Medical Imaging Company Pays $3 Million Data Security Fine

Data ProtectionA medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another warning to the health care industry that data security matters.

Office of Civil Rights Enforcement

The Office of Civil Rights (OCR) in the U.S. Department of Health and Human Services investigates and enforces violations of HIPAA, the Health Insurance Portability and Accountability Act. In this case, OCR investigated a medical imaging company that allowed privacy information about more than 300,000 patients to be visible on the internet.

Compounding The Failure

OCR reported that an “insecure transfer protocol (FTP) web server” permitted internet searches to access social security numbers and other patient data. Because the company had not conducted a risk assessment, it did not identify the problem. In fact, it did not even have required Business Associate Agreements in place with its vendors. Compounding all this, the company declined to “identify and respond” for more than four months after the FBI notified the company of the failure.

Prevention Is The Cure

Every company handling ePHI (electronic protected health information) must protect its patients and itself. If you have questions about protecting ePHI, please feel free to contact us.

Court Again Rules that HHS’s Medicare 340B Drug Price Cuts are Illegal, But Gives the Agency a Chance to “Unscramble the Egg”

As previously reported, last December the U.S. District Court for the District of Columbia ruled that the Department of Health and Human Services (HHS) had overstepped its bounds when it slashed the 2018 Medicare Part B outpatient reimbursement rates for covered drugs purchased under the 340B Program. AHA v. Azar, 1:18-cv-2084-RC (D.D.C. December 27, 2018). The court, however, held off on imposing a remedy until after the parties first had the opportunity to provide further input. On May 6, 2019, having received that input, the court has now ordered a remedy, which it has also applied to the HHS’s identical reimbursement rate reduction for 2019. The court sent both the 2018 and 2019 rate-setting rules back to the agency to give “it the first crack at crafting appropriate remedial measures” and directed HHS to “resolve this issue promptly.” Continue Reading

New DOJ Guidance On Credit Under False Claims Act

Department Of Justice In Washington DCThe Department of Justice just released new guidance how to obtain credit for cooperation under the False Claims Act (FCA).  The guidance stresses the importance of cooperation but mentions other actions as well.  The FCA greatly impacts the health care sector, with settlements and judgments reaching to billions of dollars.  Please see the post on the Anticorruption blog for a description of this guidance.

Recent Case Provides Important Lessons For Buyers Acquiring Unionized Businesses

When healthcare entities are seeking to expand their operations, they often will find interesting targets who have union-represented employees.  A union’s presence will create additional compliance obligations but, contrary to common misconceptions, union-related obligations are not necessarily unmanageable.

In a recent case, which arose after new owners took over a skilled nursing home facility, the National Labor Relations Board reiterated the standards that will determine whether a buyer must recognize the seller’s former labor union, retain former union-represented employees, and bargain with that union before initially determining the wages, hours, and other working conditions at the organization.  Ridgewood Health Care Center, Inc., 367 NLRB No. 110 (Apr. 2, 2019).  The Board also clarified an existing rule in a way that will reduce the potential risk for a buyer.

Continue Reading

Sixth Circuit Upholds Ohio Law Defunding Planned Parenthood

In a closely watched decision, this past week the U.S. Court of Appeals for the Sixth Circuit upheld an Ohio law permitting Ohio to defund Planned Parenthood clinics.  See Planned Parenthood of Greater Ohio v. Hodges, Case No. 16-4027 (Mar. 12, 2019).  An 11 to 6 majority of the full panel of the Sixth Circuit reversed a district court decision enjoining a 2016 Ohio law that barred Ohio’s health department from funding organizations that perform nontherapeutic abortions.  In challenging the law, Planned Parenthood claimed that it would lose $1.5 in annual funding as a result.   Specifically, Planned Parenthood claimed that the law violated “the First and Fourteenth Amendments by conditioning government funding on giving up their rights to provide abortions and to advocate for them.”

In reversing the decision of the district court, the panel held that this funding “condition does not violate the Constitution” because the affiliates of Planned Parenthood “do not have a due process right to perform abortions.”   Because it held that providers do not have a constitutional right to perform abortions, it did not need to reach the free speech claim.

HHS Proposes Changes to the Discount Safe Harbor Framework to Realign Incentives and Put Downward Pressure on Drug Prices

On February 6, 2019, the Department of Health and Human Services (HHS) published a Proposed Rule modifying the Anti-Kickback Statute safe harbor protection with the aim of lowering prescription pharmaceutical product prices and out-of-pocket costs for (primarily Medicare Part D and Medicaid Managed Care Plan) consumers. With the Proposed Rule, HHS hopes to encourage medication manufacturers to pass discounts directly to consumers and develop a transparent framework for the prescription pharmaceutical product market.  A more thorough discussion of the Proposed Rule may be found here.

Government Shutdown – Does It Affect My Research Grant or Contract? It May

A lapse in federal funding, or a government shutdown, occurs when Congress and the President fail to agree to a new appropriations bill for oneor more of the federal government agencies. The most recent partial government shutdown, ending in January 2019, affected about 25% of government agencies (in dollar terms). The Department of Homeland Security and the Food and Drug Administration (FDA) were among those agencies whose ability to spend new funds were impacted by the government shutdown. The remaining agencies already funded through enacted appropriations with funds available through the end of September 2019 included agencies such as the Department of Defense and National Institutes of Health (NIH).

This article provides insight on the potential impact of a government shutdown for those contractors or grantees who might be affected by a funding lapse, such as academic medical centers (AMCs) or clinical researchers. Like most government rules, those related to a shutdown have room for interpretation. The bottom line: if you have a federal contract or grant, advance communication with the agency is the best preventative medicine. It is always prudent to ask the agency at the onset of the contract or grant work, and to validate just prior to the likelihood of a funding lapse, about how such an event may affect the specific contract or grant. Read the full article here.

New UK study shows reduction of competition within NHS hospital market increases patient harm rates

On 31 January 2019, economists at the UK Competition and Markets Authority and London School of Economics published a new working paper on the effect of mergers between NHS hospitals on patient harm, stating that “a hypothetical merger to monopoly would, on average, be associated with a significant increase in harm rates”.  These findings have been published amidst several recent NHS hospital merger clearances by the UK competition watchdog, the Competition and Markets Authority (CMA), which we reviewed this blog last year.

At first glance, the effect of competition within the NHS hospital market may appear reduced given certain sector-specific factors such as the fact that it is a heavily regulated sector, it is a public not-for-profit system and capacity constraints prevent hospitals from accepting additional patients (the “customers”, from a competition law standpoint).  However, competition has been in place within the NHS hospital market, and even more so since the two reforms in 2003 and 2006 provided patients with greater choice and introduced NHS funding for care in private Independent Sector Treatment Centres (ISTCs). NHS hospital mergers have therefore gained considerable scrutiny from the CMA and, since 2010, all hospital mergers (bar one) were allowed either because the CMA concluded that there was no risk of a substantial lessening of competition (SLC) or on the basis that relevant customer benefits (RCBs) outweighed any harm arising.

Continue Reading

State Legalized Marijuana Businesses and Access to the Bankruptcy Code

The June 13, 2018 Practical Law Practice Note co-written by Squire Patton Boggs attorneys Mark A. Salzberg, Elliot M. Smith, and John E. Wyand titled “State Legalized Marijuana Businesses and Access to the Bankruptcy Code” was recently updated to reflect recent case law as well as changes to the Controlled Substances Act. The Practice Note discusses the federal statutory scheme governing marijuana, its tension with state laws governing marijuana businesses, and the ability or inability of marijuana related businesses to access the relief provided under federal bankruptcy law.

LexBlog