RISE summarizes recent regulatory-related and news headlines.
HHS ISSUES FINAL RULE TO ADVANCE PROTECTIONS AGAINST HEALTH CARE DISCRIMINATION
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS) last week released a final rule to advance protections against discrimination in health care. The final rule, which is scheduled to be published in the Federal Register on May 6, strengthens protections against discrimination on the basis of race, color, national origin, sex, age, and disability, and reduces language access barriers, expands physical and digital accessibility, and tackles bias in health technology.
“Today’s rule is a giant step forward for this country toward a more equitable and inclusive health care system, and means that Americans across the country now have a clear way to act on their rights against discrimination when they go to the doctor, talk with their health plan, or engage with health programs run by HHS,” said Secretary Xavier Becerra in the announcement. “I am very proud that our Office for Civil Rights is standing up against discrimination, no matter who you are, who you love, your faith or where you live. Once again, we are reminding Americans we have your back.”
HHS said the rule restores protections gutted by the Trump administration and helps increase meaningful access to health care for communities across the country. The rule includes the following provisions:
- Holds HHS’ health programs and activities to the same nondiscrimination standards as recipients of federal financial assistance.
- For the first time, the Department will consider Medicare Part B payments as a form of federal financial assistance for purposes of triggering civil rights laws enforced by the Department, ensuring that health care providers and suppliers receiving Part B funds are prohibited from discriminating on the basis of race, color, national origin, age, sex and disability.
- Requires covered health care providers, insurers, grantees, and others to proactively let people know that language assistance services are available at no cost to patients.
- Requires covered health care providers, insurers, grantees, and others to let people know that accessibility services are available to patients at no cost.
- Clarifies that covered health programs and activities offered via telehealth must also be accessible to individuals with limited English proficiency, and individuals with disabilities.
- Protects against discrimination by codifying that Section 1557’s prohibition against discrimination based on sex includes LGTBQI+ patients.
- Respects federal protections for religious freedom and conscience and makes clear that recipients may simply rely on those protections or seek assurance of them from HHS.
- Respects the clinical judgement of health care providers.
- Protects patients from discriminatory health insurance benefit designs made by insurers.
- Clarifies the application of Section 1557 nondiscrimination requirements to health insurance plans.
- Applies the nondiscrimination principles under Section 1557 to the use of patient care decision support tools in clinical care.
- Requires those covered by the rule to take steps to identify and mitigate discrimination when they use artificial intelligence and other forms of decision support tools for care.
UNITEDHEALTH CEO TO TESTIFY AT HOUSE OVERSIGHT HEARING ON CHANGE HEALTHCARE CYBERATTACK
UnitedHealth Group, Inc., CEO Andrew Witty will testify on Wednesday, May 1, before the House Energy and Commerce Committee Subcommittee on Oversight and Investigations Subcommittee.
UnitedHealh is the parent company of Change Healthcare, which is still recovering from a ransomware attack on its platforms that hit on February 21. Critical services affecting patient care —including billing services, claims transmittals, and eligibility verifications—became inoperable because of the attack.
The company told media outlets this month that it paid ransom of an undisclosed amount to try to protect patient data, but files containing patients’ personal information were compromised in the breach. The files “could cover a substantial proportion of people in America,” the company told CNBC.
House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.) and Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-Va.) said in a statement they are looking forward to learning from Witty what happened in the lead up to, and in the weeks following, the attack.
KAISER DATA BREACH AFFECTS 13.4M PATIENTS, MEMBERS
The Kaiser Foundation Health Plan is alerting more than 13.4 million individuals that their information was compromised in a data breach. The California health plan reported the unauthorized access to its network server on April 12 with the Office of Civil Rights and the notice was made public last week.
Kaiser Permanente told Reuters it is not aware of any misuse of any member's or patient's personal information but the company is informing members and patients who accessed its websites and mobile applications
Healthcare Finance reports that the breach appeared to involve online technologies previously installed on Kaiser websites and mobile applications that may have transmitted personal information to third-party vendors when members and patients accessed the websites or mobile applications.
FTC FINALIZES CHANGES TO THE HEALTH BREACH NOTIFICATION RULE
The Federal Trade Commission (FTC) announced last week that it has finalized changes to the Health Breach Notification Rule (HBNR), clarifying its applicability to health apps and other similar technologies and expanding the information that covered entities must provide to consumers when notifying them of a breach of their health data.
The HBNR requires vendors of personal health records (PHR) and related entities that are not covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals, the FTC, and, in some cases, the media, of a breach of unsecured personally identifiable health data. It also requires third party service providers to vendors of PHRs and PHR related entities to notify vendors and PHR related entities following the discovery of a breach.
“Protecting consumers’ sensitive health data is a high priority for the FTC,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in the announcement. “With the increasing use of health apps and connected devices, the updated HBNR will ensure it keeps pace with changes in the health marketplace.”
The final rule revises definitions, clarifies breach of security, explains multiple sources of PHR identifiable health information, expands the use of electronic notification and consumer notice content, and changes the timing requirement for when the FTC must be notified about a breach.
DOC CONVICTED IN $5.4M MEDICARE FRAUD SCHEME
A federal jury on Friday convicted a New Jersey doctor for submitted more than $5.4 million in fraudulent claims to Medicare for orthotic braces ordered through a telemarketing scheme.
According to court documents and evidence presented at trial, Adarsh Gupta, M.D., 51, of Sewell, N.J., signed thousands of prescriptions for orthotic braces for over 2,900 Medicare beneficiaries via telemarketers who convinced the beneficiaries to accept unnecessary braces.
After briefly speaking to the beneficiaries over the telephone, Gupta prescribed orthotic braces for them. For instance, Gupta prescribed a back brace, shoulder brace, wrist brace, and knee brace for an undercover agent after speaking with the agent for just over a minute on the telephone. In another instance, Gupta prescribed a knee brace for a Medicare beneficiary whose legs had previously been amputated. The evidence presented at trial showed that Gupta could not possibly have diagnosed the beneficiaries or determined that the braces were medically necessary during his brief telephonic encounters with them. However, Gupta signed prescriptions for braces that falsely represented that the braces were medically necessary and that he diagnosed the beneficiaries, had a care plan for them, and recommended that they receive certain additional treatment. Brace supply companies used Gupta’s false prescriptions to bill Medicare more than $5.4 million.
The jury convicted Gupta of three counts of health care fraud and two counts of false statements relating to health care matters. He is scheduled to be sentenced on October 8 and faces a maximum penalty of 10 years in prison on each of the health care fraud counts and five years in prison on each of the false statements relating to health care matters counts.
LEADER OF $50M HEALTH CARE FRAUD PLEADS GUILTY
The Department of Justice announced that Manishkumar Patel, 44, of Pelham Manor, N.Y., pled guilty in connection with a $50 million health care fraud and kickback scheme involving the sale of fraudulent prescriptions for durable medical equipment, among other medical supplies, to suppliers, pharmacies, and laboratories who obtained payment for those fraudulent prescriptions from Medicare. He is scheduled to be sentenced on July 26.
According to the charging documents and other filings and statements made in court, between 2019 and 2022, Patel fraudulently sold prescriptions and doctors’ orders for durable medical equipment, pharmaceuticals, and laboratory tests to durable medical equipment suppliers, pharmacies, and laboratories.
He obtained the scripts from call centers that called Medicare beneficiaries and asked them perfunctory questions designed to justify a script that would be reimbursed by Medicare. Patel turned the information from those calls into scripts by arranging cursory telemedicine appointments with the beneficiaries—a practice called “doctor chasing,” in which the information was sent to a doctor who signed the script without seeing the patient and who was frequently unaware of what they were signing—and obtaining forged scripts. Patel then sold the scripts to Medicare providers, which filled the orders and billed Medicare.
Because the scripts were fraudulently obtained, many beneficiaries rejected the items they were sent by the Medicare providers, many doctors threatened to report Patel for fraud, and Medicare frequently refused to pay for the scripts.
Patel pled guilty to one count of conspiracy to commit health care fraud, one count of wire fraud, and one count of violating the anti-kickback statute, each of which carries a maximum sentence of five years in prison. He was also ordered to pay $48 million in restitution to CMS and forfeit $6 million.