CMS Adds 11 New Approved Telehealth Services During the COVID-19 Pandemic and Updates Guidance to States on Medicaid Telehealth Expansion

On October 14, the Centers for Medicare and Medicaid Services (CMS) announced that it has expanded its list of telehealth services approved for Medicare beneficiaries during the COVID-19 Public Health Emergency (PHE).  The eleven telehealth services CMS just added are for cardiac and pulmonary rehabilitation.  CMS approved them using an expedited process it unveiled in a May Interim Final Rule.  These eleven new services, along with many others designated as temporary, will remain in effect for the duration of the PHE.

CMS simultaneously announced preliminary data showing an explosive 2600% growth in the use of telehealth by Medicaid and CHIP beneficiaries between March and June 2020, as compared to that time last year.  “To further drive telehealth” among Medicaid populations, CMS said it has released a new supplement to its toolkit to guide states in expanding the use of telehealth.

CMS said it took these actions in response to President Trump’s August 3, 2020 Executive Order directing the agency, among other things, to review the “additional telehealth services offered to Medicare beneficiaries” and to “propose a regulation to extend these measures, as appropriate beyond the duration of the PHE ….”

CMS’s announcement is more good news for Medicare and Medicaid providers and beneficiaries alike regarding the agency’s commitment to the robust use of telehealth.  But Congress holds the key to allowing the telehealth expansion to continue beyond the PHE—it must lift statutory restrictions that ordinarily allow telehealth only in rural areas and not in a patient’s home.  With bipartisan support for telehealth expansion, lawmakers may increase their focus on the issue in 2021 when the new Congress convenes and the PHE hopefully is coming to an end.

DOJ Prioritizes Health Care Fraud in the Pandemic

The Department of Justice (“DOJ”) recently announced its largest ever health care fraud and opioid enforcement action.  In a coordinated effort, DOJ charged 345 defendants with more than $6 billion in fraud losses for submitting false and fraudulent claims to federal health care programs and private insurers.

The nationwide enforcement operation has been in motion since April and is the product of inter-agency cooperation between the Criminal Division, Fraud Section’s Health Care Fraud Unit, the Health Care Fraud and Appalachian Regional Prescription Opioid (ARPO) Strike Force program, local U.S. Attorneys’ Offices, HHS-OIG, FBI, and DEA.  You can read more about the DOJ’s action here on our Anti-Corruption Blog.

CMS Delays Publication of Final Rule Implementing Stark Law Changes to 2021.

As we reported last October, CMS and the OIG issued proposed rules aimed at updating the Stark Law, Anti-Kickback Statute, and Civil Monetary Penalties Law as part of HHS’ Regulatory Sprint to Coordinated Care. In part, the proposed rules seek to address the current value-based and coordinated healthcare environment. While publication of final rules concerning the Stark Law changes was originally expected in August 2020, late last month CMS announced an extension of the final rule publication date to August 31, 2021. The announcement stated that the agency is “still working through the complexity of the issues raised by the comments” as the reason for the extension.

Thus far, the OIG has not released a similar statement concerning publication of its changes to the Anti-Kickback Statute and Civil Monetary Penalties Law. However, given that CMS and OIG issued the proposed rules together, it seems reasonable to conclude that the OIG’s issuance of final rules for its changes will be similarly delayed.

Orthopedic Clinic Settles with HHS OCR for $1.5 Million over Claims of Systemic HIPAA Noncompliance

The US Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced a settlement with Georgia-based Athens Orthopedic Clinic PA (the “Clinic”) to resolve multiple alleged violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act (“HIPAA”).\

Under the terms of the settlement, the Clinic agreed to pay $1.5 million to OCR and to adopt a corrective action plan to settle potential violations of the Privacy and Security Rules under HIPAA. The Clinic provides orthopedic services to approximately 138,000 patients annually. Continue Reading

Department of Labor Issues Updated Families First Coronavirus Response Act Regulations, But Does Little To Resolve Employer Uncertainty (US)

The Families First Coronavirus Response Act (FFCRA) was enacted on March 18, 2020. The sweeping federal legislation provides emergency paid sick leave (EPSL) and expanded paid Family and Medical Leave (EFML) to certain covered workers impacted by the COVID-19 pandemic. On April 1, 2020, the U.S. Department of Labor (DOL) issued regulations implementing the FFCRA and answering, at least in part, some questions related to coverage, eligibility, use, and job restoration. You can read our updates to this subject here on our Employment Law Worldview site.

UK End of Transition – Moves to Provide Clarity for Industry

The work of UK health and regulatory authorities has mainly been targeted on COVID-19 work over recent months but there has been an increasing focus on End of Transition work in recent week’s and given that the Brexit transition period ends at 11pm on 31st December 2020 (GMT).  As part of this work, UK MHRA has started to issue multiple separate pieces of guidance for the UK Life Science industry that covers many areas including clinical trials, medical devices, marketing authorisations, pharmacovigilance and manufacture and supply.  These are to apply from the start of 2021 and 31 separate pieces of guidance were issued on 1 September with more to follow soon.

The guidance recognises that Northern Ireland will continue to apply EU rules in respect of medicines and device law and will be subject to the EU acquis under the Northern Ireland Protocol.  Great Britain will be subject to UK law and guidance seeks to explain how this will fit together in terms of ability to market and supply and comply with a jigsaw of obligations going forward.

One emerging major question that arises in relation to the new guidance is how this might fit with powers that could be exercised under the new United Kingdom Internal Markets Bill, if enacted and published this week.  The Bill contains powers that could seek to override differences in regulatory requirements across the UK from 2021.  Finally, it is also noted that the ongoing aim of a UK-EU FTA and guidance that may emerge from committees tasked with applying the Northern Ireland Protocol could also impact on how the UK Life Science industry should operate after the end of this year.

There are clearly many moving parts still and scope for significant shifts in the regulatory landscape in coming weeks.

HHS Eases Federal Substance Use Disorder Confidentiality Rules

Last month the Substance Abuse and Mental Health Services Administration (“SAMHSA”) finalized amendments to the federal Confidentiality of Substance Use Disorder Patient Records regulation, 42 C.F.R. Part 2 (“Part 2”). The changes purport to better facilitate substance use disorder (“SUD”) care coordination and treatment by loosening technical consent requirements, clarifying permissible disclosures, and providing other guidance. Notably, these changes do not address changes required under the COVID-19-related CARES Act, which will require aligning Part 2’s consent requirements more closely to HIPAA. More information about these changes are summarized below:

  • Modification of Authorization Requirements: Part 2 previously required naming specific individuals to receive SUD records in authorization forms (except in very limited circumstances). This functioned as a major barrier to effective data sharing because patients often did not know a specific person’s name at a recipient organization. The modified authorization rules now more closely align with HIPAA by permitting organizations (instead of specific persons) to be named in authorization forms.
  • Permissible Disclosures for Payment and Health Care Operations Permitted with Written Consent: Part 2 previously left some ambiguity about the types of purposes for which SUD information could be disclosed with patient consent. The modifications now permit disclosures with consent that align to the HIPAA definitions of “Payment” and “Health Care Operations” and include “care coordination and case management.”
  • Disclosures for Research: The modifications also align the Part 2 “research” disclosure rules much more closely with HIPAA and the federal “Common Rule” regarding human subject research.
  • Permissible Disclosures for Audit and Program Evaluation: The regulation also clarifies specific situations that fall within the scope of permissible disclosures for audits and/or program evaluation purposes. Federal, state and local governmental agencies and third-party payers may conduct audits and evaluations to identify needed actions at the agency or payer level to improve care. Additionally, audits and evaluations may include reviews of appropriateness of medical care, medical necessity, and utilization of services.
  • Regulation Scope and Re-Disclosure: Treatment records created by non-Part 2 providers based on their own patient encounter(s) are explicitly not covered by Part 2, unless the provider incorporates SUD records received from a Program into the provider’s records. Otherwise, providers (and the EHRs they use) can avoid Part 2 applicability by segmenting data obtained from Part 2 records from the rest of the provider’s records.

Critical features of Part 2 remain unchanged, however, including:

  • Most data uses and disclosures still require patient authorization. However, Part 2 changes are coming up under the CARES Act that will make it substantially easier for entities subject to HIPAA to share information after obtaining an initial authorization.
  • Part 2 continues to prohibit law enforcement’s use of SUD patient records in criminal prosecutions against patients in the absence of a court order.

This development will have wide-ranging implications for Part 2 programs, which will benefit from the additional flexibility. The area of healthcare data privacy is constantly evolving and it can be difficult to navigate changes in the law. Please contact the authors of this post or your regular SPB contact if you have any questions.

Kamala Harris – Where the Vice Presidential Nominee Stands on Key Healthcare Issues

On Tuesday, August 11, 2020, presumptive Democratic presidential nominee Joe Biden announced Sen. Kamala Harris (D-CA) as his vice presidential running mate. Since joining Congress in 2017, Sen. Harris has largely served as a bridge between progressive and moderate Democratic positions and policies. She has made immigration, equal pay and reproductive health rights core planks of her policy proposals. Her current congressional committee assignments include Senate Judiciary, Homeland Security and Governmental Affairs, Intelligence and Budget.

Healthcare consistently ranks as a top priority for voters, and in the midst of an infectious disease pandemic we expect the focus on healthcare to intensify over the coming months. Healthcare also served as a differentiator in the crowded Democratic presidential primary; while all of the candidates supported universal access to health insurance coverage, policy solutions to achieve that goal ranged from creating a single-payer system to maintaining the current employer-based approach while providing a robust public option. As a candidate for president, Sen. Harris’s proposal embraced an eventual “Medicare-for-All” system buoyed by private insurance options and instituted over a 10-year transition period. Vice President Biden’s healthcare plan builds on the Affordable Care Act (ACA) by making current premium tax credits more generous and creating a public insurance option available to all Americans.

Although Sen. Harris will ultimately support Vice President Biden’s policies, her record as a prosecutor, the Attorney General of California and as a senator will influence the campaign and decisions made in the White House, if elected on November 3, 2020. Continue Reading

Public Records Show Agencies Are Vigorously Enforcing New COVID-19 Requirements Against Healthcare Providers

Since the COVID-19 outbreak began, healthcare providers have faced a slew of new regulatory requirements. As many healthcare providers know, enforcement agencies have taken starkly different approaches in terms of how often, and how vigorously, they enforce these requirements. Recent reports show, however, that agencies are closely enforcing workplace safety requirements relating to COVID-19, especially as they pertain to healthcare providers. Within the past month, the U.S. Occupational Safety and Health Administration (OSHA) and its state counterparts have initiated thousands of enforcement actions regarding compliance with COVID-19 safety rules

For example, late last month, OSHA fined several nursing facilities, including three located in Ohio, after determining that they had not followed applicable workplace standards concerning COVID-19. OSHA determined that these nursing facilities had failed to implement appropriate respiratory protection programs, failed to evaluate employees’ abilities to use respirators when required, and failed to appropriately record their health and safety compliance activities. Altogether, OSHA has opened over 400 inspections thus far regarding compliance with COVID-19 safety requirements. Continue Reading

Supreme Court Ruling Limits Insurer and Employer Contraceptive Obligations

Earlier this month the Supreme Court of the United States upheld a regulation adopted under the Trump administration significantly cutting back the requirement that insurers and group health plans provide coverage for contraceptives without cost sharing under the Affordable Care Act (ACA).

Because of the ruling in Little Sisters of the Poor v. Pennsylvania, employers, including publicly traded companies, with religious or moral objections are not required to provide contraceptive coverage under the health plans offered to employees. Previously, only churches and religious orders were excepted from the contraceptive coverage requirement while nonprofit religious organizations and private for-profit entities that objected to contraception for religious reasons could opt out of the requirement. Now, all are excepted from the federal requirement based on religious or moral objections and insurers are relieved of their obligation, under the accommodation process, to provide contraceptive coverage to employees through an alternative health care plan. The ruling also means that colleges and universities with religious or moral objections need not provide contraceptive coverage in student health plans, and that individuals who object on religious or moral grounds may seek to obtain insurance coverage in the individual market without contraceptive benefits (except as may be required by state law).

You can read our analysis of this case in our recent client alert, available here.