Legal Insights and Perspectives for the Healthcare Industry

Traditionally a month of beginnings and endings, September is when we transition from the idle warmth of long summer days to the heightened activity of a chilled and busy autumn. For Health Law Scan, September was notable for our analysis of the US Court of Appeals for the Eleventh Circuit’s decision in United States v. Aseracare, which found that mere differences of clinical opinion cannot be fraud under the False Claims Act.

We invite you to join us on Thursday, October 17, for an overview discussion about federal rulemaking, including procedural and de facto changes under the current administration. In this A–Z of Federal Rulemaking webinarSusan Harthill, Jonathan Snare, and Timothy Lynch will discuss the impact of participating in federal rulemaking, how to get involved, the roles of the Office of Management and Budget and Office of Information and Regulatory Affairs, and more.

Register for the webinar now >

Highlighting the US Department of Health and Human Services’ (HHS) efforts to transform the US healthcare system to a value-based model, the Office of the Inspector General (OIG) and the Centers for Medicare and Medicaid Services (CMS) have issued two proposed rules that seek to alter the landscape of healthcare program integrity and fraud and abuse regulation, as part of what HHS calls the “Regulatory Sprint to Coordinated Care Initiative.”

The HHS Regulatory Sprint identifies four lanes to better coordinate care:

  • Improving a patient’s ability to understand his/her treatment plans and be empowered to make decisions
  • Increasing providers’ alignment on end-to-end treatment
  • Providing incentives for providers to coordinate and collaborate care with their patients
  • Encouraging information sharing among providers, facilities, and other stakeholders in a manner that facilitates efficient care while preserving and protecting patient access to data

New York’s Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, which makes significant changes to the state’s data breach notification requirements, impacts healthcare organizations that hold computerized data with private information from New York residents. In this LawFlash, our privacy and cybersecurity team analyzes the law’s expanded definition of “private information” and offers key business takeaways for assessing compliance with the SHIELD Act, which becomes effective October 23, 2019.

Read the LawFlash >>

The Nuclear Regulatory Commission (NRC), which regulates the medical use of radioactive materials, relies on the Advisory Committee on the Medical Use of Isotopes (ACMUI) to identify and evaluate the common causes of medical events that are reported by licensees. In an Up & Atom blog post, Morgan Lewis partner Lewis Csedrik and associate Roland Backhaus detail the ACMUI’s most recent review of reported medical events and discuss the NRC’s Information Notice with recommendations to prevent their reoccurrence.

Read the Blog Post  >>

It’s October 1, and that means this month is the deadline for the US Drug Enforcement Agency (DEA) to issue its final rules on special registration for telemedicine. The SUPPORT Act, signed into law on October 24, 2018, gave the DEA one year to promulgate regulations specifying the circumstances under which special registration may be obtained and the procedure for doing so. When finalized, special registration should give telehealth providers significantly more flexibility to prescribe controlled substances without first performing in-person exams.

Our prior post discussed three potential enhancements to cyber-related liability insurance policies designed to maximize their potential responsiveness to actions initiated by consumers or the state attorney general under the California Consumer Privacy Act (CCPA). Today, we offer four additional suggested coverage enhancements for consideration in advance of the CCPA’s January 20, 2020, effective date:

The California Consumer Privacy Act (CCPA) is a game-changer. Taking effect on January 1, 2020, the data privacy law creates new statutory rights governing the handling, storage, and sale of personal information. It broadens significantly the definition of “personally identifiable information” over prior statutory enactments. It reaches companies inside and outside of California based on revenue or the number of consumers whose personal information is bought, sold, shared, or received by a company. It creates private rights of action permitting the potential recovery of statutory or actual damages for consumers, and a new public form of action for the assessment of fines by the state attorney general.

Will typical cyber-related liability insurance policies respond to actions initiated under the CCPA? In their current form, many likely will not. This post suggests enhancements to existing cyberliability policies to maximize their potential responsiveness to CCPA actions.

The Open Payments program established by the Physician Payments Sunshine Act (Sunshine Act) requires manufacturers of covered drugs, medical devices, biologicals, and medical supplies (applicable manufacturers) to report annually to the Centers for Medicare and Medicaid Services (CMS) certain payments and other transfers of value made in the previous calendar year to “covered recipients,” which currently are defined as US-licensed physicians and teaching hospitals. Applicable manufacturers and Group Purchasing Organizations also must report any ownership or investment interests held by physicians or members of their immediate family. CMS makes this information available to the public on the agency’s Open Payments webpage and refreshes it annually.

The US Department of Health and Human Services (HHS) recently announced more than $1.8 billion in funding to support the prevention and treatment of opioid addiction. This latest round of funding, authorized in conjunction with the continuing implementation of the 2018 SUPPORT Act, will be awarded by the Centers for Disease Control and Prevention (CDC) and the Substance Abuse and Mental Health Services Administration (SAMHSA) to states and local communities.

The CDC will provide more than $900 million to help state and local governments track overdose data “as closely to real-time as possible.” Packaged as a three-year cooperative agreement “to scale-up prevention and response activities,” the CDC will distribute $301 million in funding for the first year to states, localities, and some territories beginning in September 2019.