Fundamental Right to be a Federal Healthcare Provider?

Rejecting a contrary holding in the Fourth Circuit, the Sixth Circuit decided a healthcare provider has no “fundamental right to participate in federal health care programs.” Accordingly, the Department of Health and Human Services (HHS) was correct to exclude a pharmacist from federal healthcare programs simply because he was convicted of misdemeanor misbranding.

Pharmacist Parrino pleaded guilty to introducing misbranded drugs into interstate commerce (21 U.S.C. §§ 331(a) and 352(a)) because he consistently filled prescriptions for Pulmicort with a less potent amount of budesonide. Because misdemeanor misbranding is a strict liability crime, Parrino did not need to admit that he intended to prepare the medications incorrectly as part of the plea. HHS nevertheless decided that the offense fell within the mandatory provision of its exclusion authority, ordered Parrino not to participate in federal healthcare programs for five years, and effectively ended Parrino’s livelihood as a pharmacist during that time. Parrino appealed the decision, arguing that permissive (rather than mandatory) exclusion authority applied to misbranding and that HHS acted arbitrarily in violation of his fundamental right to property.

The Sixth Circuit agreed with the Ninth, Tenth, and First Circuits that no property right exists because the government made “no clear promises” of entitlement to the providers and because federal health care programs are not intended to benefit the providers. The court decided the type of exclusion was not crucial, and HHS needed only a rational basis to justify exclusion of the pharmacist. Once it decided Parrino had no property right in being a provider, the court readily upheld the rationality of excluding a pharmacist who filled sub-potent medications and wasted government funds.


National Institutes of Health Extends Effective Date of sIRB Policy

Recently, the National Institutes of Health (“NIH”) extended the effective date of its policy on the use of the single Institutional Review Board (“IRB” or “sIRB” if a single IRB) to January 25, 2018. NIH created the sIRB policy to establish the expectation that a sIRB be used in the ethical review of multi-site, domestic, non-exempt human subject research funded by NIH. The extension will apply to all competing grant applications with due dates on or after January 25, 2018.

sIRB Policy

NIH drafted the sIRB policy to enhance and streamline the IRB review process for multi-site research studies and eliminate duplicate IRB reviews. The purpose of the policy is to establish the expectation that a sIRB would be used to conduct the ethical reviews required by 45 C.F.R. Part 46 for domestic multi-site studies involving non-exempt human subject research funded by NIH. The policy applies to domestic sites that conduct studies according to the same protocol. The policy would not apply to foreign sites that participate in the studies, career development, research training, or fellowship awards.

As part of the policy, applicant/offerors would be expected to submit a plan describing the use of the selected sIRB, including a statement confirming that the other participating sites will adhere to the sIRB policy. The participating sites will rely on the sIRB to carry out the functions that are required for institutional compliance, but are responsible for obtaining informed consent, overseeing the implementation of the approved protocol, and reporting any unanticipated problems and study progress to the sIRB. Importantly, the policy does not expressly prohibit a participating site from duplicating the sIRB, but NIH funds may not be used for the cost of this duplicate review. The applicant/offeror should also describe how communications between the sites and the sIRB will be handled.

According to the policy, sIRBs are responsible for conducting the ethical reviews of NIH-funded multi-site studies for the participating sites, including carrying out the regulatory requirements under 45 C.F.R. Part 46. sIRBs may also serve as the Privacy Board to fulfill the requirements of the HIPAA Privacy Rule, and will collaborate with the successful applicant/offeror to establish a mechanism for communication between the sIRB and participating sites.

Stakeholder Feedback

Many stakeholders commented on NIH’s draft policy, published in a Notice in the NIH Guide for Grants and Contracts in December 2014. While the comments were generally positive, academic institutions and IRBs were concerned how a non-local IRB may protect local, vulnerable populations, and that “site-specific practices for recruitment and retention, especially for vulnerable populations, would pose challenges for an sIRB.” Possibly to respond to such comments, the final NIH policy allows for exceptions to the sIRB policy when review by a sIRB would be prohibited by a federal, tribal, or state law, regulation or policy, or for a compelling reason.

HHS Task Force Identifies Critical Cybersecurity Recommendations

The recent WannaCry ransomware attack and the bevy of breaches over the past few years demonstrate that cyber risks in the healthcare arena are substantial and widespread. The Department of Health and Human Services (HHS) Health Care Industry Cybersecurity (HCIC) Task Force Report (HCIC Report), required under the federal Cybersecurity Information Sharing Act of 2015, details many risks and recommended improvements across the healthcare sector. Released on June 2, 2017, after taking into account input from a diverse group of healthcare stakeholders, including organizations, industry experts and the government, the HCIC Report identifies six “imperatives” to improve healthcare cybersecurity:

  1. Cyber Governance: Define and streamline leadership, governance and expectations for healthcare industry cybersecurity.
  2. Increase Health IT Security: Increase the security and resilience of medical devices and health IT.
  3. Education: Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
  4. Increase Preparedness: Increase healthcare industry readiness through improved cybersecurity awareness and education.
  5. Protect IP and R&D: Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure.
  6. Improve Information Sharing: Improve information sharing of industry threats, weaknesses and mitigations.

Although some of the details recommended to achieve these imperatives may be considered controversial, the HCIC Report identifies some of the most critical risks and provides examples of measures every company can take today to mitigate cyber risk.

Continue Reading

Applying Escobar — Decisions on Materiality, Falsity and Other Issues

June 16, 2017, marks the one-year anniversary of the precedent-setting U.S. Supreme Court decision in Universal Health Services v. United States ex rel. Escobar (Escobar), which approved the implied false certification theory as a basis for liability under the False Claims Act (FCA). Because the decision impacts every provider who supplies goods and services to the federal government, all eyes were on the lower courts and how they will apply the decision. In an article for Bloomberg BNA Health Fraud Report, Tom Zeno and Rebecca Worthington reviewed recent FCA decisions on questions of materiality, falsity and other FCA concerns.

Escobar emphasized that the materiality inquiry is a “demanding” one. Upon remand, the First Circuit determined the language used by the Supreme Court “makes clear that courts are to conduct a holistic approach to determining materiality in connection with a payment decision, with no one factor being necessarily dispositive.” For establishing materiality, a holistic analysis of three factors is a favored test: (1) whether regulatory compliance was a condition of payment; (2) the centrality of the requirement in the regulatory program; and (3) whether the government paid claims despite actual knowledge that certain requirements were violated.

One unsettled question is whether Escobar set forth two requirements for establishing implied certification liability. In Escobar, the Supreme Court held that “implied certification theory can be a basis for liability, at least where two conditions are satisfied: first, the claim does not merely request payment, but also makes specific representations about the goods or services provided; and second, the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths.” Many courts have treated these two conditions as a mandatory two-part requirement.

Inferring insight from an active year of decisions, the authors also concluded that dismissal is likely when payments continue after actual knowledge of alleged fraud as well as when conduct such as altered invoices is alleged. Additionally, as expected, other jurisdictions are adopting the analysis of Escobar as seen in New Jersey, Chicago and the District of Columbia.

Read the full article here.

Ohio Expands Prescriptive Authority for Certain Advanced Practice Registered Nurses

On May 17, the Ohio Board of Nursing (the Board) adopted a new formulary which expands the prescriptive authority for certain of Ohio’s advanced practice registered nurses (APRNs). Specifically, this new “exclusionary” formulary applies to Ohio’s certified nurse practitioners, clinical nurse specialists and certified nurse midwives.  The new formulary was adopted pursuant to Ohio’s House Bill 216 (HB 216), which amended ORC § 4723.50 to require, in part, that the Board adopt a new exclusionary formulary permitting APRNs to prescribe any controlled substances except as prohibited by federal or state law, and except for drugs or devices to perform or induce abortions.  The exclusionary formulary also provides that the APRN’s prescriptive authority shall not exceed that of the APRN’s collaborating physician or podiatrist.

This new exclusionary formulary replaces Ohio’s previous APRN formulary which limited prescriptive authority to only those drugs specifically identified therein.  By permitting APRNs to potentially prescribe any controlled substance not otherwise prohibited by law, the new formulary appears to expand the prescriptive authority of Ohio’s APRNs.

Continue Reading

Lawyer Misconduct Dooms FCA Suit

A fraudulent survey of doctors sponsored by attorneys for a qui tam relator doomed a False Claims Act (FCA) complaint against a pharmaceutical company. In a forceful opinion, United States District Judge Dennis Saylor IV, District of Massachusetts, found violation of ethical rules, excised more than 100 paragraphs of the complaint as a sanction, and dismissed the truncated complaint for failure to meet the particularity standards required for an FCA complaint under Fed. R. Civ. P. 9(b).

When the government declined to intervene in an FCA suit alleging off label marketing, attorneys for the relator filed a second amended complaint based in large part on the results of a purported research study about prescribing practices for the drug. The survey, conducted via internet and telephone, by a doctor hired by the attorneys, was disclosed during discovery. The survey falsely represented that the resulting data would be used only for research purposes and would be kept confidential. Instead, the attorneys included data in the complaint such as names and addresses of 36 doctors as well as some information about their practices and some of their patients. Continue Reading

Can DOJ Impose False Claims Act on States?

The immense power wielded by the Department of Justice (DOJ) under the False Claims Act (FCA) has limits according to United States District Judge Anna J. Brown in the District of Oregon. This month the court decided DOJ cannot force the Act to apply to an “arm of the state” simply by intervening in the suit. Although a rare setback to a DOJ position on proper interpretation of the FCA, the issue may not yet be settled.

In 2013, relator Richard Doughty filed a qui tam suit on behalf of the United States alleging that Oregon Health and Sciences University (OHSU) submitted improper reimbursement rates for some projects supported by federal funds. In 2016, the United States intervened by filing its own complaint alleging violations of the FCA. OHSU moved to dismiss the complaints on the ground that it is not a “person” under the definition of those covered by the FCA because OHSU is an “arm of the state.” DOJ opposed dismissal on the ground that, when the United States intervenes and litigates in its own name, the United States may bring an FCA action against an arm of the state.

Judge Brown agreed with OHSU and dismissed the suit by relying upon a Supreme Court decision in another qui tam case, Vermont Agency of Natural Resources v. U.S. ex rel. Stevens. In that decision, the Supreme Court held the FCA “does not subject a State (or state agency) to liability” because of the “longstanding interpretative presumption that ‘person’ does not include the sovereign.” When deciding that OHSU was an “arm of the state,” Judge Brown considered these factors:

  • Would state funds pay a money judgment
  • Does the entity perform central government functions
  • May the entity sue and be sued
  • May the entity take property in its own name or only in the name of the State
  • What is the entity’s corporate status

DOJ attempted to distinguish Vermont Agency because the United States had declined to intervene in that case. Relying on concurrences in Vermont Agency, DOJ contended that, although a qui tam relator can be dismissed, DOJ’s decision to intervene makes a qualitative difference in application of the FCA. Judge Brown ruled otherwise.

In addition to concurrences in Vermont Agency, DOJ’s assertion of power over an FCA complaint may be bolstered by a recent decision of the Fourth Circuit. In that matter, DOJ declined to intervene in the litigation, but it also refused to agree to a settlement that was acceptable to the relator and to the defendant. Concluding that the United States was the real party in interest in FCA litigation, the Fourth Circuit joined with the Fifth and Sixth Circuits to hold that DOJ controls acceptance of a settlement. As the Fourth Circuit put it, “the Attorney General possesses an absolute veto power over voluntary settlements in FCA qui tam actions.”

This expansive view of DOJ’s authority over settlement conflicts with a Ninth Circuit decision holding that, “while the government may not obstruct the settlement and force a qui tam plaintiff to continue litigation, the government nevertheless may question the settlement for good cause.”

It remains to be seen whether DOJ will seek further review of the OSHU decision in order to secure the authority it seeks.

HHS Announces $400,000 HIPAA Settlement with Community Health Center

The Department of Health and Human Services Office of Civil Rights (HHS OCR) recently settled with a notable covered entity – a nonprofit Federally Qualified Community Health Center (FQHC) – over alleged Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule violations.

With the FQHC agreeing to pay $400,000 to HHS and entering into a corrective action plan, this settlement highlights how long HHS OCR investigations can take (five years from investigation start to settlement); how broad HHS OCR targets are (FQHCs are not safe from scrutiny); and just how onerous corrective action can be after an investigation.

Our data privacy and cybersecurity team has prepared an excellent, detailed summary of the case, which may be found here.

Elephants in the Room: What is Next for Health Policy?

Health policy in the US is a problem in search of a solution and, despite a current pause in actions, reform efforts will continue this year.

The Squire Patton Boggs policy team has put together an excellent article recapping recent events regarding the actions torepeal and replace the Affordable Care Act (ACA) and the decision to pull new health reform legislation from the House Floor.The article also explores several potential paths forward, including actions involving the American Health Care Act (AHCA),bipartisan opportunities in reauthorizations of current programs, potential appropriations activities and executive branch actions.

A copy of this excellent article may be found here.

OIG Expands Anti-Kickback Statute and Civil Monetary Penalties Protections (Part 2)

As we discussed in a previous post, the Department of Health and Human Services Office of Inspector General (OIG) published a final rule (Final Rule) amending the safe harbors to the Anti-Kickback Statue (AKS) and also amending exceptions to the Civil Monetary Penalties rule (CMP), providing greater protection for certain arrangements with beneficiaries.

In this second part of our two-part series, we discuss the Final Rule’s changes to the CMP.

Expanded Protections for CMP Beneficiary Inducement

The Final Rule adds five new exceptions for beneficiary arrangements, incorporating these exceptions into the CMP’s definition of “remuneration.”

  1. Copayment Reductions for Certain Outpatient Department Services

The OIG proposed a cost-sharing exception permitting reduction in the copayment amount for some or all covered hospital outpatient department services to no less than 20% of the Medicare fee schedule in its Proposed Rule. This cost-sharing exception builds upon Section 4523 of the Balanced Budget Act of 1997 (the BBA), which prompted the Secretary of the Department of Health and Human Services to establish a copayment reduction procedure.  In the Final Rule, the OIG added the exception into the definition of “remuneration” using substantively identical language to the statutory language.

  1. Certain Remuneration That Poses a Low Risk of Harm and Promotes Access to Care

The Final Rule adds a new interpretive exception that aligns with an existing statutory exception protecting “any other remuneration which promotes access to care and poses a low risk of harm to patients and Federal health care programs.” The OIG noted that “[t]his exception should be read in the context of more specific exceptions and safe harbors,” and it would look to those exceptions “to determine if remuneration poses a low risk of harm.” Certain arrangements that do not meet the exceptions for a safe harbor or exception may be protected under this exception. Any entity asserting such protection for its arrangements has the burden of demonstrating sufficient facts and analysis for the OIG to determine that the arrangement fits within the exception.

This exception builds off of specific aspects of the statutory language. The OIG defined “care” to mean items and services that are payable by Medicare, Medicaid or a state health program, but does not include a medically necessary qualifier. The OIG defined “promotes access” to limit the exception to only remuneration that “improves a particular beneficiary’s ability to obtain medically necessary items and services” for a defined beneficiary population, but not on an individual patient-by-patient basis. The OIG clarified that its interpretation of items or services that “promote access to care” captures giving patients the opportunities to remove socioeconomic, education and other barriers to access necessary care; while excluding items or services that purely reward patients for accessing care. Furthermore, remuneration associated with a coordinated care arrangement that meets the requirement of being low risk and assists patients to access necessary care can fit within this exception.

In addition to promoting access to care, remuneration must pose a low risk of harm to federal healthcare programs for protection under this exception. The OIG finalized its proposed interpretation of a “low risk of harm to Medicare and Medicaid beneficiaries and Medicare and Medicaid program” to mean that the remuneration must: “(1) be unlikely to interfere with, or skew, clinical decision-making; (2) be unlikely to increase costs to Federal health care programs or beneficiaries through overutilization or inappropriate utilization; and (3) not raise patient-safety or quality-of-care concerns.” In its commentary, the OIG cautioned that certain forms of remuneration (such as cash, cash equivalents and copayment waivers) and, specifically, remuneration provided in connection with marketing, are unlikely to be considered by the OIG to be low risk.

  1. Retailer Rewards

The OIG adopted the ACA’s statutory text creating an exception to the beneficiary inducements provisions of the CMP for retailer rewards programs that meet certain criteria. A retailer rewards program may offer or transfer items for free or less than fair market value if: (a) the items or services consist of coupons, rebates or other rewards from a retailer; (b) the items or services are offered or transferred on equal terms available to the general public, regardless of health insurance status; and (c) the offer or transfer of the items or services is not tied to the provision of other items or services reimbursed in whole or in part by Medicare or a state health program.

The OIG interprets “retailers” to be entities “that sell [ ] items directly to consumers . . . [and do not] primarily provide services,” including both big-box stores with pharmacies and smaller, independent pharmacies. These retailers may offer rewards that must not be copayment waivers. Additionally, these rewards must be available to everyone regardless of health insurance status, and must not be tied to the provision of items or services reimbursed by Medicare or a state healthcare program. For example, a reward of a $20 coupon that could be used on anything in the store would be eligible for protection, whereas a reward of federally reimbursable items stemming from the purchase of federally reimbursable items would not.

  1. Remuneration to Financially Needy Individuals

The Final Rule incorporates a third new statutory provision that excepts from the definition of “remuneration” the offer or transfer of items or services for free or less than fair market value if the following requirements are met: (a) the items and services are not advertised or tied to the provision of other items or services reimbursed by the Medicare or state healthcare programs (including Medicaid); (b) there is a reasonable connection between the items or services and the medical care of the individual; and (c) the recipient has been determined to be in financial need.

This exception, like others, does not impose any affirmative obligations on providers or suppliers to provide free items or services, waive copayments or implement any program that involves giving anything of value to beneficiaries; rather, this exception describes the circumstances under which such gifts or benefits are not prohibited by the beneficiary inducements CMP.

  1. Copayment Waivers for the First Fill of Generic Drugs

The OIG adopts another ACA statutory provision excepting from the definition of “remuneration” the waiver by a Part D Plan sponsor of any copayment for the first fill of a covered Part D drug. The OIG states that the purpose of this exception is to “minimize drug costs by encouraging the use of lower cost generic drugs.” The Part D Plan sponsor must include the waiver in its annual benefit design package it submits to CMS if the sponsor will use it. This exception is applicable to coverage years beginning on or after January 1, 2018.


While the AKS and CMP are often viewed by the healthcare and life science industries as impediments to improving the efficiency and innovation of healthcare delivery, the OIG in its Final Rule liberalizes those requirements by enhancing the flexibility of healthcare providers to engage in business arrangements that improve access to care, while still protecting federal programs and patients from fraud and abuse. In an environment where value-based reimbursement models and population health initiatives are the growing norm, the AKS and CMP exceptions under the Final Rule encourage hospitals, pharmacies, ambulance providers, Medicare Advantage Plans and FQHCs to collaborate and strategize among each other on efforts to better serve beneficiaries, members and patients alike.