Written by: Tara E. Swenson and Bridgette A. Wiley
On December 4, 2014, CMS issued additional guidance regarding rewards and incentives programs (“RI Programs”). This guidance elaborates on whether an RI Program can target members with specific diseases, whether rewards can be tied to health outcomes, how to value rewards and incentives, and gives examples of appropriate and inappropriate rewards and incentives.
Historically, MA plans have been able to offer limited rewards and incentives to members in order to entice them to receive preventive services that had zero-cost sharing in accordance with guidelines set forth in Chapter 3 of the Medicare Managed Care Manual. In May of 2014, CMS promulgated final regulations that provide MA plans much more flexibility in implementing rewards and incentives programs for members. Under the regulations, MA plans are allowed to create programs that provide members rewards and incentives for participating in activities focused on promoting improved health, preventing injuries and illness, and promoting efficient use of health care resources, defined in the guidance as “Preventive Services.”
A permissible rewards and incentives program must: (1) be offered in relation to an entire service or activity, which an MA plan can divide across a series that amounts to a service or activity; (2) be of a value that is expected to impact member behavior but not exceed the value of the Preventive Service the member is receiving; (3) otherwise comply with all relevant fraud and abuse laws including the AKS and CMP; (4) be designed so that all members can earn rewards; and (5) not discriminate based on a variety of demographic facts and health status, including disability, chronic diseases, institutional status, or frailty. The rewards and incentives offered may not be cash or other monetary rebates and may only be offered to current members, not potential members.
My colleagues Susan Berson, Karen Lovitch, and I hosted a webinar on December 16, 2014 entitled “Practical Tips for Health Care and Life Sciences Companies to Protect the Attorney-Client Privilege.” A link to the recorded presentation can be found here.
In the webinar, we:
- Provided an overview of attorney-client privilege considerations particular to the health care and life sciences industries;
- Described recent case law addressing the contours of the attorney-client privilege;
- Explained how the privilege applies to communications with in-house counsel, outside counsel, and compliance professionals;
- Discussed common privilege issues, including those issues that may arise in internal investigations and corporate transactions; and
- Gave some practical tips for protecting the privilege.
This year the Federal Trade Commission (“FTC”) celebrated its centennial. Looking back on the FTC’s first 100 years, we have seen dramatic shifts in antitrust enforcement in the health care sector. The delivery of health care services, a profession some once argued should be exempt from antitrust scrutiny or impervious to traditional antitrust analysis due to unique characteristics of the industry, has become one of the Commission’s primary enforcement priorities. “FTC Centennial: How Health Care Antitrust Has Evolved,” provides a brief overview of the evolution of the FTC’s health care antitrust enforcement efforts and identifies emerging trends as the FTC embarks upon its second century.
Written by: Kate Stewart
A recently announced settlement between Anchorage Community Mental Health (“ACMHS”) and the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”) emphasizes, once again, the importance of compliance with the Security Rule and keeping IT infrastructure up to date. ACMHS, a five-facility nonprofit organization based in Anchorage, agreed to pay $150,000 and adopt a corrective action plan to address compliance with the HIPAA Security Rule.
OCR began investigating ACMHS after ACMHS reported a breach of unsecured electronic protected health information (e-PHI) caused by malware involving 2,700 individuals in March 2012. In its investigation, OCR concluded that ACMHS failed to conduct a thorough risk assessment, failed to implement Security Rule policies and procedures, and failed to implement technical security measures to protect e-PHI through the use of firewalls and regularly supported and updated software. OCR’s bulletin announcing the settlement noted that though ACMHS had adopted sample Security Rule policies and procedures, it failed to follow those policies and procedures.
OCR has repeatedly emphasized the importance of conducting risk assessments and continuing to update and revise risk assessments based on new threats. This emphasis was a key takeaway from the September Joint OCR/NIST HIPAA Security Conference, which we previously profiled, and was highlighted by OCR’s release of a Security Risk Assessment Tool earlier this year. The ACMHS settlement underscores that Security Rule compliance cannot be accomplished with a one-size-fits-all, “check the box” approach. Instead, compliance requires entities to undertake a thorough and tailored risk assessment and to routinely assess new threats and vulnerabilities.
The resolution agreement and a copy of the corrective action plan are available on OCR’s website.
On December 8th, the Centers for Medicare & Medicaid Services published its proposal for long-awaited changes to the Medicare Shared Savings Program (MSSP). Our colleagues Daria Niewenhous, Andrew Shin, Lauren Moldawer *, and Stephanie Willis have authored an Advisory that provides an in-depth analysis of key provisions of the proposed changes and how they may impact current and future MSSP accountable care organizations created under the authority of the Affordable Care Act.
The Advisory is a prelude to upcoming blog posts and publications on the proposed rule and evolving stakeholder reactions to its potential effects.
* Lauren Moldawer is a law clerk, acting under the guidance and supervision of Members of the D.C. office.
Written by: Stephanie D. Willis
A recent opinion from the Connecticut Supreme Court illustrates that HIPAA is not the only law that covered entities and business associates must worry about if an unauthorized disclosure of protected health information (PHI) happens on their watch.
In Emily Byrne v. Avery Center For Obstetrics and Gynecology PC (Docket No. CV-07-6001633-S), the plaintiff filed a four-count complaint against the defendant OB-GYN provider, alleging common law allegations of breach of contract, negligence, negligent misrepresentation, and negligent infliction of emotional distress, after the defendant released plaintiff’s medical records in responding to a subpoena in a paternity suit. The plaintiff had instructed the defendant not to release medical records to the putative father before the defendant received the subpoena, but the opinion does not elaborate on whether the plaintiff knew that a lawsuit was imminent.
The trial court initially dismissed the negligence and negligent infliction of emotional distress claims ruling that: (1) there is no private right of action under HIPAA; and (2) common law negligence claims that amount to HIPAA violations should be preempted by HIPAA. The Supreme Court rejected the lower court’s second conclusion and remanded the case for further proceedings.
After doing an in-depth analysis of the regulatory history of HIPAA’s preemption provisions against the prevailing case law, the Supreme Court concluded that “neither HIPAA nor its implementing regulations were intended to preempt tort actions under state law arising out of the unauthorized release of a plaintiff’s medical records.”
According to Federal Trade Commission Chairwoman Edith Ramirez, the healthcare sector will “remain a top agency priority.” Thus, the FTC will undoubtedly continue to closely analyze combinations of providers in the industry. Extensive time, money and planning are often involved when developing and consummating transactions with competitors. Part 3 of this series, After the Deal, is it Still Business as Usual?, provides guidance on the importance of monitoring business practices of newly integrated entities and ensuring the development and adherence to a strong antitrust compliance program to minimize the risk of antitrust investigations and lawsuits.
Written by: Ellyn L. Sternfield and Samantha P. Kingsbury
In November 2013 and this past October, Mintz Levin’s Health Care Qui Tam Update highlighted three separate qui tam False Claims Act (FCA) cases filed by Fox RX, Inc. (Fox), a former Medicare Part D plan sponsor. Fox filed one of those cases against OmniCare, Inc., PharMerica Corp., and Managed Health Care Associates, Inc. and its wholly owned subsidiary (MHCA), alleging that the defendants (1) failed to substitute generic drugs for brand-name drugs in states with laws requiring such substitution; and (2) dispensed expired drugs. The federal government, twenty-one states, and the District of Columbia declined to intervene. On August 12, 2014, Federal District Court Judge Denise Cote granted the defendants’ Motions to Dismiss the suit, finding in part that Fox had failed to state a claim under the FCA.
On December 1, 2014, Judge Cote granted a motion filed by MHCA for attorneys’ fees and costs. Judge Cote based her decision in large part on a meeting between Fox and MHCA that had taken place on January 10, 2014. At this meeting, MHCA’s legal counsel presented a PowerPoint presentation that explained MHCA’s business model and demonstrated not only that MHCA could not possibly have committed the acts that Fox alleged, but that due to its compensatory structure, MHCA did not even have a motive to commit the acts alleged.
But instead of dismissing the case, Fox proceeded to file a Second Amended Complaint in February 2014, which revised but did not withdraw its allegations against MHCA. In her August opinion dismissing Fox’s suit, Judge Cote found that the Second Amended Complaint did not “allege with particularity any act by [MHCA] that resulted in a branded drug being dispensed instead of a generic, in a pharmacist dispensing a medication beyond its expiration date…or in the submission of any inaccurate information.” Two weeks later, MHCA filed its motion for attorneys’ fees and costs incurred since its meeting with Fox on January 10, 2014.
Written by: Karen Lovitch and Stephanie Willis
Yesterday both chambers of the Illinois legislature voted to override the Governor’s amendatory veto and passed Public Act 098-1127, which prohibits a physician from charging a markup on anatomic pathology services if the physician orders but does not supervise or perform the service. The law does, however, permit the physician to add on a “specimen acquisition or processing charge” if it is limited to actual costs incurred for collection and transportation and separately coded as a service distinct from the performance of the anatomic pathology service. If the physician decides to bill for the service despite the inability to charge a price that is higher than what the performing laboratory was paid, disclosure requirements apply. Although the law does not specify an effective date, it will take effect on January 1, 2015, according to a representative from the legislative information office. Continue Reading
Written by: Thomas S. Crane and Lauren Moldawer*
Last week, the Government Accountability Office (GAO) released a report examining group purchasing organization (GPO) practices. The GAO questioned whether the current structure of GPO funding through administrative fees is appropriate and urged the Department of Health and Human Services (HHS) to explore whether hospitals are appropriately reporting the revenue from GPO administrative fees on their cost reports when such fees are passed down to hospitals.
GPOs are purchasing intermediaries between health care providers - mostly hospitals - and vendors of medical and pharmaceutical products and services. Providers use GPOs because GPOs tend to take on the administrative burden of negotiating contracts, and they are seen as having better bargaining power given their ability to pool purchasing. GPOs are funded through an administrative fee charged to the vendors, which are permitted by a statutory exception and safe harbor under the Anti-Kickback Statute. Continue Reading