RISE summarizes recent regulatory-related headlines.
CAP analysis: Thousands may die if Congress significantly cuts Medicaid funding
A recent analysis by the Center for American Progress, a Washington, D.C.-based public policy research and advocacy organization, finds that 34,200 more people would die each year if the federal government reduces Medicaid funding.
The analysis, first reported by The Hill, is based in part on a 2017 study by health economist Benjamin D. Sommers, which found Medicaid expansion is linked to one life saved annually for every 239 to 316 adults gaining insurance. It also considers an Urban Institute estimate that 10.8 million would become uninsured if Congress reduces the enhanced federal medical assistance percentage (FMAP) of 90 percent to cover Medicaid costs for adults with family incomes up to 138 percent of the federal poverty level. CAP researchers came up with their estimate by applying the end of Sommer’s range to Urban Institute’s projections.
The fallout in each state would be enormous, the CAP study found. For example, more than two million Californians and 1.3 million New Yorkers would become uninsured, leading to more than 6,500 and 4,100 deaths each year, respectively.
If federal work reporting requirements are implemented, CAP researchers estimate they would lead to roughly 15,400 deaths each year.
“Congressional Republicans are considering proposals that would severely undermine the Medicaid program, threatening coverage for millions of Americans,” CAP concluded. “Whether through reduced federal funding or punitive administrative barriers such as work reporting requirements, these measures would lead to widespread coverage losses and, by conservative estimates, tens of thousands of preventable deaths each year.”
NJ marketing company owners sentenced to prison for roles in $127M health care fraud
Two operators of a New Jersey marketing company were sentenced to prison for their roles in conspiracies to commit health care fraud and to pay and receive illegal kickbacks, according to the Justice Department.
Eric Karlewicz, who is also known as “Anthony Mazza,” 46, of Rockland County, N.Y., and Nicco Romanowski, 33, of Roswell, Ga, were sentenced in Newark federal court following their guilty pleas to conspiracy to violate the federal anti-kickback statute and conspiracy to commit health care fraud. Karlewicz was sentenced to 51 months in prison, and Romanowski was sentenced to 80 months in prison.
According to the Justice Department, from June 2017 to May 2019, Karlewicz and Romanowski participated in a scheme with durable medical equipment companies, telemedicine companies, and doctors to submit false claims to Medicare and TRICARE, based on a circular scheme of kickbacks and bribes. The two controlled a New Jersey-based marketing company, Empire Pain Center Holdings LLC, through which they identified Medicare and TRICARE beneficiaries to target. Employees of Empire called the beneficiaries to pressure them to agree to accept durable medical equipment, which included back, shoulder, and knee braces. The two men provided commissions, bonuses, and incentives to encourage employees to convince as many beneficiaries as possible to accept the equipment, regardless of medical necessity.
Karlewicz and Romanowski, through Empire, then paid kickbacks to telemedicine companies, which in turn paid kickbacks to doctors in exchange for prescriptions for the durable medical equipment. The doctors then signed the prescription orders regardless of medical necessity, often without ever speaking to the patients. The Justice Department said Karlewicz and Romanowski distributed the prescriptions to durable medical equipment suppliers around the country, with which Empire had additional kickback arrangements. These suppliers submitted claims for reimbursement to Medicare and TRICARE, and sent a portion of the proceeds to Empire as payment for the doctor’s orders generated through the conspiracy. Empire received more than $63 million from the suppliers in exchange for the referrals.
In total, the Justice Department said Karlewicz and Romanowski caused the submission of false and fraudulent claims to health care benefit programs totaling more than $127 million for durable medical equipment. They used the money to purchase luxury vehicles, including a Ferrari, Lamborghini, a Bentley, and a BMW.
In addition to the prison terms, each defendant was sentenced to three years of supervised release, and they were ordered to pay $127,600,000 in restitution. Karlewicz was ordered to forfeit over $63 million, and Romanowski was ordered to forfeit over $5.5 million.
Insurance brokerage exec pleads guilty in $133M ACA fraud scheme
A Florida executive pleaded guilty for his role in a scheme to submit fraudulent applications to enroll consumers in Affordable Care Act (ACA) insurance plans that were fully subsidized by the government. The purpose of the scheme was to obtain millions of dollars in commission payments from the insurance company that operated the ACA plans. The federal government paid at least $133,900,000 in subsidies for fraudulently enrolled individuals.
The Justice Department said Dafud Iza, 54, an executive vice president of an insurance brokerage firm, participated in a scheme to fraudulently enroll ineligible individuals into ACA plans that offered tax credits to eligible enrollees. These tax credits, or “subsidies,” could be paid by the federal government directly to insurance plans as a payment toward the plan’s monthly premium. The scheme involved submitting false and fraudulent applications for individuals whose income did not meet the minimum requirements to be eligible for the subsidies. Iza and his accomplices deceptively marketed subsidized ACA plans to ineligible consumers and falsely inflated consumers’ incomes to obtain the federal subsidies.
Iza targeted vulnerable, low-income individuals experiencing homelessness, unemployment, and mental health and substance abuse disorders, and knew that “street marketers” working on their behalf offered bribes to induce those individuals to enroll in subsidized ACA plans, according to the Justice Department. Marketers working for Iza’s accomplices coached consumers on how to respond to application questions to maximize the subsidy amount paid by the federal government and provided addresses and Social Security numbers that did not match the consumers purportedly applying.
Iza pleaded guilty to one count of major fraud against the United States and faces a maximum penalty of 10 years in prison.
Blue Shield of California notifies members of data breach
Blue Shield of California has begun to notify certain members of a potential data breach that may have included their protected health information. The breach involved its third-party vendor, Google Analytics, which it used to internally track website usage of members. In an April 9 notice posted on its website, the insurer said that in February it discovered that between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information. Google may have used this data to conduct focused ad campaigns back to those individual members.
The data breach may have involved as many as 4.7 million members, according to the Department of Health and Human Services' Office for Civil Rights' breach portal. Blue Shield said there was no disclosure of personal information, such as Social Security numbers, driver’s license numbers, or banking or credit card information. But it’s possible that information may have included the insurance assigned identifiers for members’ online accounts; medical claim service date and service provider, patient name, and patient financial responsibility; and “Find a Doctor” search criteria and results (location, plan name and type, provider name and type).
HHS OCR settles phishing attack breach with Health Care Network
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with PIH Health, Inc. (PIH), a California health care network, over potential violations of the Health Insurance Portability and Accountability Act of 1996. The violations stem from a phishing attack that exposed unsecured electronic protected health information (ePHI), prompting concerns related to the Privacy, Security, and Breach Notification Rules under HIPAA.
The $600,000 settlement resolves an investigation that OCR conducted after receiving a breach report from PIH in January 2020. The breach report stated that in June 2019, a phishing attack compromised 45 of its employees’ email accounts, resulting in the breach of nearly 200,000 individuals’ unsecured ePHI. PIH reported that the ePHI disclosed in the phishing attack included affected individuals’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnoses, lab results, medications, treatment and claims information, and financial information.
“Hacking is one of the most common types of large breaches reported to OCR every year,” said OCR Acting Director Anthony Archeval in the announcement. “HIPAA-regulated entities need to be proactive and remedy the deficiencies in their HIPAA compliance programs before those deficiencies result in the impermissible disclosure of patients’ protected health information.”
Under the terms of the resolution agreement, PIH has agreed to implement a corrective action plan that will be monitored by OCR for two years and paid a $600,000 settlement to OCR.