CMS Gives the IPO List the Godfather 3 Treatment

Just when the procedures thought they were out(patient), CMS pulls them back in(patient).

Last year, in the final CY 2021 Outpatient PPS rule, CMS announced its intention to eliminate the Inpatient Only (IPO) List by January 1, 2024. The IPO list featured more than 1,700 procedures that were surgically invasive or required more than 24 hours of post-operational recovery time. As a result, any procedure on the list would only be paid for by Medicare on an inpatient basis.

With the CY 2021 rule, those procedures would be released to outpatient providers in stages, allowing physicians to clinically determine whether inpatient admission was indicated for a particular procedure.

However, in the proposed CY 2022 Outpatient PPS rule, announced on July 19, 2021, CMS reversed that decision and announced that it will now keep the IPO List, reinstating the 298 procedures that were removed by the 2021 rule. CMS said it was responding to concerns from stakeholders about patient safety. In particular, CMS indicated that the 2021 rule removed the procedures on too steep of a timeline. The agency said it wanted to provide “greater consideration of the impact removing services from the list has on beneficiary safety and to allow providers impacted by the COVID-19 PHE additional time to prepare to furnish appropriate services safely and efficiently before continuing to remove large numbers of services from the list.”

Continue Reading

Expansive enforcement of HIPAA Right of Access continues

Starting in 2019, the Department of Health and Human Services Office for Civil Rights (“OCR”) has taken an increased interest in protecting patients’ right of access to protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). Over the past twenty months, OCR has announced nineteen settlements under its Right of Access Initiative (“Initiative”), demonstrating OCR’s continued commitment to enforcing patients’ rights. Reed Smith has closely tracked this Initiative. Additional commentary on the Initiative and the associated settlements can be found here, and here.

Under HIPAA, “an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set, except for: (i) psychotherapy notes; and (ii) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.” Once a request for access has been made, the covered entity must act on the request “no later than 30 days after receipt of the request….” The Initiative focuses on enforcement of these duties under HIPAA and hold to account those who fail to comply.

The first settlement, which was announced on September 9, 2019, arose from a mother’s complaint alleging that Bayfront Health St. Petersburg (“Bayfront”) failed to provide timely access to her child’s prenatal medical records. Bayfront paid $85,000 to OCR and agreed to one year of monitoring to settle the potential violation of the right of access provision of HIPAA. At the time, then-OCR Director Roger Severino stated, “Providing patients with their health information not only lowers costs and leads to better health outcomes, it’s the law. We aim to hold the health care industry accountable for ignoring peoples’ rights to access their medical records and those of their kids.” This statement and settlement demonstrates that OCR views the Initiative as central in furthering not only the agency’s directive in protecting patient’s rights, but also in making healthcare more affordable and keeping patients informed about their health.

The organizations that have be subject to OCR scrutiny under this initiative vary widely. Since the inception of the Initiative, OCR has taken action against a range of regulated entities, from private practitioners to one of the largest health care systems in the United States. The nineteen settlements targeted covered entities located across a dozen states, and involved varied medical specialties, including, but not limited to, mental health, plastic surgery, pain management, and endocrinology. The complainants that initiated these investigations also reflect the varied contexts in which requests for access are made, such as patients seeking their own PHI, parents requesting their child’s records, and a child asking for her father’s medical records. Although the settlements varied widely under the Initiative (ranging from $3,500 to $200,000), most settlements have been within a range of tens of thousands of dollars. Additionally, all of the nineteen settlements include corrective action plans, which mandate OCR monitoring for a period of one or two years.

In determining the payment of civil monetary penalties (in the event the regulated entity and OCR cannot not come to a settlement), OCR is directed to consider multiple factors including (i) the nature and extent of the HIPAA violation; (ii) the harm resulting from the violation; (iii) the regulated entity’s history with respect to compliance with the HIPAA rules; (iv) the financial condition of the regulated entity, including its size, and (v) recognized security practices.

Noticeably, in many of these cases, the payment of a settlement amount came after OCR provided technical assistance to the regulated entity regarding how to comply with HIPAA right of access requirements in response to a patient complaint. In these instances, the regulated entity’s continued failure to address the request for access resulted in a second complaint, an investigation by OCR, and, ultimately, a financial settlement and additional monitoring.

For example, in March 2021, OCR announced a settlement with The Arbour, Inc (“Arbour”), a Massachusetts-based covered entity provider of behavioral health services. After a patient filed an initial complaint alleging that Arbour failed to take timely action in response to a record request, OCR provided Arbour with technical assistance regarding its right of access duties under HIPAA. Following OCR’s provision of technical assistance, the patient filed a second complaint with OCR claiming that Arbour continued to fail to respond to the patient’s request. In the settlement, Arbour agreed to pay $65,000 and undertake a corrective action plan that included one year of monitoring. At the time the settlement was announced, Acting OCR Director Robinsue Frohboese said, “Health care providers have a duty to provide their patients with timely access to their own health records, and OCR will hold providers accountable to this obligation so that patients can exercise their rights and get needed health information to be active participants in their health care.” In nine of the nineteen settlements under the Initiative, OCR has reported providing technical assistance before enforcement action was taken in response to a second complaint.

An important lesson to the industry is that it is crucial that regulated entities promptly provide patients with requested PHI and respond to OCR if the agency reaches out to provide technical assistance.

 

Reed Smith will continue to track developments involving the Initiative. Should you have any questions related to this OCR Initiative please do not hesitate to reach out to the health care attorneys at Reed Smith.

Consensus among HHS agencies on addressing social determinants of health through better data capture, interoperability

Over the last decade, members of the medical and public health communities around the world have widely studied and acknowledged the impact of social determinants of health (SDOH)—the conditions in the environments where people live, learn, work, play, and age—on a wide range of health, functioning, and quality-of-life-risks and outcomes.[1]  In the past year or so, U.S. federal government policy has made a fundamental shift to align with this notion, focusing in part on better integration of health data and human services data to realize improved health outcomes that patients experience.

This policy shift is highlighted in the U.S. Department of Health & Human Services’ (HHS’) 2020-2025 Federal Health IT Strategic Plan, and is underscored in the Biden Administration’s American Rescue Plan and other policy recommendations that include ways to address SDOH, particularly in the wake of the COVID-19 pandemic. Through these policies and legislative initiatives, we have seen HHS agencies, such as the Office for Civil Rights (“OCR”), the agency that enforces HIPAA, the Office of the National Coordinator for Health Information Technology (“ONC”), the agency charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information, and others, signal that use and disclosure of patient information for certain treatment and health care operations activities, namely care coordination and management, to address SDOH is not only permissible but encouraged at both the individual-level and the population-level.

OCR’s Notice of Proposed Rulemaking (NPRM) published in January 2021, proposes pivotal changes to key standards, definitions, and patient rights under the HIPAA Privacy Rule, which are geared toward promoting care coordination and value-based care, and empowering patients with greater access to their health information.  More specifically, in addition to facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises and enhancing flexibilities for disclosures of protected health information (PHI) in emergency or threatening circumstances, such as the opioid and COVID-19 public health emergencies, OCR’s NPRM seeks to clarify the (already existing) scope of a HIPAA covered entity’s ability to disclose PHI to social service agencies, community-based organizations, home and community-based service providers, and other similar third parties providing health-related services in order to facilitate coordination of care and case management for permissible treatment and health care operations purposes under the law.  As proposed, the HIPAA Privacy Rule’s definition of “health care operations” would be amended to expressly permit disclosure of PHI for care coordination and case management activities, whether population-based or focused on particular individuals, and without a patient authorization.

If finalized, this clarification would give comfort to covered health care providers and health plans seeking to address SDOH among their patient and member populations that they may use and disclose PHI for these purposes without running afoul of HIPAA.  In effect, health care providers who believe that disclosures to certain social service entities are a necessary component of, or may help further, their patient’s health or mental health care may disclose the minimum necessary PHI to such entities without the individual’s authorization. For example, a provider may disclose PHI about a patient needing mental health care supportive housing to a local service agency that arranges such services for individuals, or disclose PHI to a senior center to help coordinate necessary health-related services for a patient such as arranging for a home aide to help the patient with their prescribed at-home prescription or post-discharge treatment protocol.  Likewise, a covered health plan may disclose PHI to facilitate care coordination and case management activities as part of the plan’s health care operations, including working closely with community-based organizations and/or multi-disciplinary teams to address SDOH and coordinate comprehensive wraparound services, such as clinical and behavioral health care, social services, and patient advocates to support certain populations, such as senior citizens or people experiencing food insecurity, homelessness, severe mental illness or substance abuse disorders.

Demonstrating consensus around the use of patient information in the clinical context to address SDOH, last week ONC released version 2 of the United States Core Data for Interoperability (“USCDI”), which now includes patient information related to SDOH, as well as sexual orientation and gender identity.  USCDI is a standardized set of health data classes and data elements for nationwide, interoperable health information exchange.  ONC requires compliance with the USCDI version 1 for health information technology (“IT”) certified to its Health IT Certification Program, 2015 Edition Cure Update in order to establish baseline standards for capturing health information in electronic health records and for exchanging that information with other systems.  USCDI version 1 is also incorporated into ONC’s Information Blocking Rule, which prohibits interference with access, exchange, and use of electronic health information by health care providers, health information exchanges and health information networks, and ONC-certified health IT developers.  For more information on the Information Blocking Rule, please refer to Reed Smith’s 2021 Health Care Outlook, Information Blocking Webinar Series, and recent Health Industry Washington Watch blog posts.

While compliance with USCDI version 2 is not mandated for ONC-certified health IT at this time or health care providers or systems from a documentation or data sharing perspective, it serves as additional evidence that the activities a HIPAA covered health care provider or health plan undertake to address SDOH can fall within the scope of treatment and health care operations activities consistent with OCR’s proposed clarifications and modifications to the HIPAA Privacy Rule.

 

Reed Smith is closely tracking the further integration of SDOH data across the health care industry, including with respect to the release of OCR’s final rule.  Should you have any questions regarding the impact of these developments on your organization, please contact Nancy B. Halstead, Vicki Tankle, or a member of your Reed Smith health care team.

 

[1] See Office of Disease Prevention and Health Promotion, Social Determinants of Health (2020), available at https://www.healthypeople.gov/2020/topics-objectives/topic/social-determinants-of-health; U.S. Centers for Disease Control and Prevention, Social Determinants of Health: Know What Affects Health, available at https://www.cdc.gov/socialdeterminants/.

Provider Relief Fund Reporting Portal open for reporting Period 1

On July 1, 2021, the U.S. Department of Health and Human Services (“HHS”), through the Health Resources and Services Administration (“HRSA”) notified recipients of Provider Relief Fund (“PRF”) payments via e-mail that the PRF Reporting Portal is now open for providers who are required to report on the use of funds in Reporting Period 1 as described by HHS’s June 11, 2021 update to the reporting requirements.

HRSA also provided resource guides and FAQs to assist providers with understanding the reporting requirements and how to access and use the Reporting Portal. HRSA’s resources included a few notable clarifications and confirmations. First, if a provider received multiple payments across multiple time periods, HRSA clarified that the provider must report during each reporting time period which corresponds to the payment received period. In other words, a provider who received and used all of the PRF payments over various time periods is not allowed to report everything in the initial report and will have to file multiple reports. Similarly, HRSA confirmed that a provider may not submit reports early and, instead, must report during the reporting time period that corresponds to the payment received period in accordance with the June 11, 2021 guidance. In addition, HRSA will not notify a provider regarding whether it agrees with the provider’s reporting. Finally, HRSA will not grant extensions to the reporting period and providers who fail to submit a timely report may be subject to recoupment of PRF payments.

Providers can register to attend a recorded webcast hosted by HRSA on July 8, 2021 at 3 PM ET for additional technical assistance on reporting requirements. Should you have any questions related to the PRF reporting requirements and how it may impact your organization, please do not hesitate to reach out to the health care attorneys at Reed Smith.

Office of Civil Rights shares critical cybersecurity guidance amid string of ransomware attacks

On June 9, 2021, the Office of Civil Rights (OCR) shared a cyber-alert containing important updates on how companies can protect their operations from ransomware attacks. The guidance comes from the White House and Cybersecurity and Infrastructure Security Agency. The memo, entitled “What We Urge You To Do To Protect Against The Threat of Ransomware,” addresses the increased frequency and magnitude of ransomware incidents, calling upon the private sector to join the government’s efforts to protect organizations from the growing threat of such attacks.

This memo comes on the heels of President Biden’s Executive Order to improve the nation’s cybersecurity and protect federal government networks — further indicating the prioritization of cybersecurity in the federal government and private entities. In conjunction with providing essential guidance to private entities, the memo also highlights the government’s efforts to develop cohesive and consistent policies towards ransom payments, enable rapid tracing and interdiction of virtual currency proceeds, and work with the international community to hold countries that harbor ransomware actors accountable.

Providing concrete steps private entities can follow, the memo urges companies to do the following to increase cybersecurity: (1) implement the five best practices from the President’s Executive Order, including, for example,: multifactor authentication and data encryption, (2) back up data,  regularly test systems and keep backups offline, (3) update and patch systems promptly, (4) test incident response plans, (5) evaluate organizational security team’s practices by using a third-party tester to determine cybersecurity readiness, and (6) segment company networks so that if a network is compromised, the harm is mitigated.

While the memo provides vital and timely guidance on cybersecurity practices to private entities, it generally carries no binding effect. However, the non-binding nature of the memo should not create a false sense of reduced responsibility. OCR has demonstrated that it will collect large monetary settlements from regulated entities that fail to appropriately safeguard their networks and systems from cyberattacks. For example, OCR settled a data breach with CHSPSC LLC (CHSPSC) after information technology (IT) provider permitted hackers to access healthcare provider IT information with compromised administrative credentials. CHSPSC agreed to pay $2.3 million to settle this matter. OCR’s investigation found a history of “systemic noncompliance” with HIPAA security rules by CHSPSC, despite express warning of attempt hacking from the FBI. “The health care industry is a known target for hackers and cyberthieves. The failure to implement the security protections required by the HIPAA Rules, especially after being notified by the FBI of a potential breach, is inexcusable,” said Severino.

We will continue to report on any additional guidance provided by OCR as they seek to aid the government in cybersecurity efforts across the public and private sectors. Should you have any questions related to cybersecurity best practices, potential liability, or OCR guidance, please do not hesitate to reach out to the health care attorneys at Reed Smith.

This post was co-authored by Marquan Robertson, a Reed Smith summer associate.

Important updates to provider relief fund reporting requirements

On June 11, 2021, the Department of Health and Human Services (“HHS”) announced that it had released revised reporting requirements for those providers and suppliers that have received Provider Relief Fund payments during the COVID-19 pandemic. Readers may recall that HHS previously issued notices on post-payment reporting requirements starting in July 2020, and that previous updates were announced in January 2021. The June 11, 2021 updates (the “Revised Requirements”) supersede previous reporting requirements, which never went into effect.

To whom do these requirements apply?

The post-payment reporting requirements apply to those who received one or more Provider Relief Fund payments exceeding $10,000 during one of the “Payment Received Periods.” In addition to the General Distributions and Targeted Distributions of Provider Relief Fund monies, the Revised Requirements now also include funds received under the Skilled Nursing Facility and Nursing Home Infection Control Distribution.

Recipients have two distinct, overarching reporting obligations based on the Payment Received Period. Specifically, recipients must, within a set period of time, (1) use the funds received and (2) report on the use of such funds. Generally speaking, the Revised Requirements extend the time period in which certain funds must be used (the previous deadline to use all such funds was June 30, 2021) and allow for a longer time period to complete reporting (90 days instead of 30 days).

The table below is a summary of the reporting requirements and deadlines:

How is reporting done? What must be reported?

Reports must be submitted through the Provider Relief Fund Reporting Portal, which will open on July, 1, 2021. Reports are to be made in accordance with the entity’s normal basis of accounting. Details regarding the information that must be reported are found in the Revised Requirements, but generally the information includes “data elements” related to the business and its subsidiaries, interest earned on Provider Relief Fund payments, other assistance received, use/application of funds, lost revenues attributable to coronavirus, and certain personnel, patient, and facility metrics. A copy of the Revised Requirements is available here. For additional information on how the Revised Requirements might impact you, please reach out to the health care attorneys at Reed Smith.

Patient Right of Access Under HIPAA and Increased Enforcement

This post was also written by Marquan Robertson, a Reed Smith summer associate. 

In 2019, the Department of Health and Human Services Office of Civil Rights (OCR) announced its Right of Access Initiative. The Right of Access Initiative realizes OCR’s commitment to ensuring the aggressive enforcement of patients’ rights to receive copies of their medical records. Enforcement of the initiative applies to all organizations required to comply with HIPAA standards.

HIPAA regulations stipulate that “an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set, except for: (i) psychotherapy notes; and (ii) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.”

Staying true to the spirit of its Right of Access Initiative, OCR recently settled its nineteenth investigation with the Diabetes, Endocrinology & Lipidology Center, Inc. (DELC). DELC is a health care provider for endocrine disorders in West Virginia. OCR’s investigation stemmed from an August 2019 complaint in which a mother alleged that DELC failed to deliver medical records for her minor child in a timely manner. Despite the complaint coming just a month after failed delivery of the requested medical records, copies were not provided to the mother until May 2021—almost two years after the initial request. DELC signed a resolution agreement following OCR’s investigation, agreeing to pay $5,000 and to undertake a corrective action plan featuring two years of continuous monitoring.

We have previously reported on OCR’s vigorous enforcement of its Right of Access Initiative, trending toward increased patient rights. These previously published articles are available here and here. The articles highlight multiple OCR settlements and OCR’s recent push for interoperability among health care providers. Moreover, the Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services, in conjunction with the Department of Health and Human Services Office of the Inspector General, have led the way for increased monitoring and compliance standards through various rule proposals. These proposals call for the implementation of technology that promotes electronic access, exchange, and the use of health information to move the national health care system toward greater interoperability.

Patient rights and accessibility are at the forefront of OCR’s mind. “Covered entities owe it to their patients to provide timely access to medical records,” said Acting OCR Director Robinsue Frohboese in announcing the DELC settlement. OCR takes patient complaints seriously and has demonstrated that stiff fines will follow for HIPAA-regulated entities that fail to take expeditious action on requests from patients for access to their information.

We will continue to monitor enforcement patterns, trends, and other developments by the OCR’s Right of Access Initiative. Should you have any questions related to the Right of Access Initiative or OCR enforcement, please do not hesitate to reach out to the health care attorneys at Reed Smith.

Reed Smith Outlook: U.S. Health Care 2021

We recently released the 2021 U.S. Health Care Outlook digital white paper, an industry trends report written by numerous lawyers on our health care team. The Health Care Outlook gives an in-depth look at the major regulatory issues that life science and health care companies can expect to face throughout the rest of this year and beyond. The white paper includes sections on: post-COVID trends and lessons learned; the future of value-based care; the intersection of health care and data; and the evolving environment of health care delivery. We expect these issues will have a significant impact on the life science and health care industry and are important for companies operating or investing in the sector to understand. Please take a look at the report for more information on these exciting new health trends.

 

HHS, acting U.S. Attorney, and California Attorney General issue joint warning of the potential consequences of charging patients for COVID-19 vaccines

On May 18, 2021, in a statement issued by the U.S. Department of Health and Human Services’ (HHS) Office of Inspector General, Acting U.S. Attorney for the Eastern District of California, Phillip Talbert, and California Attorney General, Rob Bonta (the Statement), the health care industry was reminded of the prohibition against charging individuals for COVID-19 vaccines (the Vaccine(s)). The Statement reinforced the Centers for Disease Control and Prevention’s (CDC) mandate that administration of the Vaccine should come at no personal cost to the recipient. The CDC instructs participants that they must (1) administer the Vaccines regardless of a recipient’s ability to pay administration fees or coverage status, (2) provide Vaccines at no out-of-pocket cost to the recipient, and (3) may seek appropriate reimbursement from an appropriate program or plan, such as the recipients insurance policy or the Health Resources and Services Administration’s COVID-19 Uninsured Program, which covers Vaccine administration fees associated with uninsured individuals.

The Statement issued this month comes after the California Attorney General’s office received allegations that entities administering the Vaccine had been charging as much as $45 in out-of-pocket fees to recipients. This reminder serves as a warning of the possible legal consequences of seeking payment directly from individuals for the Vaccine. Such entities could be subject to investigation by the U.S. Department of Justice (DOJ) for violation of the civil False Claims Act, various civil and criminal statutes, and removal from the CDC’s COVID-19 Vaccination Program. In the last few months alone, the DOJ has charged hundreds of individuals who have allegedly abused various COVID-19 relief programs, involving more than $569 million in alleged fraudulent claims.

Although the Statement largely served as a cautionary tale to entities that are inappropriately seeking payment from patients for administration of the Vaccine, HHS also reminded those distributing the Vaccine to seek reimbursement from various sources, including  HHS’ COVID-19 Coverage Assistance Fund (CAF), which is intended to compensate providers in instances where a patient has insurance that does not cover vaccines, or does cover vaccines, but includes patient cost-sharing. Services reimbursed by CAF include the costs of training individuals to administer the Vaccine, storing the Vaccines, and the staffing needs involved in administering doses.

Reed Smith continues to track guidance involving the distribution of the Vaccine, and will continue to provide updates moving forward.  Should you have any questions related to the distribution of the Vaccine, please do not hesitate to reach out to the health care attorneys at Reed Smith.

CMS again postpones the effective date of Medicare coverage pathway to access “breakthrough” medical technologies, regulatory standard for determining whether an item or service furnished under Medicare is “reasonable and necessary”

On May 14, 2021, the Centers for Medicare & Medicaid Services (CMS) released a new final rule that further delays until December 15, 2021, the effective date of the final rule titled “Medicare Program; Medicare Coverage of Innovative Technology (MCIT) and Definition of ‘Reasonable and Necessary’” (the January 2021 Rule), which was published in the final days of the Trump Administration.

As a reminder, the January 2021 Rule sought to:

  • Establish the MCIT pathway to provide beneficiaries nationwide with faster access to new, innovative medical devices designated as breakthrough devices by the Food and Drug Administration (FDA); and
  • Implement a codified regulatory standard that must be used in determining whether all items and services satisfy Medicare’s reasonable-and-necessary requirement.

Under the January 2021 Rule, the regulatory changes were originally scheduled to take effect on March 15, 2021. However, following a change in presidential administration, the January 2021 Rule became subject to a regulatory freeze.

On March 17, 2021, CMS published an interim final rule that delayed the effective date of the January 2021 Rule until May 15, 2021, and provided a new comment period to solicit additional feedback.

Now, with the considerable length of the most recent delay, CMS will have ample time to evaluate the planned regulatory changes and address any issues raised in stakeholders’ submitted comments. It is also possible that CMS may ultimately rescind the January 2021 Rule entirely.

For those looking to learn more about the January 2021 Rule, as currently written, below is a brief primer.

The MCIT Pathway

In 2016, Congress passed the 21st Century Cures Act, which codified a new pathway for the FDA to expedite the development, assessment, and review for market approval—and subsequent distribution to patients—of innovative medical devices and diagnostic tests via a special “breakthrough” designation. Notably, FDA specifically reserves such designation for those medical technologies that treat patient populations with debilitating conditions for which there are limited or no treatment alternatives. However, Congress did not expressly create a corresponding pathway for CMS to expedite coverage of such breakthrough technologies for Medicare beneficiaries. As a result, even after FDA approval or clearance, Medicare beneficiaries often wait years before being able to take advantage of breakthrough medical technologies and therapies.

The January 2021 Rule’s new MCIT pathway, which is voluntary for device manufacturers, would bridge the gap between FDA approval and Medicare coverage. That is, the regulation would provide Medicare beneficiaries with immediate national coverage for four years for any new medical device or diagnostic test designated as a “breakthrough” medical technology and deemed safe and effective by FDA, and then would require CMS and manufacturers to work together to identify and develop any additional data necessary to make a permanent coverage decision after the four-year coverage period expires. Specifically, at the end of the MCIT pathway, a breakthrough technology would either have a favorable National Coverage Determination (NCD), a non-coverage NCD, or coverage decided by a Medicare Administrative Contractor.

The “Reasonable and Necessary” Requirement

Section 1862(a)(1)(A) of the Social Security Act, 42 U.S.C. § 1395y(a)(1)(A), mandates that no payment may be made under Medicare Part A or Part B for any expenses incurred for items or services “not reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member.” Despite the long-standing nature of this statutory requirement, to date CMS and its contractors have determined whether such items and services are “reasonable and necessary” on a case-by-case basis often subject to national and local coverage policies.

After several attempts in the past, the January 2021 Rule would represent the first time that CMS has codified a “reasonable and necessary” regulatory standard. For the most part, the January 2021 Rule would adopt preexisting criteria for “reasonable and necessary” outlined in the Medicare Program Integrity Manual. Specifically, an item or service would be deemed “reasonable and necessary”—and eligible for coverage—if such item or service is considered:

  1. Safe and effective;
  2. Not experimental or investigational; and
  3. Appropriate for Medicare patients, including the duration and frequency that is considered appropriate for the item or service.

Notably, the January 2021 Rule as currently written would include an alternative pathway to Medicare coverage: where there is insufficient evidence to satisfy the required appropriateness criteria, CMS would consider providing coverage to the extent the item or service is covered by a majority of commercial insurers.

What if I have additional questions?

Should you have any questions related to the postponement of the MCIT pathway or CMS’s Medicare-wide regulatory definition of “reasonable and necessary,” please do not hesitate to reach out to the health care attorneys at Reed Smith.

HHS to prohibit discrimination on the basis of sexual orientation and gender identity

On May 10, 2021, the Department of Health and Human Services (“HHS”) announced that— consistent with the Supreme Court’s decision in Bostock v. Clayton County, 140 S. Ct. 1731 (2020), and Title IX of the Education Amendments of 1972—HHS’s Office of Civil Rights (“OCR”) will interpret and enforce the prohibition on discrimination on the basis of sex under Section 1557 of the Patient Protection and Affordable Care Act to include: (1) discrimination on the basis of sexual orientation; and (2) discrimination on the basis of gender identity. OCR is responsible for enforcing Section 1557 and regulations issued thereunder, which prohibit discrimination on the basis of race, color, national origin, sex, age, or disability in covered health programs or activities. HHS stated that its interpretation will guide OCR in processing complaints and conducting investigations, but does not itself determine the outcome of any particular care or set of facts.

The announcement comes less than a year after the Supreme Court’s decision in Bostock, which held that Title VII of the Civil Rights Act of 1964’s prohibition on employment discrimination based on sex encompasses discrimination based on sexual orientation and gender identity. Bostock held that the plain meaning of “because of sex” in Title VII necessarily includes discrimination because of sexual orientation and gender identity.

As we previously reported, OCR’s implementation of the Section 1557 regulations and the impact of Bostock have been contested in federal courts across the country. But since Bostock, two federal circuits have concluded that the plain language of Title IX’s prohibition on sex discrimination must be read similarly. Moreover, on March 26, 2021, the Civil Rights Division of the Department of Justice issued a memorandum to Federal Agency Civil Rights Directors and General Counsel concluding that the Supreme Court’s reasoning in Bostock applies to Title IX.

As part of HHS’s recent announcement, Secretary of Health and Human Services Xavier Becerra stated: “The Supreme Court has made clear that people have a right not to be discriminated against on the basis of sex and receive equal treatment under the law, no matter their gender identity or sexual orientation. That’s why [on May 10] HHS announced it will act on related reports of discrimination[.]” The announcement observed that “discrimination in health care impacts health outcomes” and noted that “[r]esearch shows one quarter of LGBTQ people who faced discrimination postponed or avoided receiving needed medical care for fear of further discrimination.”

In enforcing Section 1557, OCR stated that it will comply with the Religious Freedom Restoration Act and all other legal requirements, as well as all applicable court orders that have been issued in litigation involving the Section 1557 regulations.

We will continue to monitor developments related to HHS’s announcement and their impact on covered entities.

CMS finalizes rule to expand and modify Comprehensive Care for Joint Replacement Model

On May 3, 2021, the Centers for Medicare & Medicaid Services (CMS) published an 81-page final rule to both extend and change the Comprehensive Care for Joint Replacement (CJR) model. We previously reported on the proposed rule here. The CJR model was initially implemented by way of notice-and-comment rulemaking in April 2016; the recent final rule will extend the CJR model by an additional three years through December 31, 2024.

Purpose of CMS’s CJR Model

The CJR model is intended to target and minimize cost inefficiencies and support more robust care for Medicare beneficiaries who undergo hip and knee replacements—also known as lower extremity joint replacements (LEJR). According to CMS, LEJR are the most common inpatient surgeries performed on Medicare beneficiaries and represent a substantial cost. In 2014 alone, more than 400,000 surgeries resulted in an outlay of $7 billion just for hospitalizations.

By bundling payment and quality measurement for an episode of care associated with LEJR, the CJR model’s aim is to incentivize disparate providers such as hospitals, physicians, and post-acute care providers to coordinate and improve quality of care and outcomes from surgery through recovery and rehabilitation. The episode of care begins with the admission of a Medicare beneficiary to a participating hospital—whether for inpatient or outpatient care—and ends 90 days post-discharge in order to cover the period necessary for recovery and rehabilitation. With certain exceptions, the episode covers all related items and services under Medicare Parts A and B.

Participation and Cost Reductions

The final CJR model establishes 34 mandatory metropolitan statistical areas (MSAs), while excluding rural or low-volume hospitals in those geographic areas. Taking into account an additional 33 MSAs in which participation is voluntary, as of January 2021 approximately 432 hospitals participate in the CJR model.

CMS’s initial evaluation of the CJR model’s first three years, as well as an independent study published in the New England Journal of Medicine, indicate lower episode costs among CJR-participating hospitals as compared to non-participating hospitals, with no apparent negative impact on quality of care.

Highlights of the Final Rule

With only minor modifications to the proposed rule, the highlights of the final rule include:

Outpatient Treatment. Notably, the final rule follows through on CMS’s proposal to extend the CJR model’s definition of an episode of care to include outpatient total knee arthroplasty and total hip arthroplasty. CMS’s stated goal in implementing this change reflects both an industry shift toward outpatient care for LEJR, as well as an effort to avoid the unintended outcome of incentivizing a provider to choose the more costly inpatient setting for reimbursement than would otherwise be medically necessary. Inclusion of outpatient procedures will not only expand CJR eligibility for providers, but should also ultimately lower costs for Medicare beneficiaries.

Ambulatory Surgical Procedures. In response to comments garnered during the comment period for the proposed rule, as of 2021, all procedures included in the CJR model can now be performed in the ambulatory surgical center (ASC) setting.

Target Price Calculation. The final rule modifies the CJR model’s basis for the target price (i.e., the forecast price for an LEJR episode based on a blend of inpatient/outpatient cost, hip fracture status, and average regional spending) by discarding a three-year data trend in favor of a single year. The final rule also discontinues the use of the regional and hospital anchor weighting steps in the target price calculation methodology as volume issues are no longer a concern. Lastly, the final CJR model incorporates additional risk adjustment to the target pricing and modifies the high episode spending cap calculation methodology.

CMS acknowledges improvement in nursing home COVID-19 response, eliminates certain blanket waivers

The 2019 Novel Coronavirus pandemic (“COVID-19”) introduced several unfamiliar hardships adversely impacting the long-term care industry, especially for nursing homes.  Acknowledging these hardships, the Centers for Medicare & Medicaid Services (“CMS”) enacted several temporary emergency blanket waivers effective March 1, 2020, lending flexibility to nursing homes in their COVID-19 response efforts.  Since that time, according to CMS, many nursing homes have adapted by developing new COVID-19 related policies and practices that CMS believes: (a) mitigate the need for certain blanket waivers, and (b) shed light on state-level nursing requirements that have room for improvement.

Accordingly, as of April 8, 2021, CMS announced that it is ending the following emergency blanket waivers:

  • Resident room or roommate change notification requirements, and transfer and discharge notification requirements. In March 2020, CMS waived a 30-day transfer or discharge notification requirement, which required notification to the resident or representative prior to making a room or a roommate change.  This waiver allowed nursing facilities to notify residents of a room change or transfer after a transfer occurred, and therefore allowed facilities to accelerate changes in the interest of time and resident safety.
  • Care planning requirements for residents transferred or discharged for cohorting purposes. CMS also initially waived a rule requiring nursing homes to complete a baseline care plan within 48 hours, and a comprehensive care plan within 7 days, of resident admission.  Specifically, CMS waived this care plan requirement when transferring or discharging nursing home residents to another long-term care facility, allowing nursing homes to quickly implement transmission-based precautions and cohort any residents who were, or may have been, exposed to COVID-19.
  • Timeframe requirements for completing and transmitting resident assessment information “minimum data set.” Finally, CMS waived the minimum data set (“MDS”) timeframe requirements for resident assessments.  CMS previously intended for this waiver to allow nursing home facilities to prioritize infection control efforts in response to the COVID-19 pandemic.

After over a year since these blanket waivers went into effect, CMS now believes that a significant amount of nursing homes have developed policies and practices that allow those facilities to cohort nursing residents while also providing the required advanced notice, and to complete health care plans and assessments in an appropriate timeframe.  CMS has therefore declared that these waivers should no longer remain in effect.

Nurse Aide Training and Certification Waiver

Further, in order to assist nursing homes with staff shortages during the COVID-19 pandemic, CMS also issued a waiver for certain nurse aide training and certification requirements set forth in 42 CFR § 483.35(d).  The goal of this 4-month waiver was to allow nursing facilities to employ nurse aids for longer than four months even if the nurse aid had not completed his or her state-approved Nurse Aide Training and Competency Evaluation Programs (“NATCEP”).  As long as the waiver was in place, and as long as the nurse aide could demonstrate competency in the skills and techniques required to care for the nursing facility patients, CMS allowed these individuals to continue working at the nursing facilities.

Although allowing more individuals to serve the immense needs of nursing home residents served as this waiver’s key silver lining, its implementation also revealed that much nurse aide training can be furnished in a nursing home practice setting, through observation and working as a nurse aide.  CMS is therefore not yet ending this training waiver.  Instead, the agency recommends that states evaluate their NATCEP and consider allowing certain nurse aide time spent working during the COVID-19 pandemic to count toward their training hour requirement.

Nurse aides who have worked longer than four months during the pandemic have raised concerns with CMS regarding whether they must immediately leave the nursing facility when the waiver ends.  CMS recognizes these issues and advises stakeholders that the 4-month timeframe will be reinstated when the waiver ends.  Thus, nurse aides will have the full 4-month period post-waiver termination to complete all required training and certification, regardless of how much the nurse aide worked while the waiver was in effect.  Nevertheless, CMS encourages states and nurse aides to explore ways to complete all training and certification requirements as quickly as possible.

Should you have any questions on any of the issues raised in this alert, please reach out to James Hennessy, Kelly Kearney, Sonia Nguyen, or any other member of the Reed Smith LLP Life Sciences & Health Industry group.

Recent budget reforms to impact New York’s nursing homes 

On April 19th, 2021 Governor Andrew Cuomo (D) signed the state’s Budget for Health and Mental Hygiene (A3007C/S2507C), which includes several significant changes impacting the state’s nursing home operators and investors. Most notably, the legislation’s principal provisions require reinvestment of revenue into each nursing home facility and a cap on the profit the facility can make calculated on an annual basis.

More specifically, every residential health care facility is required to spend a minimum of 70 percent of revenue on direct resident care, and spend a minimum of 40 percent of revenue on resident-facing staffing. Notably, the amounts spent on resident-facing staffing may be included in the amounts spent on direct resident care. In addition, any residential health care facility whose total revenues exceed its total operating costs by more than five percent or which fails to reinvest the required percentage must pay the applicable amount in excess or by which the facility failed to meet the percentage, to the State of New York for deposit into the nursing home quality pool.

Although the legislation is not effective until January 1, 2022, it has already caused anxiety in the nursing home industry. For additional information on these legislative changes, please see our recent client alert  by Reed Smith partners Alfred G. Kyle and Joseph Marger.

Plausibility Pleading in the Digital Age: Federal appellate courts take fresh look at Rule 8 in FCA context

In recent years, the U.S. Department of Justice (“DOJ”) has increasingly leveraged data analytics to combat fraud. Principal Deputy Chief of DOJ’s Fraud Section, Joe Beemsterboer, described the department’s data-mining capabilities as the “foundation of how [DOJ] investigate[s] and analyze[s] cases,” and explained that digital forensics equips the department with “powerful” tools for identifying “trends,” “spikes” and “outliers.” Just over a year later, in December 2020, Michael Granston, Deputy Assistant Attorney General of DOJ’s Civil Division, echoed Mr. Beemsterboer’s remarks at the American Bar Association’s Civil False Claims Act (“FCA”) and Qui Tam Enforcement Institute. Mr. Granston previewed the “future” of DOJ’s FCA “enforcement efforts” by emphasizing that the public should “expect” DOJ to “expand its reliance” on “sophisticated analyses of Medicare data to uncover potential fraud schemes” by “identify[ing] trends and extreme outliers.” Mr. Granston went on to explain that Medicare data “can even allow [DOJ] to demonstrate and quantify sophisticated relationships” among alleged fraudsters.

These new investigative technology tools, however, are not exclusive to DOJ. Data mining, for example, also opens the door for opportunistic industry outsiders to formulate and pursue FCA liability theories against defendants with whom they have zero personal dealings. As the growing amount of publicly available data ushers in a new digital wave of fraud investigation and enforcement, members of the health care and life science industries have a pressing need for effective strategies to challenge such data-driven claims.

Importantly, in a little-noticed opinion issued last week, the United States Court of Appeals for the Ninth Circuit followed the lead of a decision issued last year by the Fifth Circuit confirming that defendants can defeat such claims at the pleadings stage. See Integra Med Analytics, LLC v. Providence Health & Servs., No. 19-56367 (9th Cir. Mar. 31, 2021); see also United States ex rel. Integra Med Analytics, L.L.C. v. Baylor Scott & White Health, 816 F. App’x 892 (5th Cir.), cert. denied, 141 S. Ct. 905 (2020).

Integra Med Analytics, LLC (“Integra”), a data forensic company and affiliate of the corporate whistleblower that successfully initiated one of the largest mortgage-backed securities fraud settlements, purports to leverage econometric and regression models to expose fraud, waste, and abuse in the health care industry. Relying on publicly available claims data obtained from the Centers for Medicare & Medicaid Services (“CMS”), Integra filed a series of FCA complaints against hospital systems and skilled nursing facilities across the country, including complaints against the Providence Health & Services system (“Providence”) in the Central District of California and the Baylor Scott & White Health system (“Baylor”) in the Western District of Texas. Integra alleged that Providence and Baylor, respectively, submitted over $250 million in false claims to Medicare by fraudulently claiming certain higher-value comorbidities. More to the point, Integra claimed its analysis of CMS’s public claims data identified Providence and Baylor as two of a handful of hospitals claiming various comorbidities significantly above the national average. Integra then alleged that it employed “unique algorithms and statistical processes” that purportedly ruled out demographic and other non-fraudulent reasons for this disparity and asserted that its CMS claims data analysis revealed a widespread “upcoding scheme.”

The Western District of Texas dismissed Integra’s lawsuit against Baylor with prejudice based on Baylor’s argument that Integra failed to state a plausible claim for relief under Rule 8 of the Federal Rules of Civil Procedure. The district court held that Integra failed to state a plausible claim because the alleged upcoding scheme was just as consistent with a lawful scheme to increase revenue through accurate documentation. On appeal, the Fifth Circuit affirmed Integra’s conclusory allegations were consistent with a legal and obvious alternative explanation, and the Supreme Court subsequently denied Integra’s petition for review.

Meanwhile, just a few weeks before the Western District of Texas’s opinion in Baylor, the Central District of California reached the opposite conclusion and denied Providence’s motion to dismiss Integra’s core FCA allegations on Rule 8 grounds. However, at Providence’s request, the district court later certified its order for interlocutory appeal to the Ninth Circuit, which accepted the appeal. After hearing oral argument earlier this year, the Ninth Circuit eventually reached the same conclusion as the Fifth Circuit, holding that Providence’s alleged conduct fell squarely in line with a lawful, rational, and competitive business strategy, and directing the district court to dismiss Integra’s complaint.

Data-mining relators now have both the resources (vast amounts of public data) and incentives (statutory right to share in FCA recoveries) to pursue sweeping fraud claims. DOJ likewise recognizes the utility of forensic data analysis in combating fraud and uses programmatic techniques to streamline investigations and expedite enforcement efforts. Therefore, members of the health care and life science industries should take note of the Providence and Baylor appellate decisions in light of the growing trend of algorithmic FCA investigations and litigation.

Disclosure: Reed Smith LLP served as counsel to the defendants in the Baylor case. The views expressed above are those of the author only.

Florida joins the ranks of states offering protections to businesses and health care providers from COVID-19 related lawsuits

During a press conference on Monday, March 29, 2021, Florida Governor Ron DeSantis signed Senate Bill 72, which grants civil immunity to corporations, hospitals, nursing homes, government entities, schools, and churches from COVID-19-related lawsuits, except in cases of gross negligence or intentional misconduct.  Plaintiffs who file suit in Florida alleging coronavirus-related injuries will face robust legal hurdles.  These plaintiffs must:

  • Provide a physician’s affidavit stating with reasonable certainty that the injury or death from COVID-19 resulted from the defendant’s actions;
  • Establish in court that the defendant failed to make a good-faith effort to comply with public health standards;
  • Prove by “clear and convincing” evidence that a defendant committed gross negligence (or intentional misconduct); and
  • File claims within one year from the later of the date of death, hospitalization, or COVID-19 diagnosis that is the basis for the claim.

This new law applies to claims that accrued before the enactment of the law and within one year following the governor’s signing, but does not apply to suits that were already filed and pending at the time of signing.  Senator Jeff Brandes, the bill’s author, stated that “[b]usinesses and medical facilities across our state are trying to survive, reopen, and recover from the pandemic.  Now is not the time for excessive and frivolous litigation.”  Senate President Wilton Simpson similarly stated that “[t]he last thing we want is for businesses and health care providers . . . to face a constant threat of frivolous lawsuits that hamper their ability to serve their patients and customers.”

Florida is the most recent state to enact legislation to shield businesses and health care providers from COVID-19 injury and wrongful-death lawsuits.  Previously, many other states—including Alabama, Alaska, Arizona, Georgia, Idaho, Kansas, Louisiana, Maryland, Massachusetts, Michigan, Mississippi, Montana, Nevada, New Jersey, New Mexico, New York, North Carolina, Oklahoma, Oregon, Pennsylvania, Rhode Island, Tennessee, Utah, Vermont, Virginia, Wisconsin, and Wyoming—have enacted similar legislation, with some extending protections to individual health care workers.  Additional states have provided protections via executive orders issued by their governors, and still others are in the process of enacting legislation that would offer some protections for health care providers and businesses with respect to COVID-19-related injuries.

Congress considers the future of telehealth in the wake of COVID-19

It is no secret that the coronavirus pandemic has driven our daily lives digital—work, education, social gatherings, and, of course, health care. Congress and CMS responded to the public health emergency by waiving limitations on reimbursement for telehealth services rendered to Medicare patients. These waivers introduced new flexibility and vastly expanded Medicare patients’ access to telehealth. However, it is unclear what role telehealth will play in the Medicare program after the pandemic.

On March 2, the House Committee on Energy and Commerce’s Subcommittee on Health held a hearing on “The Future of Telehealth: How COVID-19 is Changing the Delivery of Virtual Care.” The subcommittee welcomed health care industry witnesses to comment on the impact of telehealth and to respond to lawmakers’ questions about its future. Below are key takeaways from the hearing and predictions for the future of telehealth in a post-pandemic world.

      1. There is broad, bipartisan support for reimbursing telehealth services rendered             to traditional Medicare beneficiaries—even after the pandemic.

Both witnesses and representatives supported extending access to telehealth for traditional Medicare beneficiaries after the public health emergency ends. The question now is how far Congress is willing to go to cement these changes. Time will tell if legislative action takes the form of stopgap measures or permanent legislation. It is also unclear whether the types of Medicare covered telehealth services, which were expanded during the pandemic, will be scaled back. Expect Congress to advance legislation to prevent the sudden loss of telehealth benefits for traditional Medicare beneficiaries at the end of the public health emergency, including extended waivers—or outright elimination—of the originating and geographic site requirements in Section 1834(m) of the Social Security Act.

      2. Medicare reimbursement questions abound.

There is disagreement about whether Medicare providers should be reimbursed at rates equivalent to or lower than those for in-person services. Some believe that telehealth reduces overhead and that savings should be reflected in lower provider reimbursement. Others assert that reimbursement should be based on time and complexity, regardless of whether the encounter occurs in person or via telehealth.

Also unresolved is whether, when, and to what extent, audio-only telehealth should be reimbursed by Medicare. In light of concerns about equitable access, there is some agreement that audio-only telehealth should be, at minimum, a back-up option to protect individuals without access to, comfort with, or ability to use audio-visual technology. Expect ongoing discussion about when audio-only telehealth is appropriate and whether to reimburse audio-only services at the same rate as audio-visual services.

3. Telehealth expansion will necessitate reevaluation of the Medicare                               fee-for-service payment model.  

Several hearing commenters emphasized the need to transition toward a value-based payment model that focuses on clinical outcomes and patient satisfaction while better accommodating care innovations. Increasing the emphasis on value could disincentivize overutilization, thereby addressing concerns that telehealth services are additive rather than substitutive.

Value-based payment is not a new concept, however. Efforts to shift Medicare from fee-for-service to value-based payment have been piecemeal, so it will be worth monitoring to see if any payment model modifications are limited to telehealth or are part of more sweeping payment reform.

4. Any legislative developments will likely incorporate protections to guard against      fraud and abuse and to promote privacy and data security.  

Many hearing commenters expressed concerns about program integrity, fraud and abuse potential, and cybersecurity and privacy risks. Expect continued scrutiny of fraud and abuse laws and enforcement priorities. In fact, in a letter dated February 26, 2021, OIG directly acknowledged that it is monitoring telehealth developments. Shining a spotlight on telehealth fraud and abuse may ultimately increase legal exposure for telehealth providers and organizations, depending on HHS OIG and DOJ enforcement priorities.

Privacy and cybersecurity issues are also likely to draw legislative attention. There are questions about whether to preserve HIPAA waivers that allow continued access to telehealth resources through less secure, but potentially more accessible, means like Skype and FaceTime. And, as cybersecurity threats from both state and independent actors increase, there will undoubtedly be discussions about how to safeguard sensitive personal health information when more health care encounters occur via telehealth. It remains to be seen whether reporting obligations or penalties will be revised for telehealth practice.

5. Some fear that telehealth will lead to overutilization. 

Many hearing commenters expressed concern that the convenience of telehealth would encourage overutilization, but at this time there is insufficient data to determine telehealth’s effect on utilization. Others suggested that physician time and provider shortages would serve as guard-rails to limit overutilization. Expect legislative and regulatory attempts to disincentivize overutilization (e.g., cost-sharing requirements, value-based payment models, etc.).

6. Legislators and advocates aim to promote equitable access to telehealth.

With the promise of telehealth expansion come legitimate concerns that the most vulnerable populations will be left behind due to cost, digital literacy, broadband access, and other barriers. Commenters acknowledged the opportunity for telehealth to address health care disparities but recognized that barriers to telehealth access could deepen the divide for some groups. Expect increased scrutiny of access to care and clinical outcomes for rural, minority, low-income, elderly, disabled, and other disadvantaged or underserved populations in addition to:

    •  Investments in broadband infrastructure
    •  Programs to make broadband and telecommunications devices more affordable for   low-income individuals
    •  Programs to promote technological literacy
    •  Telehealth grants to providers

7. Telehealth expansion is bringing attention to physician licensure rules.

The pandemic has drawn attention to the limiting effects of physician licensure rules. Under COVID waivers, patients have been able to access services (particularly specialty and sub-specialty care) that would not otherwise be available in their immediate geographic area due to state-based licensure restrictions that prohibit physicians from practicing across state lines. Expect robust debate about whether physicians should be able to practice across state lines and when interstate practice is appropriate.

Although there is an Interstate Medical Licensure Compact, barriers to interstate licensure remain. Currently, only twenty-nine states, the District of Columbia, and Guam participate in the Compact. Licensure costs also pose a financial barrier to physicians who seek multi-state licensure. Physicians are responsible for a an initial fee to participate in the Compact, an initial licensing fee for each licensing state, and renewal fees in future years.

If physician licensure is expanded, it could present opportunities for organizations to provide clinically appropriate services on a broader scale. However, there will likely be significant pushback against attempts to nationalize licensure. Expect ongoing debates about breaking down legal, administrative, and financial barriers to interstate practice.

     8.  Telehealth presents significant opportunities for mental and behavioral health                care. 

There was enthusiastic support on both sides of the aisle for access to mental and behavioral telehealth services. Expect legislative efforts to protect and expand access to mental and behavioral telehealth services. This includes reevaluation of the Ryan Haight Act, which limits the prescription of controlled substances via telehealth.

9. There is no simple method for legislating what specialties or services should be      accessible via telehealth.  

Although there is concern that some services are not conducive to telehealth, it is unclear how to best identify such services without being overinclusive. With rapid technological change and fears of arbitrary designations, some think that these determinations should be left to provider discretion and evaluated against the provider’s standard of care, rather than preserved indefinitely in legislation or regulation.

10. Telehealth expansion poses care coordination challenges (as well as new                  opportunities).

Patients often use telehealth for discrete medical issues, which can result in transactional relationships and breakdowns in care coordination. A few commenters noted that, as telehealth expands, coordination and communication must to improve so that providers can better access patient information and see the complete picture of a patient’s medical history. Expect conversations about health record interoperability and data-sharing to continue, in addition to discussions about how to best provide comprehensive care.

On the other hand, telehealth presents the opportunity to coordinate care like never before. Using telehealth tools, providers may be better able to collaborate to treat and monitor complicated and chronic conditions. Greater collaboration could save time and reduce the provision of unnecessary or duplicative services.

      11. Research on the impact of telehealth will continue long after the pandemic. 

With increased emphasis on real-world evidence and data-informed decision-making, expect Congress, HHS, and industry groups to collect and analyze vast amounts of data on clinical outcomes, patient and physician satisfaction, and the cost-effectiveness of telehealth before, during, and after the pandemic to guide the course of telehealth expansion.

Reed Smith is continuing to track telehealth developments. Should you have any questions regarding the impact of these developments on your organization, please contact the Reed Smith health care team.

New IRS rulemaking impacts FCA settlement payment deductibility

Effective January 14, 2021, the Internal Revenue Service (“IRS”) implemented a final rule (the “Final Rule”) concerning the tax deductibility of settlement payments made to the government.  This rulemaking followed a legislative update to the Internal Revenue Code of 1986 (“IRC”), which was implemented as part of the 2017 federal tax overhaul and specifically included a prohibition against deducting certain settlement payments.  Relative to the IRS proposed regulations released in May 2020 (the “Proposed Rule”), and as further detailed below, aspects of the Final Rule favor taxpayers, relaxing certain restrictions contemplated under the Proposed Rule.  Those making payments in connection with litigation or governmental investigations, including False Claims Act (“FCA”) investigations by the Department of Justice (“DOJ”), should consider the Final Rule’s impact on their approach to documenting a settlement or related payment.

Background

The Tax Cuts and Jobs Act of 2017 (“TCJA”) modified the rules governing the deductibility of certain government settlement-related expenses under IRC Section 162(f).  As amended, Section 162(f) prohibits deductibility for “any amount paid . . . to, or at the direction of, a government or governmental entity in relation to: (1) the violation of any law or (2) the investigation or inquiry by such government or entity into the potential violation of any law.”

The TCJA-amended Section 162(f) includes a related exception, however, allowing tax deductions for “amounts constituting restitution or paid to come into compliance with law.” To qualify for this exception, an order or settlement agreement must identify as restitution, remediation, or amounts paid or incurred to come into compliance with a law (see “identification requirement” described below), and the taxpayer must establish that the amounts were paid or incurred as restitution or to come into compliance with a law (see “establishment requirement” described below).  If the applicable governmental entity agrees to include exception language associated with this exception under an order or settlement agreement, that governmental entity must also contemporaneously file an IRS form required under the TCJA-created IRC Section 6050X.

On May 13, 2020, the IRS published a notice of proposed rulemaking detailing guidance under the Section 162(f) deduction disallowance rules and associated Section 6050X reporting requirements.  The Final Rule followed on January 14, 2021, lending additional regulatory clarity and loosening certain restrictive provisions that were proposed in May 2020, as further described below.  The Final Rule confirms that the TCJA amended Section 162(f) does not apply to any order or settlement agreement issued or entered into before December 22, 2017.

Deduction Prohibition

The Final Rule’s deduction prohibition remains largely unchanged from the Proposed Rule, confirming that a taxpayer may not take a deduction for amounts: (1) paid or incurred by suit, agreement, or otherwise; (2) to, or at the direction of, a government or governmental entity; and (3) in relation to the violation, or investigation or inquiry by such government or governmental entity into the potential violation, of any civil or criminal law.  The Final Regulations rejected commenter requests to exclude certain administrative proceedings from the definition of “suit, agreement, or otherwise,” confirming that this language is intended to apply both to formal legal proceedings and other, less formal proceedings.  Specifically, the final regulations confirm that the Section 162(f) deduction disallowance rule applies to the following, without limitation:

  • settlement agreements;
  • non-prosecution agreements;
  • deferred prosecution agreements;
  • judicial proceedings;
  • administrative adjudications;
  • decisions issued by officials, committees, commissions, or boards of a government or governmental entity; and
  • any legal actions or hearings in which a liability for the taxpayer is determined or pursuant to which the taxpayer assumes liability.

Exception Clarification and Guidance

As confirmed under the Final Rule, the Section 162(f) exception to the disallowance prohibition requires applicable amounts to be identified in the order or agreement as paid or incurred for restitution or remediation, or to come into compliance with a law.  Key components of this exception, particularly to the extent they deviate from the Proposed Rule, are detailed below:

Identification Requirement

The Final Rule clarified Section 162(f)’s “identification requirement,” which mandates that a qualifying, tax deductible payment must be specifically identified in its applicable order or agreement as restitution, remediation, or amount paid to come into compliance with law.  The IRS clarified that it is the order or agreement, and not the taxpayer, that must meet this identification requirement.

According to the Final Rule, this identification requirement will be met even if the order or agreement uses a different form of the key terminology mentioned above (i.e., “restitution, remediation, or amount paid to come into compliance with law”), including alternative language such as ‘‘remediate’’ or ‘‘comply with a law.’’  Similarly, even if those key terms are not used in any form, an order or agreement will meet the identification requirement if “the nature and purpose of the payment, as described in the order or agreement, are clearly and unambiguously to restore the injured party or property or to correct the non-compliance.”

The Final Rule also acknowledges that the precise payment amount relating to “restitution, remediation, or coming into compliance with the law” may be unknown on the date of the settlement agreement or order, particularly in instances where only a lump sum payment is specified or if a payment is divided among multiple taxpayers.  The Final Rule clarifies how a taxpayer may meet the identification requirement in these circumstances and also confirms that the identification requirement may be met even if the order or agreement does not provide an estimated payment amount.  Particularly in the latter circumstance, the agreement or order must contain language specifically stating that the forthcoming amount, once established, will be paid or incurred in accordance with the Section 162(f) exception requirements.

Establishment Requirement

The TCJA-amended IRC Section 162(f) also requires that a taxpayer establish, with appropriate records and documentation, that a tax deductible amount was actually paid or incurred for the nature and purpose identified above.  The final regulations clarify that this “establishment requirement” is met if the documentary evidence submitted by the taxpayer proves: (1) that the taxpayer was legally obligated to pay the amount identified in the order or agreement as restitution, remediation, or to come into compliance with a law, (2) the amount actually paid, and (3) the date on which the amount was paid.  The Final Rule expanded upon the Proposed Rule’s non-exhaustive list of documents that can be used to fulfill this establishment requirement, including the following:

  • receipts;
  • the violated or potentially violated legal or regulatory provision;
  • government documents relating to the investigation or inquiry;
  • judgment;
  • decree;
  • documents describing how the payable amount was determined; and
  • correspondence between the taxpayer and government.

According to the Final Rule, in the case of a lump sum payment or multiple damage award that includes a combination of restitution, remediation, and coming into compliance with the law, the taxpayer must establish the exact amount paid or incurred for each purpose to meet the establishment requirement.  Similarly, if an order or agreement involves multiple taxpayers, each taxpayer must establish the amount it paid or incurred as restitution, remediation, or to come into compliance with the law, each as required under Section 162(f).

Disgorgement and Forfeiture

Under the Proposed Rule, the Section 162(f) deduction exception did not apply to payments for “forfeiture or disgorgement” (the latter being an equitable remedy involving the return of ill-gotten gains), meaning that any amount paid or incurred as forfeiture or disgorgement would have been unequivocally disallowed.  The IRS changed its course in the Final Rule, however, implementing a circumstantial, fact-based test to determine deductibility for forfeiture and disgorgement payments, looking to whether each of the following is true: (1) the amount is otherwise deductible under IRC, (2) the identification rule is met, (3) the establishment rule is met, and (4) the amount is not disbursed to the general account of the governmental entity for general enforcement purposes.

Qui Tam Cases

The Final Rule clarifies that the deduction disallowance rule does not apply to any amount paid in connection with an order or agreement for a suit in which no governmental entity is a party.  Citing a commenter concern regarding qui tam cases brought by private citizens on behalf of a governmental entity, the Final Rule confirms the absence of any “single rule” that determines the treatment of such cases.  The final regulations do note, however, that the governmental entity is the real party in interest in qui tam cases, and Section 162(f) likely applies to any amount paid, including any share ultimately paid by the governmental entity to the relator, whether or not the governmental entity intervenes in the suit.  Therefore, any amount paid or incurred to a governmental entity as a result of the suit will likely be disallowed unless a Section 162(f) exception applies.

Government Reporting under Section 6050X.

The Final Rule also interprets IRC Section 6050X, which provides appropriate officials of government entities the operational, administrative, and definitional rules for complying with the statutory information reporting requirements for suits or agreements to which that section applies.  In general, under the final regulations, if the aggregate amount a payor is required to pay pursuant to an order or agreement for a violation, investigation, or inquiry to which Section 6050X applies equals or exceeds the $50,000 regulatory threshold amount, the appropriate official of a governmental entity that is a party to the order or agreement must file an information return with the IRS regarding certain amounts paid or incurred pursuant to the order or agreement, the payor’s taxpayer identification number, and other IRS required information.

Practical Impact. 

Taxpayers making governmental related settlement payments, including those in connection DOJ FCA investigations, should consult the Final Rule and determine how it might impact their approach to documenting potentially deductible payments and maintaining associated records.  Specifically, a taxpayer should ensure that its settlement agreement specifically identifies amounts that are paid as “restitution or remediation, or to come into compliance with law,” and thereafter, taxpayers should maintain sufficient records and documentation to be able to establish that the amounts were paid for that identified, qualifying purpose.

FDA and USDA battle over regulating genetically engineered animals

A substantial shift for genetically engineered (“GE”) food regulation may be on the horizon thanks to a USDA proposed rule with a fast closing comment period, which ends on February 26, 2021. The proposed rule strips FDA’s jurisdiction over food-bearing GE livestock and places it within USDA’s purview, thereby granting USDA jurisdiction over pre-market review and post-market safety monitoring of such products. This significant change would create a less burdensome pathway for the regulatory approval of certain GE livestock, which are currently regulated by FDA as a new animal drug. While the Trump Administration endorsed the proposal before leaving office, the Biden Administration has yet to indicate whether it supports or disapproves of the measure. 

Genetically engineered (“GE”) food is a signature dish on the regulatory menu as the Food and Drug Administration (“FDA”) and the United States Department of Agriculture (“USDA”) battle for jurisdiction to regulate GE animals for human consumption. The turf war was sparked on December 28, 2020, when the USDA published a proposed rule seeking comment for sixty (60) days regarding transitioning jurisdiction for safety assessments of certain GE agricultural animals away from FDA and into USDA’s purview. Shortly thereafter, the Trump Administration signed an interdepartmental memorandum of understanding, moving the conventionally FDA authority over food-bearing GE livestock to USDA. The proposed change has not gone without contest, as now-former FDA Commissioner Stephen Hahn indicated he had no plans to sign off on the jurisdictional transfer based in part on public health concerns. It is also unclear whether the current head of the USDA supports the measure. Given the comment period for the proposal ends February 26, 2021, the Biden Administration will have the final say on whether the jurisdictional transfer takes place.

Historically, the two agencies have shared jurisdiction over food, with FDA regulating animal biotechnology and USDA overseeing GE crops for protecting agriculture from pests and diseases. Under the new proposal, USDA will be in charge of end-to-end regulation over GE livestock, from pre-market review though post-market safety monitoring, which would change significantly the current regulatory landscape. USDA would receive broad authority over GE animals including cattle, sheep, goats, swine, horses, chickens, and others, while FDA would retain authority over GE animals developed for nonagricultural purposes, such as medical or pharmaceutical use. Currently, FDA regulates most GE animals under the Federal Food, Drug, and Cosmetic Act (“FCA”), pursuant to which FDA has considered each specific genomic alternation to be a “new animal drug” that is subject to FDA’s new animal drug approval requirement. Understandably, FDA’s approval process for GE animals takes a holistic approach that sometimes lasts for years. FDA, however, has approved only two GE animals for human consumption in its history, while USDA has made it possible for hundreds of GE crops to be widely adopted throughout the country. Industry stakeholders have expressed frustrations that the current system is too cumbersome and competitively disadvantageous, as numerous nations have developed gene editing capabilities, which include capabilities to engineer more disease resistant animals designed for human consumption.

It will be interesting to see how the Biden Administration responds. It would not be surprising to see the current administration walk back an attempt to usher in a less rigorous regulatory framework and opt to maintain FDA’s jurisdiction to oversee the health and safety of GE animals used for human consumption. As some commentators have proposed, another alternative to consider is treating GE foods as a new food additive. No longer classifying GE foods as drugs would subject these products to the less restrictive regulatory requirements applicable to food additives. This approach would allow FDA to retain jurisdiction, while simultaneously creating an easier pathway for GE animals to obtain pre-market approval. Food for thought.

What happens when the clock strikes midnight: A Primer on “Midnight Regulations”

With another presidential transition in the history books, you may find it unsurprising to hear that many of us at Reed Smith are continuing to closely monitor and track which of the outgoing Trump administration’s “midnight regulations” will survive past the early months of the Biden administration. But for those less familiar with the topic (or just looking to learn more), below is a brief primer on so-called “midnight regulations.”

What exactly is a “midnight regulation”?

The term “midnight regulation” refers to a last-minute rulemaking generated by an outgoing administration’s executive agencies during the “lame duck” period between Election Day in November and Inauguration Day on January 20th of the following year—also known as the “midnight” period. Historically, since the midnight period of the outgoing Carter administration in 1981, the United States has experienced significantly increased regulatory output during the final quarter of an outgoing President’s term (relative to the final quarter in other years) regardless of political party.

What is the reason for the surge in rulemaking after “midnight”?

Although there are likely multiple factors that contribute to the phenomenon, most scholars agree that the late-term surge in rulemaking primarily derives from increased pressure as a result of the upcoming presidential transition. That is, political appointees seek to take advantage of their last chance to advance the outgoing administration’s regulatory agenda before the incoming administration alters priorities, while non-political agency staff seek to hurry and complete work to avoid any delays brought about by the incoming administration. Additionally, the rulemaking process can routinely take up to four years to complete.

What is unique about rulemaking during the midnight period relative to other times?

Depending on the status of an outgoing administration’s midnight regulation (i.e., proposed but not yet final, final but not yet in effect, or final and in effect) on Inauguration Day, the incoming administration may have the authority to freeze, rescind, and/or amend the rulemaking. Notably, the speed with which a midnight regulation can emerge from the procedural pipeline is contingent on several statutory requirements.

What are the relevant statutory requirements that govern the rulemaking process?

With respect to midnight regulations, two statutes governing the rulemaking process stand out. First, under the Administrative Procedure Act (APA), executive agencies are typically required to publish a notice of proposed rulemaking in the Federal Register, solicit comments from the public, publish a final rulemaking in the Federal Register, and provide for at least a 30-day waiting period before the regulation goes into effect.

Second, under the Congressional Review Act (CRA), executive agencies are typically required to submit a report on the final rulemaking to both houses of Congress and the Government Accountability Office (GAO) before the rulemaking can take effect. Additionally, with respect to “major” regulations (e.g., those that have a $100+ million annual effect on the economy), the CRA provides for at least a 60-day waiting period from the later of (i) the date both Houses of Congress receive the report on the final rulemaking or (ii) the date of publication in the Federal Register.

What is the significance of Inauguration Day?

Following the inauguration of the newly elected President, the incoming administration customarily issues a memorandum that instructs all executive agencies to freeze various regulatory activity, including all final rules that have not yet taken effect. This year was no exception: on January 20, 2021, the new White House Chief of Staff Robert Klain issued a memorandum with the subject line “Regulatory Freeze Pending Review” to all executive agencies.

What midnight regulations will survive the presidential transition?

For those midnight regulations that have been published as final in the Federal Register and already taken effect (in compliance with the APA and CRA), the incoming administration cannot freeze, withdraw, or postpone the rulemakings. Any attempt to repeal and/or amend this type of midnight regulation would likely require another, separate round of rulemaking.

For those midnight regulations that have been published as final in the Federal Register but not yet taken effect (or whose stated effective date was not in compliance with the APA or CRA), the incoming administration could postpone the effective dates of the rulemakings (typically up to 60 days) and review them for any questions of fact, law, and policy they may raise, which could subject the rulemakings’ effective dates to additional delay.

For those midnight regulations that have been proposed but are not yet published as final in the Federal Register, the incoming administration could halt and withdraw them entirely.

What is an example of a midnight regulation that Reed Smith attorneys are monitoring and tracking?

Here is a prime example of why the above information may be important to know. Say you are a health care company that would like to engage in a value-based arrangement protected by the recently-promulgated rulemakings modernizing the Physician Self-Referral Law (the Stark Law) and the federal Anti-Kickback Statute (AKS), which rulemakings were published in the Federal Register on December 2, 2020. Given that December 2, 2020, is squarely in the midnight period of the outgoing Trump administration, you would like to know whether these value-based rulemakings will persist during the Biden administration.

The untrained eye may look at the value-based regulations’ stated effective dates (i.e., January 19, 2021), determine that the rulemakings went into effect before Inauguration Day, and move forward with a value-based arrangement. However, the trained eye—one that has reviewed this primer—will note that the value-based regulations, which are “major” regulations, have effective dates that are not in compliance with the CRA’s mandatory 60-day waiting period. In fact, in December 2020, GAO formally determined that the January 19, 2021 effective dates in both of the value-based regulations violated the CRA. That finding possibly provided the incoming Biden administration, if so inclined, the ability to assert that the original effective dates in the value-based regulations were unlawful and to stay implementation of those rulemakings at least temporarily.

To date, we have not seen the Biden administration take any such action—in fact, using the CRA, the Stark Law amendments took effect on January 31, 2021, or 60 days after December 2, 2020—but we will continue to watch closely for any updates. Using the CRA, the AKS amendments are scheduled to take effect on February 14, 2021, or 60 days after December 16, 2020 (i.e., the date that the House of Representatives received the report on the AKS final rulemaking).

What if I have additional questions?

Should you have any questions related to the incoming Biden administration’s treatment of the Trump administration’s midnight regulations, including those related to modernizing the Stark Law and the AKS, please do not hesitate to reach out to the health care attorneys at Reed Smith.

LexBlog