Federal Government Issues Alert on Top Ten Cybersecurity Vulnerabilities

Robust cybersecurity continues to be of paramount importance as the COVID-19 outbreak develops and cybercriminals seek to exploit a remote workforce, which necessitates that companies check their policies, procedures, and controls to ensure they are addressing the highest areas of risk.  On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) at the U.S. Department of Homeland Security (“DHS”) issued an Alert identifying the top 10 cybersecurity vulnerabilities routinely exploited by foreign malicious actors. The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) shared the Alert so healthcare organizations can likewise take appropriate action to reduce the potential risk of exploitation, as entities in this field are increasingly the target of cyberattacks.  Squire Patton Boggs Lawyers Elliot Golding and Kristin Bryan provide a detailed summary here on our Security & Privacy// Bytes blog.

CMS Implements New Round of Changes to Support U.S. Healthcare System

On April 30, 2020, the Centers for Medicare and Medicaid Services (“CMS”) announced new measures to support the healthcare system during the COVID-19 pandemic. These measures build upon past regulatory changes we have discussed elsewhere (see, for example, here and here), and CMS hopes to achieve five objectives with these measures: (1) expand the healthcare workforce, (2) expand the capacity of hospitals and healthcare systems, (3) expand access to telehealth, (4) expand the testing capacity and (5) reduce the burden of paperwork on practitioners. Below is a summary of just some of the steps taken by CMS to achieve these goals. A full summary of the changes, provided by CMS, can be accessed here. Continue Reading

Business Integrity: Maintaining Transparency and Accountability Through the COVID-19 Crisis

“As countries face undeniable emergencies, concentration of power, derogation of rights and freedoms, and as large amounts of money are infused into the economy to alleviate the crisis, corruption risks should not be underestimated,” said Marin Mrcela, the president of the Group of States against Corruption (GRECO), an anti-corruption monitoring body that is part of the Council of Europe.

The body published advice for its 50 member countries aimed at preventing corruption during these times. This provides an opportunity to reflect on the challenges facing global healthcare supply chains and operations. This blog highlights some of the areas you should be looking at now in order to avoid liability and reputational damage beyond the currency of this pandemic.

The utter desperation and urgency of the global health crisis means that ordinary rules and processes are necessarily subordinate, within reason, to the need to preserve life and to contribute to the efforts of fighting the spread of the virus.

Perhaps inevitably, crises such as this one present a fantastic opportunity for dishonest players to take advantage of the chaos and relaxation of the usual protocols fuelled by an unprecedented level of government spending in order to temper the effects of millions of job losses as a global economic depression looms. Continue Reading

HRSA COVID-19 Uninsured Program Portal Is Now Open

Health Care Providers may now register for the COVID-19 Uninsured Program, allowing them to be reimbursed for the COVID-19 tests and treatment they have provided to uninsured individuals. The Health Resources & Services Administration (“HRSA”) anticipates that providers may begin submitting claims on May 6, and will begin receiving reimbursements by the middle of May. The program was authorized by Congress in the recently enacted in the Families First Coronavirus Response Act, which set aside $1 billion for the program. Additional funds for the program will come from the $100 billion Provider Relief Fund established by the CARES Act. The program is subject to the availability of that funding. Continue Reading

Supreme Court Rules in Favor of Health Insurers Under Affordable Care Act’s Risk Corridor Program

The United States Supreme Court ruled in an 8-1 decision Monday in favor of four health insurers seeking hundreds of millions of dollars from the federal government related to the Affordable Care Act’s “risk corridor” program, reversing a lower court’s decision that Congress had suspended the government’s obligation to make such payments. Collectively, the decision was a major victory for health insurers, as the total deficit incurred by the government under the risk corridor program is more than $12 billion.

The risk corridor program was intended to be a financial incentive that Congress offered insurers to stabilize premiums and encourage participation in the individual and small group health insurance markets after the adoption of the Affordable Care Act.  The risk corridor program limited both profits and losses for insurance companies that offered plans in the individual and small group markets by requiring certain profits from these markets to be remitted to the Department of Health and Human Services, which in turn would give money to plans that sustained losses in these markets. The government did collect all of the profits that were owed under the risk corridor program, but only paid out a small fraction of the amounts owed to insurers that sustained losses. The risk corridor program closed in 2016 after three years, with the government ultimately not making more than $12 billion in contemplated risk corridor payments to insurers that had sustained losses. Continue Reading

Third Circuit’s Rejection of the “Objective Falsehood” Requirement under the FCA is Challenged

The appellee in United States ex rel. Druding v. Care Alternatives, Inc., 952 F.3d 89 (3d Cir. 2020) has sought rehearing of the Third Circuit’s holding that “objective falsehood” is not a requirement under the False Claims Act (“FCA”).  In reaching this holding, the Third Circuit considered whether a hospice-care provider’s claim for Medicare reimbursement can be considered “false” under the FCA where there were differences in expert opinion as to whether the accompanying patient certifications supported a terminal-illness prognosis.  The district court applied an objective falsity requirement to the FCA, holding that a “mere difference in opinion” among medical experts is insufficient to show falsity under the FCA.  The Third Circuit disagreed.  Relying on the statutory text and Third Circuit precedent, the court held that falsity under the FCA includes both factual and legal falsity, and that disagreement among medical professionals as to a patient’s prognosis is evidence of legal falsity.  In so holding, the court expressly rejected the rule that a doctor’s clinical judgment cannot be “false” under the FCA.  Continue Reading

CMS Pumps the Brakes on Additional Medicare Accelerated and Advanced Payments as it Simultaneously Deploys COVID-19 Emergency Fund Grants

The Centers for Medicare and Medicaid Services (CMS) announced that it is “reevaluating amounts that will be paid under its Accelerated Payment Program and suspending its Advance Payment Program to Part B suppliers effective immediately.”  CMS explained that it is pumping the brakes because it has already made almost $100 billion in accelerated or advanced payments and also has over $125 billion left in the “Public Health and Social Services Emergency Fund” (Provider Relief Fund) “available to hospitals and other healthcare providers on the front lines of the coronavirus response ….”  CMS’s shift to making more grants from the emergency fund rather than more accelerated or advanced payments—which potentially turn into high-interest debt—may help providers in the long run.  CMS has issued an updated fact sheet on this policy change.

The Coronavirus Aid, Relief, and Economic Security (CARES) Act directs the Department of Health and Human Services (HHS) to expand the Medicare Accelerated Payment Program for the COVID-19 pandemic beyond its original purpose of simply alleviating occasional cash-flow crunches due to disruptions in claims submission or processing.  CMS issued guidance allowing hospitals to draw up to six months of accelerated payments and other providers and suppliers up to three months of advance payments.  In response to a flood of applications, CMS has already made $60 billion in accelerated payments to hospitals and another $40 billion to doctors, other practitioners, and medical equipment suppliers.

Meanwhile, both the CARES Act and the newly enacted Paycheck Protection Program and Health Care Enhancement Act have collectively added $175 billion to HHS’s Provider Relief Fund to compensate hospitals and other providers for COVID-19-related costs and lost revenues.  Last week, CMS released a fact sheet detailing distributions of the fund’s first $100 billion.  These include a first tranche of $30 billion to all Medicare providers, based their proportionate shares of 2019 fee-for-service Medicare revenue.  On April 24, HHS started distributing another $20 billion to children’s hospitals and other providers with a relatively low share of Medicare revenue.  CMS has also earmarked $10 billion for hospitals and providers in pandemic hot spots and yet another $10 billion for rural providers.  About $30 billion of the original $100 billion is left over to pay for the care of uninsured COVID-19 patients at Medicare rates.  CMS has not yet disclosed specific plans for the additional $75 billion that Congress appropriated last Friday.

The key difference between the funds received from the Provider Relief Fund and those from the Accelerated and Advanced Payment Program is that the latter must be repaid, typically within one year, or less, or a penalty interest rate applies.  On the other hand, the grant funds come with several attached strings, including a restriction against surprise billing for COVID-19 treatment and HHS auditing and oversight to ensure the funds are used for appropriate purposes.  Most hospitals and providers have received accelerated payments along with grants, as the pandemic has broadly strained healthcare finances.

Complimentary Webinar: Privacy Law, Coronavirus, and Post-Pandemic Best Practices

On April 30, 2020, Partner, Elliot Golding will co-present a complimentary webinar,  Privacy Law, Coronavirus, and Post-Pandemic Best Practices.  The program, organized by Bloomberg Law, will address recent HIPAA changes and temporary waivers, telehealth privacy and cyber considerations, and practical tips and recommendations to manage privacy and cyber risk during these challenging times. 

Additional information about the session and registration may be found here.


A Respite for Potential Liability for Face Masks

Since April 8, 2020, seven states (in order of adoption: New Jersey, Rhode Island, New York, Maryland, Hawaii, Connecticut and Pennsylvania) have issued executive orders (“EOs”) requiring the wearing of face masks in various situations, ranging from being in a public place where close contact may be unavoidable, riding public transportation, working or shopping at an essential business or food service establishment, and going to a work site. In addition, the FDA has issued FAQs regarding the wearing of face coverings by employees in food and food production (i.e. workers in grocery stores, pharmacies, on farms, in food production, processing and retail settings). In the midst of these rapidly changing requirements that have the impact of requiring hundreds of thousands or even millions more masks to be available, we see business and innovation moving rapidly to answer the need. But, an overarching concern is liability. What if I give my workers masks… What if I make, import, distribute masks… and someone still gets sick? Or worse, dies? Continue Reading

Tips for Providers to Avoid Telehealth Compliance Risk

One of the more unanticipated consequences of the CoVID-19 pandemic is the rapid shift to telehealth by health care providers.  Before the surge of CoVID-19,  the Centers for Medicare and Medicaid Services (CMS) limited Medicare reimbursements for virtual services to a narrow set of circumstances, which typically still required the patient to leave his or her home to receive the services.

Continue Reading