Earlier this week, our colleague Don Davis addressed the increasing amount of disability discrimination litigation against health care entities on the Employment Matters Blog. In the blog post, Don provides an overview of the Americans with Disabilities Act (“ADA), describes employment disability discrimination litigation and enforcement trends in the health care industry, and highlights the recent spike in accessibility-related litigation (including issues related to both facility accessibility and website accessibility).

The full post is available here.

In less than 10 days, the European Union will begin enforcing its General Data Protection Regulation (GDPR) which will apply to any company that collects, processes, or uses EU-origin personal data, regardless of where the company is located. Though many of our readers are focused on HIPAA, some engage engage in activities that may trigger the GDPR, or they may have future aspirations to expand their business into the EU. Fortunately for our readers, our colleague Cynthia Larose has been relentlessly covering the GDPR at Privacy & Security Matters, and recently published a refresher list of webinars on GDPR issues related to contracts, human resources data, data transfer and more.

This week, the House Energy & Commerce Committee will hold its second round markup of opioid-related legislation. While they remain on pace for passage by Memorial Day, the timing will be determined by how smooth the markup this week goes. Additionally, Ways & Means is also considering a markup of four large packages of opioid legislation. Anything the House passes will have to go to the Senate. In other words, the June work period seems more likely for significant action in this space.

Additionally, the Administration is moving ahead with its drug pricing initiative. While the initial reaction was skepticism, the Administration would not have put the initiative in writing if they didn’t mean it. As the key players continue discussing the various proposals, understanding where the Administration has the authority to act and how it could impact what you do is key to staying ahead of any proposals that gain traction. We cover this and more in this week’s health care preview, which you can find here.

On Friday, after weeks of delay, the President finally delivered his Drug Pricing Speech and released the HHS Blueprint detailing the Trump Administration’s plan to lower drug prices and reduce out-of-pocket costs.

The speech made pointed attacks on “the middlemen” and drug lobbyists. President Trump even called out Secretary Azar’s past role as a drug company executive when calling out drug companies’ role in high drug prices. Continue Reading President Trump Delivers Much Anticipated Drug Pricing Speech

Businesses engaged in human drug compounding, both traditional pharmacies and the more recently created outsourcing facilities, have been on quite a rollercoaster ride since congressional enactment of the Drug Quality and Security Act (DQSA) approximately four-and-a-half years ago. Federal and State inspectional mandates have changed, FDA guidance documents (and a few regulations) have been churned out, and some entities have been the target of aggressive enforcement actions and even criminal prosecutions by the FDA/Department of Justice. Suffice it to say, this blog post cannot capture everything that compounders have been grappling with or how their compliance policies have been evolving. So today, we are sharing one important and positive bit of news for health systems and other entities that may be considering whether and how to set up an outsourcing facility under Section 503B of the Food, Drug, and Cosmetic Act (as amended by the DQSA). Continue Reading FDA Alters Course on Definition of Compounding “Facility” in Final Guidance

Back in late 2015, we blogged about the interesting twist in the $125 million Warner Chilcott settlement that a Massachusetts physician had been criminally charged with violating the Health Insurance Portability and Accountability Act (HIPAA).   See HERE for that previous post.

That physician has now been convicted of the HIPAA violation, as well as an unrelated charge of obstructing a federal health care investigation.  The US Attorney’s Office in Boston made the announcement late last month.

The Warner Chilcott settlement involved illegal drug promotion.  Specifically, sales reps were accused of flagging patient medical records with product brochures and filling out the provider’s prior authorization forms in advance for specific patients.  All of this required impermissible access to patient records.  The physician’s criminal liability stems from providing these sales reps with access to her patients’ records.  In some cases, the reps were even allowed to take the records home with them!

We are often reminded through settlements with the HHS Office for Civil Rights that HIPAA violations are taken seriously and can include hefty fines and corrective action plans (see HERE, HERE and HERE for just a few examples).  This case serves as fair warning that intentional misuse of protected patient information can lead to jail time.  When this physician is sentenced, she could be looking at up to a year in prison, a $50,000 fine, and a year of supervised release.  If you picture a sales rep combing through your personal health issues in his or her living room to determine whether you might be a sales target, it shouldn’t be so surprising that this conduct can rise to the level of criminal liability.

On Tuesday, May 8th, the House held three hearings related to combating the opioid epidemic. The first hearing came out of the Energy and Commerce (E&C) Subcommittee on Oversight and Investigations, which examined opioid distribution and diversion by the pharmaceutical industry. The second hearing came out of the E&C Subcommittee on Health, which examined the current statutory restrictiveness on the medical profession’s ability to coordinate substance use disorder (SUD) treatment due to prohibitions on certain patient information disclosure. The third hearing came out of the House Judiciary Committee and examined best practices in international and domestic enforcement on drug traffickers in curbing the supply of opioids across the U.S. Continue Reading Congress Holds Hearings and Proposes Legislation to Combat Vexing Opioid Crisis

This week, Congress is back in session with the House continuing its work on addressing the opioid crisis. There are three hearings and a markup on several pieces of legislation intended to address the ongoing epidemic. Once the House finishes its work, focus will move to the Senate side where the prospects of passage become more challenging as we head into summer. On the Affordable Care Act, insurers are beginning to submit rate increase proposals for 2019 which could lead to some jaw-dropping increases as we saw in Virginia last week. We cover this and more in this week’s preview, which can be found here.

Mintz Levin has updated the Mintz Matrix, a comprehensive summary of the data breach notification laws that now exist in all 50 states (South Dakota and Alabama finally caved and enacted their own laws).  It’s critical that HIPAA-regulated entities monitor these state laws because they apply simultaneously, and often conflict with, HIPAA.  In the event of a data breach, regulated entities must fulfill HIPAA’s breach notification requirements and the requirements of applicable state law.  Large-scale data breaches, affecting individuals from multiple states, require the rapid analysis of multiple state laws along with HIPAA requirements.  But don’t wait for a crisis to review the Matrix.   HIPAA covered entities and business associates should use it to familiarize themselves with the breach notification requirements of the states in which they do business, and use the Matrix to inform incident response planning activities.  The Matrix is also useful for monitoring patterns and trends among state laws in this area.  For example, state data breach notification laws have historically been implicated by the loss of information that could be used for identity theft, such as name coupled with social security, debit or credit card numbers.  However, many states now require breach notification when health care information is used or disclosed without authorization, even if it is not associated with a social security number and even if HIPAA does not apply. You can learn more about the Matrix and download a copy on our Privacy and Security Matters blog.

There are now multiple proposals in the House and Senate for substantive changes to the 340B Drug Discount Program. The odds of a legislative “fix” to 340B are increasing. But independent of congressional action, is CMS signaling that additional changes to 340B may be coming?

The most significant recent change to 340B came courtesy of CMS, not HRSA. Effective January 2018, CMS, relying on its authority over the Medicare Hospital Outpatient Prospective Payment System (OPPS), effectively cut Medicare Part B reimbursement for 340B drugs in the hospital outpatient setting by almost 30%.  Most hospital and ambulatory surgical center reimbursement for Medicare Part B 340B drugs went from the standard ASP plus 6%, down to ASP minus 22%. Accompanying the new OPPS rule, CMS issued Frequently Asked Questions (FAQs), discussing the mandatory use of modifiers when billing 340B drugs under the OPPS.  While the OPPS rule implementing the payment reduction is the subject of ongoing litigation, to date the Medicare Part B payment reduction remains in full force and effect.  Continue Reading Will CMS Drive Further Changes to 340B?