If you missed the Mintz Levin Privacy and Security Practice Webinar last week, you can still get it here!

The current Privacy Webinar Series is focusing on the EU General Data Protection Regulation (GDPR), which will impact how US businesses handle and process personal data from the EU, including possible changes to business processes.  The healthcare industry is no stranger to privacy and data protection, but any business that deals with personal data from the EU needs to understand the reach and scope of the GDPR, so they can prepare for this potentially game-changing privacy regulation.

In the webinar focusing on Accountability, Data Security, Data Impact Assessments and Breach Notification, our colleague Sue Foster covers the practical implication of the GDPR for your business.

And register now for the next webinar in the series on November 10, which will focus on the new restrictions around relying on user consent to data processing and data transfers.

In previous blog posts, we addressed the Massachusetts Department of Public Health’s (DPH) proposed regulations that affect hospitals, dialysis clinics and medical marijuana programs.  In this final post on DPH’s recent regulatory review and overhaul, we address the proposed amendments to the clinic licensure regulations.  DPH’s presentation to the Public Health Council is available here.  As with the proposed amendments to the hospital and dialysis clinic regulations, many of the changes to the clinic licensure regulations are technical in nature and aimed at reducing the regulatory burden on clinics, aligning reporting obligations with other state and federal Massachusetts requirements and updating regulatory language.  DPH did, however, propose some a number of substantive amendments to the clinic licensure regulations, including the following: Continue Reading Massachusetts Licensure of Clinics Proposed Regulations – Key Take-Aways

On October 7, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) published guidance to assist cloud service providers (CSPs) and their customers with HIPAA compliance. As discussed below, the guidance clarifies important questions about operating in the cloud, including the role of encryption when determining whether a cloud service provider is a business associate. Continue Reading HHS Publishes Guidance on HIPAA and Cloud Computing

On October 14, 2016, the Centers for Medicare and Medicaid Services (CMS) released the final rule for the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). The final rule marks the most significant reform to our health care system since the enactment of the Affordable Care Act in 2010, providing Medicare incentives to reward quality and value—not volume—through the use of alternative payment models such as accountable care organizations.  The final rule includes changes that significantly soften certain requirements from the proposed rule, with CMS emphasizing that physicians will be allowed to “pick their pace” for satisfying MACRA requirements that begin on January 1, 2017.

A MACRA Refresher

CMS issued a proposed rule in late April of this year, much of which is unchanged in the final rule.  For our previous discussion of MACRA, see our prior blog posts on: an overview of the MACRA and MIPS, Advancing Care Information, APMs, and flexible reporting requirements.

Starting in 2019, CMS will replace a number of existing reporting programs with a two track system, known as the Quality Payment Program, under which eligible clinicians will receive incentive reimbursement payments through either:

  1. The Merit-Based Incentive Payment Systems (MIPS); or
  2. Alternative payment models (APMs).

MIPS consolidates three existing Medicare programs: (1) the Physician Quality Reporting System, (2) the Physician Value-based Payment Modifier, and the (3) Medicare Electronic Health Record (EHR) Incentive Program. Under MIPS, eligible clinicians can receive incentive payment (or penalty) based on four categories of measures: quality, cost, improvement activities, and the use of EHRs. (These categories are discussed in greater detail below.) CMS will take the results and create a composite score that it will then use to increase or decrease the clinician’s reimbursement under the Medicare Physician Fee Schedule (PFS). These adjustments will begin on January 1, 2019, and will be based on data collected in 2017.  Clinicians scoring below a certain threshold will incur a negative adjustment in their payments starting with a maximum penalty of 4% in 2019 and increasing to a maximum penalty of 9% in 2022 and beyond. Those scoring above the threshold can receive up to a 4% increase in 2019, with a maximum increase of 9% in 2022. High achievers will be eligible for an additional upward adjustment.

The second track is for clinicians participating in an “Advanced APM,” including certain accountable care organizations (ACOs) and patient-centered medical homes. Advanced APMs essentially operate as more generous incentive programs that are exempt from the MIPS requirements.  Those on the Advanced APM track can earn bonuses of up to 5% of their PFS payments in 2019. However, as discussed in further detail below, only ACOs accepting some amount of downside financial risk can qualify for the MIPS exemption.

Continue Reading CMS Releases MACRA Final Rule, Easing 2017 Reporting Requirements

On October 14, 2016, FDA released draft guidance entitled Software as a Medical Device (SaMD): Clinical Evaluation (the “SaMD Draft Guidance”). The draft guidance was prepared by the SaMD Working Group of the International Medical Device Regulators Forum (IMDRF), chaired by Bakul Patel, Associate Director for Digital Health at CDRH, and was endorsed by the IMDRF Management Committee in September 2016. Simultaneous with the release of the SaMD Draft Guidance, FDA announced the opening of a 60-day comment period to give the public a chance to react to the content of the draft guidance.

Continue Reading FDA Opens Comment Period for Harmonized SaMD Clinical Evaluation Guidance

Our eyebrows were raised by Mylan’s October 7, 2016 announcement that it had reached a $465 million “settlement” with the United States Department of Justice (DOJ) and “other government agencies” over its Medicaid Drug Rebate obligations for EpiPen.  The timing of the announcement was especially eyebrow-raising:  close to 5 pm on a Friday afternoon at the start of a long holiday weekend (Columbus Day), which effectively forestalled any government comment on the announcement.

Let’s recap how we got here. Over the last few months, multiple state and federal government entities, including Congress, had raised concerns about the EpiPen’s classification for the purpose of Medicaid Drug Rebates.  Manufacturers pay lower Medicaid rebate percentages on generic drugs than on brand name or innovator drugs.  Manufacturers also face a Medicaid Drug Rebate “inflation penalty” when price increases for brand name/innovator drugs outpace inflation; generic drugs are exempt from the inflation penalty.   But the “Epi” part of EpiPen was the generic drug epinephrine; it was the “Pen” part, the distribution unit, which was patented and unique.  More than 18 years ago, CMS said that it was reasonable to base EpiPen Medicaid Drug rebates on the “Epi” part, as a generic product.  Thus Mylan paid Medicaid drug rebates on EpiPen at the generic rate and faced no inflation penalty.   But earlier this year, after media reports focused on dramatic price increases for EpiPen and the lack of competitor products, questions have been raised as to whether Mylan knew, or should have known, that it needed to revisit the EpiPen classification and pay the higher higher brand/innovator Medicaid Drug Rebate rates, and face the inflation penalty, for EpiPen.

Mylan’s announcement states that the $465 million settlement provides “resolution of all potential rebate liability claims by federal and state governments as to whether the product should have been classified as an innovator drug for CMS purposes and subject to a higher rebate formula.”   But in the days following the Columbus Day holiday, details on the specifics of the settlement have not been forthcoming from Mylan or the government.

So as a result of the Mylan announcement, what do we know and what do we not know about the purported settlement?  Here are our top five takeaways from Mylan’s announcement. Continue Reading Five Things to Know About the Mylan EpiPen “Settlement” – What It Is and What It Isn’t

Earlier this week my colleagues, Bruce Sokler and Farrah Short published an alert detailing the FTC‘s creative solution to permit a presumptively anticompetitive merger for a financially failing medical practice.  The FTC entered into a proposed settlement with two Minnesota health care providers, allowing them to proceed with a planned merger that, according to the agency, combines “the two largest providers of adult primary care, pediatric, and OB/GYN services in the St. Cloud area.” The FTC’s willingness to accept the proposed settlement permitting was premised on (1) the fact that one of the medical groups “is a financially failing physician practice” and (2) “concerns regarding disruptions to patient care and possible physician shortages.”

The full alert on the FTC’s envelope-pressing consent solution can be found here.



Just last month the “Improving Transparency and Accuracy in Medicare Part D Spending Act” was introduced in the Senate to amend the Social Security Act.  The bill seeks to prohibit Part D plans (and their contracted pharmacy benefit managers (PBMs)) from retroactively reducing payments to pharmacies for clean claims.  The bill would allow Part D plans and PBMs to reduce an already completed payment to a pharmacy if a claim is found not to be clean.  Not surprisingly, Part D plans would also be allowed to increase payments to pharmacies under the bill.

This seems to be the latest chapter in the war over fees between Part D plans, PBMs and pharmacies.  As discussed here, CMS addressed Part D plans’ and PBM’s practice of charging pharmacies administrative and transaction fees at the point of sale or retroactively in its 2014 Call Letter published in April 2013.  Eventually, CMS amended the definition of “negotiated price” in the Part D regulations to take into account fees paid by pharmacies to Part D plans or PBMs that effectively reduce the price that a pharmacy is paid.  As a result of the change to the definition of “negotiated price” and CMS guidance, Part D plans were no longer allowed to report these fees/reductions in their direct and indirect remuneration (DIR) report if they were reasonably determinable at the point of sale.  Because certain reductions in price or fees charged to the pharmacies are not reasonably determinable at the point of sale, some are still reported by plans as DIR.  The bill introduced in September targets these reductions in price and fees that are applied to pharmacy claims retroactively.

Some plans and PBMs have been reducing the amounts paid to pharmacies by tying pharmacy payments to performance metrics that are determined after the claims have been paid.  Tying performance metrics to payments is something that CMS has appeared to be in favor of, so it is unclear what type of support the bill will receive from the agency.  If plans are no longer able to tie payment to performance in a way that results in some pharmacies receiving decreased payments, some plans may try to negotiate lower initial pharmacy prices and then pay performance “bonuses” to the pharmacies that it determines meet the required performance metrics.  It is unclear whether receiving less money initially or receiving more money upfront but having some of it at risk will be better for pharmacies.

This legislation has little likelihood of passage in 2016.  However, the current political conversation regarding drug pricing is certain to draw in PBMs as both the drug industry and pharmacists call for greater transparency.  Next year might be a busy year for PBMs as they will likely need to address other legislative proposals aimed at pricing and transparency.


The Centers for Medicare & Medicaid Services (CMS) recently released its final rule overhauling long-term care (LTC) facility participation requirements for Medicare and Medicaid (“Final Rule”).  This much anticipated rule represents the first major update of these regulations in 25 years – setting new staffing, patient protections, and compliance requirements for LTC facilities.  CMS estimates that these changes will not necessarily be inexpensive for facilities, costing an average of $62,900 per facility in the first year and $55,000 in each subsequent year.  In response to the estimated financial burden and the complexity of the Final Rule, CMS has adopted a phased approach for the rollout, spreading out implementation of the various requirements over the next three years.  The implementation dates are November 28, 2016 for Phase 1, November 28, 2017 for Phase 2, and November 28, 2018 for Phase 3.  The three phases have been categorized based on CMS’s assessment of each revision’s complexity and the extent to which interpretive guidance and survey processes will need to be revised.

We highlight key provisions of the Final Rule below:

Prohibition against Pre-Dispute Binding Arbitration Agreements

In an effort to strengthen resident rights, under the Final Rule, CMS will prohibit LTC facilities from entering into pre-dispute binding arbitration agreements with residents or their legal representatives.  While the initial Proposed Rule set forth specific criteria to be met by LTC providers seeking to make use of pre-dispute binding arbitration agreements, the Final Rule bans them altogether.  CMS cites doubts about residents’ ability to understand the implications of such agreements as well as concerns about the arbitration process in general.  In response to comments regarding CMS’s legal authority to ban arbitration agreements, the agency clarified that the Final Rule would have no effect on existing pre-dispute arbitration agreements between LTC facilities and residents, and that any such existing agreements could still be enforced.  The prohibition against pre-dispute binding arbitration agreements is included in Phase 1. Continue Reading CMS releases Final Rule Overhauling Long-Term Care Facility Requirements

Pill BottlesPlease join Mintz Levin for a webinar discussing health care fraud enforcement in the pharmacy and pharmaceutical industry on October 26, 2016 at 1 pm (ET). My colleagues Theresa Carnegie, Larry Freedman, and Ellyn Sternfield, members of Mintz Levin’s Health Law and Health Care Enforcement Defense practices, will discuss enforcement trends facing the industry.

The webinar will cover topics relevant to virtually all sectors of the health care and life sciences industries, especially pharmaceutical manufacturers, pharmacies, pharmacy benefit managers (PBMs), and health insurers as well as those who invest in the health care and life sciences industries.

During the webinar, my colleagues will discuss:

  • Litigation, investigations, and settlements involving pharmaceutical manufacturers, PBMs, specialty pharmacies, and health care providers;
  • Federal (including the Department of Justice and the Office of Inspector General) and state enforcement focus on the financial relationships among the companies and providers involved in the pharmaceutical supply chain; and
  • Emerging trends in government enforcement and what is fueling them.

The webinar is approved for CLE credit in California and New York.

You can register for the webinar here.