Cyberattacks on healthcare organizations are on the rise, with the number of affected individuals nearly tripling between 2022 and 2024, according to data compiled by the Department of Health and Human Services Office for Civil Rights (“OCR”).[1] OCR data also reveals a 239% and 278% increase in hacking incidents and ransomware attacks, respectively, between January 2018 and September 2023.Continue Reading New York Adopts Comprehensive Hospital Cybersecurity Requirements
Department of Health & Human Services
HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule
The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards for the protection of protected health information by covered entities and their business associates. The Proposed Rule’s issuance was expected, especially in light of the growing number of health data breaches and disclosures of large scale foreign cyberattacks.Continue Reading HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule
Over 940,000 Medicare Beneficiaries Impacted by Data Breach
The Centers for Medicare & Medicaid Services (“CMS”) and its contractor, Wisconsin Physicians Service Insurance Corporation (“WPS”), recently notified over 940,000 Medicare beneficiaries of a data breach that has potentially exposed their protected health information (“PHI”) and personally identifiable information (“PII”). CMS reported on the breach portal of the U.S. Department of Health and Human Services (“HHS”) that the total number of impacted people was 3,112,815 individuals.Continue Reading Over 940,000 Medicare Beneficiaries Impacted by Data Breach
No Surprises Here – Providers Win Again in No Surprises Act TMA II Litigation Vacating Independent Dispute Resolution Rule
On August 2, 2024, the United States Fifth Circuit affirmed the rulings in the No Surprises Act litigation brought by the Texas Medical Association and other plaintiffs[1] challenging the August 2022 Final Rule that has been issued by the Departments of Labor, Treasury, and Health and Human Services (the “Departments”) that applied to the Independent Dispute Resolution (“IDR”) process created by the No Surprises Act (the “Act”).[2]Continue Reading No Surprises Here – Providers Win Again in No Surprises Act TMA II Litigation Vacating Independent Dispute Resolution Rule
SCOTUS Punts on EMTALA Preemption Question
On June 27, 2024, the U.S. Supreme Court dismissed Idaho v. United States on procedural grounds and sent the case back to the Ninth Circuit. By doing so, the Supreme Court reinstated the preliminary injunction issued by the district court and temporarily allows abortions to be performed when necessary to preserve the health of the pregnant woman. Mike Moyle, et al., v. United States, No. 23-726, and Idaho v. United States, No. 23-727. However, by failing to rule on the merits of the case and the core question of whether the Emergency Medical Treatment and Labor Act (EMTALA) preempts Idaho law, confusion and uncertainty are likely to continue for healthcare providers and hospitals seeking to provide care for pregnant women.Continue Reading SCOTUS Punts on EMTALA Preemption Question
HIPAA Web Tracking Guidance Vacated
This week, in a significant win for the American Hospital Association plaintiff, the U.S. District Court for the Northern District of Texas issued an opinion vacating the Department of Health and Human Services’ (“HHS”) guidance on the use of online tracking technologies under HIPAA. At the heart of the dispute was the guidance released by HHS in December of 2022 and then updated again in March of 2024 (collectively, the “Guidance”), which suggested that information collected from unauthenticated website visitors could be considered protected health information (“PHI”) under HIPAA. The Guidance was challenged by hospitals and healthcare providers who argued it exceeded HHS’ statutory authority under HIPAA and imposed unreasonable compliance burdens.Continue Reading HIPAA Web Tracking Guidance Vacated
California Attorney General Advocates for Greater Antitrust Enforcement in Private Equity in Healthcare
On June 6, 2024, California Attorney General Rob Bonta announced that he led a multistate coalition of eleven (11) state attorneys general in in submitting a comment letter (the “Comment Letter”) in response to the Federal Trade Commission, the U.S. Department of Justice, and the U.S. Department of Health and Human Services’ (together the “Agencies”) request for information regarding consolidation in healthcare by private equity. On March 5, 2024, the Agencies issued a “Request for Information on Consolidation in Healthcare Markets,” on the same day the Agencies hosted a public workshop regarding the impact of private equity investment in the healthcare system. Continue Reading California Attorney General Advocates for Greater Antitrust Enforcement in Private Equity in Healthcare
EMTALA: In the Spotlight
Almost 40 years after its passing, the Emergency Medical Treatment and Active Labor Act (EMTALA) remains not only a key consideration for hospitals with emergency departments, but also a significant federal enforcement priority. EMTALA requires hospitals with emergency departments that participate in Centers for Medicare and Medicaid Services (CMS) programs to provide medical screening, stabilizing treatment and transfer for patients with emergency medical conditions (EMCs) and women in labor.Continue Reading EMTALA: In the Spotlight
Increased Scrutiny into Agents & Brokers in the Medicare Advantage Space
Most Medicare Advantage (“MA”) beneficiaries rely on agents and brokers to help them navigate the complex process of selecting a health plan that will meet their needs. In exchange, brokers and agents received certain fixed payments set by Medicare, as well as, in some cases, significant additional payments from health plans. Concerned over the potential for abuse, these arrangements have been the subject of Congressional scrutiny and an enforcement priority for both the Department of Justice (“DOJ”) and the Department of Health and Human Services Office of the Inspector General (“HHS OIG”). The Biden Administration and the Centers for Medicare & Medicaid Services (“CMS”) are tackling this issue head-on in a recently published final rule that addresses both marketing tactics and compensation methodologies used by Medicare Advantage organizations (“MAOs”) to pay MA agents or brokers.[1]Continue Reading Increased Scrutiny into Agents & Brokers in the Medicare Advantage Space
Continuity in Coverage: CMS Extends the Unwinding SEP & Issues Final Rule for Medicaid and CHIP Enrollment
On March 28, 2024, the U.S. Department of Health and Human Services (HHS), through the Centers for Medicare & Medicaid Services (CMS), announced that it is extending the temporary special enrollment period (the Unwinding SEP) for prior beneficiaries of Medicaid and Medicaid-expansion Children’s Health Insurance Programs (CHIP) to enroll in the Health Insurance Marketplace (Marketplace). The Unwinding SEP was previously scheduled to terminate on July 31, 2024, but now the end date is extended to November 30, 2024. This 4-month extension will help millions maintain insurance coverage as they navigate their new post-pandemic eligibility statuses.Continue Reading Continuity in Coverage: CMS Extends the Unwinding SEP & Issues Final Rule for Medicaid and CHIP Enrollment
OIG Sparks Public Excitement about Managed Care and Alludes to Incoming Enforcement Guidance
“The American people deserve to know that the insurance companies receiving more than $700B annually in taxpayer funds are working to ensure you receive effective, high-quality care. Remember, you have rights and options to ensure you receive the care you deserve.”Continue Reading OIG Sparks Public Excitement about Managed Care and Alludes to Incoming Enforcement Guidance