Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.
Recently, pharmaceutical companies are gaining increased notoriety for violations of the False Claims Act, the Anti-Kickback Statute, and general fraudulent practices directed toward physicians and medical care providers with the intent to increase profits. In 2019, Avanir Pharmaceuticals settled with the Department of Justice to pay more than $108 million of criminal penalties and civil damages for engaging in kickbacks with physicians, and misleading marketing of their drug Nudexta for unapproved purposes. Then, in May of 2021, Incyte Corp., a Delaware-based pharmaceutical manufacturer agreed to pay $12.6 million for unspecified damages arising under a violation of the Federal False Claims Act for improperly using an independent foundation to cover copays of individuals consuming Incyte’s cancer drug, Jakafi. Despite widespread prosecutions against pharmaceutical drug manufacturers, and the fraud deterrent provisions of the False Claims Act, the risk of fraud and remuneration still runs high in relationships between healthcare professionals and pharmaceutical companies.
The Public Charge Rule perpetuates anti-immigrant sentiment and keeps poor, disabled migrants who were often Black, Brown, and ethnically oppressed out of the United States. It makes pathways to citizenship contingent upon wealth and the absence of disability. As the Autistic Self Advocacy Network puts it, the Public Charge Rule is a “clear echo of the racist and ableist policies of the eugenics era.”
Since the start of 2021, cyber-attacks have dominated headlines across every industry. From governments and government organizations, healthcare companies, and banks, to gaming companies and oil pipelines, ransomware has impacted organizations of all types and sizes. The scale and scope of these attacks have continued to grow and have far reaching consequences. Despite current agency attempts to strengthen cybersecurity through regulation, individual users continue to pose a serious threat due to insufficient security education.
In the United States, Assisted Reproductive Technology (ART) is predominantly self-regulated by a network of medical agencies that publish guidelines. ART refers generally to any fertility procedure where eggs or embryos are handled. ART clinics are not federally funded, and there is no specific national legislation that establishes a clear regulatory framework about the standard of operations, the quality-of-care patients should be provided with, the permissible uses of ART, or recourse for patients who have not benefited from their financial investments in ART. There are minimum standards set forth by the Food and Drug Administration (FDA) and the Clinical Laboratory Improvement Amendments of 1988 (CLIA), which require strict compliance before patients can consult and use clinics’ ART services including the use of pharmaceutical products. The Federal Trade Commission (FTC) also oversees truthful advertising and marketing practices within ART to ensure that clinics’ reports of success are consistent with their patient data. All states require that physicians obtain a license before providing care, and physicians are subject to investigation by state boards. Aside from this general regulation for safety and transparency, the only explicit regulation targeting the ART industry is the United States Fertility Clinic Success Rate and Certification Act, mandating all US fertility clinics to report their ART cycles performed to the Center for Disease Control (CDC). The data collected through this reporting act is governed by the NASS 2.0 (National Assisted Reproductive Technology Surveillance System), which is a collaborative surveillance system between the CDC, and private stakeholders. Self-reported data to NASS 2.0 is verified by comparing information from a patient’s medical record with data submitted for the report.
For the first time in about twenty years, the U.S. Food and Drug Administration (FDA) approved a drug to combat the progression of Alzheimer’s. The newly approved drug is manufactured by Biogen and will be called Aduhelm. The FDA granted fast track designation of the drug to speed up access to patients. While Aduhelm will not reverse already developed Alzheimer’s symptoms, it will slow down the advancement of the disease by removing deposits of beta-amyloid, a protein found in early-stage Alzheimer’s patient’s brains.
The COVID-19 pandemic has impacted residents and staff of nursing homes and long-term care facilities more than any other demographic, accounting for nearly 40 percent of the total mortality rate from the virus in the United States. According to Centers for Medicare & Medicaid Services (“CMS”), at least 132,000 residents and employees have died from complications of the COVID-19 across 31,000 facilities, although some estimates place the death count closer to 200,000. One factor aggravating the number of deaths in nursing homes is the extraordinarily high rate of staff turnover each year.
The Department of Health and Human Services (“HHS”) finalized revised regulations that implemented Section 1557 of the Affordable Care Act (“ACA”) in June of 2020. This section prohibits discrimination within health programs and activities receiving federal financial assistance based on race, color, sex, age, disability, and national origin. In comparison to the Obama-era regulations issued in 2016, the new final rule does away with gender identity and sexual orientation nondiscrimination protections not only under Section 1557, but under ten other federal regulations as well. This also includes a roll back of certain health insurance coverage protections for transgender individuals.
As the United States continues to grapple with the effects of the coronavirus epidemic, the U.S. Department of Health and Human Services (“HHS”) announced new rules extending compliance dates and timeframes under the Cures Act. The agency’s new rules—most of which take effect on Dec. 4, 2020—are aimed at giving IT developers and health care providers flexibility in responding to the coronavirus pandemic.
The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.