In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.
The Common Rule, the Federal policy protecting human subjects of biomedical and behavioral research, was published in 1991. The process to update the policy has taken place over the last several years, leading to the final rule revisions which were effective as of July 19, 2018. After January 20, 2019, institutions are now permitted to implement the entirety of the revised Common Rule. Any institution receiving funds, supervision, or review from any of the twenty Federal Departments and Agencies that have codified the Common Rule must implement this revised rule in their compliance programs.
On January 31, 2019, the Trump administration proposed yet another regulation in efforts to control rising prescription costs for Americans. If the regulation becomes final, drug manufacturers and Pharmacy Benefit Managers (“PBM”) will no longer be able to harbor from Anti-Kickback violations when negotiating discounts with Medicare and Medicaid managed care programs. The Administrations, continuing the tone of transparency, will instead provide Medicare Part D beneficiaries with the ability to receive discounted prices at the pharmacy counter. The administration hopes this will allow patients to not endure high out-of-pocket costs by purchasing medications at a more affordable price necessary to sustain their health.
In December 2018, Dr. Christopher Duntsch lost his appeal and the court upheld his life sentence. The name may not sound familiar, but to the medical community in Dallas, Texas, Christopher Duntsch represents what happens when every part of the medical regulatory system fails to protect patients. Christopher Duntsch was given the nickname “Dr. Death” in November 2016 when the DMagazine ran a cover story on him and his victims. In 2018, Wondery produced a six-part podcast series named “Dr. Death” detailing Duntsch’s educational and medical history and the acts that led him to incarceration.
In August, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) made an additional focus in its Work Plan for the oversight of nursing facility staffing levels. These changes were made in the light of backlash from a July 2018 news article which reported that nearly 1,400 nursing homes had fewer qualified staff on duty than they were required or failed altogether to provide reliable staffing information to the Centers for Medicare and Medicaid Services (“CMS”).
Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.
Corporate compliance professionals will often define compliance as “doing the right thing.” Indeed, both compliance professionals and scholars agree that ethics are an important aspect of effective compliance programs. This is particularly true when it comes to compliance with forced labor regulations. Using forced labor can be appealing to companies seeking to reduce their operating costs and increase profits. However, in the face of a toxic business culture that values maximizing profits, compliance professionals must convince their colleagues that forced labor is not worth the savings in operating costs.
After Hurricane Irma’s dissipation on September 15, 2017, the residents of Florida can now begin to assess the damage caused by the strongest hurricane making landfall since Katrina in 2005. According to early estimates, Irma has caused over 62 billion dollars in damage. However, amongst the destruction there is a silver lining; the damage caused was significantly limited by building regulations that went into effect in 2002. Homes and buildings that would have otherwise been destroyed by Hurricane Irma were able to survive, and suffered only minor damage.
Compliance programs rely heavily on internal investigations. Yet unlike their counterparts in the in-house counsel’s office, compliance professionals rarely give notice when they are conducting such investigations. Whether compliance professionals have duty to notify individual directors, officers and employees of an internal investigation remains unclear. This lack of clarity leads to confusion with employees and officers regarding the limits of confidentiality, and the compliance officer’s duty of loyalty. A robust ethics and compliance program should therefore take a proactive stance and integrate Upjohn warnings—a standard of corporate counsel, but modified to fit the compliance function—into the internal investigation process.
Gilbert Carrillo Executive Editor Loyola University Chicago School of Law, JD 2017 Edmund Tyrrell Associate Editor Loyola University Chicago School of Law, JD 2018 Theranos, the American health-tech and medical-lab-services company, recently hired two executives to oversee regulatory compliance standards. The executives were hired following Theranos receiving multiple sanctions from U.S. regulators about the …