Health Law Advisor

As Cyberattacks targeting the health care sector have continued to intensify over the past year, including ransomware attacks that have resulted in major data breaches impacting health care organizations, the protection of health data has gained the focus of regulators and prompted bipartisan legislative efforts to strengthen cybersecurity requirements in the health care sector.

OIG Report on OCR’s HIPAA Audit Program

Under the Health Information Technology for Economic and Clinical Health Act (HITECH), the HHS Office for Civil Rights (OCR) is required to perform periodic audits of covered entities and business associates (collectively, Regulated Entities) to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules (collectively, “HIPAA Rules”).

Last month, the HHS Office of Inspector General (OIG) released a new report assessing OCR’s HIPAA audit program, raising concerns about the effectiveness of current oversight and the need for enhanced measures to address growing cybersecurity risks in the sector. In its assessment of OCR’s HIPAA audit program, OIG reviewed OCR’s final HIPAA audit reports of Regulated Entities, guidance, and enforcement activities from January 2016 to December 2020.

Our colleague Melissa L. Jampol of Epstein Becker Green has a new post on the Commercial Litigation Update blog that will be interest to our readers: “Opioids, Sober Homes and ‘Telefraud’: An Overview of the DOJ 2020 Healthcare Fraud Takedown.”

The following is an excerpt:

As we have previously reported, opioids have been a large focus of DOJ in the past few years in an attempt to stem the opioid epidemic through increased enforcement and this takedown is a continuation of those efforts. DOJ stated that the charges involved in the opioid-related takedown involved the ...

The Office of Inspector General (“OIG”) for the Department of Health and Human Services recently issued an Advisory Opinion that provides insight into how the agency evaluates arrangements that deal with the integration of technology, medicine, and patient monitoring under the federal Anti-Kickback Statute (“AKS”). In Advisory Opinion No. 19-02, OIG evaluated whether a pharmaceutical manufacturer could temporarily loan a limited-functionality smartphone to financially needy patients enrolled in federal health care programs. OIG concluded that the proposed ...

A dental practice and related dental management company have become the first two entities to make their way on to the newly created “High Risk – Heightened Scrutiny” list from the Office of Inspector General for the United States Department of Health and Human Services (the “OIG”).[1]

ImmediaDent of Indiana, LLC, a professional dental practice (“ImmediaDent”), and Samson Dental Partners, LLC, a dental management company which provides management and administrative services to ImmediaDent and other dental practices in Indiana, Kentucky and Ohio ...

On November 1, 2018, the Office of the Inspector General (“OIG”) for the U.S. Department of Health and Human Services (“HHS”) published an audit report finding that the U.S. Food and Drug Administration’s (“FDA”) policies and procedures were “deficient for addressing medical device cybersecurity compromises.” (A copy of OIG’s complete report is available here and Report in Brief is available here.) Specifically, the OIG found that FDA’s policies and procedures were “insufficient for handling postmarket medical device cybersecurity events” and ...

The U.S. Department of Health and Human Services’ Office of Inspector General (OIG) recently released a report revealing that during OIG’s 2014 and 2015 audits of telehealth claims, more than half of the professional telehealth claims paid by the Medicare program did not have matching originating-site facility claims.

According to the report, Medicare telehealth spending increased from $61,302 in 2001 to $17,601,996 in 2015. Among the 191,118 Medicare paid distant-site telehealth claims (totaling $13,795,384), the OIG randomly sampled 100 of those claims and obtained ...

The Health Care Compliance Association (HCCA) kicked off its 22^nd Annual Compliance Institute on Monday, April 16, 2018. During the opening remarks, Inspector General Daniel Levinson, of the Department of Health and Human Services (HHS) Office of Inspector General Office (OIG), announced the rollout of a new public resource to assist companies in ensuring compliance with Federal health care laws. The Compliance Resource Portal on the OIG’s website features:

• Toolkits
• Advisory opinions
• Provider Compliance Resource and Training
• Voluntary Compliance and Exclusions ...

Our colleagues George B. Breen, Jonah D. Retzinger, and Daniel C. Fundakowski of Epstein Becker Green have published a client alert that will be of interest to our readers: "OIG Issues New Guidance on Its Evaluation Process and Non-Binding Criteria for Section 1128(b)(7) Exclusions."

Following is an excerpt:

On April 18, 2016, the Office of Inspector General ("OIG") of the Department of Health and Human Services issued a revised policy statement applicable to exclusions imposed under Section 1128(b)(7) of the Social Security Act ("Act"), pursuant to which OIG may exclude ...

2016 is poised to be a major year in network adequacy developments across public and private insurance markets.  Changes are ahead in the Medicare and Medicaid managed care programs, the Exchange markets and the state-regulated group and individual markets, including state-run Exchanges.  The developing standards and enforcement will vary significantly across these markets.

Through 2014 and 2015, major news stories discussed concerns over the growing use of narrow provider networks by issuers on the Affordable Care Act's insurance exchanges ("Exchanges").  Others reported on ...

On March 24, 2015, the House of Representatives Energy and Commerce Health Subcommittee^[1] (the "Subcommittee") held a 340B Program hearing with testimony from the Deputy Administrator of Health Resources and Services Administration ("HRSA"), the Director of the Office of Pharmacy Affairs ("OPA") of HRSA,[2] the Director of Health Care of the Government Accountability Office ("GAO"), and Assistant Inspector General of the Office of Evaluation and Inspection of the U.S. Department of Health and Human Services ("HHS") Office of Inspector General ("OIG").

The purpose of the ...