For the first time since 2013, on Saturday, January 20th, 2018, the U.S. government ran out of money when Congress failed to pass a spending bill to fund the federal government. Much of the federal government’s operations have ground to a halt due to the lack of funding. Because Congress is seemingly at an impasse over immigration policy, the shutdown may last several days, if not weeks. In light of Loyola’s upcoming symposium exploring what happens when regulation is not enforced, it is interesting to consider how, in a similar vein, the shutdown affects compliance.
States looking for flexibility or creativity in implementing Medicaid programs can apply for waivers from the Secretary of Health and Human Services (HHS). According to the Medicaid and CHIP Payment Access Commission (MACPAC), waiver use is quite extensive—resulting in “wide variations in program design, covered services, and eligible populations among states and even within states.” As of September 2017, 33 states account for 41 approved waivers, and 18 states have 21 total pending waivers. The scope of these waivers traditionally broadens eligibility and creates new programs in states where Medicaid needs are not expressly recognized by federal law. Current pending applications suggest, however, that states seeking waivers now do so as a means to circumvent Medicaid program requirements they disagree with.
In the eyes of underinsured or uninsured patients, Patient Assistance Programs (PAPs) offer access to otherwise unaffordable medications. However, there are questions being raised whether PAPs are being abused by manufacturers as an inappropriate inducement. The government is increasing its inquiries into PAPs and is beginning to take more investigative action. PAPs are often funded by charitable donations from companies who benefit from the PAP paying for co-insurance for the very drugs the company manufactures. It is essential for companies seeking to develop or maintain charitable donations to remain compliant with existing regulations, but also be aware of forthcoming regulations as a result of present actions.
This summer I had the opportunity to intern with the Office of Inspector General for the U.S. Department of Health and Human Services (OIG) in Washington, DC. I thoroughly enjoyed my time with OIG, and I learned a great deal about health care fraud, waste, and abuse. In spending my summer with OIG, I had a glimpse into the powerful regulatory bodies that protect the health care market from abuse. As I move forward with my career in regulatory work, I will take with me the invaluable experiences and skills from my internship.
In an unprecedented act, the Office for Civil Rights (OCR) entered into a settlement agreement with Presence Health Network based on the healthcare system’s failure to timely report a breach of unsecured protected health information (PHI). Under the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) a covered entity must notify affected individuals, the Department of Health and Human Services (HHS), and the media for breaches affecting 500 people or more. Presence Health will pay $475,000 and implement a corrective action plan (CAP) to address misunderstandings in workforce member roles and responsibilities relating to the notification process.
Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018 Back in November, the Department of Human Services (HHS) Office of Civil Rights (OCR) released an alert stating that a phishing scam masquerading as an OCR Audit had been spotted being sent out to Health Information Portability and Accountability Act (HIPAA) covered …
Fannie Fang Executive Editor Loyola University Chicago School of Law, JD 2017 On January 18, 2017, the Department of Health and Human Services (“HHS”) issued a final rule to update and improve the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, known as 42 CFR Part 2 (“Part 2”). The purpose of the …
Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M in Health Law 2017 In 2013, Oregon Health & Science University (“OHSU”), Oregon’s only academic health center, reported numerous breaches of unsecured electronic protected health information (“ePHI”), including two breaches within the span of five months. This led to the Office of Civil …
Ryan Meade Editor-in-Chief Director of Regulatory Compliance Studies at Loyola University Chicago School of Law A recent commentary from the U.S. Department of Health & Human Services’ Office of Inspector General (HHS-OIG) indicates it will not consider the existence of an effective compliance program as a positive factor in resolving civil non-compliance but it …