The recent increase in use of telehealth as a care modality has been important to patients and providers alike, with significant benefits for public health. However, with the growing mainstream acceptance of virtual care, the US Department of Health and Human Services Office of Inspector General (OIG), the Department of Justice (DOJ), and other federal regulators have likewise increased fraud enforcement in this area, including through the issuance of OIG’s recent Special Fraud Alert (SFA).
Health Law Scan
Legal Insights and Perspectives for the Healthcare Industry
The federal COVID-19 public health emergency’s (PHE) current expiration date is just one week away—July 14, 2022. While no official extension has been issued by the Biden-Harris administration yet, it is increasingly likely that the PHE will be extended for at least another 90 days. Previously, the federal government had pledged to states that it would announce an end to the PHE at least 60 days before its expiration. That 60-day time frame ended on May 16 with no indication from the US Department of Health and Human Services (HHS) that it was anticipating the end of the PHE.
Federal antitrust enforcers at the US Department of Justice (DOJ) and Federal Trade Commission (FTC) continue to take an aggressive stance in healthcare. Two recent developments underscore the trend.
Fraud stemming from the COVID-19 pandemic continues to be a criminal enforcement priority for the US Department of Justice (DOJ). On April 20, DOJ announced a new round of criminal charges against 21 defendants that stem from over $149 million in allegedly fraudulent billing to federal healthcare programs and pandemic assistance programs. The new cases raise DOJ’s total COVID-19-related enforcement stats to 35 defendants and over $290 million in fraudulent billing across 16 federal districts.
Perhaps signaling the increasing likelihood of a permanent telehealth solution for the Medicare program, the Office of Inspector General for the US Department of Health and Human Services (OIG) has established a “Featured Topics” resource page on its website dedicated to telehealth and OIG’s work in evaluating telehealth policies. This telehealth resource page serves as a compendium for all the reports OIG has completed or plans to undertake related to telehealth and virtual care technologies, including several audits and evaluations currently on OIG's 2022 work plan. In addition, the resource page provides a helpful overview of the manner in which telehealth fits into the larger Medicare regulatory framework.
Last month, we had an engaging Fast Break session covering the growing importance of risk adjustment in various health insurance programs and novel government theories of liability associated with risk adjustment reporting. Morgan Lewis associates Tesch Leigh West and Michelle M. Arra described the fundamental processes regarding risk adjustment and highlighted recent audit and enforcement trends in this area.
A federal judge in Texas held on February 23 that the federal government’s interim final rule implementing the independent dispute resolution (IDR) process established by the No Surprises Act conflicted with the plain language of the statute and that the agencies improperly bypassed notice and comment rulemaking when promulgating the rule.
On February 9, 2022, US Senators Bill Cassidy, M.D. (R-LA) and Tammy Baldwin (D-WI) introduced bipartisan legislation designed to modernize health privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and account for emerging healthcare technologies not addressed by existing law.
As its name suggests, the No Surprises Act establishes patient protection against most surprise medical bills from out-of-network, emergency service, and air ambulance providers. Two of the major provisions affecting providers—the good-faith estimate and balance billing requirements—became effective as of January 1, 2022.
The new Civil Cyber-Fraud Initiative of the US Department of Justice’s use of the punitive False Claims Act (FCA) and its whistleblower provisions has some important legal and risk management considerations for the health industry. Because enforcement will initially occur largely through civil investigations applying the FCA in the broadest possible way, healthcare organizations should undertake a priority assessment of their cybersecurity status to ensure that their practices can withstand hacks, whistleblowers, and government scrutiny.