Highest French Administrative Court Lifts the Ban on CBD Flowers and Leaves

On December 29, 2022 the French Conseil d’Etat (the highest French administrative court) rendered a decision that was eagerly awaited by all those involved in the CBD industry which lifted the ban on the sale of CBD flowers and leaves to consumers.


For those who are not familiar with these products, Cannabis is the Latin name of the plant whose common name is hemp. All the parts of the plant are used: seeds, leaves, stems, flowers.

Cannabis is native to Asia but there are many varieties that are grown in very different conditions from the Afghan mountains to the equatorial zones but also in Europe.

The two most known molecules of this plant are CBD (cannabidiol) and THC (delta-9-tetrahydrocannabiniol). It is the THC which presents psychotropic properties and which is likely to create an effect of dependence.

The level of THC in the plant varies significantly from one variety to another.

Continue Reading

IDR Payment Disputes are Far Outpacing Projections, Creating Backlogs

The No Surprises Act (the “NSA”), which was enacted as part of the Consolidated Appropriations Act, 2021 (Pub. L. 116-260) provides protections to privately insured patients against “surprise billing” with respect to emergency services, non-emergency services provided by out-of-network providers at in-network health care facilities, and air ambulance services furnished by out-of-network providers.  As part of those protections, the NSA established a Federal Independent Dispute Resolution (IDR) process for insurers and health care providers and facilities to resolve reimbursement disputes covered under the NSA. 

Continue Reading

OCR Joins Chorus of Regulators Warning About Health Data Tracking Technology

Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance.

Cookies, web beacons, and similar technology are used to collect and analyze data about how users,  browsers and devices interact with websites and mobile apps across the Internet (“Tracking Technology”).   Tracking Technology is the subject of numerous regulatory actions, including by regulators in the European Union and California, and through private lawsuits (also in the EU and U.S.).  These actions and complaints typically focus on the lack of transparency about how Tracking Technology collect data about individuals as they traverse the Internet and the lack of individual choice about how that data is shared with third parties and used to build profiles for targeted advertising.  On December 1, 2022, another regulator joined the fray: the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”).  OCR, the primary enforcement authority for the federal Health Insurance Affordability and Accountably Acy (“HIPAA”), published a Bulletin cautioning HIPAA-regulated entities that their use of Tracking Technology may result in disclosures and uses of protected health information (“PHI”) that violate HIPAA.[1] 

Continue Reading

Ninth Circuit Affirms Dismissal of Non-Contracted Provider’s Lawsuit Against Managed Care Organization for Failure to Exhaust Administrative Review Process

In a recent decision, the United States Court of Appeals for the Ninth Circuit affirmed dismissal of a medical provider’s complaint against a Medicare Advantage Organization (“MAO”) because the provider failed to exhaust all administrative remedies under the Medicare Act. Glob. Rescue Jets, LLC v. Kaiser Found. Health Plan, Inc., 30 F.4th 905 (9th Cir. 2022).

In Global Rescue, an air ambulance provider flew two Medicare Advantage members from Mexico to San Diego. Id. at 908–09. The provider and the member’s MAO did not have a contract, which otherwise would have set the rate of payment. Id. at 910. Therefore, the out-of-network provider billed its “usual and customary” rates. Id. at 909. The MAO, however, “paid only a fraction of the billed amount.” Id. The provider then “vigorously disputed” the alleged underpayments, and sought reconsideration for at least one of the claims. Id. at 910. Even so, the provider failed to pursue at least three additional steps in the administrative review process. Id. at 915.

Instead, the provider filed suit for the additional money it believed it was owed. Id. at 910. The trial court dismissed the complaint on jurisdictional grounds, as the provider admittedly failed to exhaust all of Medicare’s administrative remedies. Id. at 911. The provider appealed, arguing that exhaustion was not required and, to the extent it was, “should have been excused.” Id. at 909.

The Ninth Circuit affirmed. It described traditional Medicare’s five-step appeals process and the benefits it provides. Id. at 911–13. These include “reducing the burden on courts,” having the benefit of agency “experience and expertise,” and “compil[ing] a record” that “is adequate for judicial review.” Id. at 913 (internal quotation marks and citation omitted). The Court noted that Congress had applied traditional Medicare’s administrative appeals scheme—with only “slight revisions”—to disputes between MAOs and their enrollees. Id. Therefore, the Court held that “the constraints on judicial review” under traditional Medicare “apply equally to claims for benefits” administered by a MAO. Id. at 914. The Court also found that “the same rationale for requiring exhaustion under original Medicare applies to” MAOs “as well.” Id.

Continue Reading

Dobbs Puts New Emphasis on Proactive Provider Transparency in Care Offerings

Months following the Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, the reproductive health climate remains clouded with terms lawyers—not to mention patients—never like to hear: “wait and see,” “to be decided,” “gray area,” “it depends.” Perhaps nowhere is the information gap of more crucial import than at the moment a patient walks through a provider’s door, initiates a potential care relationship, and, unless the provider is unusually transparent about all service offerings, makes assumptions about the ongoing nature of the relationship, and perhaps the unlimited nature of the specific care offerings. They will keep returning for care within the same specialty until the day the provider makes it clear, perhaps unexpectedly: “Sorry, we don’t do that. You have [weeks/days/hours] to [maybe] find someone else who will.”

Dobbs did not significantly impact services for many providers, as they always electively limited their reproductive health offerings on moral, religious, or other permissible grounds. However, a patient who has not sought reproductive services from the provider before may have no reason to know of these limitations or even realize there is reason to ask. Finding out in an urgent situation, when care from an alternate provider cannot be sought in a timely manner given the patient’s clinical condition, may present unwelcome challenges.

Continue Reading

California’s Senate Bill 1019 Seeks to Expand Access to Mental Health Benefits for Medicaid Enrollees

In an effort to expand access to mental health services, on September 30, 2022, California’s Governor approved Senate Bill 1019, which modifies the California Welfare & Institutions Code as it relates to Medi-Cal managed care plans (“MMCP”). No later than January 1, 2025, MMCPs must develop and implement an annual outreach and education plan for their enrollees regarding the mental health benefits covered by MMCPs. MMCPs will also be required to conduct annual outreach and education to inform primary care providers regarding the mental health benefits covered by the MMCP.

Continue Reading

Court Rejects Vertical Merger Challenge Brought by DOJ

On Monday, September 19, 2022, D.C. District Court Judge Carl J. Nichols rejected the Department of Justice’s (“DOJ”) request to block UnitedHealth’s $13.8 billion acquisition of Change Healthcare.  UnitedHealth is the largest health insurer in the United States, while Change Healthcare is a leading data clearinghouse for insurance claims.  The DOJ initially filed suit to block the acquisition in February, contending that the acquisition would give UnitedHealth access to its rival health insurers’ data through Change, and that the combined entity would have an incentive to slow delivery of new insurance claim processing tools. 

In order for the transaction to proceed, Judge Nichols ordered divestiture of Change Healthcare’s ClaimsXten unit that provides technology to help insurers process claims.  ClaimsXten was the only unit found to have had a direct overlap with UnitedHealth, and the divestiture was initially requested by the transacting parties as a way to alleviate DOJ concern that the combined firm would have a large (94%) market share.  

Continue Reading

Healthcare Entities Must Still Comply with 2023 Privacy Laws

As we head into the fourth quarter, US businesses need to assess their progress in preparing for sweeping changes to the California Consumer Privacy Act (“CCPA”) that become effective January 1, 2023, and with compliance with four new state consumer privacy laws (in Colorado, Connecticut, Utah and Virginia) that become effective throughout 2023 (collectively, “2023 Privacy Laws”).  To help businesses prepare for the requirements of the 2023 Privacy Laws, Team SPB prepared guidance materials, including high level workstreams, covering the following topics: (1) Preparing for 2023 State Privacy Laws; (2) HR and B-to-B Data CCPA/CPRA Compliance Primer; (3) Lessons from the First CCPA Civil Penalty Case; and (4) Takeaways from the First Draft of Revised CCPA/CPRA Regulations.

The 2023 Privacy Laws have carve-outs directly applicable to businesses that must comply with the Health Insurance Portability and Accountability Act (“HIPAA”) (i.e., covered entities and business associates).  For instance, at a high level, as directly related to HIPAA:

  • The CCPA, as amended by the California Privacy Rights Act (“CPRA”), exempts protected health information (“PHI”) under HIPAA, as well as HIPAA covered entities to the extent they are maintaining patient information according to HIPAA requirements.
  • The Virginia Consumer Data Protection Act (“VCDPA”) does not apply to qualifying HIPAA covered entities and business associates, or to PHI, as the terms are defined under HIPAA.  The VCDPA also exempts from its requirements healthcare data that has been de-identified according to HIPAA standards, information used for public health purposes authorized by HIPAA, or information originating from, and intermingled to be indistinguishable from PHI maintained by a covered entity or business associate.  The exemptions under the Utah Consumer Privacy Act (“UCPA”) and Connecticut’s Privacy Law (“CTPA”) largely track the VCDPA.
  • The Colorado Privacy Act (“CPA”) does not apply to information and documents created by a covered entity to comply with HIPAA.  Note that this is broader than under the CCPA/CPRA and the VCDPA exemptions.

Continue Reading

The 2022 Proposed Rule on Section 1557 of the Affordable Care Act Reflects a History of Competing Views on the Definition of Discrimination On the Basis of Sex in Healthcare Programs

On August 4, 2022, the Department of Health and Human Services (“HHS”) issued its proposed rule on Section 1557 of the Affordable Care Act (“ACA”). Section 1557 prohibits discrimination on the basis of race, color, national origin, sex, age or disability in certain health programs or activities, if any part of the program or activity receives Federal financial assistance. Section 1557 incorporates Title IX of the Education Amendments of 1972 (“Title IX”), which provides that “[n]o person in the United States shall, on the basis of sex, be excluded from participation in, be denied the benefits of, or be subject to discrimination under any education program or activity receiving Federal financial assistance…, or under any program or activity that is administered by an Executive Agency or any entity established under [Title I of the ACA].” The 2022 Proposed Rule reflects a significant departure from the 2020 Final Rule’s narrow definition of discrimination on the basis of sex, and enlarges the 2016 Final Rule’s already expansive definition of discrimination on the basis of sex. The 2022 Proposed Rule specifically includes sex stereotypes, sex characteristics, sexual orientation, gender identity and pregnancy or related conditions as bases for sex discrimination. HHS is soliciting public comments on the 2022 Proposed Rule through October 3, 2022. The Section 1557 implementing regulation would be effective 60 days after HHS publishes a final rule.

Continue Reading

Buyer Beware: FEMA Claw Backs Could Require Hospitals to Return Funds Received from FEMA for COVID-19 Purchases and Expenses

In the height of the COVID-19 pandemic, hospitals did what they needed to do to control the spread and keep patients alive.  That meant purchasing more of certain specialized equipment than they ever would have needed in non-pandemic times.  Sometimes that even meant converting a storage shed on a hospital’s parking lot to a drive thru for rapid testing and vaccinations – improvements that are useless to the hospital outside of the surge in need for pandemic-level testing and vaccinations. 

Many hospitals took these steps without any promise of return value for it, because it was the right thing to do to meet their communities’ needs.  Some hospitals obtained partial funding from FEMA (Federal Emergency Management Agency) for these expenditures.  FEMA funding was a welcome relief for any hospital that received it, but even more so for hospitals already in financial distress, exacerbated by the decrease (and in some cases total cessation) of elective and other services for an extended period during the pandemic, and increased costs of labor and supplies. 

Continue Reading