September 2016

In an Advisory Opinion issued on September 23, 2016, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) announced that  it would not impose administrative sanctions against the manufacturer of a vaccine refrigeration system (the “Requestor”) for providing the devices to physicians without charge.  This development comes at a critical time when many are focused on creatively addressing the risks posed by infectious diseases and viruses like Zika. 

On Tuesday, September 20, 2016, CMS published a proposed rule in the Federal Register to bolster the current State Medicaid Fraud Control Units (MFCUs or Units).  MFCUs investigate and prosecute Medicaid fraud, including provider fraud, patient abuse, and neglect in health care facilities. MFCUs operate in 49 States and the District of Columbia. The MFCUs, typically a part of the State Attorney General’s office, use teams of investigators, attorneys, and auditors; are single, identifiable entities; and must be separate and distinct from the State Medicaid agency.  The OIG oversees the MFCUs, annually recertifies each MFCU, assesses each MFCU’s performance and compliance with Federal requirements, and administers a Federal grant award to fund a portion of each MFCU’s costs.

The Federal Trade Commission (“FTC”), in a joint amicus brief with the Department of Justice filed on September 9, 2016, petitioned the Fifth Circuit to dismiss the Texas Medical Board (“TMB”) appeal of the district court ruling holding that TMB regulations restricting the prescribing rights of physicians providing professional services through telemedicine may be challenged under federal anti-trust laws.  The FTC asserted that the appellate court does not have jurisdiction over the issue because there has been no final judgment in the underlying case between Teladoc and the TMB.

Last week, the Ninth Circuit affirmed a physician’s conviction for conspiracy to distribute an adulterated device with intent to defraud or mislead in violation of Section 331(k) of the federal Food, Drug and Cosmetic Act (FDCA). The physician – who dubbed his own practice “The McDonald’s of Urology” because of the high volume of patients he treated – reused plastic needle guides meant for single-use to conduct prostate biopsies on his patients over a period of several months.

The Department of Health and Human Services and its Office of Civil Rights (OCR) are capping off a very active 2016. In the last 6 months, the OCR has released a new audit protocol, announced new rounds of HIPAA audits, and stepped up enforcement. The flurry of activity comes after a prolonged period of anticipation in which Covered Entities and Business Associates were working to ensure that their data protection practices comply  with the new set of HIPAA Omnibus rules.  The OCR has made clear that it is not focused merely on large institutions or hospital systems.  In August, the OCR announced that breaches affecting fewer than 500 individuals will be subject to investigation by its regional offices. Thus, even entities with small incidents or small amounts of protected health information (PHI), such as employee health plans, could see a higher rate of enforcement and a higher possibility of major fines if they fail to comply with HIPAA.  Also within the OCR’s sights are Business Associates, as the Omnibus rule empowered the OCR to directly investigate and enforce Business Associates’ compliance with HIPAA’s requirements that the Omnibus rule extended to these entities.