Insights

Digital health companies, investors, and other healthcare organizations should follow policy developments with a strategic lens towards their market opportunities for key potential growth and risk mitigation.

The Office of the Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) published the General Compliance Program Guidance (GCPG) on November 6, 2023. The GCPG provides updated descriptions of the seven elements of an effective compliance program that health care entities have long relied upon. The new guidance also includes recommendations to conduct annual internal risk assessments, to consider quality of care as a component of the compliance program, and to emphasize the importance of a board’s and executive leadership’s oversight of compliance.

On October 30, President Joe Biden signed an Executive Order (“EO”) 14110 entitled, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” which establishes a policy framework to manage the risks of artificial intelligence (“AI”), to direct agency action to regulate the use of health AI systems and tools, and to guide AI innovation across all sectors, including in the health and human services sectors. OMB simultaneously released a draft memorandum that would specifically direct department and agency action by establishing new agency requirements in AI governance, innovation, and risk management and adopting specific minimum risk management practices for uses of AI. OMB is seeking public comment on the memorandum by December 5, 2023, which includes a list of questions requesting feedback on specific issues.

On October 30, 2023, President Biden released an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI).  This landmark EO seeks to advance the safe and secure development and deployment of AI by implementing a society-wide effort across government, the private sector, academia, and civil society to harness “AI for good,” while mitigating its substantial risks.

The American Rescue Plan Act of 2021, or COVID-19 bill, was signed into law by President Biden on March 11, 2021.  It passed the U.S. House originally on February 27, 2021, by a vote of 219 to 212, was amended by and passed the U.S. Senate on March 6, 2021, by a vote of 50 to 49, and the amended and reconciled bill was passed by the U.S. House on March 10, 2021 by a vote of 220 to 211.  The 242-page bill provides a total of $1.9 trillion in economic stimulus related to the COVID-19 crisis and includes stimulus checks for Americans, renewed unemployment benefits, employment related provisions, tax related provisions, education related provisions, child benefits related provisions and provisions related to the COVID-19 pandemic at large and health care in general.  The purpose of this Client Alert is to provide a summary of the health care provisions of the new law.

While the healthcare industry is evolving from fee-for-service to quality-based payment, the Stark Law (42 U.S.C. § 1395) and the Anti-Kickback Statute (42 U.S.C. § 1320a–7b) have remained stuck in the past. These two fraud and abuse laws have impeded the continued development and utilization of value-based arrangements that reward high quality health care and improved health outcomes. The Stark Law, for example, was created to combat the exchange of financial incentives in return for referring patients for designated health services (DHS) – an exchange that can incentivize the provision of unnecessary care under a fee-for-service payment system. However, with the healthcare industry’s recent shift toward value-based payments, overutilization is no longer the problem it used to be. The Stark Law and Anti-Kickback Statute are misaligned with the current health care industry payment landscape and as result have impeded forward progress toward value-based care.

The HHS Office of the Inspector General (OIG) published proposed regulations in the Federal Register on April 24, 2020 regarding its civil monetary penalty (CMP) enforcement authority under the new information blocking rules (the “OIG Proposed Rule”). Information blocking is a practice by certain “actors” that, among other things, is likely to interfere with access, exchange, or use of electronic health information. As discussed below, the OIG is specifically seeking comment on when OIG will commence enforcement of the information blocking rules, and on what would constitute a “single violation” for purposes of determining appropriate penalties. Interested parties may submit comments on the OIG Proposed Rule, which are due by June 23, 2020. 

On April 13, 2020, the Federal Communications Commission’s Wireline Competition Bureau began accepting applications for the COVID-19 Telehealth Program. The COVID-19 Telehealth Program will provide $200 million in funding to help health care providers furnish services to patients at their homes or mobile locations in response to COVID-19 pandemic. The Program does not anticipate awarding more than $1 million to any single applicant. Eligible providers include: (1) post-secondary educational institutions offering health care instruction, teaching hospitals, and medical schools; (2) community health centers or health centers providing health care to migrants; (3) local health departments or agencies; (4) community mental health centers; (5) not-for-profit hospitals; (6) rural health clinics; (7) skilled nursing facilities; or (8) consortia of health care providers consisting of one or more entities falling into the first seven categories. Note that large hospital systems are currently excluded from this list.

Hospitals and providers across the country now have greater ability to leverage digital communications technology to provide telehealth services during the COVID-19 public health emergency. The Department of Health and Human Services (HHS) exercised emergency authorities to waive certain restrictions applicable to Medicare and Medicaid under Section 1135 of the Social Security Act. The new waivers issued over the last several days both expand telehealth benefits and allow greater flexibility in the manner telehealth is used by physicians and practitioners to address patient care needs.

As the Coronavirus (COVID-19) continues to spread, the federal government is taking action to respond to this healthcare crisis. On March 6, 2020, the president signed into law an emergency supplemental appropriations bill that provides the U.S. government $8.3 billion in funding to combat the coronavirus at the local, state, national, and international levels.

In a long-awaited opinion, on September 9, 2019, the U.S. Court of Appeals for the Eleventh Circuit in United States v. Aseracare, Inc., et al, unanimously vacated AseraCare’s False Claims Act (FCA) victory and remanded the case for further proceedings.[1]  While this might seem a victory only for the Government at first blush, the opinion contains key takeaways for defendants that will likely reach far beyond just this case.

On January 31, 2019 the Department of Health and Human Services issued a long-awaited notice of proposed rulemaking to implement the Trump Administration’s efforts to curb drug price increases, as outlined in the American Patients First Blueprint. The proposed rule attempts to address the issue by eliminating discount safe harbor protection for reductions in price to prescription pharmaceutical products (or rebates) provided by manufacturers to plan sponsors under Medicare Part D and Medicaid managed care organizations (MCOs), whether negotiated by the plan or by pharmacy benefit managers (PBM) or paid through a PBM to the plan or Medicaid MCO. The proposed rules also would increase regulatory risk associated with rebates provided by manufacturers to commercial health plans (if the commercial health plan sponsor also provides Medicare Part D or Medicaid prescription drug coverage), which would result in the rules having an impact across a wider spectrum of the prescription drug coverage market than just federal health care programs. 

The Centers for Medicare & Medicaid Services recently revised the Voluntary Self-Referral Disclosure Protocol (SRDP) through which individuals may disclose actual or potential violations of the federal physician self-referral law (Stark Law). Beginning June 1, 2017, disclosing parties will be required to utilize and submit standardized SRDP forms. According to CMS, the forms are intended to reduce the burden on disclosing parties by providing a “streamlined and standardized” format for disclosing actual or potential violations. These forms present several new challenges, however, and do little to address the tremendous complexities endemic to the Stark Law and its numerous exceptions—such as the exceptions’ writing requirement. Despite CMS guidance and recent case law, the Stark Law continues to pose a web of compliance and disclosure challenges. The unwary risk further entanglement by the new SRDP format issued by CMS.

This summary of key lawsuits affecting managed care is provided by the Health Care Group of Crowell & Moring. If you have questions or need assistance on managed care law matters, please contact Chris Flynn, Peter Roan, or any member of the Health Care Group.

On January 7, 2016, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued guidance on an individual's right to access health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule (45 CFR § 164.524). This guidance reflects the Administration's focus on promotion of patient access to data and patient-driven care.