As the United States continues to grapple with the effects of the coronavirus epidemic, the U.S. Department of Health and Human Services (“HHS”) announced new rules extending compliance dates and timeframes under the Cures Act. The agency’s new rules—most of which take effect on Dec. 4, 2020—are aimed at giving IT developers and health care providers flexibility in responding to the coronavirus pandemic.
The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.
The Centers for Medicare & Medicaid Services (“CMS”) Innovation Center (“CMMI”) recently announced a new model for health care providers in rural areas to receive payment from the federal government. The Community Health Access and Rural Transformation (“CHART”) initiative aims to improve rural health care while promoting the Trump Administration’s push to shift health care providers into a more expansive value-based payment model.
Signed by President Obama on March 23, 2010, The Affordable Care Act (“ACA”) provided a monumental change to healthcare. The ACA created access, added provisions to improve quality, and created cost containment measures. However, the ACA created a quintessential question of Federalism. As it exists today, the Supreme Court will listen to oral arguments in November on the constitutionality of the ACA, in California v. Texas. If the Court decides that the ACA is unconstitutional, millions of Americans who are insured under the Act will lose coverage. Additionally, aside from access, the ACA includes regulatory laws such as Section 1557’s nondiscriminatory provisions, and amendments to the False Claims Act & HIPAA.
The Centers for Medicare & Medicaid Services (“CMS”) released new guidance for skilled nursing facilities (“SNFs”) as part of a larger rulemaking agenda for healthcare institutions in the throes of the current public health emergency with COVID-19. CMS has also detailed the fines for non-compliance with the new COVID-19 requirements for SNFs and other healthcare institutions such as hospitals and laboratories.
In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.
In December 2018, Dr. Christopher Duntsch lost his appeal and the court upheld his life sentence. The name may not sound familiar, but to the medical community in Dallas, Texas, Christopher Duntsch represents what happens when every part of the medical regulatory system fails to protect patients. Christopher Duntsch was given the nickname “Dr. Death” in November 2016 when the DMagazine ran a cover story on him and his victims. In 2018, Wondery produced a six-part podcast series named “Dr. Death” detailing Duntsch’s educational and medical history and the acts that led him to incarceration.
A pair of injunctions in the Northern District of California on January 13, and the Eastern District of Pennsylvania on January 14, halted the implementation of amendments to a religious exemption to the so-called contraception “mandate” of the Affordable Care Act, also known as Obamacare. The “mandate” requires most employers to include contraception coverage in the insurance plans they offer to employees. While Obama administrative agencies contemplated religious exemptions early on, contentious litigation and political transition expanded the scope of the exemption until these latest developments.
In August, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) made an additional focus in its Work Plan for the oversight of nursing facility staffing levels. These changes were made in the light of backlash from a July 2018 news article which reported that nearly 1,400 nursing homes had fewer qualified staff on duty than they were required or failed altogether to provide reliable staffing information to the Centers for Medicare and Medicaid Services (“CMS”).
On October 24, President Trump signed a new bill aimed at combatting issues arising from the opioid epidemic. This bill, entitled the Substance-Use Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (the “SUPPORT” Act) is a combination of seventy bills that effect the healthcare industry. This act includes new and revised Medicaid and Medicare laws that relate to the opioid crisis through the expansion of substance use disorder services. However, this bill, primarily aimed to combat the opioid epidemic, contains key provisions that will affect healthcare providers. Healthcare providers should be especially mindful of this new Act, as there are new anti-kickback provisions that require compliance officers and departments to ensure that their healthcare entities are in compliance with this new law.