Health Law Advisor

I recommend against relying on any data I provide in today’s post.  I hope the data are at least somewhat accurate.  But they are not nearly as accurate as they should be, or as they could be, if FDA just released a key bit of information they have been promising to share for years.

One of the ways data scientists can provide insights is by grafting together data from different sources that paint a picture not seen elsewhere.  What I want to do is join the clinical trial data at www.clinicaltrials.gov with the data maintained by FDA of approved drugs, called drugs@FDA.  But I can’t, at least not with much accuracy.

The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged a “Shields Up” defense in depth approach, as Russian use of wiper malware in the Ukrainian war escalates. The Russian malware “HermeticWiper” and “Whispergate” are destructive attacks that corrupt the infected computers’ master boot record rendering the device inoperable. The wipers effectuate a denial of service attack designed to render the device’s data permanently unavailable or destroyed. Although the malware to date appears to be manually targeted at selected Ukrainian systems, the risks now escalate of a spillover effect to Europe and the United States particularly as to: (i) targeted cyber attacks including on critical infrastructure and financial organizations; and (ii) use of a rapidly spreading indiscriminate wiper like the devastating “NotPetya” that quickly moves across trusted networks. Indeed, Talos researchers have found functional similarities between the current malware and “NotPetya” which was attributed to the Russian military to target Ukranian organizations in 2017, but then quickly spread around the world reportedly resulting in over $10 billion dollars in damage.[1] The researchers added that the current wiper has included even further components designed to inflict damage.

Recent decisions from the European Union (EU) have placed renewed focus on the use of common cookies used on ecommerce and other websites used by consumers and employees and transfers of personal data collected through cookies to the United States. The EU Data Protection Authorities (DPAs) found that the use of widely used website technologies (i.e., cookies and java script) to automatically collect identifiers from the users’ devices or through their use of internet protocols (e.g., IP addresses) resulted in the collection of personal data. The DPAs further found that the subsequent transfer of this data to Google servers located in the United States violated EU cross-border data transfer requirements because there were inadequate safeguards under the Schrems II decision invalidating the EU-US Privacy Shield. One notable impact of the decisions is to dismiss the adequacy of encryption technologies where the service provider (such as Google) has access to the cryptographic key and can be compelled to surrender it in order for the data to be decrypted and read by U.S. surveillance authorities. Consideration of the impact of these decisions is critically important for ecommerce and other websites operating in the EU, as well as more generally for organizations that transfer personal data of consumers and employees to the U.S.

On February 23, 2022, in the case captioned Texas Med. Ass'n v. U.S. Dep't of Health & Human Servs., No. 6:21-cv-00425-JDK (E.D. Tex.), the U.S. District Court for the Eastern District of Texas issued the first major judicial decision addressing implementation of the new federal No Surprises Act, which went into effect nationally on January 1, 2022.  The Court’s decision significantly alters the landscape for claims qualifying for the No Surprises Act’s Federal Independent Dispute Resolution Process (IDRP), an arbitration process designed to resolve certain reimbursement disputes between commercial payors and out-of-network health care providers or emergency facilities.

New from the Diagnosing Health Care Podcast:  One of the long-term goals of the interoperability and information-blocking rules is to give health care providers a much more comprehensive view of a patient’s entire continuum of care.

In this episode of the Diagnosing Health Care Podcast:  This term, the Supreme Court of the United States is set to rule in a Medicare reimbursement case that has sparked a fresh look at the historical deference often granted to agencies and whether it should remain, be modified, or even be overruled.

Attorneys Stuart Gerson, Robert Wanerman, and Megan Robertson discuss why Chevron deference matters to health care industry stakeholders and what aspects of deference arguments should be in focus as these cases progress.

The Diagnosing Health Care podcast series examines the ...

During a National Stakeholder Call on January 18, 2022, Ellen Montz—Deputy Administrator and Director of the Center for Consumer Information and Insurance Oversight (CCIIO) at the Centers for Medicare and Medicaid Services (CMS)—announced that CMS had begun publishing state-specific letters (the “Enforcement Letters”) detailing anticipated Federal and state responsibilities with respect to enforcement of the No Surprises Act (NSA) on the CCIIO website. Although CCIIO has yet to publish Enforcement Letters for a minority of states,[1] the Enforcement Letters that have been published provide critical details regarding how the NSA intersects with existing state laws and CMS’s expectations regarding NSA enforcement in each state.

On February 4, 2022, the Centers for Medicare and Medicaid Services (CMS) issued important updated guidance in a memo (QSO-21-08-NLTC) regarding how acute and continuing care facilities—including hospitals, ambulatory surgical centers, end-stage renal disease facilities, home health agencies, and hospices—manage infection control procedures in light of the COVID-19 public health emergency.

On February 1, 2022, the U.S. Department of Justice (DOJ) released its annual False Claims Act (FCA) enforcement statistics for fiscal year (FY) 2021.^[1]

With collections amounting to $5.6 billion, FY 2021 marks DOJ’s largest annual total FCA recovery since FY 2014, and more than twice the $2.3 billion received in FY 2020. FY 2021 was also a record-shattering year for DOJ as it relates to health care fraud enforcement; over $5 billion (90% of the total) was obtained from cases pursued against individuals and entities in the health care and life sciences industries.

The United States Food and Drug Administration (FDA) for many years has been trying to increase the participation of minorities in clinical trials to help ensure that regulated products are tested and labeled in an appropriate cross-section of Americans.  Clinical evidence has shown that there are significant differences among the races that impact the safety and effectiveness we can expect from a particular drug or device, and consequently FDA has concluded testing and labeling to identify those racial differences are important.  The question for today is, how are we doing in achieving racial diversity in clinical trials involving drugs?