At the close of 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (the Proposed Rule) to amend the Security Rule regulations established for protecting electronic health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The updated
Health Policy
FDA Sued Over Laboratory Developed Tests Final Rule
*This post was authored by Nicole Benevento, law intern at Robinson+Cole. Nicole is not admitted to practice law.
The Food and Drug Administration (FDA) is being sued in two lawsuits after releasing its Final Rule on Laboratory Developed Tests (LDTs). The Final Rule requires laboratories to adhere to the same preapproval and post-marketing requirements of mass-produced…
OIG Audit Scrutinizes Hospital Compliance with Price Transparency Rule
*This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.
In November 2024, the Department of Health and Human Services Office of Inspector General (OIG) published the results of its audit assessing hospital compliance with the federal Hospital Price Transparency Rule (HPT Rule). OIG determined that 37…
CMS Finalizes Standard for Identifying Overpayments and Grace Period for Investigations of Related Overpayments
As part of its 2025 Physician Fee Schedule Final Rule (PFS Rule), the Centers for Medicare & Medicaid Services (CMS) finalized two crucial updates to federal Medicare overpayments regulations (sometimes referred to as the “60-Day Rule”) that (1) align the standard for when an overpayment is identified with the applicable standard under the…
DEA Extends Telehealth Lifeline for Patients
*This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.
On November 15, 2024, the Drug Enforcement Administration (DEA) and the Department of Health & Human Services (HHS) jointly announced an extension of current COVID-era tele-prescribing flexibilities for another year – through December 31, 2025 – via…
Middle District of Florida Judge Finds False Claims Act’s Qui Tam Provision Unconstitutional
*This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.
On September 30, 2024, Judge Kathryn Kimball Mizelle of the U.S. District Court for the Middle District of Florida issued an order in United States ex rel. Clarissa Zafirov v. Florida Medical Associates, LLC, holding that the…
California Governor Vetoes Bill Imposing New Requirements for Private Equity in Healthcare Transactions
On September 28, 2024, California Governor Gavin Newsom vetoed California Assembly Bill 3129 (the Bill). The Bill, if enacted, would have imposed new notice and consent requirements for private equity investors involved in healthcare transactions. Governor Newsom’s veto statement clarifies the Bill’s vetoing, stating that the Office of Health Care Affordability (OHCA) “was created as…
MA and CT Pave the Way for Emergency Contraception Vending Machines
State Law Permitting Dispensation of Emergency Contraception by Vending Machines
Legislation passed in 2022 in Massachusetts and in 2023 in Connecticut removes barriers for college students trying to obtain emergency contraception pills like Plan B One-Step. In light of uncertainty around abortion protections following the Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health…
Forecasting the Integration of AI into Health Care Compliance Programs
This post was co-authored by Josh Yoo, legal intern at Robinson+Cole. Josh is not admitted to practice law.
Health care entities maintain compliance programs in order to comply with the myriad, changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial intelligence (AI) are limited at this time and in the early stages of development, current law and pending legislation offer a forecast of standards that may become applicable to AI. Health care entities may want to begin to monitor the evolving guidance applicable to AI and start to integrate AI standards into their compliance programs in order to manage and minimize this emerging area of legal risk.
Executive Branch: Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence
Following Executive Order 13960 and the Blueprint for an AI Bill of Rights, Executive Order No. 14110 (EO) amplifies the current key principles and directives that will guide federal agency oversight of AI. While still largely aspirational, these principles have already begun to reshape regulatory obligations for health care entities. For example, the Department of Health and Human Services (HHS) has established an AI Task Force to regulate AI in accordance with the EO’s principles by 2025. Health care entities would be well-served to monitor federal priorities and begin to formally integrate AI standards into their corporate compliance plans.
- Confidentiality and Security: Federal scrutiny of the privacy and security of entrusted information extends to AI’s interactions with data as a core obligation. This general principle also manifests in more specific directives throughout the EO. The EO also orders the HHS AI Task Force to incorporate “measures to address AI-enhanced cybersecurity threats in the health and human services sector.”
- Transparency: The principle of transparency refers to an AI user’s ability to understand the technology’s uses, processes, and risks. Health care entities will likely be expected to understand how their AI tools collect, process, and predict data. The EO envisions labelling requirements that will flag AI-generated content for consumers as well.
- Governance: Governance applies to an organization’s control over deployed AI tools. Internal mechanical controls, such as evaluations, policies, and institutions, may ensure continuous control throughout the AI’s life cycle. The EO also emphasizes the importance of human oversight. Responsibility for AI implementation, review, and maintenance can be clearly identified and assigned to appropriate employees and specialists.
- Non-Discrimination: AI must also abide by standards that protect against unlawful discrimination. For example, the HHS AI Task force will be responsible for ensuring that health care entities continuously monitor and mitigate algorithmic processes that could contribute to discriminatory outcomes. It will be important to permit internal and external stakeholders to have access to equitable participation in the development and use of AI.
Continue Reading Forecasting the Integration of AI into Health Care Compliance Programs
HHS Finalizes Updates to “Part 2” Regulations to Align Disclosure Rules with HIPAA and Promote More Coordinated Substance Use Disorder Care
On February 8, 2024, the U.S. Department of Health and Human Services (HHS) issued a final rule (Final Rule) updating federal “Part 2” regulations to more closely align the requirements applicable to substance use disorder (SUD) treatment records with the HIPAA privacy rule, and to make certain other changes. The regulations at 42…