Health Law Advisor

The widespread availability of Artificial Intelligence (AI) tools has enabled the growing use of “deepfakes,” whereby the human voice and likeness can be replicated seamlessly such that impersonations are impossible to detect with the naked eye (or ear). These deepfakes pose substantial new risks for commercial organizations. For example, deepfakes can threaten an organization’s brand, impersonate leaders and financial officers, and enable access to networks, communications, and sensitive information.

In 2023, the National Security Agency (NSA), Federal Bureau of Investigations (FBI), and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (the “Joint CSI”) entitled “Contextualizing Deepfake Threats to Organizations,” which outlines the risks to organizations posed by deepfakes and recommends steps that organizations, including national critical infrastructure companies (such as financial services, energy, healthcare and manufacturing organizations), can take to protect themselves. Loosely defining deepfakes as “multimedia that have either been created (fully synthetic) or edited (partially synthetic) using some form of machine/deep learning (artificial intelligence),” the Joint CSI cautioned that the “market is now flooded with free, easily accessible tools” such that “fakes can be produced in a fraction of the time with limited or no technical expertise.” Thus, deepfake perpetrators could be mere amateur mischief makers or savvy, experienced cybercriminals. 

On August 24, 2023, the U.S. District Court for the Eastern District of Texas issued an opinion and order in Texas Medical Association, et al. v. United States Department of Health and Human Services(“HHS”)(“TMA III”). TMA III challenged certain portions of the July 2021 No Surprises Act (“NSA”) interim final rules proposed by the U.S. Departments of Health and Human Services, Labor, and Treasury, along with the Office of Personnel Management (the “Departments”).  In a decision that significantly levels the field for providers, the District Court ruled in part ...

On August 3, 2023, the U.S. Department of Health & Human Services (“HHS”), the Department of Labor, and the Department of Treasury (collectively, the “Departments”) temporarily suspended the federal Independent Dispute Resolution (“IDR”) process immediately following the issuance of a decision by the U.S. District Court for the Eastern District of Texas (the “Court”) that vacated certain regulations and guidance the Departments issued to implement the No Surprises Act (“NSA”).

The Court’s ruling in Texas Medical Association, et al. v. HHS (“TMA IV”)—which addressed claim “batching” and the $350 administrative fee required to initiate the IDR process—represents the Department’s third significant loss in legal challenges against the Departments’ implementation of the NSA’s IDR process that providers, facilities, air ambulance providers, and plans may use to determine the correct payment amounts for certain out-of-network services. On August 11, 2023, the Departments issued a “Frequently Asked Questions” guidance document to detail their intended approach to address the administrative fee. The Departments plan to issue additional updates on the NSA IDR process after further analysis of the TMA IV decision.

On April 14, 2022, the Centers for Medicare & Medicaid Services (CMS) issued new guidance on the Independent Dispute Resolution (IDR) process, created under the No Surprises Act (NSA) to provide a mechanism for payers and providers to resolve disputes as to appropriate payment amounts for certain out-of-network claims. In addition, the Departments of Health and Human Services, Labor and the Treasury launched two online portals– one to host the IDR process for providers and payers and one to host the patient-provider dispute resolution process for self-pay and uninsured patients.

This new guidance replaces earlier instruction from the agency on how the IDR process would operate and what the independent arbitrator was required to consider. The prior guidance was withdrawn after a successful legal challenge to the interim final rule implementing the No Surprises Act provisions on the IDR process, specifically with respect to the weight to be given to the Qualifying Payment Amount (QPA). The QPA is essentially the payer’s median contracted rate for similar services. The QPA is used to calculate patient cost sharing and must be considered by the independent arbitrator in resolving a payment dispute between a payer and an out-of-network provider. Initially, regulators directed arbitrators to use the QPA as a baseline, and when choosing between the parties’ proposed payment offers to choose the amount closest to the QPA unless one of the parties submitted credible information demonstrating that the appropriate payment amount was materially different from QPA.