Health Care

At the end of September, the Departments of Health and Human Services (HHS), Labor, and Treasury (collectively, the Departments), along with the Office of Personnel Management (OPM), released Part II of its regulations implementing the No Surprise Act (the “Act”). The “Requirements Related to Surprise Billing; Part II” interim final rule (IFR) sets forth the Federal independent dispute resolution (IDR) process to determine the out-of-network payment rates. Major provider associations have released statements criticizing the IDR process and methodology for determining payment.

In anticipation of FDA’s virtual public workshop on transparency of artificial intelligence/machine learning (AI/ML)-enabled medical devices scheduled for October 14, 2021, we will be posting a series detailing the history behind FDA’s regulation of software and then reporting our impressions of FDA’s presentations and statements from various attending stakeholders following meeting. In this part, we briefly summarize FDA’s traditional approach to regulating software and how software development quickly revealed the limitations of the original regulatory framework established in the 1976 Medical Device Amendments to the Federal Food, Drug, and Cosmetic Act (FD&C Act).

Last week, the HHS Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) hosted a webinar on the HIPAA Security Risk Assessment Tool (SRA Tool).  The webinar provided a guided tour of the SRA Tool, answered frequently asked questions, and gave updates on upcoming enhancements to the SRA Tool.  Most importantly, the webinar serves as yet another reminder for entities subject to HIPAA of their obligation to perform a security risk assessment and to update that assessment on a periodic basis and in response to new business processes, operations, and threats.

As our colleagues predicted, the Supreme Court’s decision in Rutledge v. Pharmaceutical Care Management Association (PCMA) encouraged state efforts to expand regulation of pharmacy benefit managers (PBM) and related practices. And as expected, this year has already seen an aggressive round of state legislation that aims to expand regulation in this area.

The U.S. Department of Justice (DOJ) recently announced its latest national enforcement action related to health care fraud (National Enforcement Action) in which DOJ filed criminal charges against 142 defendants. The National Enforcement Action, which alleges losses of $1.4 billion due to false or fraudulent billings, follows similar DOJ “take downs” over the last several years in that it focuses on telemedicine providers and the opioid crisis. This post provides five takeaways from the National Enforcement Action.

As we’ve previously covered, the COVID-19 pandemic has brought about a major increase in the prevalence of telehealth services, due in large part to regulatory flexibilities at the federal and state levels. Beginning in March 2020, state Medicaid programs across the country loosened requirements for coverage of telehealth services provided to Medicaid beneficiaries, reducing barriers by allowing audio-only services and covering a broader scope of services delivered via telehealth. The increase in telehealth has resulted in improved access to behavioral health services in particular, but according to an OIG report issued earlier this week, state Medicaid programs will need to increase their oversight of these services if the telehealth flexibilities become permanent.

When it comes to the privacy of health information, California belongs to the select group of states that have implemented broad consumer privacy protections above and beyond those provided by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission Act (FTCA). This year, the state’s ongoing legislative efforts to protect the health information of its residents included: Assembly Bill 1436 (AB 1436) which if enacted would have revised California’s existing Confidentiality of Medical Information Act (CMIA), and Senate Bill 41 (SB 41), which if enacted will create the new Genetic Information Privacy Act (GIPA). As further discussed below, only SB 41 is moving forward, and if signed by Governor Newsom GIPA will go into effect on January 1, 2022.

On September 15, 2021, in response to the “proliferation of apps and connected devices that capture sensitive health data” the Federal Trade Commission (FTC) issued a Policy Statement ( the Statement) offering guidance on the scope of the FTC’s Health Breach Notification Rule (Breach Rule). According to the Statement, the Breach Rule applies outside of the traditional health care context (e.g. health care involving diagnosis and treatment by a licensed health care provider) and the FTC intends to bring enforcement actions for noncompliance involving up to $43,792 in civil penalties per violation, per day.

On September 15, 2021, the Office of Inspector General for the Department of Health and Human Services (OIG) issued a favorable Advisory Opinion regarding a hospital’s proposal to implement a program through which patients who experience complications after specific joint replacement procedures can receive free items and services to treat the complications. The OIG likened the program to a warranty for joint replacement procedures.

Agencies of the federal government with a consumer protection mission have always tended to work closely together and to share information, but the COVID-19 pandemic has made those cooperative efforts even more visible to the general public. We blogged in 2020 about the increasing use of warning letters jointly issued by the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) Division of Advertising Practices in the apparently never-ending fight against fraudulent COVID-19 products (see prior post here). While coordinated FDA and FTC enforcement activities specific to the ongoing public health emergency continue at a brisk pace – as of September 9, 2021, FDA has issued more than 200 warning letters to companies claiming that a product is an effective cure, treatment, or preventative for COVID and the FTC has issued more than 400 pertaining to unsubstantiated health claims for COVID-related products, with many of those being signed by both agencies – these powerhouse regulators also appear to have become more comfortable with announcing joint actions in non-COVID contexts. This trend makes it even more important for manufacturers and marketers of consumer-facing products to be fully aware and compliant with all of their legal and regulatory obligations.

It’s finally here – the Drug Pricing Plan that President Biden ordered the Department of Health and Human Services (HHS) to produce by the end of August (the “Plan”) was released publicly by the Administration on September 9, 2021. The Plan makes it clear that the Biden Administration supports aggressive action to address rising drug prices, including controversial actions such as allowing HHS to negotiate the cost of Medicare Part B and D drugs. The Plan also outlines a set of administrative actions that HHS and its operating agencies can take, without the need for intervention by Congress. A notable gap in the Plan, however, is the Administration’s potential approach to manufacturer rebates and the Rebate Rule.

This edition covers return-to-work challenges, insight on patenting AI innovations, FDA guidance on medical devices, transactional and IP activity in the life sciences, and recent Mintz work for life sciences clients.

Physician judgment and medical necessity increasingly are a focus of fraud and abuse enforcement actions, with statistical analysis of procedure volumes used to flag potential cases. Last week, the Atlantic published this recent article discussing a significant 2018 decision of the Tenth Circuit Court of Appeals in United States ex rel. Polukoff v. St. Mark’s Hospital, et al., No. 17-4014 (10th Cir. Jul. 9, 2018), in which the court held that a physician’s medical judgment concerning medical necessity of a particular treatment for two specific cardiac conditions could be “false or fraudulent” under the federal False Claims Act (FCA). Our colleague, Brian Dunphy, covered the 2018 decision on this blog here. The Tenth Circuit ultimately held that a “doctor’s certification to the government that a procedure is ‘reasonable and necessary’ is ‘false’ under the FCA if the procedure was not reasonable and necessary under the government’s definition of the phrase.”

On Friday, August 6, 2021, Pharmaceutical Research and Manufacturers of America (PhRMA), the preeminent trade association representing pharmacies companies, announced revisions to its Code on Interactions with Health Care Professionals (PhRMA Code) that will become effective January 1, 2022. The PhRMA Code is a voluntary code for pharmaceutical companies, but its standards are considered to be best practices and are commonly adhered to by pharmaceutical and medical device companies. Moreover, some states (e.g. California, Massachusetts, Nevada, and the District of Columbia) require pharmaceutical companies to adopt a code consistent with the PhRMA Code.

The changes to the PhRMA Code are undoubtedly in response to a November 16, 2020, Special Fraud Alert from the Department of Health and Human Services’ Office of the Inspector General (OIG), on “fraud and abuse risks associated … speaker programs.” (For additional information on the OIG’s Special Fraud Alert, please see our November 25, 2020 blog post.) Speaker programs are a common practice in the industry and generally entail pharmaceutical and medical device companies retaining health care professionals (HCPs) to speak or present to educate their peers on the companies’ drugs or devices.

As previously discussed, many of the telehealth flexibilities in place during the COVID-19 pandemic are set to expire at the end of the federal Public Health Emergency (PHE), unless federal and state legislators act to make the changes permanent. A recent bill introduced by Representative Robin Kelly (D-IL) suggests that Congress is interested in expanding access to telehealth services for Medicare and Medicaid beneficiaries if the benefits of increased access to telehealth can be demonstrated. According to a press release issued by Representative Kelly’s office, “Telehealth has the potential to help equalize healthcare access for underserved populations. However, we need data to understand utilization, cost, fraud, privacy and how to serve those left behind by the digital divide.”

As the spread of the Delta variant of COVID-19 and the reality of inconsistent vaccine uptake lead to growing case numbers across the country, many of us are wondering, how did we get here and what’s next?

Has the Food and Drug Administration (FDA) finally ushered in a new era for the U.S. biosimilar marketplace? Many in the industry are hopeful after the Agency approved its first interchangeable biosimilar, Mylan’s Semglee (insulin glargine) on July 28, 2021. Mylan’s Semglee is a long-acting human insulin analog indicated to improve glycemic control in adults and pediatric patients with type 1 diabetes mellitus and in adults with type 2 diabetes mellitus. It is both biosimilar to and interchangeable with Lantus (insulin glargine) meaning it can be substituted for Lantus at the pharmacy-level without the need for a prescription from a healthcare professional. This approval is important because it furthers FDA’s commitment to supporting a competitive marketplace for insulin products. The availability of interchangeable biosimilar products can provide more treatment options to patients, lowering the treatment costs and enabling greater access for more patients. One can hope that this approval marks the beginning of a trend in the biosimilar marketplace.

Earlier this week, a bipartisan group of Senators led by Senator Chuck Grassley (R-Iowa) introduced two pieces of proposed legislation, one of which would amend the existing False Claims Act (FCA) and the other of which would amend the Program Fraud Civil Remedies Act of 1986 (the PFCRA) to create the Administrative False Claims Act of 2021 (AFCA). The AFCA would focus on smaller claims than does the FCA. Senator Grassley described the bills as being intended to “help recoup even more money by clarifying confusion after the Escobar case” and as being needed more than ever “to fight the significant amounts of fraud we are already seeing” related to the trillions of dollars Congress has appropriated for COVID relief.

For many health care systems, patient leakage – when patients leave a health care system’s network in favor of out-of-network providers – is a rampant problem that results in substantial lost revenue. While sometimes patient leakage is just a result of patient choice, often the issue lies with employed or contracted physicians referring patients for services outside the network. Many health care systems may be wary of including in their physician contracts requirements that physicians refer patients exclusively within the network (otherwise known as directed referral requirements) based on concerns with interfering with physicians’ medical judgment and/or the common misconception that the Stark Law prohibits directed referral requirements.

To the contrary, the Stark Law actually permits directed referral requirements, provided that certain conditions are met. CMS recently enacted changes to the Stark Law regulations, effective January 19, 2021, that provide additional clarity on how health care providers can permissibly use directed referral requirements. These recent changes have seemingly triggered new awareness and interest in how health care systems can utilize directed referral requirements to combat patient leakage.

On June 24, 2021, the Food and Drug Administration (FDA) issued the long-awaited Remanufacturing of Medical Devices Draft Guidance, which describes the agency’s current thinking on activities that meet the definition of remanufacturing and a process for determining whether an act done to an original equipment manufacturer’s (OEM’s) legally marketed finished device is considered remanufacturing (the “Draft Remanufacturing Guidance”).