Author: hljwebcontent

From Paper Restraints to Electronic Ransoms

Shane Richards, Class of 2023, Belmont Law

Just shy of one year ago, the nation’s largest fuel pipeline was ground to a halt because of a criminal ransomware attack. In May 2021, Colonial Pipeline’s system transported 100 million gallons of gasoline per day, supplying gas for 50 million people in America’s southeast and meeting about 45% of the East Coast’s demand for gas.. The ransomware attack brought an abrupt halt to that supply, spurring panic buying and gas shortages. According to a consulting firm, Colonial’s cybersecurity was described by one consultant as being so bad “an eighth-grader could have hacked into the system,” despite recent efforts to improve such security. Colonial Pipeline only resumed operations after paying a $4.4 million dollar ransom to the criminal hackers that shut down the system.

Luckily, the panic buying caused more problems than the actual stoppage and life quickly returned to normal for most American’s effected. However, this incident is not an anomaly. Similar ransomware attacks “have reached epidemic levels,” according to the Associated Press, “as foreign criminal gangs paralyze computer networks at state and local governments, police departments, hospitals …” Following the Colonial Pipeline incident, U.S. officials have expressed concerns that many other organizations have also failed to invest in adequate safeguards, similar to Colonial Pipeline. Organized crime is not the only concern when it comes to ransomware attacks. U.S. officials have noted their concerns that state-backed hackers could do even more damage if given the chance.

One year later, anxiety over cyber security is being raised once again as Russia deploys ransomware attacks against Ukraine. In a March 1, 2022, Analyst Note, the Department of Health & Human Services (“HHS”) examined the two variants of malware that has been used against Ukraine over the past few months, HermeticWiper and WhisperGate. Although there is no specific threat currently known, the HHS identified three potential threat groups: the Russian Government, the Belarussian Government, and criminal organizations operating in Russian territories. The two variants of malware employed by these organizations are classified as “disk-wiping” malware, which is characterized by its ability to completely delete data from the devices it infects. The HHS notes that these two variants are the most likely to impact the health care industry.

These concerns are being reraised as some hail this year as a transformative one for health information technology. Since the passage of the HITECH Act and the 2011 launch of the Medicare and Medicaid Electronic Health Records (“EHR”) incentive programs, 90% of hospitals and health care providers have switched to utilized EHR systems, storing more and more sensitive patient information in electronic systems. It will not stop there, however, as key provisions of the 21st Century Cures Act, passed in 2016, will be implemented this year. Specifically, a few of those key innovations include (1) making information sharing practices a priority across the industry, (2) creating a standardized foundation for security, and (3) implementing a nationwide infrastructure to make information sharing easier. Some hail these updates as freeing the health care industry from paper restraints. Although paper has not yet been “wrung … completely out of health care,” and it likely will not be for some time, the effect of the 21st Century Cures Act is to continue the shift towards a paperless health care system that heavily relies on nationwide digital databases.

There are many clear benefits that come from switching to an EHR system. The ability for one hospital to quickly share patient data with another hospital or another healthcare provider can be the difference between life and death. An EHR system allows doctors to more effectively diagnose patients, reduces overall costs, reduces redoing work already done, keep information up-to-date, and so on. It is a key plank in the current plan to lower overall health care costs in a country where those costs are rampant. However, it does not take much to see how things could go very wrong. It does not take much imagine to see how solely relying on such a system—eliminating the restraints of paper—could be incredibly dangerous in a world of criminal ransomware attacks and cyberwarfare.

Imagination is not even required to see how this might be an issue. It is happening in Ukraine and it has happened here at home. It is an issue that is at the forefront of Lisa Pino’s attention, the Director for the Office of Civil Rights at the HHS. In a recent blog, Pino describes how cyberattacks on hospitals have caused providers to cancel surgeries, radiology exams, and other services in 2021. She makes clear too that it’s not just EHR systems, but other electronic databases that are at risk. Pino recommends several measures to improve cybersecurity, such as maintaining encrypted, offline database backups, conducting regular vulnerability scans, and training employees to avoid common cyber threats, like phishing.

Despite the numerous problems that nationwide electronic databases may alleviate in health care, there is a great potential for new problems to arise. A world now exists with many new possibilities, but it is not without its own, new dangers. It is a world where a small group of criminals can bring vital infrastructure to a halt and where large government-backed groups can employ malware that completely expunges all data in a system. Just by flipping a switch, all that patient data—all of that sensitive and irreplaceable information—disappears. The potential for harm to the health care industry, and its many patients, is immense if proper steps and measures are not taken. Only time will tell how effective protective measures, such as those proposed by Pino, will be. Until then, backups, even in the form of paper, may be the safest option.

 

Works Cited:

https://www.cnbc.com/2021/05/08/colonial-pipeline-shuts-pipeline-operations-after-cyberattack.html

https://apnews.com/article/hacking-technology-business-ed1556556c7af6220e6990978ab4f745

https://apnews.com/article/va-state-wire-technology-business-1f06c091c492c1630471d29a9cf6529d

https://www.cmhealthlaw.com/2022/03/increased-cyber-risk-for-health-care-organizations-due-to-the-russia-ukraine-conflict/

https://www.hhs.gov/sites/default/files/russia-ukraine-cyber-conflict-analyst-note-tlpwhite.pdf

https://www.healthaffairs.org/do/10.1377/forefront.20220217.71427

https://www.healthit.gov/faq/what-are-advantages-electronic-health-records

https://www.hhs.gov/blog/2022/02/28/improving-cybersecurity-posture-healthcare-2022.html

Eight Individuals Defrauded Walter Reed of More Than $3 Million and Are Now Facing Federal Indictment

Sarah Powell, Class of 2023, Belmont Law.

 

Eight individuals have been charged by a federal grand jury with conspiracy to commit health care fraud, wire fraud, and other related charges resulting from fake medical coding contracts with Walter Reed Military Medical Center and the Defense Health Agency (DHA). Those charged in the indictment are Akbar Masood, 59; Michelle Peebles, 48; Harriet Jackson, 49; Judith Russ, 58; Rhonda Paul, 46; Wesley Williams, 47; Bagnon Jacques Titi, 44; and Alfred Antonio Duncan, 44.

Of those charged are the Chief Finance and Strategy Officer of “Company A,” a Virginia-based company that was a contractor for medical support services to both Walter Reed and DHA, and the President, Vice-President, and Chief Finance and Strategy Officer of “Company B,” another Virginia-based company that provided medical billing and coding services on government contracts. Additionally, former Walter Reed employee, Russ is facing a charge of violating federal employee ethics laws.

It is alleged that beginning in December 2016, Masood, Peebles, and Jackson established a Delaware limited liability corporation, HMA Solutions, to exploit Walter Reed’s need for contracted medical coders. According to the Maryland U.S. Attorney’s Office Release, Masood allegedly used his authority in Company A to subcontract medical coding contacts to HMA without disclosing to other officers in Company A his affiliation with HMA. The three then used the identities of actual medical coders to assert HMA had the ability to perform the job. The U.S. Attorney’s Office further states that Masood, Peebles, and Jackson used the stolen identities to forge signatures on consulting agreements and billable hours to submit to Company A, which then submitted the hours to Walter Reed to be paid for the falsified work. Russ, the former Walter Reed employee, is alleged to have verified the billable hours and was subsequently paid by Company B and did not disclose to Walter Reed officials of the outside income he was obtaining.

The U.S. Attorney’s Office Release further alleges that Masood, Peebles, and Jackson recruited Paul, Williams, Titi, and Duncan to join the scheme and pose as coders working for Company A, although none had any experience in medical coding. It is alleged that collectively Paul, Williams, Titi, and Duncan fraudulently billed Walter Reed over $1 million for their claims alone.

In total, it is alleged that through the fraudulent scheme, the group was able to be reimbursed for $3.3 million worth of work that was never performed from 2016 to 2019. If the defendants are found guilty, they could each face a maximum sentence of 20 years in federal prison for conspiracy to commit health care fraud and wire fraud according to the Maryland U.S. Attorney’s Office Release.

 

 

Works cited:

https://www.justice.gov/usao-md/pr/eight-individuals-facing-federal-indictment-3-million-scheme-defraud-walter-reed-national

https://plus.lexis.com/newsstand#/article/1481588

Dangerous Precedent: Criminal Mistake in the Nursing Industry

Will Brandt, Class of 2022, Belmont Law

For an industry that is understaffed and overworked, should tragic medical errors of nurses result in jail time? As of March 25th, in the Davidson County Criminal Court, that answer appears to be yes. Former nurse, RaDonda Vaught, was found guilty of criminally negligent homicide and abuse of an impaired adult by a jury.

Vaught, an employee of Vanderbilt University Medical Center needed to sedate a patient for an MRI. Charlene Murphey, age 75, was that patient. The drug that Vaught needed to retrieve for sedation was Versed, generic name Midazolam, which is a benzodiazepine used to help patients relax before minor medical procedures. In this case, the drug was intended to help the patient relax for a PET scan.

When Vaught attempted to retrieve versed at the medicine dispenser, she searched the list of drugs ordered for Charlene Murphey and typed “ve.” Versed did not come up because the machine was programmed to search for the generic name of the drug. Assuming that Versed had not yet been ordered for this patient, Vaught searched outside of what had been ordered for Murphey, and searched “ve” across “all” medications. Searching for medicine outside of what has been ordered for the patient has effectively been considered as overriding the system. Upon the search of “ve” across “all” medications, the medicine generator produced Vecuronium, which she selected. Unfortunately, Vecuronium is not a sedative, but a neuromuscular blocking agent, therefore causing paralysis. Although frequently used in small doses during anesthesia, the dose that Vaught gave to Murphey was fatal.

A hot point in the trial and the media, seems to be this point where Vaught effectively “overrode” the system to search for medications that had not been ordered to Murphey. Rational minds seem to disagree as there are nurses across the country that have followed this trial and support the sentiment of Vaught’s statement that, “Overriding was something we did as a part of our practice every day. You couldn’t get a bag of fluids for a patient without using an override function.” Many nurses see this prosecution as a dangerous precedent. They state that most nurses can think of a time when they made a mistake.

However, other nurses, like David Mancini have a different opinion: “So, I don’t care that she overrode the system, but, here, she violated her first right. She didn’t know the name of the medication she was administering. This is where the first mistake was made, and this is what set the whole situation into motion.”

Regardless of sentiment and public opinion, Vaught has been found guilty of negligent homicide under T.C.A. 39–13–212, which describes criminally negligent homicide as, “Criminally negligent conduct that results in death constitutes criminally negligent homicide.” Criminal negligence being defined in T.C.A. 39–11–106 as referring to: “A person who acts with criminal negligence with respect to the circumstances surrounding that person’s conduct or the result of that conduct when the person ought to be aware of a substantial and unjustifiable risk that the circumstances exist or the result will occur. The risk must be of such a nature and degree that the failure to perceive it constitutes a gross deviation from the standard of care that an ordinary person would exercise under all the circumstances as viewed from the accused person’s standpoint.”

Ultimately, the jury in the Davidson County Criminal Court found that Vaught grossly deviated from the standard of care that an ordinary nurse in her position would have used. Are the nurses correct in their assessment of dangerous precedent? Will medical professionals be weary of reporting mistakes, or is her conviction warranted?

Works cited

https://www.axios.com/local/nashville/2022/03/28/radonda-vaught-conviction-could-set-new-precedent

https://www.ncbi.nlm.nih.gov/books/NBK493143/

https://www.wsws.org/en/articles/2022/03/25/nurs-m25.html

https://medium.com/@david-mancini/absolute-negligence-4446e87604e

Modern Hurdles to Privacy: Necessary HIPAA Updates

Maddie Gilmore, Class of 2023, Belmont Law.

HIPAA (the Health Insurance Portability and Accountability Act of 1996) was first enacted more than twenty-five years ago. As such, the drafters of that legislation could not foresee the proliferation of new and emerging technologies that collect and process private health information of users which exists today. On February 9, 2022, legislators reached across party lines to come up with a solution to the non-regulation of this private data. HIPAA focused on privacy and preventing potential abuse of private health information of individuals, but only contemplated regulation as to health care providers and the like. What was not contemplated, or regulated, was digital health companies that collect health information directly from consumers.

Although the Department of Health and Human Services Office for Civil Rights (OCR) have attempted to address these companies using interpretive guidance, such guidance is non-binding on the industry. Furthermore, the regulation of digital health companies and data harboring apps is exceedingly difficult to regulate given the untraceability between the initial collection of any given dataset and its ultimate sale and use. Newly proposed bipartisan legislation called The Health Data Use and Privacy Commission Act, is intended to modernize HIPAA. Thus, Congress is attempting to address the problem head-on, by delegating the research and discovery process to individuals better suited than Congress themselves, the job of analyzing modern issues and possible modern solutions to health data privacy.

If passed, the Act would establish a Commission to assess any gaps in the privacy protections under HIPAA resulting from data collection and use by non-covered entities. However, the Act would not only have obvious ripple effects on the application of HIPPA, but other legislation as well, such as Section Five of the FTC Act which gives the Federal Trade Commission its current authority to regulate many direct-to-consumer digital health products that are not subject to HIPAA.

Under the current statutory framework, there are major risks to personal health information (PHI) created by new healthcare technology that extends beyond the scope of HIPAA given the onset of technologies like apps, wearable devices, and social media, and the increase in generating, collecting, using, sharing, and selling PHI. Such actors have generally been beyond the bounds of the Acts reach, creating a necessity to restructure the legislation to account for emerging health care technologies. The Health and Privacy commission formed under the Act, which would be made up of representatives with competing interests (such as providers, health plans, health technology developers, researchers, and consumers) would be charged with conducting research, creating reports, and submitting reform recommendations to Congress and the President.

Interestingly, the proposal may be based on state law, such as the California Consumer Privacy Act of 2018 (CCPA). The Act has been referred to the U.S. Senate Committee on Health, Education, Labor, and Pensions and it is still in its early stages of development. The Act is not only supported by a variety of industry healthcare representatives (such as the Association of Clinical Research Organizations), but also by both Democrat and Republican representatives alike, being bipartisan legislation. This agreement demonstrates the consensus that updates to HIPAA are necessary. Furthermore, the U.S. is now echoing international consensus on this emerging issue and is closely tied to the General Data Protection Regulation (GDPR) which is a European law. If the new Act can apply consistently with the GDPR, then American companies will no longer face two different standards depending on where their operations are taking place.

Works Cited:

https://www.carltonfields.com/insights/publications/2022/health-data-use-privacy-commission-act-hipaa

https://www.cassidy.senate.gov/newsroom/press-releases/cassidy-baldwin-introduce-legislation-to-begin-modernization-of-health-privacy-laws

https://www.dataguidance.com/news/usa-bill-health-data-use-and-privacy-commission-act

https://www.baldwin.senate.gov/imo/media/doc/Health%20Data%20Use%20and%20Privacy%20Commission%20Act.pdf

https://www.morganlewis.com/blogs/healthlawscan/2022/02/new-legislation-aims-to-upgrade-hipaa-to-account-for-new-healthcare-technologies

https://www.congress.gov/bill/117th-congress/senate-bill/3620/text?r=2&s=1

 

 

 

 

Recent Developments in Combating the Opioid Crisis: Purdue Pharma Settlement and MMUs

David Brust, Class of 2022, Belmont Law

On Wednesday, March 9, 2022, Bankruptcy Judge Robert Drain gave tentative approval to the Purdue Pharma bankruptcy settlement. Members of the Sackler family, who founded Purdue Pharma (the creator of OxyContin), are set to pay an estimate $5.5 billion to $6 billion as part of the settlement. The money is to mainly go towards fighting the opioid crisis in the United States. However, $750 million is set to go directly to victims or their surviving family members.  Another key element of the settlement is that Sackler family members are protected from any future civil lawsuits over opioids, however, they are not immune from any potential criminal charges. Thus far, no member of the Sackler family has ever been charged with a crime related to the opioid crisis and there has been no indication that charges are coming any time soon. Although, Purdue Pharma twice plead guilty to criminal charges and currently seven U.S. senators have asked the Department of Justice to consider charges against members of the Sackler family.

The next day, on March 10, 2022, several victims of the opioid crisis and their family members had an opportunity to directly address the Sackler family in court via zoom. Several people gave detailed accounts to Richard, David, and Theresa Sackler about how OxyContin and other opioids impacted their lives. One victim gave an account of how she was told her she could have a healthy baby while still taking OxyContin. However, her daughter was born with “physical, developmental, and emotional difficulties,” something the settlement seeks to address by dedicating over $100 million for “medical monitory and payments for children born in withdrawal from opioids.” Members of the Sackler family were not allowed to reply to the victim testimony directly. However, Richard Sackler, Purdue Pharma’s former president and board chair, maintains that neither Purdue Pharma nor his family have any responsibility for the opioid crisis. The settlement still requires approval from other courts before it goes into effect.

In other news, Kathy Hochul, the Governor of New York, announced that New York will contribute up to $1 million to combat the opioid crisis. The program is partially funded through a federal State Opioid Response grant. The money will go to the Opioid treatment program whose providers will establish “mobile medication units (MMUs) to provide medications such as methadone and buprenorphine, to treat substance abuse disorders.” Other services offered by these MMUs include “admission assessments, medication induction, medication administration and observation, toxicology tests, and other substance abuse disorder related medical services.” Recently, the DEA finalized regulations to MMUs, so their prevalence should increase within the next few years. Providers hope that MMUs will increase access to treatment for substance abuse disorders. MMUs allow greater flexibility in providing substance abuse treatment because the units can go directly to places such as homeless shelters and tent cities that have many people with a substance abuse disorder. Thus, MMU programs such as New York’s should be able to provide health care and treatment to those most in need and help to get the opioid crisis under control.

Works Cited:

https://www.pbs.org/newshour/nation/after-years-of-pain-opioid-crisis-victims-confront-sackler-family-in-court

https://www.natlawreview.com/article/behavioral-health-law-ledger-march-2022

https://www.pewtrusts.org/en/research-and-analysis/articles/2021/11/22/mobile-medication-units-help-fill-gaps-in-opioid-use-disorder-treatment

NFTs in Healthcare

Will Brandt, Class of 2022, Belmont Law

If you believe that problems and opportunities in healthcare are largely centered around data, including patient sovereignty over data, Non-Fungible Tokens (NFTs) may have a critical role to play in the advancement of the healthcare industry and legal framework surrounding that industry.

In the current state of the healthcare industry, everything that is done regarding data, involves infinitely copying that data. For example, sharing Electronic Health Information (EHI) between Health Information Networks, involves copying data repeatedly so it can be distributed where it needs to be distributed.  This is problematic for many reasons, but the idea that patients want sovereignty over their date continues to be evidenced. There is a principle that has grown in popularity, and largely backstops the ideals of the European Union’s General Data Privacy Regulation, which mandates businesses to collect data that is relevant, adequate, and limited to what is necessary, with regards to the purpose for which it is being processed. This principle is data minimization. Data minimization refers to the practice of limiting the collection of personal information to data that is relevant and necessary to accomplish a specific purpose. NFTs offer a unique opportunity for the healthcare industry to work towards achieving the principles of data minimization.

If you have heard of NFTs, you have most likely seen pictures of kittens, apes, or some other “JPEG-like” image. Further, you may have seen that these images have sold for hundreds of thousands, or even millions of dollars. The easiest way to understand this phenomenon is that blockchain technology has introduced the idea of digital scarcity, and many participants in the market have assigned value to that digital scarcity. Whether or not these assets are overvalued or there is a bubble, it irrelevant for the purpose of this note.

What is relevant about NFTs, is that underneath the technological hood of their functionality, they represent, and store, a specific set of data in a specific location on a blockchain. NFTs are an efficient way to store data without infinitely copying it because although one may take a screenshot of an NFT, the underlying data remains with the true owner. Hang with me here because I want to briefly introduce another innovation in the healthcare industry and then bring this all together. This innovation is the idea of a digital twin.

A digital twin is essentially a set of data that is used to represent and function like the physical alternative. The physical alternative can be a company or even a person. For example, a grocery store may be able to set up a digital twin, where current inventory levels are stored in a dataset and update in real time. Thus, utilizing certain AI technology, the digital twin can learn to know when a specific item is running low on stock and be used to order more product. The healthcare industry has begun to adopt this powerful tool, and specifically, as we have discovered the ability to map human genomes, we have the possibility use the data of a person’s genome to create their digital twin. What does this mean? As Ghada Trobatas, the CMO at Siemen Healthineers writes, “A digital twin can be used to predict the outcome of specific procedures. It can provide assistance in determining the right therapy option for a specific patient. Or, if behavioral data and social determinants are also integrated, digital twins can help to better manage chronic diseases and population health.”

So, if health records, hospital systems, and human genomes can all theoretically be turned into a dataset and represented as a digital twin, there remains the possibility that these datasets can be programmed into and NFT and stored on a secure blockchain. If something as powerful as a human genome, with back-end AI that can help predict the likely outcome of certain procedures or the effects of certain medication can be stored on an NFT, the health law community has a lot of work to do to ensure that HIPAA, HITECH, and other healthcare data regulations are complied with, even updated to allow life-changing technologies to be implemented.

Works Cited:

https://gdpr.eu/what-is-gdpr/

https://medium.com/geekculture/digital-twin-ignition-of-nfts-evolution-eb8d647d80de

https://www.youtube.com/watch?v=R6hXmSK_32M

https://www.euruni.edu/blog/what-are-nfts-a-beginners-guide/

https://www.linkedin.com/pulse/digital-twin-healthcare-what-why-matters-ghada-trotabas/

https://dataprivacymanager.net/what-is-the-data-minimization-principle-benefits-and-importance/.

 

 

Former Drug CEO Could Face Life Sentence for Allegedly Defrauding the DEA

Maddie Gilmore, Class of 2023, Belmont Law.

Laurence F. Doud III, former head of Rochester Drug Co-Operative Inc., could very easily face life in prison for his role in conspiring to distribute controlled substances and defrauding the DEA. A Florida jury convicted Doud of one count of conspiracy to distribute controlled substances, carrying a mandatory minimum sentence of ten years, and one count of conspiracy to defraud the United States. Doud is scheduled to be sentenced on June 29, 2022.

Doud allegedly engaged in a variety of misconduct that contributed to the growing opioid epidemic in his role as CEO of Rochester. The U.S. Attorney Damian Williams said: “In a first of its kind prosecution, Laurence Doud was held responsible for conspiring with others in his company to ship massive amounts of dangerous and highly-addictive oxycodone and fentanyl to pharmacies that he knew were illegally dispensing those controlled substances to drug dealers and addicts.”

At the direction of Doud, the company supplied large quantities of oxycodone, fentanyl, and other dangerous opioids to pharmacy customers that its own compliance personnel determined were dispensing those drugs to individuals who had no legitimate medical need for them. Even after “red flags” of the targeted pharmacies were brought to Doud’s attention, the violation of federal narcotics laws continued. The targeted pharmacies, among other things, dispensed quantities of controlled substances in amounts consistently higher than accepted medical standards.

Instead of reporting such findings to the DEA, Doud directed the company’s compliance department not to report them, and instead to continue supplying those customers with dangerous controlled substances that the company knew were being dispensed and used for illicit purposes. This was the basis of the conspiracy charge.

The evidence presented that resulted in Doud’s conviction is an unambiguous example of drug company higher-ups taking advantage and seeking financial gain at the expense of the country and in the midst of an opioid crisis that people like Doud and companies like Rochester contributed to. Yet, defenders of Doud and others in the pharmaceutical industry have found the action against Doud excessive. They claim that by setting this precedent, the action will expose executives to liability and thereby deter companies from pursuing innovative medications. Indeed, some claim there is no basis for enforcing the DEA’s administrative requirements to individuals instead of companies as a whole.

Harry Nelson, founding partner at life sciences firm Nelson Hardiman LLP, said: “Drug distributors, like pharmacies and physicians, have been beaten into submission. I find the effort to paint Doud as a villain is over the top.”

These arguments are unfounded. This lawsuit, although the first of its kind, is not removing the liability shield that would normally fall on the company rather than the individual on mere whim to shift the responsibility. Rather, it is shifting responsibility based on the evidence. The individual, Doud, in this case is the proper target for the noncompliance of administrative regulations, because he in his individual capacity is responsible for much of the harm that occurred here. He directed Rochester to “supply tens of millions of oxycodone, fentanyl, and other dangerous opioids to pharmacy customers that its own compliance personnel determined, and reported to Doud, were dispensing those drugs to individuals who had no legitimate medical need for them,” according to the complaint. Furthermore, the arguments that this will deter ‘necessary opioid innovation research’ is also unsupported, as recognized by legal experts in the field.

The impact on research and development of drugs will not be impacted by Doud’s criminal sentence. Big pharma will not be deterred from continuing the race to discover and develop new marketable drugs. Neither will curing the way we prescribe them. Enforcing correct and medically appropriate prescribing of medications is not going to have any impact on research and development. Furthermore, it is already prescribed by law, so it is in the pharmaceutical industry’s best interest to ensure that patients are given access only to necessary medication and are taking those medications appropriately.

The “intentional malfeasance” committed by Doud is not simply the latest CEO taking the bullet for an industry created practice, but rather the appropriate recognition that, with power, comes responsibility. Doud would not have been able to cause the harm without using the corporate scheme as well as his authority to continue distributing addictive substances in mass amounts and in violation of the law.

Works Cited:

https://www.justice.gov/usao-sdny/pr/laurence-doud-former-ceo-pharmaceutical-distributor-convicted-conspiring-distribute

https://news.bloomberglaw.com/health-law-and-business/ex-drug-ceos-criminal-trial-raises-stakes-for-opioid-producers

The Potential Cost of Medical Price Transparency

David Brust, Class of 2022, Belmont Law

In recent years, the call for price transparency for medical care has increased. People often go to the doctor for non-routine medical care with no idea what it could end up costing them. In response to this, Congress passed the No Surprises Act which “protects people covered under group and individual health plans from receiving surprise medical bills when they receive most emergency services, non-emergency services from out-of-network providers at in-network facilities, and services from out-of-network air ambulance service providers.” The Act also sets up an independent dispute resolution process for different kinds of disputes, including those for self-pay and uninsured patients who receive a final bill that is “substantially greater” (defined as $400) than the good faith estimate they received from the provider. Patients have 120 days to file a dispute.

The Act went into effect on January 1, 2022, and since then some providers have already voiced their concerns about staying in compliance with the Act. One of these groups is mental and behavioral health providers. Recently, a group of various mental and behavioral health providers sent a letter to the Secretary and the US Department of Health & Human Services asking for an exemption from the Good Faith Estimate requirement. The providers state that while they agree with the overall goal of the Act, the Good Faith Estimate (“GFE”) requirement places a unique burden on them. The Good Faith Estimate requirements mandates that medical professionals give patients a cost estimate that includes a diagnosis and “information about the length and costs involved in a typical course of treatment.” Mental and behavioral health providers state that they are already bound by professional ethics to be up front about the costs of treatment. However, the providers are concerned that the diagnosis requirement of the GFE will in turn limit the care of their patients. They claim that mental health is a continuum and a diagnosis can take time and eventually change due to various factors. Thus, they are concerned that by having to give a diagnosis on the GFE, a patient’s insurer may limit coverage only to the diagnosis given on the GFE despite the diagnosis changing over time. This could ultimately hurt the patient and keep the provider from fully treating a patient. Therefore, it will be interesting to see whether the exemption is granted.

Overall, the goal of the No Surprises Act is to provide patients with an estimate of the cost of their medical care in most situations. However, in the first month of the Act being in effect, some providers have begun to express concerns about how the Act will impact their ability to provide the best care they can. So far mental and behavioral health providers have asked for an exemption, and it is likely other groups of providers will follow. At this time, it is unclear whether these providers will be granted an exemption, however until that happens, they must comply with the law as it currently stands.

Works Cited:

https://www.cms.gov/newsroom/fact-sheets/no-surprises-understand-your-rights-against-surprise-medical-bills

https://www.fiercehealthcare.com/providers/mental-health-therapists-seek-exemption-part-law-ban-surprise-billing

https://www.apaservices.org/advocacy/no-surprises-act-letter.pdf

TEFCA Goes Live

Will Brandt, Class of 2022, Belmont Law

After five years of work, the Office of the National Coordinator of Health (ONC) has released the Trusted Exchange Framework and Common Agreement (TEFCA). TEFCA is essentially a plan for an interoperability framework between healthcare information networks that was mandated by the Twenty First Century Cures Act of 2016. The purpose of this mandate was to create a network where patients have better access to their electronic healthcare information (EHI).

The problem that inspired TEFCA was that many hospital systems and medical providers use multiple different healthcare information networks (HINs) to store EHI. What this means for patients seeking access to their EHI unnecessary delays and expense when attempting to access their data. The promise of TEFCA was a network where HINs could become qualified HINs and the data that one HIN stores will be interoperable with other HINs. However, as Rebecca Pfifer points out in her article, The future of ONC’s interoperability framework hinges on adoption. But the agency — and industry — is optimistic, there is generally a lack of incentive for most HINs to participate in the ONC’s plane for healthcare information interoperability.

The primary issue is the business model that currently exists for HINs. HINs make money by storing EHI and providing access to that EHI to patients through medical providers. By winning the business of more healthcare providers and hospital systems, HINs gain more business and can make more money. By participating in TEFCA, an HIN, that becomes a qualified HIN, merely becomes qualified to share their business (stored EHI) with other businesses. Although the many revisions of TEFCA seem to provide a robust method of interoperability, the plan lacks any fundamental business incentive for HINs to participate. However, the industry is optimistic that adoption will come to fruition.

So, what is the value proposition of HINs to participate? Lee Barrett, CEO of EHR standards development organization EHNAC, supports the ONCs position that not participating will be a competitive disadvantage. He says, “The hope is that the more networks use it, the more its value proposition will be proved. Patients will inquire why their provider doesn’t have their data from other facilities, and the provider will then wonder why the exchanges it’s a participant in aren’t qualified to work with other networks.” Essentially, the argument supporting the notion that HINs will choose to participate is that patients seeking their EHI at an HIN who are not yet participating, will not only be aware of the option for HINs to participate, but will make the inquiry to their provider about why they don’t have access their healthcare date from another provider. Moreover, the argument is that these inquiries will put enough pressure on providers to switch to a qualified HIN, that providers will bear the cost and time that it takes to switch from a HIN to a qualified HIN. Will this bottom-up pressure be enough?

Works Cited:

https://www.fiercehealthcare.com/tech/hhs-hits-major-interoperability-milestone-as-tefca-goes-live-to-advance-health-data-sharing

https://www.healthcaredive.com/news/oncs-interoperability-framework-adoption-tefca/617391/

https://onlinemasters.ohio.edu/blog/health-information-systems/

Giving Americans Better Access to At-Home COVID-19 Testing

David Brust, Class of 2022, Belmont Law

On January 10, 2022, the Biden Administration announced starting January 15, 2022, private insurance companies are required to cover eight at-home COVID-19 tests per month per individual. While an individual may have to pay up front for the tests, their insurer will be required to reimburse them if a claim is submitted. This rule was made pursuant to §6001 of the Families First Coronavirus Response Act and covers only the eight over the counter tests that are currently FDA approved. This new rule will help to ensure that Americans can afford to obtain an at-home test, so long as they are able to find one.

In the first nine days of insurers covering at-home tests, it has come to light that one major insurer of many at risks individuals is not included in the new rule. This insurer is Medicare.  Medicare is not permitted by law to pay for self-administered diagnostic tests such as rapid at-home COVID-19 tests. This is concerning as there are 62 million Medicare beneficiaries and older people who are considered more at risk if they catch COVID-19. However, if a Medicare beneficiary wants a free at-home test, they can find one a couple of ways. First, people covered by Medicare Advantage, which is more akin to traditional insurance, may have their over-the-counter test covered by their insurance. Additionally, Medicare covers one rapid antigen test or PCR test done by a lab per year. Once that test is exhausted or if the beneficiary does not want to see a doctor, the beneficiary can visit COVIDtests.gov and order a free at-home test. COVIDtests.gov was recently launched after the Biden Administration purchased 500 million at-home tests to deliver to Americans at their homes free of charge. Each individual is limited to four free tests per month. The administration hopes to purchase another 500 million tests. Lastly, Medicare beneficiaries can visit a local community health center or a Medicare-certified health clinic to obtain one of the 50 million tests the federal government has provided these facilities.

Overall, the new rule will give Americans greater access to at-home COVID-19 tests so long as the tests can be kept in stock. Additionally, every American and, most importantly, those who are uninsured or have traditional Medicare can still obtain free tests at COVIDtests.gov.

Works Cited:

https://www.dol.gov/sites/dolgov/files/EBSA/about-ebsa/our-activities/resource-center/faqs/aca-part-51.pdf

https://www.hhs.gov/about/news/2022/01/10/biden-harris-administration-requires-insurance-companies-group-health-plans-to-cover-cost-at-home-covid-19-tests-increasing-access-free-tests.html

https://www.npr.org/sections/health-shots/2022/01/24/1074964627/seniors-are-at-high-risk-of-covid-but-medicare-doesnt-pay-for-rapid-tests