The World Health Organization (WHO) recently published “Ethics and Governance of Artificial Intelligence for Health: Guidance on large multi-modal models” (LMMs), which is designed to provide “guidance to assist Member States in mapping the benefits and challenges associated with the use of for health and in developing policies and practices for appropriate development, provision and use. The guidance includes recommendations for governance within companies, by governments, and through international collaboration, aligned with the guiding principles. The principles and recommendations, which account for the unique ways in which humans can use generative AI for health, are the basis of this guidance.”

The guidance focused on one type of generative AI, large multi-modal models (LMMs), “which can accept one or more type of data input and generate diverse outputs that are not limited to the type of data fed into the algorithm.” According to the report, LMMs have “been adopted faster than any consumer application in history.” The report outlines the benefits and risks of LLMs, particularly the risk of using LLMs in the healthcare sector.

The report proposes solutions to address the risks of using LMMs in health care during development, provision, and deployment of LMMs and ethics and governance of LLMs, “what can be done, and by who.”

In the ever-changing world of AI, this is one report that is timely and provides steps and solutions to follow to tackle the risk of using LMMs.

This post is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

Below is an excerpt of an article, co-authored with Antitrust and Trade Regulation Team lawyer Jen Driscoll and Internal Investigations and Corporate Compliance chair Ed Heath, published in the American Health Law Association’s Health Law Weekly newsletter on January 19, 2024.

Mergers and acquisitions in health care markets are viewed with heightened scrutiny by the Federal Trade Commission (FTC) and U.S. Department of Justice, Antitrust Division (Division) (collectively, the Agencies). These transactions may require further investigation to determine whether there will be anticompetitive effects, such as higher prices, in the affected market. As part of these investigations, the Agencies may issue civil investigative demands (CIDs) for documents and statements from third parties that do not have direct involvement in the transaction. The CID process can become a protracted and expensive undertaking if it is not properly managed from the outset by experienced counsel. This article provides an overview of current antitrust scrutiny of health care markets, and then offers guidance on how to effectively respond to CIDs in connection with the antitrust enforcement process. Read the full article.

On December 13, 2023, the Office of the National Coordinator for Health Information Technology (ONC) issued its final rule entitled “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” and known as “HTI-1” (Final Rule). Among other issues addressed in the Final Rule, ONC revised the information blocking rules to add clarity and to create a new information blocking exception. We outline these changes in further detail below. The information blocking provisions of the Final Rule will be effective 30 days after it is published in the Federal Register.

Continue Reading ONC’s HTI-1 Final Rule Updates Information Blocking Regulations

On November 15, 2023, the U.S Department of Justice (DOJ) announced a $45.6 million consent judgment (Settlement) with six skilled nursing facilities (SNFs), as well as the owner of the SNFs and its management company which managed the SNFs, to resolve alleged violations of the False Claims Act (FCA) tied to medical director arrangements violating the Anti-Kickback Statute (AKS). The Settlement is notable for its inclusion of the owner and the management company in addition to the SNFs, which indicates DOJ’s interest in scrutinizing the actions of individuals and management entities in connection with problematic arrangements under federal fraud and abuse laws.

Continue Reading DOJ Settlement Targets Owner and Management Company in Addition to Post-Acute Care Facilities

On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health information of 206,695 individuals.

According to the press release, “this marks the first ransomware agreement OCR has reached.”  The facts underlying the settlement include that Doctors’ Management Services was infected with GandCrab ransomware in April of 2017, but the intrusion was not detected until December of 2018. Doctors’ Management Services filed a breach report in April of 2019.

The OCR says that it found evidence that Doctors’ Management Services failed to implement a risk analyses to detect risks and vulnerabilities to protect health information including insufficient monitoring or its systems to protect against a cyber attack and a failure to implement requirements of HIPAA to protect the data.

In addition to the $100,000 settlement, Doctors’ Management Services is required to implement a corrective action plan.

This post is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

On June 22, 2023, New York State Public Health Law § 2802-b, added a Health Equity Impact Assessment (HEIA) to the Certificate of Need (CON) process for certain health care facilities. The new requirement comes as part of larger legislative changes to the Public Health Laws passed in 2021. The new HEIA requirement applies to any CON applications submitted on or after June 22, 2023, except there is a partial carve out for Diagnostic and Treatment Centers whose patient population is 50 percent or more Medicaid eligible or uninsured. The Department of Health also issued regulations on June 29, 2023 (10 NYCRR 400.26). The purpose of the HEIA is to understand the health equity impact on a specific project, the impact it may have on medically underserved groups and to ensure community input and assessment are considered. The Department of Health has expressed that their vision is “to have health equity considerations meaningfully impact the planning and execution of health care facility projects.” (NYSDOH, Health Equity Impact Assessment, Webinar Series: Program Documents, September 14, 2023.)

Continue Reading New York Implements Health Equity Impact Assessment as New Requirement for Certificate of Need Process

On Wednesday, November 1, the Center for Medicare & Medicaid Services (CMS) released its Home Health Prospective Payment System Rate Update final rule for CY 2024 (the Final Rule). The Rule estimates that the aggregate increase to Medicare home health payments for 2024 will be 0.8 percent, or $140 million. This 0.8 percent increase results from the combined effects of three forecasted rate changes: (1) a 3.0 percent increase to home health payments, (2) a 2.6 percent decrease based on the permanent behavior assumption adjustment, and (3) a 0.4 percent increase resulting from an update to the fixed-dollar loss ratio, which is used to determine outlier payments. The 0.8 percent increase is a departure from the Proposed Rule, which estimated a cut in payments of up to 3 percent.

Continue Reading CMS Announces 0.8 Percent Aggregate Home Health Payment Increase in 2024

On November 1, 2023, the U.S. Department of Health and Human Services (HHS) published a proposed rule titled “21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking” (the Proposed Rule). The Proposed Rule, if finalized, would create disincentives for health care providers that the HHS Office of Inspector General (OIG) determines have committed “information blocking” (as defined at 45 C.F.R. § 171.103).

Continue Reading HHS Proposes Disincentives for Providers that Commit Information Blocking

On September 27, 2023, the Health Resources and Services Administration (HRSA) issued a Notice in the Federal Register applicable to all 340B Program hospitals that formally ends a COVID-era waiver of the long-standing HRSA requirement that off-site, outpatient facilities be (1) listed as reimbursable on the hospital’s Medicare Cost Report (MCR) prior to participating in the 340B Program; and (2) registered and listed in the Office of Pharmacy Affairs Information System (OPAIS) prior to participating in the 340B Program.

Continue Reading HRSA Confirms End of COVID Waiver of Advance Registration Requirement for Provider-Based Clinics

On October 10, 2023, the federal Drug Enforcement Administration (DEA) issued another extension (Second Temporary Rule) of its pandemic-era telehealth flexibilities “in light of the need to further evaluate the best course of action” with respect to the prescribing of controlled substances via telemedicine. DEA is issuing a limited extension in order to give itself more time to finalize new standards governing tele-prescribing of controlled substances.

Continue Reading DEA Further Extends COVID-19 Telemedicine Prescribing Flexibilities through December 31, 2024