On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health information of 206,695 individuals.

According to the press release, “this marks the first ransomware agreement OCR has reached.”  The facts underlying the settlement include that Doctors’ Management Services was infected with GandCrab ransomware in April of 2017, but the intrusion was not detected until December of 2018. Doctors’ Management Services filed a breach report in April of 2019.

The OCR says that it found evidence that Doctors’ Management Services failed to implement a risk analyses to detect risks and vulnerabilities to protect health information including insufficient monitoring or its systems to protect against a cyber attack and a failure to implement requirements of HIPAA to protect the data.

In addition to the $100,000 settlement, Doctors’ Management Services is required to implement a corrective action plan.

This post is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

On June 22, 2023, New York State Public Health Law § 2802-b, added a Health Equity Impact Assessment (HEIA) to the Certificate of Need (CON) process for certain health care facilities. The new requirement comes as part of larger legislative changes to the Public Health Laws passed in 2021. The new HEIA requirement applies to any CON applications submitted on or after June 22, 2023, except there is a partial carve out for Diagnostic and Treatment Centers whose patient population is 50 percent or more Medicaid eligible or uninsured. The Department of Health also issued regulations on June 29, 2023 (10 NYCRR 400.26). The purpose of the HEIA is to understand the health equity impact on a specific project, the impact it may have on medically underserved groups and to ensure community input and assessment are considered. The Department of Health has expressed that their vision is “to have health equity considerations meaningfully impact the planning and execution of health care facility projects.” (NYSDOH, Health Equity Impact Assessment, Webinar Series: Program Documents, September 14, 2023.)

Continue Reading New York Implements Health Equity Impact Assessment as New Requirement for Certificate of Need Process

On Wednesday, November 1, the Center for Medicare & Medicaid Services (CMS) released its Home Health Prospective Payment System Rate Update final rule for CY 2024 (the Final Rule). The Rule estimates that the aggregate increase to Medicare home health payments for 2024 will be 0.8 percent, or $140 million. This 0.8 percent increase results from the combined effects of three forecasted rate changes: (1) a 3.0 percent increase to home health payments, (2) a 2.6 percent decrease based on the permanent behavior assumption adjustment, and (3) a 0.4 percent increase resulting from an update to the fixed-dollar loss ratio, which is used to determine outlier payments. The 0.8 percent increase is a departure from the Proposed Rule, which estimated a cut in payments of up to 3 percent.

Continue Reading CMS Announces 0.8 Percent Aggregate Home Health Payment Increase in 2024

On November 1, 2023, the U.S. Department of Health and Human Services (HHS) published a proposed rule titled “21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking” (the Proposed Rule). The Proposed Rule, if finalized, would create disincentives for health care providers that the HHS Office of Inspector General (OIG) determines have committed “information blocking” (as defined at 45 C.F.R. § 171.103).

Continue Reading HHS Proposes Disincentives for Providers that Commit Information Blocking

On September 27, 2023, the Health Resources and Services Administration (HRSA) issued a Notice in the Federal Register applicable to all 340B Program hospitals that formally ends a COVID-era waiver of the long-standing HRSA requirement that off-site, outpatient facilities be (1) listed as reimbursable on the hospital’s Medicare Cost Report (MCR) prior to participating in the 340B Program; and (2) registered and listed in the Office of Pharmacy Affairs Information System (OPAIS) prior to participating in the 340B Program.

Continue Reading HRSA Confirms End of COVID Waiver of Advance Registration Requirement for Provider-Based Clinics

On October 10, 2023, the federal Drug Enforcement Administration (DEA) issued another extension (Second Temporary Rule) of its pandemic-era telehealth flexibilities “in light of the need to further evaluate the best course of action” with respect to the prescribing of controlled substances via telemedicine. DEA is issuing a limited extension in order to give itself more time to finalize new standards governing tele-prescribing of controlled substances.

Continue Reading DEA Further Extends COVID-19 Telemedicine Prescribing Flexibilities through December 31, 2024

On October 13, 2023, the Office of Inspector General (OIG) published Advisory Opinion 23-07 (Advisory Opinion), in which the OIG issued a favorable opinion regarding a physician group employer’s proposal to pay bonuses to its employed physicians based on net profits derived from certain procedures performed by the physicians at ambulatory surgery centers.

Continue Reading OIG Issues Favorable Opinion Regarding Physician Group’s Proposal to Pay Bonuses to its Employed Physicians Based on Net Profits

On Monday, October 2, 2023, the New York Office of the Medicaid Inspector General (OMIG) published its Annual Report for 2022. The Report details the various efforts that New York’s Medicaid program undertook in 2022 to accrue $3.4 billion in recoveries and cost avoidance.

Continue Reading New York OMIG Issues 2022 Annual Report

On August 18, 2023, the Office of Inspector General (OIG) published Advisory Opinion 23-05 (Advisory Opinion), in which the OIG warned that it would likely issue sanctions under the Federal anti-kickback statute (AKS) if a proposed contractual joint venture for the provision of certain surgical monitoring services was carried out.

Continue Reading Advisory Opinion 23-05: OIG Warns Sanctions Would Likely be Issued in Response to Certain Proposed Contractual Joint Venture

The New York Office of the Medicaid Inspector General (OMIG) recently announced updates to its Self-Disclosure Program in response to feedback from Medicaid stakeholders after its revised posting in January 2023. OMIG revised its disclosure process to have two pathways for healthcare providers to report, explain, and return overpayments by creating an “Abbreviated Self-Disclosure Process” in addition to the existing full disclosure process.

Continue Reading Two Pathways for Medicaid Self-Disclosures Announced by OMIG