Health Law Advisor

On September 30, 2021, the federal Departments of Treasury, Labor, and Health and Human Services issued “Requirements Related to Surprise Billing; Part II,” the second in a series of interim final regulations (the “Second NSA Rules”) implementing the No Surprises Act (“NSA”). This new federal law became effective for services on or after January 1, 2022.

As explained in greater detail by our colleague Stuart M. Gerson, the Supreme Court of the United States handed down two major, and quickly decided, rulings on January 13, 2022. After hearing oral arguments only six days earlier, the Court issued two unsigned decisions per curiam. A 5-4 decision in Biden v. Missouri dissolved a preliminary injunction against enforcement of an interim final rule (“Rule”) promulgated by the Centers for Medicare & Medicaid Services (CMS), requiring recipients of federal Medicare and Medicaid funding to ensure that their employees are vaccinated against COVID-19.

In this episode of the Diagnosing Health Care Podcast:  The Biden administration has released a series of rules and guidance to implement the No Surprises Act, which went into effect on January 1. All providers and facilities must now provide a good faith estimate to uninsured and self-pay patients scheduling appointments for services or upon request.

Throughout 2021, we closely monitored the latest privacy laws and a surge of privacy, cybersecurity, and data asset management risks that affect organizations, small and large. As these laws continue to evolve, it is important for companies to be aware and compliant. We will continue to monitor these trends for 2022.

The attorneys of the Privacy, Cybersecurity & Data Asset Management group have written on a wide range of notable developments and trends that affect employers and health care providers. In case you missed any, we have assembled a recap of our top 10 blog posts of 2021, with links to each, below:

On January 11, 2022, the Centers for Medicare and Medicaid Services (“CMS”) published an anticipated proposed National Coverage Determination (“NCD”) decision memorandum that begins the process of determining whether the Medicare program will cover FDA-approved monoclonal antibodies directed against amyloid for the treatment of Alzheimer’s Disease. (https://www.cms.gov/medicare-coverage-database/view/ncacal-decision-memo.aspx?proposed=Y&NCAId=305).

The proposed decision, which is subject to public comments that are due to CMS by February 10, 2022, does not endorse nationwide Medicare coverage for these drugs. Instead, CMS chose an alternate pathway known as Coverage with Evidence Development (“CED”).  If the proposal is adopted by CMS, it would set in motion a detailed regulatory process that includes temporary Medicare coverage for the drug but only for certain Medicare beneficiaries who are enrolled in an additional clinical trial intended to test whether these drugs will have a significant benefit for Medicare beneficiaries.  CMS expects to issue a decision by April 11, 2022 to approve or reject the CED process after reviewing comments from interested parties.

It is common for FDA and others to show a map of the United States with the states color-coded by intensity to showcase the total number of inspections done in that state.  Indeed, FDA includes such a map in its newly released dashboard for FDA inspections.  In reviewing that map with the U.S. map color-coded to reflect where medical device establishments are located, do you notice anything?  Not to destroy the suspense for you, but it turns out that FDA tends to inspect where medical device inspection facilities are located.  Really.

We wanted to get beneath those numbers in two ways.  First, it’s much more informative to look at the data at a county level because there’s actually quite a bit of variation county by county.  Second, and more importantly, we wanted to normalize the inspection data by the number of facilities.  In other words, by looking at inspections per facility, we can get a better sense of the inspection frequency in each county.

Reversing its prior position, CMS announced on December 28, 2021, that it would begin enforcement of the COVID-19 vaccine requirement, established by the interim final rule, published November 05, 2021, in 25 states and the District of Columbia[1] in a phased approach beginning January 27, 2022. With the announcement CMS issued guidance for surveyors regarding enforcement in S&C Memo QSO 22-07-ALL (“Memo”), describing how CMS will enforce the rule and how facilities that are non-compliant may avoid enforcement action if meeting certain threshold criteria during periods up to 90 days after issuance of the Memo as follows:

On the evening of Wednesday, December 22, 2021, the Supreme Court of the United States announced that it will hold a special session on January 7, 2022, to hear oral argument in cases concerning whether two Biden administration vaccine mandates should be stayed. One is an interim final rule promulgated by the Centers for Medicare and Medicaid Services (“CMS”); the other is an Emergency Temporary Standard (“ETS”) issued by the U.S. Department of Labor’s Occupational Safety and Health Administration (“OSHA”). The CMS interim final rule, presently stayed in 24 states, would require COVID-19 vaccination for staff employed at Medicare and Medicaid certified providers and suppliers. The OSHA ETS, which requires businesses with 100 or more employees to ensure that workers are vaccinated against the coronavirus or otherwise to undergo weekly COVID-19 testing, was allowed to take effect when a divided panel of the United States Court of Appeals for the Sixth Circuit, to which the consolidated challenges had been assigned by the Judicial Panel on Multidistrict Litigation issued a ruling, on December 17, 2021, lifting a stay that had been previously entered by the Fifth Circuit. Multiple private sector litigants and states immediately challenged the decision.

Recent data thefts and systems intrusions, particularly with respect to ransomware, have assured that cybersecurity is top of mind for corporate executives and compliance officials. We at EBG have tried to keep you up to date with respect to legislative, regulatory and litigation developments and recommended best practices and procedures.

As we close out the year, we all should remain mindful that cyber criminals, especially those who are supported or protected by foreign adversaries, have little incentive to rest up during the holidays.

As we previously reported, the Centers for Medicare & Medicaid Services' (CMS's) interim final rule (the “Rule”) requiring full COVID-19 vaccination for staff and others at Medicare- and Medicaid-certified providers and suppliers (i.e., the “vaccine mandate”) was effectively stayed nationwide on November 30, 2021, by the U.S. District Court for the Western District of Louisiana (the “Louisiana Court”).  In yet another twist to the ongoing legal battles, the U.S. Court of Appeals for the Fifth Circuit lifted the nationwide stay and held that the Louisiana Court only had authority to block the vaccine mandate in the fourteen plaintiff states that brought suit in that court. Those states are Alabama, Arizona, Georgia, Idaho, Indiana, Kentucky, Louisiana, Mississippi, Montana, Ohio, Oklahoma, South Carolina, Utah, and West Virginia.

Due to the litigation in the Eastern District of Missouri, as reported here, enforcement of the vaccine mandate is also blocked in ten other states:  Alaska, Arkansas, Kansas, Iowa, Missouri, Nebraska, New Hampshire, North Dakota, South Dakota and Wyoming.  In total, the vaccine mandate under the Rule is now stayed in twenty-four states, but is now in effect in the remaining twenty-six states.