Individuals that Lose Medicaid Coverage May Enroll in Medicare Part B Nationally and Medicare Supplement Coverage in Some States including Soon in Ohio

Pursuant to federal regulations that took effect on January 1, 2023, individuals who lose Medicaid coverage will be granted a special enrollment right to enroll in Medicare Part B coverage.[1]  This special enrollment right was created in part because the COVID health emergency order may soon end, resulting in many people losing Medicaid coverage.  In this regard, under federal law enacted in response to COVID, the federal government gave states increased Medicaid funding and, in exchange, states were required to provide continuous Medicaid enrollment during the COVID emergency even if individuals became ineligible after initial enrollment.[2]   When the COVID health emergency order ends, State Medicaid programs will return to normal, which in most states means they will require individuals to demonstrate Medicaid eligibility periodically, with many people losing coverage when that redetermination occurs.  With these new federal regulations, people who lose Medicaid coverage will be treated the same as people who lose employer health benefits, who have been granted special enrollment rights to enroll in Medicare Part B for many years.   

In addition, some states extend this special enrollment right to Medicare Supplement (“MedSupp”) insurance, allowing people who lose Medicaid coverage to also purchase a MedSupp policy.  While some states allow for continuous or annual enrollment in MedSupp policies and other states already provide a special enrollment right when Medicaid benefits end, most states do not.  This is however changing and Ohio is an example.  In this regard, the Ohio Department of Insurance recently released a proposal to change the Ohio MedSupp regulation to extend special enrollment rights to people who have lost Medicaid coverage.[3]  Other states are also considering similar changes to their state MedSupp rules to allow for similar enrollment rights.  This will give people additional options to obtain health insurance benefits when their Medicaid ends, which may be the case for many people soon when federal COVID health emergency order ends.   

If you would like more information on these developments, please do not hesitate to contact the authors. 

[1] See 42 C.F.R. 406.27(e).  Medicare Part A covers hospital services.  Medicare Part B covers doctors visits, outpatient services and certain other services.

[2] Families First Coronavirus Response Act, § 6008(b), Public Law 116-127 (2020).

[3] Proposed Amendment to Ohio Admin. Code 3901-8-08, available at: 

Highest French Administrative Court Lifts the Ban on CBD Flowers and Leaves

On December 29, 2022 the French Conseil d’Etat (the highest French administrative court) rendered a decision that was eagerly awaited by all those involved in the CBD industry which lifted the ban on the sale of CBD flowers and leaves to consumers.


For those who are not familiar with these products, Cannabis is the Latin name of the plant whose common name is hemp. All the parts of the plant are used: seeds, leaves, stems, flowers.

Cannabis is native to Asia but there are many varieties that are grown in very different conditions from the Afghan mountains to the equatorial zones but also in Europe.

The two most known molecules of this plant are CBD (cannabidiol) and THC (delta-9-tetrahydrocannabiniol). It is the THC which presents psychotropic properties and which is likely to create an effect of dependence.

The level of THC in the plant varies significantly from one variety to another.

Evolution of the French regulation

An old French decree of August 22, 1990, implementing Article R. 5132-86 of the French Public Health Code authorized the cultivation, import, export and use of hemp provided that:

– the plant was from one of the varieties of cannabis sativa L. authorized by the decree,

– only the fibers and seeds of the plant were used,

– the plant itself contained less than 0.20 % THC, this authorized rate applying only to the plant and not to the finished product which had to remain free of any trace of THC.

The consequence of these provisions was that the sale of all CBD products (including oil and liquid for electronic cigarettes) was prohibited since these products necessarily contain traces of THC.

On November 19, 2020, the Court of Justice of the European Union held that this French “THC 0% in finished products regulation” was not consistent with the principle of free movement of goods within the EU which applies to CBD products.

As we already reported on this blog, the regulation of CBD/Hemp products has been a very hot topic in France these past months since the “Kanavape” ruling. In Kanavape, the Court of Justice of the European Union encouraged France to review its very strict CBD regulations, more specifically its decree of 22 August 1990 (CJEU, 19 November 2020, C-663/18) in light of the free movement of goods principle. A new decree was eventually issued on December 30, 2021, authorizing the production of varieties of hemp and the marketing of products incorporating them insofar as their THC content is below 0.30%. However, this  decree prohibited the sale to consumers of flowers and leaves in their raw state, regardless of the variety used. The argument put forward by the authorities was that it was very difficult to differentiate between the leaves and flowers of authorized varieties (with less than 0.30% THC) and the leaves and flowers of prohibited varieties.

As flowers and leaves represent an important part of sales, this ban was challenged by several professional organizations and companies which sought urgent relief (“référé”) and on January 24, 2022, the judge issued a preliminary ruling that froze this ban.

The ruling of December 29, 2022

On December 29, the Conseil d’Etat ruled on the merits in the same sense. It confirms that the ban is not justified either by public health reasons (due to the low THC content and the non-psychotropic character of CBD) or by public order reasons (because quick and inexpensive tests allow the authorities to differentiate between cannabis varieties during controls).

The Conseil d’Etat therefore confirms that cannabis leaves and flowers of authorized varieties with less than 0.30% THC can be marketed in France.

Is this the end of the judicial saga around the regulation of CBD in France? Nothing is less certain and as members of the international practice of Squire Patton Boggs “Cannabis, Hemp & CBD Services” we know very well that the regulation of cannabis has undergone significant changes in recent years around the world.

IDR Payment Disputes are Far Outpacing Projections, Creating Backlogs

The No Surprises Act (the “NSA”), which was enacted as part of the Consolidated Appropriations Act, 2021 (Pub. L. 116-260) provides protections to privately insured patients against “surprise billing” with respect to emergency services, non-emergency services provided by out-of-network providers at in-network health care facilities, and air ambulance services furnished by out-of-network providers.  As part of those protections, the NSA established a Federal Independent Dispute Resolution (IDR) process for insurers and health care providers and facilities to resolve reimbursement disputes covered under the NSA. 

Under the IDR process, payors and providers can submit a dispute to the IDR process if the parties cannot agree upon a payment amount during a 30-day negotiation period.  An independent entity, which is either jointly selected by the disputing parties or selected by the Departments, will consider the payments and supporting documentation proffered by both parties to determine the proper reimbursement rate for the services at issue in the IDR dispute. 

In a 2021 interim final rule, the Departments of Health and Human Services (HHS), Labor, and the Treasury (together, the “Departments”) estimated only 17,333 IDR claims would be submitted each year.  This projection appears to have been overly optimistic as the number of claims actually submitted was more than 5 times the Departments’ projections.  In a recent report published by the Departments, data from the Centers for Medicare & Medicaid Services (“CMS”) showed that there were over 90,000 disputes submitted in the first six months of the program taking effect (from April 15th through September 30th), with the number of submitted claims growing nearly four-fold in the third quarter.  The Departments acknowledged that “parties have been submitting significantly more disputes than the Departments initially projected.”  Moreover, the Departments indicated that “determining the eligibility of disputes for the Federal IDR process is requiring significantly more review and processing by certified IDR entities than initially anticipated.”  This has inevitably bogged down the IDR process, resulting in a growing backlog and delays in the resolution of payment disputes as more disputes continue to be filed.  The Departments noted that they are continuing to automate the IDR portal to improve processing of disputes, but whether any such improvements will counteract the large volume of disputes being submitted remains to be seen.

OCR Joins Chorus of Regulators Warning About Health Data Tracking Technology

Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance.

Cookies, web beacons, and similar technology are used to collect and analyze data about how users,  browsers and devices interact with websites and mobile apps across the Internet (“Tracking Technology”).   Tracking Technology is the subject of numerous regulatory actions, including by regulators in the European Union and California, and through private lawsuits (also in the EU and U.S.).  These actions and complaints typically focus on the lack of transparency about how Tracking Technology collect data about individuals as they traverse the Internet and the lack of individual choice about how that data is shared with third parties and used to build profiles for targeted advertising.  On December 1, 2022, another regulator joined the fray: the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”).  OCR, the primary enforcement authority for the federal Health Insurance Affordability and Accountably Acy (“HIPAA”), published a Bulletin cautioning HIPAA-regulated entities that their use of Tracking Technology may result in disclosures and uses of protected health information (“PHI”) that violate HIPAA.[1] 

Continue Reading

Ninth Circuit Affirms Dismissal of Non-Contracted Provider’s Lawsuit Against Managed Care Organization for Failure to Exhaust Administrative Review Process

In a recent decision, the United States Court of Appeals for the Ninth Circuit affirmed dismissal of a medical provider’s complaint against a Medicare Advantage Organization (“MAO”) because the provider failed to exhaust all administrative remedies under the Medicare Act. Glob. Rescue Jets, LLC v. Kaiser Found. Health Plan, Inc., 30 F.4th 905 (9th Cir. 2022).

In Global Rescue, an air ambulance provider flew two Medicare Advantage members from Mexico to San Diego. Id. at 908–09. The provider and the member’s MAO did not have a contract, which otherwise would have set the rate of payment. Id. at 910. Therefore, the out-of-network provider billed its “usual and customary” rates. Id. at 909. The MAO, however, “paid only a fraction of the billed amount.” Id. The provider then “vigorously disputed” the alleged underpayments, and sought reconsideration for at least one of the claims. Id. at 910. Even so, the provider failed to pursue at least three additional steps in the administrative review process. Id. at 915.

Instead, the provider filed suit for the additional money it believed it was owed. Id. at 910. The trial court dismissed the complaint on jurisdictional grounds, as the provider admittedly failed to exhaust all of Medicare’s administrative remedies. Id. at 911. The provider appealed, arguing that exhaustion was not required and, to the extent it was, “should have been excused.” Id. at 909.

The Ninth Circuit affirmed. It described traditional Medicare’s five-step appeals process and the benefits it provides. Id. at 911–13. These include “reducing the burden on courts,” having the benefit of agency “experience and expertise,” and “compil[ing] a record” that “is adequate for judicial review.” Id. at 913 (internal quotation marks and citation omitted). The Court noted that Congress had applied traditional Medicare’s administrative appeals scheme—with only “slight revisions”—to disputes between MAOs and their enrollees. Id. Therefore, the Court held that “the constraints on judicial review” under traditional Medicare “apply equally to claims for benefits” administered by a MAO. Id. at 914. The Court also found that “the same rationale for requiring exhaustion under original Medicare applies to” MAOs “as well.” Id.

Continue Reading

Dobbs Puts New Emphasis on Proactive Provider Transparency in Care Offerings

Months following the Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, the reproductive health climate remains clouded with terms lawyers—not to mention patients—never like to hear: “wait and see,” “to be decided,” “gray area,” “it depends.” Perhaps nowhere is the information gap of more crucial import than at the moment a patient walks through a provider’s door, initiates a potential care relationship, and, unless the provider is unusually transparent about all service offerings, makes assumptions about the ongoing nature of the relationship, and perhaps the unlimited nature of the specific care offerings. They will keep returning for care within the same specialty until the day the provider makes it clear, perhaps unexpectedly: “Sorry, we don’t do that. You have [weeks/days/hours] to [maybe] find someone else who will.”

Dobbs did not significantly impact services for many providers, as they always electively limited their reproductive health offerings on moral, religious, or other permissible grounds. However, a patient who has not sought reproductive services from the provider before may have no reason to know of these limitations or even realize there is reason to ask. Finding out in an urgent situation, when care from an alternate provider cannot be sought in a timely manner given the patient’s clinical condition, may present unwelcome challenges.

Continue Reading

California’s Senate Bill 1019 Seeks to Expand Access to Mental Health Benefits for Medicaid Enrollees

In an effort to expand access to mental health services, on September 30, 2022, California’s Governor approved Senate Bill 1019, which modifies the California Welfare & Institutions Code as it relates to Medi-Cal managed care plans (“MMCP”). No later than January 1, 2025, MMCPs must develop and implement an annual outreach and education plan for their enrollees regarding the mental health benefits covered by MMCPs. MMCPs will also be required to conduct annual outreach and education to inform primary care providers regarding the mental health benefits covered by the MMCP.

Existing law requires MMCPs to provide coverage for certain mental health services. Those services include individual and group mental health evaluation and treatment, psychological testing, outpatient services for monitoring drug therapy, psychiatric consulting, and outpatient laboratory services, drugs and supplies. Under the new law, MMCPs will seek input from plan stakeholders, including a community advisory committee established by the MMCP, and from local stakeholders representing diverse racial and ethnic communities to inform the development of the outreach and education plan. The outreach and education plan must also incorporate findings from the MMCP’s population needs assessment and an assessment of utilization of covered mental health benefits by race, ethnicity, language, age, sexual orientation, gender identity and disability. Further, the MMCP must meet cultural and linguistic appropriateness standards while incorporating best practices in stigma reduction and increasing enrollee access to mental health benefits. The outreach and education plan will be subject to review and approval by California’s Department of Health Care Services (DHCS) prior to implementation.

Under the new law, MMCPs will be subject to additional oversight by DHCS. Once every 3 years, DHCS will assess enrollee experience with the mental health benefits covered by MMCPs. By January 1, 2025, DHCS will have adopted survey tools and methodologies to assess consumer experience across a number of factors, including receipt of timely treatment, cultural competency of providers, communication with the MMCP, and receipt of treatment and information from the MMCP. Beginning in April 2026, DHCS will publish its findings every 3 years, which will include recommendations to MMCPs for improving access to covered mental health benefits.

Going forward, MMCPs should ensure they have access to the tools needed to capture the requisite data regarding mental health utilization across a varied demographic. MMCPs will also need to update plan communication policies and make investments in training staff to disseminate information about the MMCP’s mental health benefits to enrollees and primary care providers.

Court Rejects Vertical Merger Challenge Brought by DOJ

On Monday, September 19, 2022, D.C. District Court Judge Carl J. Nichols rejected the Department of Justice’s (“DOJ”) request to block UnitedHealth’s $13.8 billion acquisition of Change Healthcare.  UnitedHealth is the largest health insurer in the United States, while Change Healthcare is a leading data clearinghouse for insurance claims.  The DOJ initially filed suit to block the acquisition in February, contending that the acquisition would give UnitedHealth access to its rival health insurers’ data through Change, and that the combined entity would have an incentive to slow delivery of new insurance claim processing tools. 

In order for the transaction to proceed, Judge Nichols ordered divestiture of Change Healthcare’s ClaimsXten unit that provides technology to help insurers process claims.  ClaimsXten was the only unit found to have had a direct overlap with UnitedHealth, and the divestiture was initially requested by the transacting parties as a way to alleviate DOJ concern that the combined firm would have a large (94%) market share.  

Judge Nichols’ 58-page opinion indicated little concern that the vertical aspects of the deal would have anticompetitive effects.  Brand reputation and the existence of pre-existing structural protections, such as firewalls and customer contracts requiring data protection, indicated that UnitedHealth was unlikely “to misuse the data in the ways the Government contends.”  Additionally, the government provided no evidence “that rival payers will innovate less as a result” of the transaction and that the combined entity would seek to foreclose rivals’ access to key inputs.

Vertical merger challenges by antitrust enforcement agencies have historically been rare.  Vertical mergers (i.e. mergers between companies along the supply chain) often generate procompetitive efficiencies and do not pose the same anticompetitive threat as mergers between direct competitors.  Often the merging parties are able to negotiate behavioral remedies with the government, such as firewalls, to alleviate any potential concern.

Vertical mergers and acquisitions are common in the healthcare space as they can allow firms, among other things, to streamline production and/or distribution and improve the quality of healthcare for patients.  For instance, in 2018, drugstore chain operator CVS Health acquired health insurer Aetna to combine “the strengths and capabilities” of the companies and “improve the consumer health care experience.”  The DOJ gave the acquisition a green light after Aetna agreed to divest its standalone Medicare Part D prescription drug plans.  Also in 2018, the DOJ approved health insurer Cigna’s acquisition of pharmacy benefit manager Express Scripts. 

This lawsuit was the first primarily vertical merger challenge by the DOJ since 2016.  Several commentators considered the suit a reflection of the Biden Administration’s attempt to take a tougher anticompetitive stance against big companies, particularly in the healthcare space.  The decision is a blow against such efforts and suggests that the presence of firewalls and an active antitrust compliance program are likely to be sufficient to address purely vertical concerns arising from mergers and acquisitions in the future.  Head of the DOJ Antitrust Division Jonathan Kanter signaled that the agency may appeal the decision, stating the department was “reviewing the opinion closely to evaluate next steps.”  Documents pertaining to the suit can be found here:

Healthcare Entities Must Still Comply with 2023 Privacy Laws

As we head into the fourth quarter, US businesses need to assess their progress in preparing for sweeping changes to the California Consumer Privacy Act (“CCPA”) that become effective January 1, 2023, and with compliance with four new state consumer privacy laws (in Colorado, Connecticut, Utah and Virginia) that become effective throughout 2023 (collectively, “2023 Privacy Laws”).  To help businesses prepare for the requirements of the 2023 Privacy Laws, Team SPB prepared guidance materials, including high level workstreams, covering the following topics: (1) Preparing for 2023 State Privacy Laws; (2) HR and B-to-B Data CCPA/CPRA Compliance Primer; (3) Lessons from the First CCPA Civil Penalty Case; and (4) Takeaways from the First Draft of Revised CCPA/CPRA Regulations.

The 2023 Privacy Laws have carve-outs directly applicable to businesses that must comply with the Health Insurance Portability and Accountability Act (“HIPAA”) (i.e., covered entities and business associates).  For instance, at a high level, as directly related to HIPAA:

  • The CCPA, as amended by the California Privacy Rights Act (“CPRA”), exempts protected health information (“PHI”) under HIPAA, as well as HIPAA covered entities to the extent they are maintaining patient information according to HIPAA requirements.
  • The Virginia Consumer Data Protection Act (“VCDPA”) does not apply to qualifying HIPAA covered entities and business associates, or to PHI, as the terms are defined under HIPAA.  The VCDPA also exempts from its requirements healthcare data that has been de-identified according to HIPAA standards, information used for public health purposes authorized by HIPAA, or information originating from, and intermingled to be indistinguishable from PHI maintained by a covered entity or business associate.  The exemptions under the Utah Consumer Privacy Act (“UCPA”) and Connecticut’s Privacy Law (“CTPA”) largely track the VCDPA.
  • The Colorado Privacy Act (“CPA”) does not apply to information and documents created by a covered entity to comply with HIPAA.  Note that this is broader than under the CCPA/CPRA and the VCDPA exemptions.

Continue Reading

The 2022 Proposed Rule on Section 1557 of the Affordable Care Act Reflects a History of Competing Views on the Definition of Discrimination On the Basis of Sex in Healthcare Programs

On August 4, 2022, the Department of Health and Human Services (“HHS”) issued its proposed rule on Section 1557 of the Affordable Care Act (“ACA”). Section 1557 prohibits discrimination on the basis of race, color, national origin, sex, age or disability in certain health programs or activities, if any part of the program or activity receives Federal financial assistance. Section 1557 incorporates Title IX of the Education Amendments of 1972 (“Title IX”), which provides that “[n]o person in the United States shall, on the basis of sex, be excluded from participation in, be denied the benefits of, or be subject to discrimination under any education program or activity receiving Federal financial assistance…, or under any program or activity that is administered by an Executive Agency or any entity established under [Title I of the ACA].” The 2022 Proposed Rule reflects a significant departure from the 2020 Final Rule’s narrow definition of discrimination on the basis of sex, and enlarges the 2016 Final Rule’s already expansive definition of discrimination on the basis of sex. The 2022 Proposed Rule specifically includes sex stereotypes, sex characteristics, sexual orientation, gender identity and pregnancy or related conditions as bases for sex discrimination. HHS is soliciting public comments on the 2022 Proposed Rule through October 3, 2022. The Section 1557 implementing regulation would be effective 60 days after HHS publishes a final rule.

Continue Reading