Other Health Policy Developments

Subscribe to Other Health Policy Developments

As promised back in April in an announcement of its plans to modernize compliance program guidance, the Department of Health and Human Services Office of Inspector General (OIG) issued the first of its new guidance documents for the health care industry on November 6, 2023. The first release is a general compliance program guidance (GCPG) designed to serve as a resource to all segments of the health care industry, regardless of the particular items or services offered.

In its newest release, OIG reiterates its view that the GCPG is by its very nature a voluntary guidebook that can act as a roadmap for a compliance program to follow, but that it is not binding on any individual or entity in the health care industry. This updated GCPG includes the following information for health care compliance programs, which we summarize further below: (1) key Federal authorities for entities engaged in health care business; (2) the seven elements of a compliance program; (3) adaptations for small and large entities; (4) other compliance considerations; and (6) OIG processes and resources.

Additional industry specific compliance guidance documents will be forthcoming, according to OIG, with its first updated guidance setting the stage for those to follow.Continue Reading HHS OIG Issues General Guidance as First Step in Effort to Modernize Compliance Guidance

On September 15, 2023, FDA published an update to the guidance document – “Breakthrough Devices Program, Guidance for Industry and Food and Drug Administration Staff.” Notably, FDA states that it may consider a medical device’s ability to improve health and healthcare disparities when deciding whether to designate a medical device as a breakthrough device. The agency may use this information to determine whether a candidate device provides more effective treatment or diagnosis when compared to the current standard of care. Below, we provide additional information regarding the breakthrough device program and the updated guidance.Continue Reading FDA Updates Breakthrough Device Guidance

On August 1, 2023, the U.S. Food & Drug Administration (“FDA”) and the Drug Enforcement Administration (“DEA”) issued a joint letter to all Americans to provide a status update regarding the ongoing shortage of prescription stimulants. Stimulants fall under the purview of both FDA and DEA because they are controlled substance drugs. Both agencies recognize the important role of prescription stimulants when it comes to the treatment of conditions such as attention-deficit/hyperactivity disorder (“ADHD”), binge eating disorder, and narcolepsy.

According to the letter, the agencies are working closely with manufacturers and other members of the drug supply chain to address these shortages, which are the result of two main factors—manufacturing delays and an increased demand for the stimulants.Continue Reading FDA and DEA seek to ameliorate the shortage and misuse of stimulants

On April 24, 2023, the OIG formally announced that it will be modernizing its existing Compliance Program Guidance (“CPG”).

The OIG has provided a CPG for various industry subsections since 1998.  Each CPG was developed in an effort to set forth voluntary compliance standards to be utilized in identifying and preventing fraud and abuse in federal health care programs.  In September 2021, the OIG published a request for information (“RFI”), wherein OIG requested insight on how providers use CPG and what improvements could be made to provide more relevant and accessible guidance.  

Providers and other industry representatives made recommendations including, but not limited to, creating industry-specific guidance, consolidating existing CPG, enabling user-friendly access to CPG, and ensuring ongoing updates to identify the OIG’s current positions on new and emerging risks in health care.Continue Reading OIG announces Modernization of Compliance Program Guidance

On April 7, 2023, only minutes apart, two federal district courts issued rulings on cases challenging the Food and Drug Administration’s regulations governing mifepristone, a key medication for women seeking an abortion. Both rulings faulted the FDA’s handling of the approval and its subsequent restrictions on the dispensing of mifepristone, but the two rulings came to very different conclusions as to what the availability of the drug should be.

Judge Matthew Kacsmaryk of the U.S. District Court for the Northern District of Texas issued a 67-page opinion ordering that the FDA’s initial approval of the drug, which was approved in 2000, should be stayed pending the court’s full review of the merits of the case. The court then stayed its own order for seven days to allow the FDA to appeal to the U.S. Court of Appeals for the Fifth Circuit.

Just minutes later, Judge Thomas Rice of the U.S. District Court for the Eastern District of Washington issued a 31-page opinion ordering FDA and HHS not to make any changes to the availability of mifepristone under the current operative Risk Evaluation and Mitigation Strategy (REMS) program, which requires the drug to be prescribed and dispensed only by certified providers, among other requirements. Unlike Judge Kacsmaryk, whose injunction has nationwide effect, Judge Rice limited the effect of his order to only the 17 states and the District of Columbia who brought the challenge in his court. The 17 plaintiff states in this lawsuit are: Arizona, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Michigan, Minnesota, Nevada, New Mexico, Oregon, Pennsylvania, Rhode Island, Vermont, and Washington and the District of Columbia.

The most difficult-to-reconcile aspect of the two orders is the fact that Judge Kacsmaryk’s order is a nationwide stay of the drug’s approval, while Judge Rice’s order to maintain the status quo availability only applies to the specific plaintiffs.  Notably absent from the Washington order’s applicability would be California, Massachusetts, New Jersey, New York, North Carolina, New Hampshire, and Virginia.Continue Reading Mifepristone Cases – Our Thoughts

Health care and health care-adjacent organizations are seeing a steep increase in risk arising from the frequently utilized third-party analytics and advertising services on their websites, mobile applications, patient portals, and other Internet-connected services. Those organizations should pay attention to new regulatory guidance, published settlements with regulators, and an onslaught of class action filings stemming

On March 27, 2023, two United States Senators, Bill Cassidy, MD (R-LA) and Jeff Merkley (D-OR) introduced the bipartisan No Unreasonable Payments, Coding, or Diagnoses for the Elderly (“No UPCODE”) Act to address perceived financial incentives inherent in the Medicare Advantage patient risk scoring reimbursement methodology. Senator Merkley alleges that the current reimbursement

On February 28, 2023, six of the seven Medicare Administrative Contractors (MACs), who administer Medicare reimbursement on behalf of the Centers for Medicare and Medicaid Services (CMS), came together for a multijurisdictional contractor advisory committee (CAC) meeting. The purpose of the CAC meeting was to discuss remote physiologic monitoring (RPM) and remote therapeutic monitoring (RTM) for non-implantable devices. Specifically, the MACs were looking to determine whether a local coverage determination (LCD) should be developed to guide those performing remote patient monitoring and utilizing these billing codes.  

The public was permitted to submit written comments and responses to a set of specific discussion questions through March 10, 2023. The questions covered a range of issues including the advantages of RPM/RTM in a clinical setting and the use of third-party vendors in the provision of RPM/RTM services.

Importantly, if any MAC decides to develop an LCD after the CAC, the LCD will be published both on the MAC’s webpage and on the Medicare Coverage Database. The LCD will then go through a public comment period and other administrative hurdles before it can be finalized as policy. To date, there have been no established Medicare coverage policies for remote monitoring services. Continue Reading MACs Consider Guidance on Remote Patient Monitoring Amid Exploding Utilization

The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) recently issued a bulletin highlighting the application of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to covered entities and business associates (“Regulated Entities”) under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”) when using online tracking technologies that collect and analyze information about how internet users interact with websites or mobile applications (“Tracking Technologies”). While the Bulletin emphasizes that Regulated Entities have always been prohibited from impermissible uses and disclosures of protected health information (“PHI”) collected through Tracking Technologies, including disclosing PHI to Tracking Technology vendors without entering into business associate agreements (“BAAs”), OCR has been relatively silent on this issue to date.

To highlight the application of HIPAA to Regulated Entities leveraging Tracking Technologies, the Bulletin provides several examples of how Tracking Technologies may collect and share PHI, including on authenticated and unauthenticated webpages, as well as mobile apps. In particular, the Bulletin describes how websites and mobile apps commonly use Tracking Technologies to collect information from users, including identifiers that are unique to users’ mobile devices. This information can then be used by the owner of a website or app, a related vendor, or a third party to gain insights about users’ online activities and to create a unique profile for each user. These insights and information can be used in beneficial ways to help improve care or the patient experience, but they can also be misused to promote misinformation and for other detrimental purposes.

In a nutshell, OCR’s Bulletin stresses that when an individual uses Regulated Entities’ websites or mobile apps, information such as the individual’s medical record number, home or email address, dates of appointments, IP address, geographic location, or medical device ID may constitute PHI subject to HIPAA and should be held by Regulated Entities accordingly. According to OCR, such information generally is PHI, even if the individual does not have an existing relationship with the Regulated Entity and even if the information does not include specific treatment or billing information like dates and types of health care services. Per OCR, this is because the information connects the individual to the Regulated Entity (i.e., it is indicative that the individual has received or will receive health care services or benefits from the covered entity), and thus relates to the individual’s past, present, or future health or health care or payment for careContinue Reading HHS OCR Issues Bulletin on HIPAA Compliance for Tracking Technologies 

Under provisions of the 21st Century Cures Act (Cures Act), providers of Medicaid-funded personal care services (PCS) and home health care services (HHCS) will need to be fully compliant with their state’s electronic visit verification (EVV) systems by January 1, 2023

Congress passed the Cures Act on December 13, 2016. Among other things, in an effort to increase transparency and reduce fraud in connection with the delivery of health care services, this law mandated that states implement EVV systems for all Medicaid-funded (including under waiver programs) PCS by January 1, 2019, and HHCS by January 1, 2023, in each case where services include an in-home visit by a provider. Subsequent legislation extended the deadline for PCS to implement EVV requirements to January 1, 2020. However, the deadline for HHCS remains January 1, 2023, and is quickly approaching.

Providers of PCS and HHCS services should make sure that they are working towards implementing EVV systems in their own business operations in compliance with applicable state requirements, the majority of which also are requiring provider compliance by January 1, 2023Continue Reading Home Health Care Services Electronic Visit Verification System Implementation Required by January 1, 2023

In its latest effort to increase transparency and improve patient access to information about their health care providers the U.S. Department Health and Human Services Centers for Medicare & Medicaid Services (CMS) published a Request for Information (RFI) on October 7, 2022, seeking input on creation of a national provider directory for use by patients, regulators, and insurers.  

According to the announcement, the RFI was prompted by inefficiencies arising from “the fragmentation of current provider directories” maintained by providers, insurers and/or third-party sources that CMS believes could be remedied by a federal provider directory containing “digital contact information containing the most accurate, up-to-date, and validated . . . data in a publicly accessible index.”

The stated goal of the RFI is to examine the feasibility and requirements for a proposed National Directory of Healthcare Providers and Service (NDH). Responses to the RFI are due by December 6, 2022, and stakeholder comments already are being submitted.Continue Reading CMS Considers National Directory of Healthcare Providers and Services

On September 27, 2022, FDA announced the publication of a  final guidance  document entitled Clinical Decision Support Software, Guidance for Industry and Food and Drug Administration Staff (Final CDS Guidance), which focuses on clarifying the types of clinical decision support (CDS) software functions that are excluded from the definition of device by the criteria in section 520(o)(1)(E) of the Federal Food Drug and Cosmetic Act.

This final guidance document addresses industry comments made in response to FDA’s September 2019 draft guidance (Draft CDS Guidance). The Final CDS Guidance streamlines the Draft CDS Guidance by focusing the scope on CDS intended to be used by state licensed, registered, or certified health care professionals , rather than those also used by patients and caregivers, which were included in the scope of the Draft CDS Guidance.Continue Reading FDA Announces Final Guidance on Clinical Decision Support Software

The U.S. Supreme Court on July 26 issued its judgment in the case of Dobbs v. Jackson Women’s Health, officially setting in motion abortion bans in at least four states.

A “judgment” is distinct from the opinion and typically follows issuance of the opinion by about a month. This certified document from the clerk of The Supreme Court is usually simply a formality to allow the Court of Appeals from which the case originated to either close its docket or begin the process of implementing what was ordered on remand.

In the Dobbs case, the Supreme Court issued its opinion (142 S. Ct. 2228) on June 28, but the judgment issued from the clerk’s office to the Fifth Circuit about 30 days later.

Because of the way the trigger bans in at least four states were worded, the issuance of the judgment on July 26 also started the clock on the enforcement of those states’ laws. The trigger laws in Texas, Tennessee, Idaho, and North Dakota will each take effect 30 days after the judgment was issued, i.e., on August 25, 2022.Continue Reading Supreme Court judgment triggers abortion bans in states, legislative action in others

The U.S. Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) released earlier this year the Trusted Exchange Framework and Common Agreement (TEFCA), which is intended to improve electronic interoperability among health information networks (HINs) and facilitate the exchange of health information among connected organizations. 

Importantly, TEFCA is not just about HINs.  Under TEFCA, any organization that connects to a HIN designated as a Qualified HIN (QHIN) may be able to meet many interoperability and information sharing obligations without implementing technology integrations on a request-by-request basis.  ONC believes that TEFCA will “reduce the need for duplicative network connectivity interfaces, which are costly, complex to create and maintain, and an inefficient use of provider and health IT developer resources.” ONC stated that connected organizations “will be able to share information with all other connected entities regardless of which QHIN they choose.” 

However, participation in TEFCA comes with a price.  Organizations that connect to QHINs, either directly or indirectly, will likely need to agree to new contractual requirements that flow-down from QHINs.Continue Reading ONC’s Trusted Exchange Framework and Common Agreement (TEFCA): Impacts on Health Information Networks and Health Care Organizations

As the health care industry as a whole comes to grips with the fallout from the U.S. Supreme Court’s decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health, here at Reed Smith we have formed a Reproductive Health Working Group to bring expertise from the across our many specialty areas to help our clients to prepare for the post-Dobbs reality.

To that end, we have generated a series of “unanswered questions” client updates to reflect the issues that a Roe reversal may have for the health care industry. Earlier posts on this blog have shared the parts of that series that focused on pharmacieshealth care providers, and fertility practices, and employee benefit plans.

The Working Group has put together two new updates to branch into the employment and privacy areas.Continue Reading Unanswered Questions on Privacy and Employment from Supreme Court Overturn of Roe v. Wade

Now that U.S. Supreme Court has overturned Roe v. Wade in Dobbs v. Jackson Women’s Health, the implications of that action will be felt by employee benefit plans and the companies that offer them. Among those implications are the logistics of how to offer coverage for employees who must travel out of state to obtain a legal abortion.

The Reed Smith Reproductive Health Working Group has generated a series of “unanswered questions” client updates to reflect the issues that a Roe reversal may have for the health care industry. Earlier posts on this blog shared the first three parts of that series that focused on pharmacies, health care providers, and fertility practices, respectively.

In Part IV of the series, Allison Warden Sizemore considers the implications of the reversal on employee benefits plans. Specifically she highlights issues arising from an employer’s offer to cover travel costs for employees who travel for an abortion.Continue Reading Unanswered Questions for Employee Benefits Plans from Supreme Court overturn of Roe v. Wade

In an opinion authored by Justice Samuel Alito and joined by four of the other conservatives, The Supreme Court in Dobbs v. Jackson Women’s Health Organization held that there is no federal constitutional right to an abortion, and that the decision to regulate abortion should be governed exclusively by state law. In doing so, the decision overruled The Supreme Court’s previous decisions of Roe v. Wade decided in 1973 and Planned Parenthood of Southeastern PA v. Casey decided in 1992.

The Dobbs opinion tracks closely with the previous leaked draft opinion from The Supreme Court and includes concurring opinions from Justice Thomas, Justice Kavanaugh, and Chief Justice Roberts, as well as a dissent by Justices Breyer, Sotomayor and Kagan.

The Chief Justice concurred in the judgment but wrote separately to indicate that he would have only upheld the Mississippi law, and stopped short of overturning the precedents of Roe and Casey.

Decision changes landscape of reproductive health care rights

The Court’s decision, which was effectively 6-3 given the Chief Justice’s concurrence in the judgment, changes the landscape of reproductive health care rights throughout the country.Continue Reading Supreme Court Overturns Roe and Casey

Now that U.S. Supreme Court has overturned Roe v. Wade in Dobbs v. Jackson Women’s Health, the implications of that action will be far reaching both for fertility practices and for health care providers in general.

The Reed Smith Reproductive Health Working Group has generated a series of “unanswered questions” client updates to reflect the

The Centers for Medicare & Medicaid Services (“CMS”) issued the first round of civil monetary penalties to two hospitals in Georgia for failure to comply with the requirements of the Hospital Price Transparency Final Rule (the “Rule”) on June 7, 2022.

According to the Notices of Imposition of a Civil Monetary Penalty published on the CMS Price Transparency Website, Northside Hospital Atlanta (“Northside Atlanta”) and Northside Hospital Cherokee (“Northside Cherokee”) failed to publish their standard charges and provide access to a machine-readable searchable tool, which would include standard prices for the hospitals’ items and services. CMS took this action after both hospitals failed to respond to the Warning Notices and Requests for Corrective Action Plans issued by CMS.

Effective January 1, 2021, hospitals must publish a machine-readable file that discloses the hospital’s negotiated rates with health plans, gross charges, discounted cash prices, and de-identified minimum and maximum negotiated charges for all items and services. Additionally, hospitals must publish a consumer-friendly, searchable tool that displays in plain language the prices of 300 shoppable medical services that a consumer can schedule in advance.Continue Reading CMS levies penalties for non-compliance with Hospital Price Transparency Rule