standards of practice and licensure and registration requirements. The rulemaking reflects updates related to statutory changes, additions to enhance the safety of patients receiving dental services and those working in the profession, and identifies continuing education courses that must be completed in each renewal period. In response to adverse incident reports and news articles from across the country, the Board is proposing amendments to the sedation rules to enhance the safety of patients receiving dental services. Because the Board is seeing incidents of trained individuals achieving a deeper level of sedation than intended, the Board wants to provide more guidance to the regulated community as to what is expected so as to enhance patient safety. See N.J.A.C. 13:30. Comments due January 17, 2020.
  • On November 18, 2019, at 51 N.J.R. 1664(a), the Department of Law and Public Safety, Division of Consumer Affairs, State Acupuncture Examining Board (Board) proposed to amend N.J.A.C. 13:35-9.20 to require licensed acupuncturists to hold current certification in cardiopulmonary resuscitation (CPR), first aid, and the use of an automated external defibrillator (AED) as part of continuing education required to renew licensure. The certification must be from the American Heart Association, or a substantially similar course approved by the American Red Cross, National Safety Council, Coyne First Aid, Inc., American Safety and Health Institute, EMP International Inc., or EMS Safety Services Inc. In recognition of the hours required to obtain the certification, the Board proposes to reduce the number of required continuing education hours from 30 to 26. The Board is changing the total credits that could be obtained by certain methods to reflect that half of the total required hours will be 13 rather than 15. The Board also proposes to allow licensees who complete more than the continuing education hours required to renew licensure to apply those additional hours to the immediately succeeding biennial license renewal period. See N.J.A.C. 13:35-9.20.
  • On November 18, 2019, at 51 N.J.R. 1666(a), the Department of Law and Public Safety, Division of Consumer Affairs, Board of Massage and Bodywork Therapy proposed amendments that would require applicants for licensure and licensed massage and bodywork therapists to physically attend CPR, first aid, and use of an automated external defibrillator (AED) courses, would require licensed massage and bodywork therapists to complete continuing education in laws and rules pertinent to the practice of massage and bodywork therapy, and would end recognition of continuing education courses provided by schools, colleges, or universities. See N.J.A.C. 13:37A-2.1, 2.2, 2.3, 4.1, and 4.2.
  • On November 18, 2019, at 51 N.J.R. 1674(a), the Department of Law and Public Safety, Division of Consumer Affairs, State Board Of Marriage And Family Therapy Examiners, Art Therapists Advisory Committee adopted new rules at N.J.A.C. 13:34D requiring licensure of art therapists and providing rules governing licensed art therapists. The new rules require licensed art therapists to preserve the confidentiality of information obtained from a client in the course of professional treatment unless disclosure is required by Federal law and requires an art therapist whose client has explicitly waived the art therapist-client confidentiality privilege to release client information to a third-party payor whose benefit plan is qualified under the Federal Employee Retirement Income Security Act (ERISA). In addition, the new regulations provide that failure to comply with Federal laws related to the practice of art therapy will be deemed professional misconduct. See N.J.A.C. 13:34D.
  • On November 18, 2019, 51 N.J.R. 1688(a), the Department of Law and Public Safety, Division of Consumer Affairs, Board of Massage and Bodywork Therapy readopted rules with amendments, adopted repeals and new rules regarding licensure, reinstatement and reporting of misconduct, record keeping and business registration. See N.J.A.C. 3:37A.
  • On November 18, 2019, 51 N.J.R. 1691(a), the Department of Law and Public Safety, Division of Consumer Affairs, Orthotics and Prosthetics Board adopted a new rule regarding the abandonment of license applications due to incomplete information on the application or a one year lapse in submission of information requested by the Board. See N.J.A.C. 13:44H-3.5A.
  • On November 18, 2019, 51 N.J.R. 1691(b), the Department of Law and Public Safety, Division of Consumer Affairs, Orthotics and Prosthetics Board adopted a new rule to implement the telemedicine statute and to permit the use of telemedicine and telehealth by licensed orthotist, orthotist assistant, pedorthist, prosthetist, prosthetist assistant, prosthetist-orthotist, or prosthetist-orthotist assistant. See N.J.A.C. 13:44H-11.
  • On December 2, 2019, at 51 N.J.R. 1761(a), the Department of Law and Public Safety, Division of Consumer Affairs, State Board Of Marriage And Family Therapy Examiners, Alcohol & Drug Counselor Committee adopted amendments to the rules regarding who may provide clinical supervision to interns and counselors. See N.J.A.C. 13:34C-6.2, 6.2A, and 6.3.
  • On December 2, 2019, at 51 N.J.R. 1806(a), the Commissioner of the Department of Health published a notice of action on rulemaking by announcing that more time is required for deliberating on the adoption of new sepsis protocols for hospitals, as proposed on October 7, 2019 at 51 N.J.R 1546(a).
  • On December 16, 2019, at 51 N.J.R. 1841(a), the Department of Law and Public Safety, Division of Consumer Affairs, State Board of Physical Therapy Examiners proposed an amendment and new rule recognizing the provisions of the Compact privileges that would require physical therapists and physical therapist assistants working in New Jersey, under Compact privileges, to comply with Board rules, except for those governing credentialing of applicants, license renewal, and continuing education. The proposed amendment and new rule require those seeking to work in New Jersey, pursuant to Compact privileges, to pass the State jurisprudence examination and to pay the Compact privilege fee ($40).
  • On December 16, 2019, at 51 N.J.R. 1849(ab), the Department of Law and Public Safety, Division of Consumer Affairs, State Board of Medical Examiners adopted amendments to the rules regarding continuing medical education that would permit up to 10 hours volunteer medical service to uninsured low income patients to count towards the required CME requirement. See N.J.A.C. 13:35-6.15.

© 2020 Giordano, Halleran & Ciesla, P.C. All Rights Reserved

For more health care developments in New Jersey and other states, see the National Law Review Health Law & Managed Care section.

 

Five Suggestions for Elder Care If You or Your Elderly Parents Have “One Foot on the Banana Peel”

Shana and I recently had a new client, “Jane,” that came to see us because she was concerned about her elderly parents. Both are in their 90s and although they are still living independently, she is noticing both a physical and cognitive decline in both.  She described them as having “one foot on the banana peel,” recognizing that they are one fall or illness away from no longer being able to maintain their current lifestyle.

As with many of our clients, they are resistant to making any changes and she is worried about what will happen. Jane lives a distance from her parents, works full time, and has her own teenage children. She came to us for assistance in understanding what she can do to help them. Here are five suggestions we made for her:

1. Changes to Powers of Attorney and Health Care Proxy

Jane’s parents’ existing legal documents have each other as primary agents and neither is able to act in that capacity. Jane is handling their bill paying and taking them to MD appointments and it will be easier for her to continue this role with the appropriate legal documents naming her as the primary agent.

2. Financial Planning

Jane’s parents have limited liquid assets and own their home. Their monthly income does not cover their expenses, so they are drawing from those assets every month. This plan will not work long term if either needs to hire a caregiver to help them at home due to the high cost. We helped Jane to understand the realities of paying for care and the limited coverage of Medicare. We also explained the criteria for Medicaid eligibility, the application process and the problem with using Medicaid to pay for home care. We stressed the importance of Jane and her parents exploring alternative living situations that may better meet their needs while they still had funds and ensuring that they found a facility that would allow them to spend down to Medicaid when their funds are exhausted.

3. Home Evaluation

Jane’s parents live in a bi-level home with stairs to enter and Jane is very concerned about their safety. We recommended a home evaluation to determine what modifications can be done to the home to make it safer. These modifications can be simple such as a tub bench, so they don’t have to step over the tub to get into the shower or more complex such as a stairlift or emergency alert system.

4. Medication Management

Jane’s parents have multiple medical conditions and each takes many medications. They often forget to take their medications or take them incorrectly. This is a very serious issue and often leads to unnecessary hospitalization which can precipitate a downward spiral. We discussed a variety of options, including a visiting nurse and an automatic medication dispenser.

5. Take a Deep Breath

As with all our clients, Jane loves her parents and wants what is best for them. However, her vision of what is best for them doesn’t necessarily coincide with their vision. As a caregiver-child myself, I can very much relate to her frustration of having a clear idea of what will improve an elderly parent’s quality and/or quantity of life and having that parent refuse to make a change. Sometimes small changes are acceptable and they can make a difference and prolong stability. But very often the best we can do is to plan for the emergency and know we have done the best we can.

©2020, Norris McLaughlin & Marcus, P.A., All Rights Reserved

For more on caring for elderly relations, see the National Law Review Family Law, Divorce & Custody type-of-law section.

HHS HIV Drug Lawsuit: Setting Precedent for Other High Priced Medications or Government Collaborations?

On November 6, 2019, the bonds between the U.S. government and pharmaceutical companies were stretched when the U.S. Department of Health and Human Services (“HHS”) filed a patent infringement lawsuit against Gilead Sciences in Delaware federal court regarding Gilead’s popular HIV drugs, Truvada® and Descovy®.  HHS rarely sues for patent infringement.  In fact, the U.S. government and pharmaceutical companies typically have collaborative relationships.  For example, Gilead provided the Center for Disease Control and Prevention (“CDC”) with free drugs for government experiments to expand treatment for certain diseases.  So, what happened?

In 2004, Gilead—after receiving patent protection—began selling Truvada® to treat people already infected with HIV.  The CDC later investigated whether Truvada® could be used as a prophylactic to prevent HIV in monkeys and received patent protection for four key patents that “generally cover processes for protecting a primate or human host from a self-replicating infection by an immunodeficiency retrovirus, including HIV.”  (Complaint, ¶ 196).  Specifically, the claimed inventions provide protection “by a combination of nucleoside reverse transcriptase inhibitor, such as FTC, and a nucleotide reverse transcriptase inhibitor, such as tenofovir, or esters/prodrugs of tenofovir, such as TDF or TAF.” Id. Gilead donated the FTC, TDF, and tenofovir used in the CDC’s research, but its personnel do not appear to have otherwise assisted in the research.

The government alleges that first, it helped develop the drug with Gilead, and second, that Gilead “repeatedly refused to obtain a license from CDC to use the patented regimens” and “profited from research funded by hundreds of millions of taxpayer dollars[,]” without paying any royalties to the CDC.  HHS seeks damages and royalties for Gilead’s alleged infringement.  Many speculate that HHS’s motivation goes beyond royalties to something deeper: to increase access and decrease the price of Truvada® and Descovy® for pre-exposure prophylaxis (“PrEP”).

One goal identified by the Trump administration is to eradicate new cases of HIV and AIDS by 2030.  In fact, the administration requested $291 million for this initiative in May 2019. Truvada® and Descovy® play a critical role in PrEP.  PrEP is stated to be a highly-effective HIV prevention strategy that may play a vital role in ending the global HIV and AIDS epidemic.  However, PrEP is not as widely used as it could be.  Some allege that the limited use is related to limited access to the drugs—which in turn could be due in part to the high cost.  In the United States, Truvada® costs roughly $1,782 a month.[1]  Some have speculated that this suit is part of the Trump administration’s initiative to lower PrEP prices and end the HIV epidemic in the United States.  But is there more?

Political anger and public outcry over drug costs has increased over the years.  Three years ago, a national controversy erupted over the price of EpiPen injectors manufactured by Mylan pharmaceuticals.  In 2008, EpiPens cost about $100.  In 2016, that price rose to $600.  This price increase outraged customers and put the company at the forefront of the debate over drug costs.  Public outrage, coupled with a whistleblower lawsuit, led Mylan to finalize a $465 million settlement with the U.S. Justice Department over claims that it overcharged the government for EpiPens.

The EpiPen controversy, coupled with the HHS lawsuit against Gilead, may signal to pharmaceutical companies across the country that the U.S. government is ready and willing to step in and demand lower drug prices.  Accordingly, this case may be an important bellwether and should be followed by those with interests in these areas.

[1] Descovy® is new to the market, so the average monthly cost is unknown.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

ARTICLE BY Aarti Shah and  Kara E. Grogan of Mintz.
For more on drug patents, see the National Law Review Intellectual Property law page.

CMS Issues Final Regulations For Hospital Price Transparency

On November 15, 2019, the U.S. Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) announced final regulations implementing greater price transparency requirements for hospitals. Issued on the heels of a Trump Administration Executive Order directing HHS to propose regulations on increased price transparency, the new regulations modify and finalize CMS’ earlier guidance implementing section 2718(e) of the Public Health Service Act, to further expand price transparency requirements for hospitals. (See our previous analysis of the Executive Order here.) Effective January 1, 2021, the new regulations will be located at 45 C.F.R. 180.00 et. seq. and will require hospitals to make accessible specific “standard charge” pricing data for all “items and services” provided. Furthermore, the regulations include special requirements for posting pricing information about “shoppable services.” Key details are summarized below:

Important Definitions (45 CFR 180.20)

  • Hospital. The regulations apply to any institution licensed as a hospital under applicable state law.
  • Items and Services. The regulations require pricing data on all items and services “including individual items and services and service packages, that could be provided by a hospital to a patient in connection with an inpatient admission or an outpatient department visit for which the hospital has established a standard charge.”
  • Shoppable Service. The regulations define a shoppable service as a service that a consumer can schedule in advance.
  • Standard Charge. Hospitals must post the following five standard charges:
    1. Gross charge – The price on the hospital’s chargemaster with no discounts.
    2. Payer-specific negotiated charge – The charge negotiated with a third-party payer.
    3. De-identified minimum negotiated charge – The lowest charge the hospital has negotiated with all third-party payers for an item or service.
    4. De-identified maximum negotiated charge – The highest charge the hospital has negotiated with all third-party payers for an item or service.
    5. Discounted cash price – The charge for an individual who pays cash for an item or service.

Substantive Requirements (45 CFR 180.40-180.60)

All hospitals must now make public two items related to pricing; (a) a machine-readable file containing a list of all standard charges for all items and services, and (b) a consumer-friendly list of standard charges for a limited set of shoppable services. Each of these components are described in more detail below.

  • All Items and Services. Each hospital must establish a list of standard charges for all items and services they provide. This list must include a description of each item or service, the five standard charges (applicable to both inpatient and outpatient services), and any common identifier billing or accounting code used by the hospital. This information must be published on a publicly accessible website in a single searchable digital file without any barriers to access. The posting requirement will apply to each hospital location operating under the same license if the location has different standard charges.
  • Shoppable Services. Each hospital must establish a list of standard charges for 300 shoppable services. This list must include any of the 70 CMS-specified shoppable services the hospital provides and as many additional shoppable services determined by the hospital as needed to reach the 300-service threshold (unless the hospital does not provide 300, then all must be published). The list must include a plain language description of the service, indicators of CMS shoppable services that are not offered, the standard charges – except for the gross charge – for all shoppable services (the gross charge only needs to be posted if the hospital does not offer a discounted cash price), the locations where the shoppable service is provided and any location-specific pricing, and any common identifier billing or accounting code used by the hospital. The hospital may choose the format of publication, but it must be on the internet, accessible without barriers, and prominently located. Compliance with this requirement can occur if a hospital maintains an internet-based price estimator tool for the relevant services.

Enforcement (45 CFR 180.70-180.90)

CMS will monitor compliance by fielding complaints about hospitals, reviewing individuals’ or entities’ analysis of noncompliance, and auditing hospital websites. If noncompliance is detected, CMS will have the authority to issue warning letters, request a corrective action plan, and potentially impose civil monetary penalties up to a maximum of $300 per day.

The regulations go into effect January 1, 2021, giving hospitals a little more than a year to develop a plan for compliance.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.

More on CMS & HHS regulations on the National Law Review Health Law & Managed Care page.

Federal Court Temporarily Blocks Health Insurance Requirement for Immigrant Visa Applicants

On November 2, 2019, the U.S. District Court for the District of Oregon issued a temporary restraining order, blocking the Trump administration from enforcing a recent presidential proclamation requiring health insurance for immigrant visa applicants. The proclamation, which had been scheduled to take effect on November 3, 2019, would have required certain immigrant visa applicants to prove that within 30 days of their entering the United States they would have approved health insurance or that they otherwise possessed the “financial resources” to cover “reasonably foreseeable medical costs.”

The restraining order will remain in effect for 28 days. In the meantime, the court will hear arguments on November 22, 2019, to determine if the proclamation warrants a preliminary injunction.

© 2019, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

More on immigration on the Immigration Law page of the National Law Review.

CMS’s Request for Information Provides Additional Signal That AI Will Revolutionize Healthcare

On October 22, 2019, the Centers for Medicare and Medicaid Services (“CMS”) issued a Request for Information (“RFI”) to obtain input on how CMS can utilize Artificial Intelligence (“AI”) and other new technologies to improve its operations.  CMS’ objectives to leverage AI chiefly include identifying and preventing fraud, waste, and abuse.  The RFI specifically states CMS’ aim “to ensure proper claims payment, reduce provider burden, and overall, conduct program integrity activities in a more efficient manner.”  The RFI follows last month’s White House Summit on Artificial Intelligence in Government, where over 175 government leaders and industry experts gathered to discuss how the Federal government can adopt AI “to achieve its mission and improve services to the American people.”

Advances in AI technologies have made the possibility of automated fraud detection at exponentially greater speed and scale a reality. A 2018 study by consulting firm McKinsey & Company estimated that machine learning could help US health insurance companies reduce fraud, waste, and abuse by $20-30 billion.  Indeed, in 2018 alone, improper payments accounted for roughly $31 billion of Medicare’s net costs. CMS is now looking to AI to prevent improper payments, rather than the current “pay and chase” approach to detection.

CMS currently relies on its records system to detect fraud. Currently, humans remain the predominant detectors of fraud in the CMS system. This has resulted in inefficient detection capabilities, and these traditional fraud detection approaches have been decreasingly successful in light of the changing health care landscape.  This problem is particularly prevalent as CMS transitions to value-based payment arrangements.  In a recent blog post, CMS Administrator, Seema Verma, revealed that reliance on humans to detect fraud resulted in reviews of less than one-percent of medical records associated with items and services billed to Medicare.  This lack of scale and speed arguably allows many improper payments to go undetected.

Fortunately, AI manufacturers and developers have been leveraging AI to detect fraud for some time in various industries. For example, the financial and insurance industries already leverage AI to detect fraudulent patterns. However, leveraging AI technology involves more than simply obtaining the technology. Before AI can be used for fraud detection, the time-consuming process of amassing large quantities of high quality, interoperable data must occur. Further, AI algorithms need to be optimized through iterative human quality reviews. Finally, testing the accuracy of the trained AI is crucial before it can be relied upon in a production system.

In the RFI, CMS poses many questions to AI vendors, healthcare providers and suppliers that likely would be addressed by regulation.  Before the Federal government relies on AI to detect fraud, CMS must gain assurances that AI technologies will not return inaccurate or incorrect outputs that could negatively impact providers and patients. One key question raised involves how to assess the effectiveness of AI technology and how to measure and maintain its accuracy. The answer to this question should factor heavily into the risk calculation of CMS using AI in its fraud detection activities. Interestingly, companies seeking to automate revenue cycle management processes using AI have to grapple with the same concerns.  Without adequate compliance mechanisms in place around the development, implementation and use of AI tools for these purposes, companies could be subject to high risk of legal liability under Federal False Claims Act or similar fraud and abuse laws and regulations.

In addition to fraud detection, the RFI is seeking advice as to whether new technology could help CMS identify “potentially problematic affiliations” in terms of business ownership and registration.  Similarly, CMS is interested to gain feedback on whether AI and machine learning could speed up current expensive and time-consuming Medicare claim review processes and Medicare Advantage audits.

It is likely that this RFI is one of many signals that AI will revolutionize how healthcare is covered and paid for moving forward.  We encourage you to weigh in on this on-going debate to help shape this new world.

Comments are due to CMS by November 20, 2019.

©2019 Epstein Becker & Green, P.C. All rights reserved.

For more CMS activities, see the National Law Review Health Law & Managed Care page.

Court Finds Medical Bill Reimbursement Claim Subject to “Biblically-Based Mediation and Arbitration”

A Mississippi federal court granted a motion to compel arbitration of a claim for reimbursement of medical expenses from the defendant, a company that provides health care sharing plan alternatives to those of Christian faith. The plaintiff had signed a membership agreement stating that he would abide by the defendant’s guidelines, under which members, such as the plaintiff, were required to exhaust an “appeals” process for challenging bill-sharing decisions before resorting to any sort of legal procedures against the defendant. If the appeals process did not resolve the dispute, a “biblically-based mediation and arbitration” clause in the guidelines stated that any and all disputes arising out of the membership agreement shall be settled by “biblically-based mediation.” If that mediation fails, the member may submit the dispute to an independent and objective arbitrator for binding arbitration but otherwise waives his or her right to file a lawsuit.

Addressing the defendant’s motion, the court first held that the provision above constituted a valid arbitration agreement and that the subject dispute fell within the scope thereof. The court noted that the plaintiff had indeed agreed that he “will bring no suit, legal claim or demand of any sort … in the civil court system, with the sole exception of enforcing any favorable arbitration award or mediated agreement.” As such, the court explained that arbitration was required unless a federal statute or policy rendered the plaintiff’s claim non-arbitrable. Because the plaintiff failed to identify any such statute or policy, the court granted the defendant’s motion to compel arbitration.

Pettey v. Medi Share, No. 2:19-cv-00059 (S.D. Miss. Oct. 1, 2019).

©2011-2019 Carlton Fields, P.A.

ARTICLE BY Alex B. Silverman of Carlton Fields.