Other Health Policy Developments

The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) recently issued a bulletin highlighting the application of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to covered entities and business associates (“Regulated Entities”) under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”) when using online tracking technologies that collect and analyze information about how internet users interact with websites or mobile applications (“Tracking Technologies”). While the Bulletin emphasizes that Regulated Entities have always been prohibited from impermissible uses and disclosures of protected health information (“PHI”) collected through Tracking Technologies, including disclosing PHI to Tracking Technology vendors without entering into business associate agreements (“BAAs”), OCR has been relatively silent on this issue to date.

To highlight the application of HIPAA to Regulated Entities leveraging Tracking Technologies, the Bulletin provides several examples of how Tracking Technologies may collect and share PHI, including on authenticated and unauthenticated webpages, as well as mobile apps. In particular, the Bulletin describes how websites and mobile apps commonly use Tracking Technologies to collect information from users, including identifiers that are unique to users’ mobile devices. This information can then be used by the owner of a website or app, a related vendor, or a third party to gain insights about users’ online activities and to create a unique profile for each user. These insights and information can be used in beneficial ways to help improve care or the patient experience, but they can also be misused to promote misinformation and for other detrimental purposes.

In a nutshell, OCR’s Bulletin stresses that when an individual uses Regulated Entities’ websites or mobile apps, information such as the individual’s medical record number, home or email address, dates of appointments, IP address, geographic location, or medical device ID may constitute PHI subject to HIPAA and should be held by Regulated Entities accordingly. According to OCR, such information generally is PHI, even if the individual does not have an existing relationship with the Regulated Entity and even if the information does not include specific treatment or billing information like dates and types of health care services. Per OCR, this is because the information connects the individual to the Regulated Entity (i.e., it is indicative that the individual has received or will receive health care services or benefits from the covered entity), and thus relates to the individual’s past, present, or future health or health care or payment for care

Continue Reading HHS OCR Issues Bulletin on HIPAA Compliance for Tracking Technologies 

Under provisions of the 21st Century Cures Act (Cures Act), providers of Medicaid-funded personal care services (PCS) and home health care services (HHCS) will need to be fully compliant with their state’s electronic visit verification (EVV) systems by January 1, 2023

Congress passed the Cures Act on December 13, 2016. Among other things, in an effort to increase transparency and reduce fraud in connection with the delivery of health care services, this law mandated that states implement EVV systems for all Medicaid-funded (including under waiver programs) PCS by January 1, 2019, and HHCS by January 1, 2023, in each case where services include an in-home visit by a provider. Subsequent legislation extended the deadline for PCS to implement EVV requirements to January 1, 2020. However, the deadline for HHCS remains January 1, 2023, and is quickly approaching.

Providers of PCS and HHCS services should make sure that they are working towards implementing EVV systems in their own business operations in compliance with applicable state requirements, the majority of which also are requiring provider compliance by January 1, 2023

Continue Reading Home Health Care Services Electronic Visit Verification System Implementation Required by January 1, 2023

In its latest effort to increase transparency and improve patient access to information about their health care providers the U.S. Department Health and Human Services Centers for Medicare & Medicaid Services (CMS) published a Request for Information (RFI) on October 7, 2022, seeking input on creation of a national provider directory for use by patients, regulators, and insurers.  

According to the announcement, the RFI was prompted by inefficiencies arising from “the fragmentation of current provider directories” maintained by providers, insurers and/or third-party sources that CMS believes could be remedied by a federal provider directory containing “digital contact information containing the most accurate, up-to-date, and validated . . . data in a publicly accessible index.”

The stated goal of the RFI is to examine the feasibility and requirements for a proposed National Directory of Healthcare Providers and Service (NDH). Responses to the RFI are due by December 6, 2022, and stakeholder comments already are being submitted.

Continue Reading CMS Considers National Directory of Healthcare Providers and Services

On September 27, 2022, FDA announced the publication of a  final guidance  document entitled Clinical Decision Support Software, Guidance for Industry and Food and Drug Administration Staff (Final CDS Guidance), which focuses on clarifying the types of clinical decision support (CDS) software functions that are excluded from the definition of device by the criteria in section 520(o)(1)(E) of the Federal Food Drug and Cosmetic Act.

This final guidance document addresses industry comments made in response to FDA’s September 2019 draft guidance (Draft CDS Guidance). The Final CDS Guidance streamlines the Draft CDS Guidance by focusing the scope on CDS intended to be used by state licensed, registered, or certified health care professionals , rather than those also used by patients and caregivers, which were included in the scope of the Draft CDS Guidance.

Continue Reading FDA Announces Final Guidance on Clinical Decision Support Software

The U.S. Supreme Court on July 26 issued its judgment in the case of Dobbs v. Jackson Women’s Health, officially setting in motion abortion bans in at least four states.

A “judgment” is distinct from the opinion and typically follows issuance of the opinion by about a month. This certified document from the clerk of The Supreme Court is usually simply a formality to allow the Court of Appeals from which the case originated to either close its docket or begin the process of implementing what was ordered on remand.

In the Dobbs case, the Supreme Court issued its opinion (142 S. Ct. 2228) on June 28, but the judgment issued from the clerk’s office to the Fifth Circuit about 30 days later.

Because of the way the trigger bans in at least four states were worded, the issuance of the judgment on July 26 also started the clock on the enforcement of those states’ laws. The trigger laws in Texas, Tennessee, Idaho, and North Dakota will each take effect 30 days after the judgment was issued, i.e., on August 25, 2022.

Continue Reading Supreme Court judgment triggers abortion bans in states, legislative action in others

The U.S. Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) released earlier this year the Trusted Exchange Framework and Common Agreement (TEFCA), which is intended to improve electronic interoperability among health information networks (HINs) and facilitate the exchange of health information among connected organizations. 

Importantly, TEFCA is not just about HINs.  Under TEFCA, any organization that connects to a HIN designated as a Qualified HIN (QHIN) may be able to meet many interoperability and information sharing obligations without implementing technology integrations on a request-by-request basis.  ONC believes that TEFCA will “reduce the need for duplicative network connectivity interfaces, which are costly, complex to create and maintain, and an inefficient use of provider and health IT developer resources.” ONC stated that connected organizations “will be able to share information with all other connected entities regardless of which QHIN they choose.” 

However, participation in TEFCA comes with a price.  Organizations that connect to QHINs, either directly or indirectly, will likely need to agree to new contractual requirements that flow-down from QHINs.

Continue Reading ONC’s Trusted Exchange Framework and Common Agreement (TEFCA): Impacts on Health Information Networks and Health Care Organizations

As the health care industry as a whole comes to grips with the fallout from the U.S. Supreme Court’s decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health, here at Reed Smith we have formed a Reproductive Health Working Group to bring expertise from the across our many specialty areas to help our clients to prepare for the post-Dobbs reality.

To that end, we have generated a series of “unanswered questions” client updates to reflect the issues that a Roe reversal may have for the health care industry. Earlier posts on this blog have shared the parts of that series that focused on pharmacieshealth care providers, and fertility practices, and employee benefit plans.

The Working Group has put together two new updates to branch into the employment and privacy areas.

Continue Reading Unanswered Questions on Privacy and Employment from Supreme Court Overturn of Roe v. Wade

Now that U.S. Supreme Court has overturned Roe v. Wade in Dobbs v. Jackson Women’s Health, the implications of that action will be felt by employee benefit plans and the companies that offer them. Among those implications are the logistics of how to offer coverage for employees who must travel out of state to obtain a legal abortion.

The Reed Smith Reproductive Health Working Group has generated a series of “unanswered questions” client updates to reflect the issues that a Roe reversal may have for the health care industry. Earlier posts on this blog shared the first three parts of that series that focused on pharmacies, health care providers, and fertility practices, respectively.

In Part IV of the series, Allison Warden Sizemore considers the implications of the reversal on employee benefits plans. Specifically she highlights issues arising from an employer’s offer to cover travel costs for employees who travel for an abortion.

Continue Reading Unanswered Questions for Employee Benefits Plans from Supreme Court overturn of Roe v. Wade

In an opinion authored by Justice Samuel Alito and joined by four of the other conservatives, The Supreme Court in Dobbs v. Jackson Women’s Health Organization held that there is no federal constitutional right to an abortion, and that the decision to regulate abortion should be governed exclusively by state law. In doing so, the decision overruled The Supreme Court’s previous decisions of Roe v. Wade decided in 1973 and Planned Parenthood of Southeastern PA v. Casey decided in 1992.

The Dobbs opinion tracks closely with the previous leaked draft opinion from The Supreme Court and includes concurring opinions from Justice Thomas, Justice Kavanaugh, and Chief Justice Roberts, as well as a dissent by Justices Breyer, Sotomayor and Kagan.

The Chief Justice concurred in the judgment but wrote separately to indicate that he would have only upheld the Mississippi law, and stopped short of overturning the precedents of Roe and Casey.

Decision changes landscape of reproductive health care rights

The Court’s decision, which was effectively 6-3 given the Chief Justice’s concurrence in the judgment, changes the landscape of reproductive health care rights throughout the country.

Continue Reading Supreme Court Overturns Roe and Casey

Now that U.S. Supreme Court has overturned Roe v. Wade in Dobbs v. Jackson Women’s Health, the implications of that action will be far reaching both for fertility practices and for health care providers in general.

The Reed Smith Reproductive Health Working Group has generated a series of “unanswered questions” client updates to reflect the

The Centers for Medicare & Medicaid Services (“CMS”) issued the first round of civil monetary penalties to two hospitals in Georgia for failure to comply with the requirements of the Hospital Price Transparency Final Rule (the “Rule”) on June 7, 2022.

According to the Notices of Imposition of a Civil Monetary Penalty published on the CMS Price Transparency Website, Northside Hospital Atlanta (“Northside Atlanta”) and Northside Hospital Cherokee (“Northside Cherokee”) failed to publish their standard charges and provide access to a machine-readable searchable tool, which would include standard prices for the hospitals’ items and services. CMS took this action after both hospitals failed to respond to the Warning Notices and Requests for Corrective Action Plans issued by CMS.

Effective January 1, 2021, hospitals must publish a machine-readable file that discloses the hospital’s negotiated rates with health plans, gross charges, discounted cash prices, and de-identified minimum and maximum negotiated charges for all items and services. Additionally, hospitals must publish a consumer-friendly, searchable tool that displays in plain language the prices of 300 shoppable medical services that a consumer can schedule in advance.

Continue Reading CMS levies penalties for non-compliance with Hospital Price Transparency Rule

On June 7, 2022, the Federal Trade Commission (FTC) announced that it would conduct an inquiry into the competitive impact of contracting and other business practices of pharmacy benefit managers (PBMs), including their effects on access to and affordability of prescription drugs.  As part of the inquiry, which is similar to FTC inquiries into other aspects of the health care industry, the FTC issued orders under Section 6(b) of the FTC Act requiring the six largest PBMs to provide information and records to the Commission. 

The five FTC commissioners voted unanimously on June 6, 2022 to conduct the study and issue the Section 6(b) orders.  According to the FTC mission statement, Section 6(b) “enables [the FTC] to conduct wide-ranging studies that do not have a specific law enforcement purpose.” 

In February, an earlier proposed review of PBMs failed to receive approval on a 2-2 party-line vote, with the two Republican Commissioners, Noah J. Phillips and Christine S. Wilson, voting against the proposed study. Commissioner Alvaro Bedoya was confirmed by the Senate in May, giving Democrats three seats on the Commission. 

Commissioners Phillips and Wilson issued a statement indicating that they had voted to approve the current inquiry because it has a different scope than the previously proposed study, including relationships between PBMs and both pharmacies and pharmaceutical manufacturers, “including, critically, how those practices might impact out-of-pocket costs for consumers.”

The FTC stated that its inquiry will examine PBMs’ role as middlemen who are hired by health plans to negotiate rebates and fees with drug manufacturers, create drug formularies and related policies, and reimburse pharmacies for patients’ prescriptions.  The Commission said that PBMs “often have enormous influence on which drugs are prescribed to patients, which pharmacies patients can use, and how much patients ultimately pay at the pharmacy counter.”  Chair Linda M. Khan stated that the FTC had received complaints about PBM practices from patients and professionals across the healthcare system, several of which the inquiry will examine.    

Continue Reading FTC announces inquiry into PBM practices and orders PBMs to provide information

On May 10, 2022, FDA published draft guidance entitled, “Benefit-Risk Considerations for Product Quality Assessments”, which describes the benefit-risk principles applied by FDA when conducting product quality-related assessments of chemistry, manufacturing, and controls (CMC) information submitted for FDA’s review as part of original new drug applications (NDAs), original biologics license applications (BLAs), or supplements to such applications.

In the draft guidance, FDA reiterates its risk-based regulatory approach and applies it in the product quality assessment context.  Specifically, the draft guidance states that FDA continues to identify potential risks to product quality associated with the formulation, manufacturing process, and packaging components when conducting a product quality assessment as well as the proposed control strategy for mitigating those risks.

Continue Reading FDA issues draft guidance for use in product quality assessments

In a March 11 advisory opinion the Department of Health and Human Services’ Office of Inspector General (“OIG”) permitted a medical device manufacturer to pay Medicare-reimbursable costs for subjects enrolled in a clinical trial sponsored by the manufacturer and involving the manufacturer’s therapy.

The OIG indicated it would not impose administrative sanctions, despite the fact

The Centers for Medicare and Medicaid Services (CMS) is proposing significant and important modifications to its National Coverage Determination (NCD): Screening for Lung Cancer with Low Dose Computed Tomography (LDCT). Medicare pays for lung cancer screening, counseling, and shared decision-making visits, and for an annual screening for lung cancer with low dose computed tomography as a preventive service benefit under the Medicare program. CMS issued its NCD in 2015 initiating this screening benefit, but stakeholders have observed that many of the features of the initial NCD served as a barrier to the effectiveness of this screening program. The proposed NCD makes numerous improvements to this program and eliminates many of the barriers to qualified patients’ ability to gain access to important LDCT lung cancer screenings.

Last year, a formal joint request to reconsider the NCD was submitted to CMS by the GO2 Foundation for Lung Cancer, The Society of Thoracic Surgeons, and American College of Radiology (ACR), and CMS received numerous comments from various stakeholders, including from the Association for Quality Imaging. This new proposed NCD is in response to that request and the comments from stakeholders.

Continue Reading New and improved proposed national coverage determination on screening for lung cancer with low dose CT

On July 1, 2021, the Department of Justice (DOJ) released a memorandum signed by Attorney General Merrick Garland regarding the issuance and use of guidance documents. Addressed to the heads of all DOJ components, the memorandum rescinds two previous DOJ memoranda and outlines the principles governing the DOJ’s revised approach in evaluating guidance documents.

2017 Memorandum

On November 16, 2017, then Attorney General Jeff Sessions published a memorandum entitled “Prohibition on Improper Guidance Documents” (the “2017 Memorandum”). The 2017 Memorandum sought to address instances in which guidance documents published by the DOJ were being used to “effectively bind private parties without undergoing the [notice-and-comment] rulemaking process.” Under the 2017 Memorandum, Attorney General Sessions prohibited publication of guidance documents “that purport to create rights or obligations binding on persons or entities outside the Executive Branch (including state, local and tribal governments).”  The 2017 Memorandum directed the DOJ to also adhere to several principles in constructing and publishing guidance documents. These included avoiding the use of mandatory language, specifically noting that voluntary standard non-compliance would not result in enforcement action and including unambiguous statements that published guidance documents were not legally-binding final agency actions.

Brand Memo

Following the 2017 Memorandum, then Associate Attorney General Rachel Brand released a memorandum entitled “Limiting Use of Agency Guidance Documents In Affirmative Civil Enforcement Cases” (the “Brand Memo”). The Brand Memo built upon the publication principles outlined in the 2017 Memorandum and extended them to the DOJ’s legal actions, preventing DOJ lawyers from utilizing non-compliance with guidance documents as a basis for filing a civil lawsuit. While DOJ lawyers could still use guidance documents read by a party as evidence that such party had knowledge of a legal mandate, “that a party fails to comply with agency guidance [documents] expanding upon statutory or regulatory requirements does not mean that the party violated those underlying legal requirements.”

Continue Reading DOJ revises approach to publication and enforcement of guidance documents

On May 18, 2021, in a statement issued by the U.S. Department of Health and Human Services’ (HHS) Office of Inspector General, Acting U.S. Attorney for the Eastern District of California, Phillip Talbert, and California Attorney General, Rob Bonta (the Statement), the health care industry was reminded of the prohibition against charging individuals for COVID-19

On May 10, 2021, the Department of Health and Human Services (“HHS”) announced that— consistent with the Supreme Court’s decision in Bostock v. Clayton County, 140 S. Ct. 1731 (2020), and Title IX of the Education Amendments of 1972—HHS’s Office of Civil Rights (“OCR”) will interpret and enforce the prohibition on discrimination on the