The United States Securities and Exchange Commission (SEC) has announced that they have awarded upwards of $37 million to one whistleblower in 2022. This individual gave important information to the SEC that led to a successful enforcement action against a large European healthcare company. This award took the cake for being the highest payout to a whistleblower in 2022. What does a whistleblower program look like from the regulator’s point of view and why is it important?
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.
During the COVID-19 pandemic, the federal government and the Drug Enforcement Agency (DEA) temporarily lifted the Ryan Haight Act’s mandate that imposes federal prohibition on online prescribing of controlled substances. The DEA waived its in-person medical examination requirement and set forth different criteria for controlled substances. For as long as the duration of the public health emergency (which was extended through January of 2023 this month), a patient can receive a controlled substance prescription without an in-person examination if the communication was conducted in a two-way, audio-visual, and real-time interactive communication. Covid highlighted the increased use of telehealth and digital health platforms. However, as telehealth surged, public policy has failed to move at the same speed.
Thanks to a new FDA final rule, published in August of this year, Americans can soon purchase specific hearing aids over-the-counter (OTC) without a hearing exam, prescription, or fitting. Although this rule will improve access to hearing aid devices and lower the costs for those with hearing impairments, many critics are convinced the rule will do more harm than good.
Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.
Recently, pharmaceutical companies are gaining increased notoriety for violations of the False Claims Act, the Anti-Kickback Statute, and general fraudulent practices directed toward physicians and medical care providers with the intent to increase profits. In 2019, Avanir Pharmaceuticals settled with the Department of Justice to pay more than $108 million of criminal penalties and civil damages for engaging in kickbacks with physicians, and misleading marketing of their drug Nudexta for unapproved purposes. Then, in May of 2021, Incyte Corp., a Delaware-based pharmaceutical manufacturer agreed to pay $12.6 million for unspecified damages arising under a violation of the Federal False Claims Act for improperly using an independent foundation to cover copays of individuals consuming Incyte’s cancer drug, Jakafi. Despite widespread prosecutions against pharmaceutical drug manufacturers, and the fraud deterrent provisions of the False Claims Act, the risk of fraud and remuneration still runs high in relationships between healthcare professionals and pharmaceutical companies.
The Public Charge Rule perpetuates anti-immigrant sentiment and keeps poor, disabled migrants who were often Black, Brown, and ethnically oppressed out of the United States. It makes pathways to citizenship contingent upon wealth and the absence of disability. As the Autistic Self Advocacy Network puts it, the Public Charge Rule is a “clear echo of the racist and ableist policies of the eugenics era.”
Since the start of 2021, cyber-attacks have dominated headlines across every industry. From governments and government organizations, healthcare companies, and banks, to gaming companies and oil pipelines, ransomware has impacted organizations of all types and sizes. The scale and scope of these attacks have continued to grow and have far reaching consequences. Despite current agency attempts to strengthen cybersecurity through regulation, individual users continue to pose a serious threat due to insufficient security education.
In the United States, Assisted Reproductive Technology (ART) is predominantly self-regulated by a network of medical agencies that publish guidelines. ART refers generally to any fertility procedure where eggs or embryos are handled. ART clinics are not federally funded, and there is no specific national legislation that establishes a clear regulatory framework about the standard of operations, the quality-of-care patients should be provided with, the permissible uses of ART, or recourse for patients who have not benefited from their financial investments in ART. There are minimum standards set forth by the Food and Drug Administration (FDA) and the Clinical Laboratory Improvement Amendments of 1988 (CLIA), which require strict compliance before patients can consult and use clinics’ ART services including the use of pharmaceutical products. The Federal Trade Commission (FTC) also oversees truthful advertising and marketing practices within ART to ensure that clinics’ reports of success are consistent with their patient data. All states require that physicians obtain a license before providing care, and physicians are subject to investigation by state boards. Aside from this general regulation for safety and transparency, the only explicit regulation targeting the ART industry is the United States Fertility Clinic Success Rate and Certification Act, mandating all US fertility clinics to report their ART cycles performed to the Center for Disease Control (CDC). The data collected through this reporting act is governed by the NASS 2.0 (National Assisted Reproductive Technology Surveillance System), which is a collaborative surveillance system between the CDC, and private stakeholders. Self-reported data to NASS 2.0 is verified by comparing information from a patient’s medical record with data submitted for the report.
For the first time in about twenty years, the U.S. Food and Drug Administration (FDA) approved a drug to combat the progression of Alzheimer’s. The newly approved drug is manufactured by Biogen and will be called Aduhelm. The FDA granted fast track designation of the drug to speed up access to patients. While Aduhelm will not reverse already developed Alzheimer’s symptoms, it will slow down the advancement of the disease by removing deposits of beta-amyloid, a protein found in early-stage Alzheimer’s patient’s brains.