U.S. Supreme Court Clarifies Scope of False Claims Act Statutes of Limitations

In a unanimous decision issued on May 13, 2019, the U.S. Supreme Court sought to resolve lingering confusion over the statute of limitations under the False Claims Act (FCA) for qui tam suits in which the federal government declines to intervene. In Cochise Consultancy, Inc. v. United States Ex Rel. Hunt, the Court held that a relator’s claim may be brought within 3 years after the government was made aware of underlying material claims, even where the government did not intervene in the case, because 10 years had not passed since the actions giving rise to such claims occurred, applying the periods in 31 U.S.C. § 3731(b)(2) to the case. Cochise addresses confusion over applicability of 31 U.S.C. § 3731(b), which contains two separate limitations periods (along with a repose period) that can apply to an FCA suit. Under that law, an FCA action may be brought (1) 6 years from the date of the violation, or (2) 3 years from the date the U.S. official responsible for acting knew or should have known of the violation, but no later than 10 years from the date the violation occurred.

The FCA makes it unlawful for individuals or entities to knowingly submit or cause to be submitted false claims for government payment. FCA suits may be brought by the government, or by private citizens in qui tam actions in the name of the United States. In qui tam actions the relator must serve the complaint on the government, and the government then has an opportunity to intervene in the suit.

Continue Reading

CMS Amends Regulations to Lower Drug Prices and Reduce Out-Of-Pocket Expenses in Medicare Advantage and Part D Prescription Drug Benefit Program

The Centers for Medicare and Medicaid Services (CMS) announced a final rule, to be published on May 23, 2019, amending the Medicare Advantage program (Part C) and Prescription Drug Benefit program (Part D) regulations. According to CMS, the purpose of the rule is to lower drug prices and reduce out-of-pocket expenses in the Medicare Advantage and Part D drug programs.

The major provisions are:

  1. Protected classes. The final rule contains an exception to the requirement that Part D sponsors include all Part D drugs in these protected classes on their formularies: (1) antidepressants; (2) antipsychotics; (3) anticonvulsants; (4) immunosuppressants for treatment of transplant rejection; (5) antiretrovirals; and (6) antineoplastics. The exception permits the use of prior authorization and step therapy for new starts (i.e., enrollees initiating therapy) — including confirming the use is for a protected-class indication.  This applies to all protected classes except antiretroviral medications. According to CMS, the exception permits indication-based formulary design and utilization management for new starts in the applicable classes, and Part D sponsors can exclude a protected-class drug that is being used for non-protected class indications.
  2. E-Prescribing and the Part D Prescription Drug Program. The final rule updates Part D E-Prescribing standards to require Part D sponsors to implement an electronic real-time benefit tool (RTBT) capable of integrating with at least one prescriber’s electronic prescribing (eRx) system or electronic health record (EHR), in order to provide prescribers complete, accurate, timely and clinically appropriate patient-specific real-time formulary and benefit (F&B) information (including cost, formulary alternatives and utilization management requirements). This must be in place by January 1, 2021, but CMS is encouraging plans to start implementation now.
  3. Medicare Advantage and Step Therapy for Part B Drugs. The final rule provides requirements under which Medicare Advantage plans may apply step therapy as a utilization management tool for Part B drugs.  CMS notes that utilization management tools such as step therapy enhances the ability of Medicare Advantage plans to negotiate drug costs and can also benefit taxpayers and Medicare Advantage enrollees through lower per unit costs or less overall cost for Part B drugs, while maintaining access to medically-necessary covered drugs. The rule adopts new adjudication timeframe requirements for organization determinations and plan reconsiderations related to requests for Part B drugs.

Seeking to Incentivize Self-Disclosures, DOJ Issues Guidance on Credit for Cooperation with FCA Investigations

On May 7, 2019, the U.S. Department of Justice (DOJ) provided important new guidance addressing cooperation credit that may be available to defendants in False Claims Act (FCA) investigations (Guidance).  The Guidance – issued in the form of an update to DOJ’s Justice Manual – explains how defendants in an FCA investigation may be awarded credit by DOJ for certain disclosures, cooperation, and remedial activities.

The Guidance is intended to incentivize companies and individuals to (i) be forthcoming with the government upon discovery of potential FCA violations, (ii) aid ongoing FCA investigations, and (iii) undertake appropriate remedial actions in response to misconduct. The Guidance provides examples of actions that FCA defendants may be able to take to reduce potential penalties under the FCA. As discussed below, DOJ’s examples appear to re-emphasize DOJ’s focus on individual accountability for corporate wrongdoing. Continue Reading

CMS Final Rule on Drug Pricing Transparency in Consumer Television Ads

On May 10, 2019, the Centers for Medicare and Medicaid Services published a Final Rule on drug pricing transparency in consumer advertisements. The new rule requires direct-to-consumer (DTC) television advertisements to include the list price of prescription drugs and biological products distributed in the US that are reimbursable by Medicare or Medicaid, whether directly or indirectly.

Continue Reading

Massachusetts Reaches $10 Million in Settlements Tied to Medicaid Billing for Home Health Services

On April 30, 2019, the Office of the Attorney General of Massachusetts (AG) announced that it had entered into two settlements totaling over $10 million with home health care companies to resolve allegations of submission of false claims to MassHealth – the Commonwealth’s Medicaid program. The AG entered into an $8.3 million settlement with Avenue Homecare Services of Dracut, and a $2.13 million settlement with Amigos Homecare of Lawrence, to resolve allegations that they billed MassHealth for unauthorized home health services. Continue Reading

HHS Exercises Discretion to Reduce Maximum Annual Civil Money Penalties for Certain HIPAA Violations

On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. In the Notice, HHS announces that it has revisited its prior interpretation of the standards for assessment of CMPs under the HITECH Act, and is exercising its discretion to reduce the maximum amount of CMPs that may be assessed annually for HIPAA violations based on culpability.

The official version of the Notice is dated April 30, 2019 and is available here. Continue Reading

OCR Issues Five New HIPAA FAQs on Health Information Apps

On April 18, 2019, the Department of Health & Human Services Office for Civil Rights (OCR) issued five new FAQs addressing the applicability of HIPAA to the use of software applications (apps) by individuals to receive health information from their providers.

The new FAQs are available here under the Header “Access Right, Apps and APIs.”

In the FAQs, OCR:

  • Emphasizes that an individual’s right to access her/his protected health information (“PHI” or “ePHI”) under HIPAA generally obligates a covered entity to send PHI to a designated app, even if the covered entity is concerned about the app’s security or how the app will subsequently use or disclose the PHI;
  • Explains that a covered entity would not be liable under HIPAA for an app’s subsequent use or disclosure of PHI sent to the app at the direction of an individual, unless the app was “developed for, or provided by or on behalf of the covered entity – and, thus, creates, receives, maintains, or transmits ePHI on behalf of the covered entity”; and
  • Notes that a covered entity that transmits ePHI to an app via an unsecure manner or channel – at an individual’s direction – would not be responsible for unauthorized access during such transmission, but such an entity may want to counsel the individual regarding the security risks involved in such a transmission.

The FAQs also address potential liability of a covered entity’s EHR system developer under HIPAA following transmission of ePHI to an app on behalf of the covered entity. OCR similarly counsels that liability could attach under HIPAA where the EHR system developer owns the app or has a business associate relationship with the app developer, and makes the app available to, through or on behalf of the covered entity. OCR also notes that “an app’s facilitation of access” to an individual’s ePHI does not in itself create a business associate relationship between the app and a covered entity or EHR system developer.

Ultimately, the new FAQs provide important guidance for covered entities, EHR developers and app developers on the intersection of new forms of technology – such as wearables and health tracking apps – with HIPAA and health care providers. The FAQs also provide a reminder regarding the limits on the applicability of HIPAA, and reiterate the importance of HIPAA’s right to access for individuals.

CMS Announces New Direct Contracting Care Models

On April 22, 2019, the Centers for Medicare and Medicaid Services (CMS) announced two new voluntary risk-sharing payment models—Professional Population-Based Payment (PBP) and Global PBP. Under the Professional PBP model, CMS will pay participating organizations (referred to as Direct Contracting Entities or DCEs) a monthly, risk-adjusted primary care capitation payment, as well as 50 percent of shared savings/losses for enhanced primary care services. The Global PBP model, which is aimed at larger organizations, offers a higher level of risk and reward. DCEs participating in the Global PBP will receive/be responsible for 100 percent of shared savings/losses and will have two capitation payment options. The first option is the same primary care capitation payment as in the Professional PBP model, and the second option is a total care capitation payment for all services provided by the DCE and preferred providers with whom the DCE has an agreement. Under either model, DCEs may offer patients certain “benefit enhancements” for the purpose of promoting accessibility to innovative and affordable care. Continue Reading

Texas Health System MD Anderson Seeks 5th Circuit Review of HHS Determination that HIPAA Required Encryption of its ePHI

On April 8, 2019, The University of Texas MD Anderson Cancer Center (MDA) filed a petition with the U.S. Court of Appeals for the Fifth Circuit seeking review of a decision by the Department of Health & Human Services’s (HHS) Departmental Appeals Board (DAB) Appellate Division to uphold $4.35 million in civil money penalties (CMPs) assessed against MDA by HHS for alleged violations of HIPAA’s Security and Privacy Rules.

The DAB’s decision, issued on February 8, 2019, affirmed a 2018 decision by an Administrative Law Judge that sustained CMPs issued against MDA arising from three HIPAA breaches in 2011 and 2012 (see our previous analysis of the ALJ’s decision here). Continue Reading

OIG Approves of Free In-Home Follow-Up Care Program Targeting High Risk CHF and COPD Patients in Advisory Opinion

On March 6, 2019, the U.S. Department of Health & Human Services Office of Inspector General (OIG) issued a favorable advisory opinion that allows a nonprofit medical center (“Center”) to offer free, in-home follow-up care after a recent hospital admission for qualifying patients (the “In-Home Program”). In Advisory Opinion No. 19-03, the OIG concluded that although services furnished to qualifying patients under the In-Home Program would constitute remuneration to patients under the Anti-Kickback Statute (AKS) and the Civil Monetary Penalties law (CMP), the OIG would not impose sanctions on the Provider due to the low-risk nature of the In-Home Program.

The Provider furnishes a range of inpatient and outpatient hospital-based services, and currently offers in-home care to qualifying high-risk patients suffering from congestive heart failure (CHF) who (i) are currently admitted as inpatients of the Provider or (ii) were admitted within the previous 30 days and are being treated by the Provider’s outpatient cardiology department (“Current Arrangement”). Under the Current Arrangement, a clinical nurse leader must determine that the patient is a high risk for inpatient readmission using an industry-standard risk assessment tool, the patient must be willing to enroll in the program after consultation with the clinical nurse leader, the patient must seek follow-up care at the Provider’s CHF center, and the patient must live in the Provider’s service area. Continue Reading

LexBlog