This post is co-authored by Seth Orkand, co-chair of Robinson+Cole’s Government Enforcement and White-Collar Defense Team.

On June 1, 2023, the U.S. Supreme Court issued a unanimous opinion in the highest-profile False Claims Act (FCA) case for many years, concluding that a party’s subjective belief as to whether it overcharged Medicare and Medicaid is a factor in determining liability under the False Claims Act.

In U.S. ex rel. Schutte v. Supervalu Inc., the Court held that for purposes of establishing scienter (knowledge) under the FCA, “it is enough if [defendants] believed that their claims were not accurate” [because] “what matters for an FCA case is whether the defendant knew the claim was false.” The Court declined to uphold a proposed objective scienter standard under the FCA, and accordingly vacated the underlying Seventh Circuit judgment.

This decision arises from two consolidated qui tam FCA suits against operators of retail drug pharmacies. The suits claimed that the pharmacies violated the FCA by submitting claims to federal health care programs for covered prescription drugs with reported prices that exceeded the “usual and customary” charges for the drugs to the general public. These practices were claimed to violate Medicare and Medicaid regulations that limit pharmacy reimbursement based on a formula that, in part, looks to the pharmacy’s “usual and customary charge” to the public as a cap on the amount Medicare or Medicaid may reimburse for the drug. The alleged FCA violations specifically related to discount drug programs offered by these retail pharmacies, and whistleblower claims that (i) the wide prevalence of the discounts on drugs meant that the discounted rate offered to customers became the respective pharmacy’s “usual and customary” rate (not the higher non-discounted rate reported by the pharmacies to Medicare and Medicaid), and (ii) the defendants were notified that the discounted prices were the “usual and customary” prices but submitted claims anyway and sought to shield that information from regulators.

The Seventh Circuit upheld judgments in favor of the pharmacies on the basis that they did not knowingly violate the FCA because they acted consistent with an objectively reasonable interpretation of the relevant law (the “usual and customary” requirement), even though it may not have been a correct interpretation. In other words, Seventh Circuit held that the pharmacies’ subjective beliefs did not matter because “someone else, standing in the [defendants’] shoes, may have reasonably thought that” their interpretation was accurate.

The Supreme Court rejected the Seventh Circuit’s approach, and instead instructed that the answer “is straightforward: The FCA’s scienter element refers to [the defendants’] knowledge and subjective beliefs—not to what an objectively reasonable person may have known or believed.” To reach this conclusion, the Court observed that the “facial ambiguity” of the phrase “usual and customary” does not by itself preclude a finding of scienter under the FCA. The Court further refused to recognize an “objective safe harbor” against FCA liability proposed by the defendants, and stated that the Court will not “look to legal interpretations that [defendants] did not believe or have reason to believe” when submitting claims to absolve those claims from FCA liability.

Pursuant to the decision, scienter may be established in one of three ways: (1) actual knowledge of the falsity of claims; (2) awareness of the substantial risk of the falsity of claims and intentional avoidance of learning whether the claims were accurate; or (3) submission of claims despite an awareness of a substantial and justifiable risk that they are false.

The Court’s decision underscores the importance of evidence concerning the actual knowledge and beliefs of health care providers and other organizations that may be subject to FCA liability, including notices from regulators and internal deliberations concerning often-ambiguous or vague regulatory requirements.  Interestingly, the decision was authored by Justice Thomas, who also authored the opinion on behalf of a unanimous Supreme Court in the last high-profile FCA case before the Court – the seminal decision in Universal Health Services v. U.S. ex rel. Escobar, 136 S. Ct. 1989 (2016) addressing the FCA’s materiality standard.

On May 9, 2023, the Drug Enforcement Administration (DEA) issued a temporary rule that extends pandemic-era flexibilities allowing prescribing of controlled substances based on a telehealth relationship, after receiving in excess of 38,000 comments on its March 1, 2023 proposed rules (previously discussed here) to extend certain of those flexibilities but allow others to end upon expiration of the COVID-19 public health emergency on May 11, 2023.  The Temporary Rule provides the DEA with additional time to assess feedback on its proposed rules for post-pandemic tele-prescribing, and provides practitioners and patients with additional time to utilize pandemic-era flexibilities and to transition away from such flexibilities once final rules are issued.

Continue Reading DEA Extends Pandemic Telehealth Prescribing Flexibilities For Up To 18 Months

On April 27, 2023, the Centers for Medicare & Medicaid Services (CMS) released a Notice of Proposed Rulemaking entitled Ensuring Access to Medicaid Services (Proposed Rule) which would, among other things, establish requirements for the amount of Medicaid payment going towards home care worker compensation.

Continue Reading CMS Proposes New Rule that Would Require 80 Percent of Payment to Go Toward Home Care Worker Compensation

On May 2, 2023, legislators approved the $229 billion New York State FY 2023-2024 Budget Bill (“the Budget”), which was signed by Governor Hochul on May 3, 2023. Article VII of the Budget touches almost every aspect of the New York healthcare system, including home health, hospitals, laboratories, and reproductive health. It contains wide-ranging provisions that expand access to care, allow clinicians to provide more services, and allocate needed resources to providers. It targets Medicaid in multiple ways, including an extension of the Medicaid Global Cap on system-wide spending growth through FY 2025.[i] Here, we outline some of the key provisions that this Budget contains.

Continue Reading New York Enacts Long Negotiated Budget Bill with Sweeping Implications for Health Care

Below is an excerpt of an article  published in the May 2023 issue of  Health Law Connections, the member magazine of the American Health Law Association. Kate and Conor were assisted on this article by Health Law Group intern Paul Sevigny.

COVID-19 has driven increased telehealth access and technology-based health care services. After grappling with the challenges imposed by the pandemic, health care organizations must now prepare for the upcoming end of the public health emergency (PHE). The COVID-19 national emergency and PHE were declared in early 2020.1 The PHE is scheduled to expire on May 11, 2023. This article highlights key legal and compliance issues affecting the future delivery and reimbursement of telehealth and technology-based services. Read the article.

Below is an excerpt of an article co-authored with Robinson+Cole Labor and Employment Group lawyer Sapna Jain and published in the April/May 2023 issue of the Massachusetts Bar Association’s (MBA) eJournal. Yelena and Sapna will also be presenting an informative MBA webinar on the same topic on May 10, 2023.

Health care staffing continues to be a challenge for hospitals and health care systems across the country that are stretched thin due to staff burnout from COVID-19, lack of sufficiently trained staff, and high employee turnover. Failure to adequately staff for workforce needs within a hospital effectively limits the service lines or volume of services that hospitals can provide and can significantly impact the ability to provide patient care. Cost-effective, long-term solutions that support retention and recruitment of the hospital workforce are sorely needed.  Read the article.

On April 14, 2023, the Attorneys General of 18 different states sent a letter to Health and Human Services (HHS) Secretary Xavier Becerra and Centers for Medicare and Medicaid Services (CMS) Administrator Chiquita Brooks-LaSure in support of a proposed rule that would require the disclosure of certain ownership information regarding Medicare skilled nursing facilities (SNFs) and Medicaid nursing facilities (collectively “Nursing Facilities”), particularly from private equity investors and real estate investment trusts (the “Proposed Rule”).

Continue Reading Eighteen States’ Attorneys General Send Letter to CMS in Support of Proposed Rule Requiring Disclosure of Certain Nursing Home and SNF Ownership Information 

The Office of Inspector General (OIG) recently issued two notable compliance updates, of which health care organizations should take note as the COVID-19 public health emergency ends and regulatory compliance activities ramp up.

Continue Reading OIG Compliance Updates

The Illinois House of Representatives recently voted in favor of passing HB 2222 (“the Bill”), which, if enacted, would amend the Illinois Antitrust Act to add new reporting requirements for certain transactions, including mergers, acquisitions, and contracting affiliations. These heightened requirements would impact healthcare facilities and provider organizations starting on January 1, 2024. The Bill is currently under consideration in the Illinois Senate and would need to be passed by the Illinois Senate and then signed by Illinois Governor J.B. Pritzker in order to be enacted into law.

Continue Reading Pending Illinois Legislation Could Heighten Merger Requirements for Health Care Facilities

On April 12, 2023, the U.S. Department of Health & Human Services (HHS) released a Notice of Proposed Rulemaking (Proposed Rule) that seeks to enhance safeguards of reproductive health care information through changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The proposal is intended to align with President Biden’s Executive Order 14076, which instructed HHS to examine avenues to reinforce protections of HIPAA protected health information (PHI) and patient-provider confidentiality in the wake of the U.S. Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization.

Strengthening the HIPAA Privacy Rule

According to HHS, the Dobbs decision “makes it more likely” that PHI may be disclosed in ways that impair the privacy interests HIPAA “seeks to protect.”  HHS is concerned that these developments increase the potential for improper uses or disclosures of PHI that may “undermine access to and quality of health care generally” in part because “medical mistrust” can create “damaging and chilling effects” on access to essential care, particularly in vulnerable communities. A fundamental principal underlying the Privacy Rule has long been the need to appropriately protect the relationship of trust between patients and providers, while also preserving access to that information for patients. Under the Privacy Rule, this principal is reasonably balanced against the interests of providers and society in allowing appropriate disclosures of PHI, including for treatment or operational purposes. In response to post-Dobbs legislation and policy proposals that in HHS’s view threaten that privacy and trust, and thus threaten that balance, HHS determined that “information about reproductive health care… requires heightened protections” under HIPAA because of its sensitivity.

Accordingly, in the Proposed Rule HHS seeks specifically to restrict the use and disclosure of certain PHI for “non-health care purposes,” and in doing so proposes to establish conditional restrictions on uses and disclosures based on whether the PHI includes reproductive health care information. Similar to the Privacy Rule’s protections of psychotherapy notes, this Proposed Rule seeks to implement safeguards to protect reproductive health care information. However, in recognition that reproductive health care information is embedded within a patient’s medical records and cannot readily be separated (as in the case of psychotherapy notes), HHS proposes a “purpose-based prohibition on certain uses and disclosures” to protect individuals and their PHI.

How would the Proposed Rule change the Privacy Rule regulations?

In the Proposed Rule, HHS proposes a new category of prohibited uses and disclosures that would prohibit:

            “using or disclosing an individual’s PHI for the purpose of conducting a criminal, civil, or administrative investigation into or proceeding against the individual, a health care provider, or other person in connection with seeking, obtaining, providing, or facilitating reproductive health care that:

            (1) is provided outside of the state where the investigation or proceeding is authorized and such health care is lawful in the state in which it is provided;

            (2) is protected, required, or authorized by Federal law, regardless of the state in which such health care is provided; or

            (3) is provided in the state in which the investigation or proceeding is authorized and that is permitted by the law of that state.”

The Proposed Rule further would prohibit “using or disclosing an individual’s PHI for the purpose of identifying an individual, health care provider, or other person for the purpose of initiating such an investigation or proceeding against the individual, a health care provider, or other person in connection with seeking, obtaining, providing, or facilitating reproductive health care that is lawful under the circumstances in which it is provided.”

In order to protect individuals under HIPAA, HHS proposes to newly require entities to obtain an attestation prior to certain uses and disclosures of PHI without the individual’s authorization under the Privacy Rule (at 45 C.F.R. § 164.512), by adding a new regulation to the Privacy Rule (which would be found at 45 C.F.R. § 164.509). This will require certain parties seeking PHI from covered entities (or their business associates) to submit an attestation – limited to the specific use or disclosure – stating that the use or disclosure is not for a prohibited purpose related to reproductive health care, as a condition to use or disclosure without an authorization (i) for health oversight purposes, (ii) for judicial and administrative proceedings, (iii) for law enforcement purposes, or (iv) regarding decedents to coroners or medical examiners.

HHS also proposes certain additional definitions and changes to the regulations deemed necessary to operationalize these changes and implement the Proposed Rule. These include, among other things, a proposal to require covered entities to update their Notices of Privacy Practices (NPPs) to ensure the NPPs address the new proposed safeguards for reproductive health care PHI.

Rules of Applicability and Construction

In the Proposed Rule, HHS incorporates a proposed “Rule of Applicability” that would guide the applicability of the new proposed prohibition related to reproductive health care PHI.  Specifically, the Rule of Applicability states that it applies where one or more of the following exist:

            (1) The relevant criminal, civil, or administrative investigation or proceeding is in connection with any person seeking, obtaining, providing, or facilitating reproductive health care outside of the state where the investigation or proceeding is authorized and where such health care is lawful in the state in which it is provided;

            (2) The relevant criminal, civil, or administrative investigation or proceeding is in connection with any person seeking, obtaining, providing, or facilitating reproductive health care that is protected, required, or authorized by Federal law, regardless of the state in which such health care is provided; or

            (3) The relevant criminal, civil, or administrative investigation or proceeding is in connection with any person seeking, obtaining, providing, or facilitating reproductive health care that is provided in the state in which the investigation or proceeding is authorized and that is permitted by the law of that state.

Second, in recognition of the potential challenge to covered entities and business associates posed by a new “purpose-based” prohibition on uses and disclosures of reproductive health care PHI, and the reality that such information may be embedded throughout patient medical records, in the Proposed Rule HHS proposes a “Rule of Construction” to guide covered entities. This Rule states that only where a proposed use or disclosure that otherwise would be permitted under the Privacy Rule is “primarily for the purpose of investigating or imposing liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care” would the use or disclosure be prohibited. As an example, per HHS the Rule of Construction clarifies that the Proposed Rule “does not inhibit the ability of a covered health care provider to use or disclose [PHI] to defend themselves” in an investigation or litigation related to professional practice.

Comments on the Proposed Rule; Fact Sheet

HHS has issued a Fact Sheet (available here) which describes the Proposed Rule and provides additional information regarding public comment submission.

HHS is accepting public comments on the Proposed Rule through June 16, 2023.  During the 60-day public comment period, the existing Privacy Rule will stay in place.  

*This post was co-authored by Paul Sevigny, legal intern at Robinson+Cole. Paul is not admitted to practice law.