On January 10, 2018, citing costs associated with record increases in the number of qui tam actions filed under the False Claims Act, the Department of Justice issued a memorandum[1] to certain DOJ attorneys, strongly signaling the Department’s intent to liberalize its use of section 3730(c)(2)(A) to seek dismissal of qui tam actions.

In the recently leaked memo, Michael Granston, Director of the Fraud Section of DOJ’s Commercial Litigation Branch, outlines “a general framework for evaluating when to seek dismissal” by identifying seven factors that have supported DOJ’s previous successful dismissal requests and emphasizes that the Department views its dismissal authority as one subject only to “highly deferential” review by the courts. The memo suggests DOJ will seek dismissal of these actions more often, making use of its authority to seek dismissal as “an important tool to advance the government’s interests, preserve limited resources, and avoid adverse precedent.” As further indication that the Department intends to pursue aggressively any available means of dismissal of these cases, the Director also recommends asserting in the alternative other independently available grounds for dismissal or requesting partial dismissal where appropriate, and the memo reminds attorneys that dismissal may occur at any stage of the proceedings, depending on the circumstances. The Director also stresses the importance of communication between the DOJ, the affected agency, and relators as a means of encouraging voluntary dismissal.

With the New Year underway, the deadline is quickly approaching for HIPAA covered entities to file their annual breach reports with the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”).

While breaches involving 500 or more individuals must be reported no later than 60 calendar days from the date of discovery,

As most healthcare providers know, HIPAA requires that covered entities or business associates  conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate.[1] Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis.

On June 12, 2017, the Department of Health and Human Services Office of Inspector General (OIG) published a report with the objective of determining whether the Centers for Medicare & Medicaid Services (CMS) made proper incentive payments to providers for “meaningful use” of a certified electronic health record (EHR).  The report, entitled “Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did not Comply with Federal Requirements,” estimates that CMS improperly paid $729 million in EHR incentive payments to providers who did not actually comply with the requirements of meaningful use.

The Department of Justice (DOJ) recently announced a $155 million settlement agreement with an electronic health records (EHR) vendor, eClinicalWorks (ECW), to settle False Claims Act allegations against the company initially brought by a whistleblower/qui tam relator.  The whistleblower was a software technician for the City of New York City who was implementing ECW software in a prison healthcare system.  The DOJ subsequently intervened and filed suit.  The May 31, 2017 announcement is the first of its kind, holding an EHR vendor accountable for claims made about their certifications.

Provider clients of ECW relied on the assertions made by ECW that their EHR software met the criteria of the Office of the National Coordinator of Health Information Technology (ONC) certification program.  Based on ECW’s software and the assertion of EHR certification, providers believed they had achieved “meaningful use” and received incentive payments under the Medicare and Medicaid EHR Incentive Programs. 

Beginning on June 1, 2017, health care providers of services and suppliers must submit all information necessary for the Centers for Medicare and Medicaid Services (“CMS”) to analyze actual or potential violations of the federal physician self-referral law (the “Stark Law”) using approved forms designed to streamline the CMS Voluntary Self-Referral Disclosure Protocol (the “SRDP”).  If you are currently working on a self-disclosure filing for CMS, you must convert that disclosure to this new format or risk CMS rejecting the disclosure in its entirety. The new forms, contained within Form CMS-10328 available here, must be used for all voluntary Stark Law self-disclosures submitted on or after June 1, 2017, except disclosures by physician-owned hospitals and rural providers regarding a failure to disclose physician ownership on the provider’s website or in any public advertisement.[1]

On Feb. 12, the Department of Health and Human Services’ (“HHS”) Centers for Medicare & Medicaid Services (“CMS”) published its final rule regarding reporting and returning Medicare overpayments. This final rule comes nearly four years after its proposed rule regarding the reporting and return of Medicare overpayments that left the provider community nervous and uncertain about when an overpayment would be considered “overdue” under CMS’s vague 60-day standard.

Recent remarks made by the Centers for Medicare & Medicaid Services (“CMS”) Acting Administrator Andy Slavitt at a healthcare conference indicated that CMS will be ending the “meaningful use” electronic health record (“EHR”) Incentive Program in 2016, five years ahead of its original final end date of 2021. Acting Administrator Slavitt did not elaborate on the specifics of what will replace meaningful use, but stated it would likely be tied to the implementation of the Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”) and would include various streamlined quality reporting programs. MACRA emphasizes a new Merit-Based Incident Payment System and alternative payment models, and according to Acting Administrator Slavitt, this new law warrants a new streamlined regulatory approach to EHR as well.

The Centers for Medicare & Medicaid Services (“CMS”) issued its Final Rule on Nov. 16 for the Comprehensive Care for Joint Replacement (“CJR”) model, which mandates that CMS pay providers a bundled payment per episode of care for a Medicare beneficiary undergoing a hip or knee replacement, also referred to as lower extremity joint replacement or LEJR. This marks the first mandated episode-based bundled payment by CMS; all other episode-based bundled payments programs (e.g., Bundled Payment for Care Improvement, or BPCI, initiatives) are voluntary with regard to provider participation. The CJR model will require hospitals in 67 markets to participate in the program initially. A list of the participant hospitals in the selected markets is available here.