Last week, the US Attorney’s Office in Boston announced that drug company Warner Chilcott agreed to plead guilty to health care fraud and pay $125 million to resolve criminal and civil liability arising out of allegations involving the promotion of the company’s drugs. Continuing its focus on individuals, the former President of the Company has been charged with conspiring to pay kickbacks to physicians. The government interest in prosecuting illegal drug promotion activities and illegal payments to physicians has been a longstanding priority. However, in a new twist that should be of great interest to the health care community, the government has brought criminal charges under the Health Insurance Portability and Accountability Act (HIPAA) against company employees as well as the physician practice owner for the alleged unlawful access and disclosure of patient medical records. These HIPAA violations could result in prison sentences, significant fines and exclusion from the Medicare program. Continue Reading
The Federal Trade Commission (FTC) last week disputed the effectiveness and competitive impact of the Food and Drug Administration’s recently proposed biosimilar naming policy and argued that using different nonproprietary names for biosimilars as compared to their reference biologics would signal clinically meaningful differences to already-confused physicians. The end result would reduce not only biosimilar substitution but also the incentive for aggressive price competition between reference biologics and follow-on biosimilar products. In its written comments to FDA, the FTC argued that a naming convention akin to FDA’s small molecule policy would encourage lower-cost biosimilar price substitution by maintaining consistency for prescribing physicians. Continue Reading
In a recent Alert, the Mintz Levin Health Law Practice and ML Strategies provided a comprehensive look at recent developments in Massachusetts health policy. In addition to a detailed report on recent Health Policy Commission (HPC) activities, the Alert highlights pending legislation that will affect the health industry:
- A bill (H3678) that would give legal weight to the HPC’s Cost and Market Impact Reviews on proposed mergers. The bill would make these reports a “rebuttable presumption” which the company would have to dispute if a court case is brought by the Attorney General due to anticompetitive concerns.
- A bill (H267) to require Medicaid coverage of telemedicine and equal reimbursement for these services, and to create a central licensing process for telemedicine providers. At a hearing, advocates argued the Commonwealth should adopt the coverage to help the state’s hard-to-reach patients, while others voiced concerns about the logistics and payment structures.
- A bill (HD4209) from Governor Baker on the growing opioid crisis, focusing on education, prevention, and expanding access to treatment. Mayor Walsh joined Governor Baker in a letter this week asking the legislature to act swiftly on the bill. To find out more about the legislature’s action on opiates, read Mintz Levin’s recent alert.
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying around unencrypted laptops or skipping out on HIPAA training. From data harvesting zombie hackers to the impending blood-thirsty auditors of Phase 2, we present a parade of the HIPAA monsters that have been terrorizing regulated entities for most of this year. Be assured that they are lurking around your own privacy and security program just waiting for an opportunity to strike, as soon as you turn off the light, or forget to install the latest security patch or update your risk assessment.
The Sophisticated Overseas (Zombie) Hacker
While we can’t confirm zombie involvement, this monster is responsible for a number of infamous and record-setting breaches this year – CareFirst Blue Cross/Blue Shield (affecting 1.1 million); Premara Blue Cross/Blue Shield (affecting 11.2 million); Anthem (affecting 80 million); UCLA Health (affecting 4.5 million); Excellus BlueCross BlueShield (affecting 10 million); and the Office of Personnel Management (affecting 21.5 million federal workers). Each hacking incident involved detailed personal information such as names, social security numbers, financial information, and more.
It seems that no security measures are sufficient to keep this sneaky monster out – it can go for months or even years without being detected, causing staggering amounts of damage and raising questions about the sufficiency of even the most sophisticated security system. For example, the recent Excellus hack occurred over a year and a half before being discovered, according to the company’s website notification and FAQs. Your best defense against this monster: encryption, potentially (but read on), as well as a comprehensive audit and activity review program. Continue Reading
With Halloween looming, a discussion of skeletons that may be lurking in a health care provider’s closet is timely. Many of our previous posts, as well as the monthly Qui Tam Updates published by our Health Care Enforcement Defense Group, have discussed a wide variety of state and federal health care fraud investigations and qui tam cases filed by relators under the False Claims Act (FCA). Here we have identified three skeletons worth clearing from the closet in an effort to avoid the frights that may follow from such enforcement actions and lawsuits.
The 60-Day Rule
As explained in a previous post, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule in February 2012 in an attempt to implement the “60-day rule,” which concerns a provider or supplier’s obligation to return overpayments, but CMS has had a frighteningly difficult time finalizing the regulations. However, the Office of Management and Budget received the final 60-day rule for review on October 21, 2015, and it has 90 days to review the final rule, although that time may be extended. Regardless of the timing of the final rule’s publication, health care providers should already be investigating and addressing any potential overpayments in accordance with the governing statute. Continue Reading
As readers of Health Law and Policy Matters know, we have covered recent developments in the Department of Justice’s (DOJ’s) commitment to prosecuting individuals involved in corporate misconduct. A flurry of activity on this issue erupted after a Deputy Attorney General (DAG) in the DOJ named Sally Quinlan Yates published a memorandum in September. Known as the “Yates Memo,” the memo sets forth certain steps that the DOJ will take during investigation of corporate misconduct to ensure that individuals involved in the misconduct are held responsible. We provided an overview of the Yates Memo here, and highlighted subsequent DOJ remarks on the memo here.
The DOJ is continuing to clarify and expound on the Yates Memo. On October 22, 2015, Benjamin C. Mizer, the Principal DAG responsible for the DOJ’s Civil Division, spoke at the 16th Pharmaceutical Compliance Congress and Best Practices Forum in Washington, D.C. In his speech, Mizer focused on a number of points made in the Yates Memo, including the steps that corporations must take to receive cooperation credit, stating in part “…no partial credit for cooperation that doesn’t include information about individuals.” Mizer went on to discuss other aspects of the Yates Memo. Our colleague, Bridget Rohde, has published a post outlining Mizer’s remarks and their potential implications on DOJ’s approach to corporate investigations. Her post can be found here.
The Federal Trade Commission (“FTC”) and Department of Justice Antitrust Division (“DOJ”) (collectively, “agencies”) issued a joint statement to Virginia’s Certificate of Public Need (“COPN”) Work Group, which was recently charged with reviewing Virginia’s certificate of public need process and its impact on health care services in Virginia, including the development of “specific recommendations for changes to the certificate of public need process to address any problems or challenges identified during [its] review.” The agencies’ statement encourages the Work Group and the General Assembly to reconsider whether “Virginia’s COPN laws best serve its citizens” and suggests that the Work Group consider the repeal or retrenchment of the COPN laws in order to promote the efficient functioning of health care markets. This statement is another example of the agencies’ continued vigilance in their efforts to prevent CON laws from suppressing competition by “limiting the availability of new or expanded health care services.”
Virginia’s CON program requires providers such as hospitals, nursing homes, rehabilitation facilities and other general acute care service providers to obtain a COPN from the State Health Commissioner (“Commissioner”) before initiating certain projects. The Commissioner can only issue a COPN after determining that there is a public need for the project. According to Virginia’s Department of Health, the review process can take six to seven months to complete — applications are examined during 190-day review cycles designated for certain batch groups which occurs just twice a year for most groups. Aggrieved parties, including incumbent providers, can appeal the Commissioner’s decision to the circuit court. From the agencies’ perspective, this time-consuming and costly process may deter beneficial entry “since a potential entrant may decide that the process itself is too costly.” Continue Reading
Mintz Levin’s Health Care Enforcement Defense Group has published the latest edition of its Qui Tam Update. The October Qui Tam Update reviews 15 health-related False Claims Act cases that were recently unsealed. Over half of the cases involved both state and federal claims, and over 85% of the relators in the cases were current or former employees. Additionally, the government affirmatively declined to intervene in about half of the cases. In this issue, two noteworthy cases are highlighted:
- Miller v. Neuropsychiatric Institute, LLC, No. 8:14-cv-1110 (M.D. Fla.), involving a novel expansion of False Claims Act liability. Beyond false claims submitted to Medicare and Medicaid, the relator alleged false claims were made that amounted to immigration fraud and Social Security benefits fraud.
- United States ex. rel. Yvette Odumosu v. Pediatric Services of America Healthcare, No. 1:11-cv-1007 (N.D. Ga.) (“Odumosu”) and United States ex. rel. Sheila McCray v. Pediatric Services of America, Inc., No. CV413-127 (S.D. Ga.) (“McCray”), which resulted in the first ever False Claims Act settlement involving an alleged failure to adequately investigate credit balances and determine whether those balances resulted from overpayments from federal health care programs.
Read the full Qui Tam Update for more information about the trends we’ve observed in all of the recently unsealed cases. In our Qui Tam Update series, we monitor recently unsealed FCA cases, identify trends in health care enforcement, and discuss noteworthy cases and developments. To receive the Qui Tam Update by email, subscribe here.
Hospital lawyers, whether in-house or outside counsel, have oversight over many facets of the hospital’s operations. One department they may not be focused on, but should be, is the hospital’s laboratory. In an article published this week in BNA’s Health Law Reporter, my colleague Hope Foster, Almeta Cooper of Morehouse School of Medicine, and I address compliance time bombs that may be lurking in hospital laboratories.
The article gives an overview of how hospital laboratories are regulated by state and federal law and by accrediting organizations. We address how the stringent penalties for noncompliance can have an enormous impact on a hospital’s operations, as laboratory testing is a key component of patient care. We then focus on one key compliance issue: ensuring that each hospital laboratory is appropriately performing proficiency testing. As we indicate in the article, even after CMS relaxed some of the most draconian regulations around the penalties for violations related to proficiency testing in 2014, proficiency testing remains an area in which there is no margin for error in a hospital laboratory.
Last week, a jury in Alabama federal court sided with the Department of Justice (DOJ) and qui tam relators in the first part of a False Claims Act (FCA) case against AseraCare Inc., a provider of hospice and palliative care services, and found that claims submitted by AseraCare for 104 patients were objectively false.
In this case, relators (and DOJ in intervention) accused AseraCare of overbilling Medicare for hospice services by hiding information from physicians in order to obtain certifications of hospice eligibility for patients who were not terminally ill. DOJ used statistical sampling to arrive at a damages figure of more than $200 million by taking a sample of 124 patients from a pool of 2,181 patients, looking at payments in the sample, extrapolating those payments to a larger universe of claims and then tripling the amount (as treble damages are allowed under the FCA). Continue Reading