shutterstock_350936345Today, our colleagues at ML Strategies provided another installment of their Health Care Weekly PreviewThe preview highlights upcoming activity in the House and Senate and other hot topics on the Hill.  Highlights this week include the potential of a government shutdown, uncertainty around cost-sharing reductions for the 2018 plan year, and scheduled mark-ups by the Senate HELP Committee. 

For an outlook on health care policy in the coming months in Congress, ML Strategies provided their insight in our prior post.

ML Strategies has provided a Spring Cheat Sheet previewing the coming months in health care policy in the 115th Congress.  The Cheat Sheet addresses attempts to amend the American Health Care Act, funding for the federal government, the heath insurance marketplace, FDA user fee acts, and the health care minibus.  The full Cheat Sheet is available here.  Stay tuned for upcoming coverage of the health care policy actions (and inactions) in Washington, D.C.

Boston_StateHouseNext week, the Massachusetts House will continue the budget process and debate over 1000 amendments that members filed to the House Ways and Means Committee’s proposed $40.3 billion FY2018 budget. The Committee’s budget includes some notable departures from Governor Baker’s proposed budget, including changes to budget items impacting the health care industry. In an Alert released earlier this week, my ML Strategies colleagues Julie CoxSteven BaddourDan ConnellyCaitlin BeresinMax Fathy and Haejin Hwang describe some of the variances in health care and public health spending proposals. Continue Reading Massachusetts Budget Process Continues with Impact on Health Care

Earlier this week, the Mintz Levin privacy team  updated the “Mintz Matrix,” a summary of the U.S. state data breach notification laws, with updates from New Mexico, Tennessee, and Virginia.  As the privacy team reports, with New Mexico enacting a data breach notification law, only Alabama and South Dakota remain the only states without data breach notification laws.  Their full blog post on the updates is available here.

In addition to complying with HIPAA, health care organizations must remain aware of the separate state notification obligations and other privacy and security laws when responding to data breaches.  These states laws are often broader than HIPAA and apply may apply to personally identifiable information that is not protected health information.

Our quick disclaimer: The Mintz Matrix is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.

MedicalTechnologies_Tubes2We recently updated our chart that tracks state biosimilar substitution laws to include new laws in Iowa and Montana. These new laws bring the total number of states with biosimilar substitution laws to 27, plus Puerto Rico. The latest version of our chart can be found here. As with the laws we’ve seen before, both the Iowa and Montana biosimilar amendments mirror the state’s existing generic drug substitution laws. More specifically, they amend state pharmacy laws to allow, and in some situations require, the substitution of interchangeable biosimilars. Continue Reading New State Substitution Laws, and a Busy Spring for Biosimilars

shutterstock_573245464Welcome to Spring Break! That time of the year where college kids head to a beach somewhere, families pack up for some tourist trap to spend lots of money, and Congress gets out of DC and goes back home.  This is also a time to consider where we are and where we are heading in terms of health care policy.  We will continue to hear of potential policies aiming to unify Republicans on health care reform, but until we see substantive policy changes that get members to change their votes from the American Health Care Act, this is all talk.  However, there is a health care minibus coming.  The “minibus” refers to a handful of policy provisions tied together in one piece of legislation.  This minibus will carry a number of provisions into law.  How many riders will be onboard the minibus remains to be seen. Continue Reading The Health Care Minibus

On April 14, 2017, leaders from the Senate HELP Committee and the House Energy & Commerce Committee released the first discussion draft of the 2017 FDA user fee reauthorization bill. As we’ve been reporting (see here and here for our past coverage), these two committees have held numerous public hearings since the beginning of March to learn more about FDA’s “big 4” user fee programs – for prescription drugs, medical devices, generic drugs, and biosimilars.  Continue Reading Congressional Leaders Seek Input in UFA Reauthorization Draft Bill by April 28, 2017

In July 2015, we posted about the N.Y. Attorney General’s False Claims Act (FCA) settlements with Trinity HomeCare and its related entities, and how the case provided insight into the future of FCA enforcement.  We identified five key trends based on the settlements:

  1. The FCA cases were based on qui tams and pursued by the State Attorney General after federal government declination.
  2. The FCA cases were based on a narrow, single state or regional arrangement, as opposed to allegations of a national scheme or program.
  3. One of the FCA cases was based on conduct about which Trinity had previously been warned.
  4. The FCA cases were based on government billings for specialty drugs.
  5. All parties to the arrangement were named as defendants in the qui tams.

Trinity was already under investigation by the N.Y. Attorney General’s office for its billing of hemophilia drugs (the basis of the first 2015 settlement) when a second qui tam alleged that Trinity submitted false claims in connection with a specialty drug used to treat premature infants at risk for lung disease.  That second qui tam led to the second settlement and now, almost 20 months later, has led to a new Complaint. Continue Reading Five Trends in False Claims Act Enforcement: Take Two

As 2017 began, FDA appeared poised to implement significant changes to the rules governing off-label communications related to drugs, biologics, and medical devices. The Agency had hosted a public hearing in November 2016 to receive input from interested industry stakeholders and members of the public about possible alternatives for off-label regulation, seemingly a first step in exploring more liberal (or possibly stricter) enforcement standards.  However, in January, FDA released a new final rule amending the definitions of “intended use” applicable to drugs and devices in 21 C.F.R. §§ 201.128, 801.4, which would affect how off-label uses are considered with respect to intended use of regulated products, and issued a memo discussing its current position on off-label uses and communications.  In short, all of FDA’s actions since the November public hearing have shown that it intends to continue strict enforcement of off-label promotion despite changes in the highest levels of government and strongly negative industry response. Continue Reading The Past, Present, and Future of Government Regulation of Off-Label Communications – Part 1

Phishing Scam ImageEarlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam.  The phishing scam, carried out by accessing MCPN employees’ email accounts, gave a hacker access to the electronic protected health information (“ePHI”) of 3,200 individuals.  In investigating the breach, OCR determined that, prior to the breach, MCPN had not conducted a security risk analysis (a requirement under HIPAA).  Further, OCR found that even after MCPN conducted a risk analysis, its analysis was insufficient to meet the requirements of the HIPAA Security Rule.

In addition to the $400,000 fine, MCPN agreed to a corrective action plan with OCR.  That plan requires MCPN to conduct a comprehensive risk analysis and to submit a written report on the risk analysis to OCR.  Additionally, MCPN will be required to develop an organization-wide risk management plan, to review and revise its Security Rule policies and procedures, to review and revise its Security Rule training materials, and to report to OCR any instance of a workforce member failing to comply with its Security Rule policies and procedures. Continue Reading Gone Phishin’: Hack Leads to HIPAA Settlement