A bipartisan congressional effort is underway to convince CMS to reverse its biosimilar reimbursement policy implemented under the Obama administration. We discussed the current reimbursement policy in a March 2016 blog post when CMS initially released the guidance.  CMS implemented the controversial guidance as a final rule in October 2016.

The current policy requires all biosimilars that are related to a reference product to be given a shared Healthcare Common Procedure Coding System (HCPCS) code. For Medicare Part B, reimbursement is then calculated based on the average sales price (ASP) of all of the biosimilars with that HCPCS code plus 6% of their reference product’s ASP. Continue Reading CMS Urged To Reverse Obama-Era Biosimilar Reimbursement Policy

Yesterday, CMS released the Proposed Part D DIR (Direct and Indirect Remuneration) Reporting Requirements for 2016 and postponed the 2016 DIR Reporting deadline.

Each year, CMS releases Proposed Part D DIR Reporting Requirements for interested parties to review and comment on. The DIR Reporting Requirements tend to change slightly from year-to-year as the Part D program has developed and CMS gains further understanding of rebates and price concessions that a Part D plan sponsor may receive or pay.  Additionally, some changes in DIR Reporting Requirements are the result of changes to Part D regulations.  After reviewing the comments, CMS publishes the Final Part D DIR Reporting Requirements, typically in late May, and then plan sponsors submit their DIR Report by June 30th.

These Proposed DIR Reporting Requirements are the first that reflect the change in the definition of “negotiated prices” as set forth at 42 C.F.R. § 423.100. Although the discussion regarding changing the definition of negotiated prices started multiple years ago and was finalized in 2014, the change was not effective until January 1, 2016.  CMS’s proposed changes related to the updated definition of negotiated prices are captured in Summary DIR Report columns DIR #8 and DIR #9.

The deadline for submitting comments is June 2, 2017.

Typically, Part D plan sponsors must submit their DIR reports to CMS by June 30th of the year following the close of the plan year (June 30, 2017 for 2016 DIR).  CMS is postponing the deadline for 2016 DIR submission so that it has time to review the comments it receives and so that Part D plan sponsors have adequate time to analyze and categorize their data in the manner required by the upcoming Final Part D DIR Reporting Requirements.  CMS will announce the 2016 DIR submission deadline in the Final Part D DIR Reporting Requirements for 2016 and it appears that plan sponsors will have approximately 30 days to analyze and categorize their data.

By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant, called “Wanna Decryption” or “WannaCry” works like any other ransomware: once it is inadvertently installed, it locks up the organization’s data until ransom is paid.  Here are some quick facts about the WannaCry attack and suggestions for avoiding it. Continue Reading Ransomware Attack – Quick Facts

Patient assistance programs have been a staple within the health care industry for over a decade.  These programs, operated by 503(c)(3) charities, may receive funding from pharmaceutical manufacturers or other providers to offer assistance to low-income patients in affording their medications, copayments, deductibles, premiums, or other related services.   The Office of the Inspector General (OIG) and the Centers of Medicare & Medicare Services (CMS) have acknowledged the role of provider- and manufacturer-supported charitable premium assistance and have established parameters for these charities to operate in compliance with the Anti-Kickback Statute.

Over the last two years, however, government scrutiny and enforcement related to charitable patient assistance programs has increased.   During this time, nearly a dozen pharmaceutical manufacturers and providers have publicly disclosed receipt of government subpoenas investigating their contributions to patient assistance charities.

These new investigations raise a number of questions when it comes to structuring relationships with patient assistance programs.  On May 16th, we will be holding a webinar to review these current investigations and outline what providers, payors, pharmacy benefit managers (PBMs), and pharmacies working with manufacturers and patient assistance programs need to know in light of these investigations.

We hope you join us!  For more information and to register for this webinar, please click here.

shutterstock_428983732Last week, the California Assembly Committee on Business and Professions voted in favor of Assembly Bill 315.  AB 315 seeks to amend the California Business and Professions Code: (a) to require PBMs to obtain licensure from the Board of Pharmacy, (b) to state that PBMs have fiduciary duties to their “purchaser” clients (i.e., health plans), and (c) to require PBMs to disclose to their purchaser clients data regarding drug costs, rebates, and fees earned. The favorable vote moves the bill to the Committee on Appropriations.

California is not the only state that is considering adopting a PBM “transparency” law.  New York’s Governor Cuomo released a proposal that seeks to require PBMs to both register with the State and obtain a license (from the Department of Financial Services) as well as disclose financial incentives or benefits for promoting the use of certain drugs and financial arrangements that affect customers.  The Governor would also like to impose price controls on pharmaceutical manufacturers.  New York has a long history of regulating PBMs through a handful  of systems because the services that PBMs offer often result in a PBM needing to hold a specific non-PBM license and to adopt a specific corporate structure.  In addition, Senator Wyden (D-Ore.) introduced the C-THRU Act to the Senate Finance Committee in March.  The C-THRU Act seeks to make PBM rebate data publicly available, require the Secretary of HHS to adopt a minimum percentage of drug rebates that a PBM would need to pass through to certain of its health plan clients, and amend the definition of “negotiated prices” under the Medicare Part D Program.  Continue Reading California Advances PBM Licensing and “Transparency” Law

Earlier this week, the Mintz Levin privacy team  updated the “Mintz Matrix,” a summary of the U.S. state data breach notification laws, with updates from New Mexico, Tennessee, and Virginia.  As the privacy team reports, with New Mexico enacting a data breach notification law, only Alabama and South Dakota remain the only states without data breach notification laws.  Their full blog post on the updates is available here.

In addition to complying with HIPAA, health care organizations must remain aware of the separate state notification obligations and other privacy and security laws when responding to data breaches.  These states laws are often broader than HIPAA and apply may apply to personally identifiable information that is not protected health information.

Our quick disclaimer: The Mintz Matrix is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.

MedicalTechnologies_Tubes2We recently updated our chart that tracks state biosimilar substitution laws to include new laws in Iowa and Montana. These new laws bring the total number of states with biosimilar substitution laws to 27, plus Puerto Rico. The latest version of our chart can be found here. As with the laws we’ve seen before, both the Iowa and Montana biosimilar amendments mirror the state’s existing generic drug substitution laws. More specifically, they amend state pharmacy laws to allow, and in some situations require, the substitution of interchangeable biosimilars. Continue Reading New State Substitution Laws, and a Busy Spring for Biosimilars

shutterstock_573245464Welcome to Spring Break! That time of the year where college kids head to a beach somewhere, families pack up for some tourist trap to spend lots of money, and Congress gets out of DC and goes back home.  This is also a time to consider where we are and where we are heading in terms of health care policy.  We will continue to hear of potential policies aiming to unify Republicans on health care reform, but until we see substantive policy changes that get members to change their votes from the American Health Care Act, this is all talk.  However, there is a health care minibus coming.  The “minibus” refers to a handful of policy provisions tied together in one piece of legislation.  This minibus will carry a number of provisions into law.  How many riders will be onboard the minibus remains to be seen. Continue Reading The Health Care Minibus

In July 2015, we posted about the N.Y. Attorney General’s False Claims Act (FCA) settlements with Trinity HomeCare and its related entities, and how the case provided insight into the future of FCA enforcement.  We identified five key trends based on the settlements:

  1. The FCA cases were based on qui tams and pursued by the State Attorney General after federal government declination.
  2. The FCA cases were based on a narrow, single state or regional arrangement, as opposed to allegations of a national scheme or program.
  3. One of the FCA cases was based on conduct about which Trinity had previously been warned.
  4. The FCA cases were based on government billings for specialty drugs.
  5. All parties to the arrangement were named as defendants in the qui tams.

Trinity was already under investigation by the N.Y. Attorney General’s office for its billing of hemophilia drugs (the basis of the first 2015 settlement) when a second qui tam alleged that Trinity submitted false claims in connection with a specialty drug used to treat premature infants at risk for lung disease.  That second qui tam led to the second settlement and now, almost 20 months later, has led to a new Complaint. Continue Reading Five Trends in False Claims Act Enforcement: Take Two

Phishing Scam ImageEarlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam.  The phishing scam, carried out by accessing MCPN employees’ email accounts, gave a hacker access to the electronic protected health information (“ePHI”) of 3,200 individuals.  In investigating the breach, OCR determined that, prior to the breach, MCPN had not conducted a security risk analysis (a requirement under HIPAA).  Further, OCR found that even after MCPN conducted a risk analysis, its analysis was insufficient to meet the requirements of the HIPAA Security Rule.

In addition to the $400,000 fine, MCPN agreed to a corrective action plan with OCR.  That plan requires MCPN to conduct a comprehensive risk analysis and to submit a written report on the risk analysis to OCR.  Additionally, MCPN will be required to develop an organization-wide risk management plan, to review and revise its Security Rule policies and procedures, to review and revise its Security Rule training materials, and to report to OCR any instance of a workforce member failing to comply with its Security Rule policies and procedures. Continue Reading Gone Phishin’: Hack Leads to HIPAA Settlement