Tag Archives: Department of Health and Human Services (HHS)

FDA Draft Guidance Addresses Electronic Informed Consent in Clinical Investigations

FDA has issued a draft guidance providing recommendations for clinical investigators, sponsors and institutional review boards on the use of electronic informed consent for FDA-regulated clinical investigations of medical products, including drugs, medical devices and biological products. FDA is accepting comments on the draft guidance until May 8, 2015. In addition, the HHS Office for Human Research Protections (OHRP) is considering whether to adopt the positions and recommendations proposed in this guidance for research regulated under the HHS protection of human subjects regulations and to issue a joint OHRP/FDA guidance document on this topic once the FDA's final guidance document has been developed.… Continue Reading

Omnibus Spending Bill Promises Increased Funding for Ebola Response in FY 2015

On December 16, 2014, President Obama signed into law an omnibus spending bill that will provide funding across the federal government in the remainder of FY 2015. The bill includes $5.4 billion designated for several regulatory agencies - including the Centers for Disease Control and Prevention, Department of Defense, Food and Drug Administration, Department of Health and Human Services, National Institutes of Health and Department of State - to use in response to the Ebola epidemic, on both a national and international scale.… Continue Reading

OCR Releases Ebola Bulletin

The recent Ebola outbreak has prompted the US Department of Health and Human Services, Office for Civil Rights ("OCR"), the agency responsible for enforcing the Health Insurance Portability and Accountability Act ("HIPAA"), to release a new bulletin for covered entities and business associates regarding their privacy obligations in emergency situations. The bulletin, entitled "HIPAA Privacy In Emergency Situations," provides an overview of the limited ways in which covered entities and business associates may use and disclose protected health information in emergencies, such as the Ebola outbreak. The bulletin is available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/hipaa-privacy-emergency-situations.pdf.… Continue Reading

Insights About Future Use of Protected Health Information Under HIPAA

In "HIPAA Enforcement: The Next Step," an interview and accompanying article that appeared on HealthcareInfoSecurity on October 14th, Reed Smith partner Brad Rostolsky details the HIPAA-related trends that he expects to see within the next several years. Among these predicted trends is an increase in the number of investigations by the Department of Health and Human Services' Office for Civil Rights regarding the illegal use and distribution of Protected Health Information without the permission of patients, a result of tightened regulations introduced in last year's HIPAA Omnibus Rule. Brad also discusses how companies should prepare for HIPAA compliance audits, the use of health information on social media, and potential privacy issues surrounding wearable consumer health devices.… Continue Reading

Reed Smith Team Analyzes OIG’s Proposed Rule Amending Anti-Kickback Safe Harbors, CMP Rules & Gainsharing Regulations

The Office of Inspector General (OIG) of the Department of Health and Human Services published a major proposed rule on October 3, 2014 amending the Anti-Kickback Statute (AKS) safe harbors and the Civil Monetary Penalty (CMP) rules to protect a number of payment practices not previously allowed under those regulations. The proposed rule and the … Continue Reading

OIG Warns About Ineligibility of Health Care Program Beneficiaries for Pharmaceutical Coupon Programs

The Office of Inspector General (OIG) of the Department of Health & Human Services issued a Special Advisory Bulletin (SAB) on September 19, 2014 discussing the coupon programs employed by many pharmaceutical manufacturers to reduce or entirely eliminate patient copayments to obtain brand-name drugs. As mentioned on our Health Industry Washington Watch blog, the SAB … Continue Reading

OIG Advisory Bulletin Addresses Independent Charity Patient Assistance Program Risks

Patient Assistance Programs (PAPs) provide important help to patients of limited means who do not have insurance coverage for drugs and need assistance covering drug costs, often for chronic illnesses. The Office of the Inspector General (OIG) of the Department of Health and Human Services has now issued an advisory bulletin, dated May 21, 2014, … Continue Reading

OIG Proposes Amendment of Health Care Program Civil Monetary Penalty Regulations

The Office of Inspector General (OIG) of the Department of Health and Human Services has issued a proposed rule that would institute several changes to the health care program civil monetary penalty (CMP) regulations. Under the proposed rule, the OIG would have the expanded authority to enforce significant CMPs on providers and suppliers in a variety of scenarios. Reed Smith has prepared a Client Alert summarizing and analyzing the Proposed Rule, including the various scenarios under which CMPs could be issued under the proposed regulations as well as the changes in technical language proposed by OIG to more clearly define the scope of CMP regulations.… Continue Reading

Exclusion Rules For Those Who Receive Funds From Federal Health Care Programs May Get Even More Complicated

The Office of Inspector General (OIG) of the Department of Health and Human Services identifies the underlying purpose of its exclusion authority as to protect federal health care programs and their beneficiaries from "untrustworthy health care providers, i.e., individuals and entities who pose a risk to program beneficiaries or the integrity of these programs." The OIG now has published a new proposed rule that would greatly expand the bases upon which it could affirmatively exclude an individual or entity from participation in federal health care programs. Reed Smith has prepared a Client Alert that provides an overview of the Proposed Rule, including: proposed revisions to definitions; new grounds for exclusion; clarifications to existing regulations to add mitigating and aggravating factors; early reinstatement procedures; and proposed procedural changes in the OIG's exclusion authorities.… Continue Reading

Recent OCR Enforcement Activities Cause Serious Case of Déjà Vu: Theft of Unencrypted Laptops Leads to Two Separate HIPAA Settlements

Two separate instances of unencrypted laptop theft from different health care providers have resulted in two settlements for potential violations of the HIPAA Privacy and Security Rules. These alleged violations were uncovered following investigations by the Department of Health and Human Services, Office for Civil Rights (OCR). In the first instance, involving Concentra Health Services, OCR found that Concentra had previously recognized its need for increased encryption on its technological devices but had failed to fully address this issue before the breach. In the second instance, involving QCA Health Plan, Inc. of Arkansas, OCR found that QCA had failed to comply with multiple requirements set forth by the HIPAA Security Rule. Both instances resulted in settlements comprised of financial payments to OCR as well as agreement to Corrective Action Plans that will allow for continued oversight by OCR in regards to HIPAA compliance.… Continue Reading

D.C. Circuit Rules in Favor of Providers in DSH Part C/Part A Appeal… Or Does it?

In a much-anticipated decision, the U.S. Court of Appeals for the District of Columbia Circuit last month affirmed the lower court's ruling in favor of the hospital plaintiffs in Allina Health Services, et al. v. Sebelius (D.C. Cir., No. 13-5011, Apr. ___, 2014). The otherwise good news for providers, however, was called into question by the appellate court's instructions as to the proper remedy in the case.… Continue Reading

County Governments Not Immune From HIPAA Enforcement: OCR Announces $215,000 Settlement with Skagit County, Washington

On March 7, 2014, the HHS Office for Civil Rights (“OCR”) announced its first settlement and corrective action plan with a county government. Skagit County in northwest Washington State has agreed to pay $215,000 to settle potential violations of the HIPAA Privacy, Security and Breach Notification Rules. According to Susan McAndrew, deputy director of health … Continue Reading

Manufacturer, Group Payment Organization, and Physician Financial Information Slated For Disclosure, May Spur False Claims Act Activity

As mentioned on our Health Industry Washington Watch blog, pharmaceutical and medical device manufacturers and group purchasing organizations (GPO) are currently in the process of submitting detailed 2013 payment and investment interest data to the Centers for Medicare & Medicaid Services. The submission of this data, as dictated by the Physician Payment Sunshine Act, is intended to highlight certain financial relationships between the manufacturers and GPOs and physicians. With some exceptions, this data will become public by September 1, 2014, at which time the Department of Health and Human Services' Office of the Inspector General, Department of Justice, and relators' attorneys will likely analyze the data to initiate investigations and support complaints under the federal False Claims Act.… Continue Reading

Final Rule Gives Patients a New Right under HIPAA to Access Completed Test Reports Directly from Labs

On February 6, 2014, the U.S. Department of Health & Human Services' (HHS) Centers for Medicare & Medicaid Services, Centers for Disease Control and Prevention, and Office for Civil Rights jointly published a final rule amending the HIPAA Privacy Rule and the Clinical Laboratory Improvement Amendments of 1988 regulations to provide patients with direct access to laboratory test reports. HHS believes that patients should have the right to access these test reports in order to gain vital information, allowing them to better manage their health and take action to prevent and control disease. The amendments to both regulations become effective April 7, 2014, and HIPAA-covered laboratories must comply by October 6, 2014.… Continue Reading

Physician-Owned Distributor (POD) Update: Device Manufacturer’s Challenge to OIG Fraud Alert Fails; OIG Finds PODs Increase Medicare Costs; and Hospitals Continue to Adopt Anti-POD Policies

We have been reporting for some time on issues involving the Office of the Inspector General (OIG) scrutiny of physician-owned distributors (PODs). In March 2013, we analyzed an OIG Special Fraud Alert on PODs and in October we reported on an interesting challenge to the Fraud Alert filed by a medical device manufacturer in the U.S. District Court for the Central District of California. That suit argued that the Fraud Alert unfairly and unconstitutionally burdened the plaintiff's First Amendment rights of free speech and due process. In this post, we report on the disposition of that case, and several other related POD developments.… Continue Reading

Device Manufacturer Files Federal Challenge to OIG Special Fraud Alert on Physician-Owned Distributors

This post was written by Elizabeth Carder-Thompson. On October 8, 2013, Reliance Medical Systems, LLC, filed a complaint in the U.S. District Court for the Central District of California, seeking a declaration that an Office of Inspector General (OIG) Special Fraud Alert on physician-owned distributors (PODs) unfairly and unconstitutionally burdens First Amendment rights of free speech and due process. Reliance describes itself as "a design company that collaborates with spine surgeons to design highly customized spinal implant devices and surgical tools." It states it had physician owners from its beginning in 2006, characterizing this as a business model that "maximizes and optimizes physician design input." However, in 2012, before issuance of the Fraud Alert, it "moved away from the physician-owned entity business model, after careful consideration and out of an abundance of caution." Interestingly, in a separate part of the complaint, Reliance allows that "the OIG is currently investigating Reliance, and its physicians with whom Reliance previously communicated." The Complaint goes on to explain that it now wishes to return to a physician-owned business model, but that the Fraud Alert's characterization of PODs as "inherently suspect" under the federal anti-kickback statute is chilling its ability to speak with prospective physician owners. It also expresses concern about future OIG investigations, and about reluctance by hospitals and ambulatory surgical centers to enter contracts with it, for fear that they themselves may be "at risk" under the Fraud Alert for doing business with physician-owned entities. The complaint provides a colorful chronology of events leading up to the OIG's issuance of the POD Fraud Alert.… Continue Reading

CMS Releases List of Teaching Hospitals; Educational Efforts and Requests for Additional Clarification Regarding the Physician Payment Sunshine Final Rule Continue

In preparation for data collection to begin under the Physician Payment Sunshine Act Final Rule on August 1, 2013, the Centers for Medicare & Medicaid Services (CMS) released yesterday the list of teaching hospital covered recipients to which payments and other transfers of value must be reported by applicable drug and device manufacturers.  The list, … Continue Reading

CMS and OIG Propose Extension of Electronic Health Record Donation Protections

The Centers for Medicare & Medicaid Services (CMS) and the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) have each proposed new rules to extend existing protections that allow hospitals to donate electronic health record (EHR) technology to physicians who refer patients to their facilities. By way of background, in 2006, CMS established an exception to the Stark self-referral law to allow hospitals to donate EHR technology to physicians under certain circumstances. Likewise, in 2006, the OIG established a safe-harbor to protect such EHR donations from enforcement under the federal anti-kickback statute. While both protections are set to expire on December 31, 2013, the proposed rules would extend the provisions until the end of 2016 as a means to facilitate the adoption of EHR technology.… Continue Reading

OIG Views PODs As “Inherently Suspect” Under the Anti-Kickback Statute

Referencing what it deems a "proliferation" of physician-owned distributors (PODs), on March 26, 2013, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a Special Fraud Alert identifying significant concerns with such entities under federal anti-kickback principles.1 For purposes of the Alert, the OIG defines a POD as "any physician-owned entity that derives revenue from selling, or arranging for the sale of, implantable medical devices," including "physician-owned entities that purport to design or manufacture, typically under contractual arrangements, their own medical devices or instrumentation." Specifically, the OIG describes in somewhat unusual detail the multiple "attributes and practices" of PODs that the OIG believes "produce substantial fraud and abuse risk and pose dangers to patient safety." Notably, the Alert is focused on PODs that derive revenue from selling, or arranging for the sale of, implantable medical devices that are ordered by physician-owners for use in procedures that physician-owners "perform on their own patients at hospitals or ambulatory surgical centers (ASCs)." However, the OIG states that "the same principles would apply when evaluating arrangements involving other types of physician-owned entities."… Continue Reading

Sunshine Physician Payment Final Rule Overview and Analysis

On February 1, 2013, the Centers for Medicare & Medicaid Services (CMS) of the Department of Health and Human Services (HHS) released the long-awaited Final Rule to implement the “Sunshine” provisions of the Affordable Care Act of 2010 (ACA). The Sunshine provisions – intended to provide increased transparency on the scope and nature of financial … Continue Reading

OCR Continues to Use Breach Self-Reports as an Invitation to Audit General HIPAA Compliance

On September 17, 2012, the HHS Office of Civil Rights ("OCR") announced another settlement and corrective action plan following an entity's breach self-report required by HITECH's Breach Notification Rule. Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively "MEEI") have agreed to pay $1.5 million to settle potential violations of the HIPAA Security Rule following the theft of a physician's unencrypted, but protected, laptop, providing additional evidence that: (1) OCR will likely view any breach notification as an opportunity to conduct a de facto audit of an entity's general HIPAA compliance; and (2) encryption of all portable devices containing electronic protected health information ("ePHI"), though not technically "required," is a critical compliance consideration.… Continue Reading

Massachusetts Attorney General Strikes: South Shore Hospital Settles Data Breach Allegations for $750,000

On May 24, 2012, the Attorney General of Massachusetts announced that South Shore Hospital of South Weymouth, Massachusetts (South Shore) agreed to settle allegations that it failed to protect the personal and protected health information of more than 800,000 individuals.  The settlement resulted from the hospital’s data breach report to the Attorney General in July … Continue Reading

CMS Announces Data Collection for the Physician Payments Sunshine Act Will Not Be Required Before 2013

The Centers for Medicare & Medicaid Services (CMS), tasked with implementing the Physician Payments Sunshine Act, announced yesterday that it will not require pharmaceutical, device, and other applicable manufacturers and group purchasing organizations (GPOs) to begin collecting reportable data before 2013.  Once implemented, the Physician Payments Sunshine Act (Section 6002 of the Affordable Care Act) … Continue Reading

Small Cardiology Practice to Pay $100,000 to Settle Allegations of HIPAA Violations

On April 17, 2012, the HHS Office of Civil Rights (OCR) announced a settlement and corrective action plan with Phoenix Cardiac Surgery, P.C. (Phoenix), a small cardiology practice based in Phoenix and Prescott, Arizona. More specifically, Phoenix has agreed to pay $100,000 to settle allegations of HIPAA violations arising out of an investigation conducted by OCR.… Continue Reading
LexBlog