U.S. Department of Health and Human Services

U.S. Senators Angus King (I-ME) and Marco Rubio (R-FL) recently introduced a bill addressing cybersecurity protections and oversight in the healthcare industry. The Strengthening Cybersecurity in Health Care Act, introduced on February 8, 2024, aims to bolster a vulnerable and often-targeted industry against cyberattacks. The proposal follows a number of significant cyberattacks on healthcare organizations in recent years; Senator King noted that approximately 133 million people, or nearly one in three Americans, had their personal information compromised in 2023 alone.

The Department of Health and Human Services (HHS) has announced its plan to end the Federal Public Health Emergency (PHE) for COVID-19 on May 11, 2023. Due to the COVID-19 pandemic, emergency declarations, legislation, and regulatory waivers across government agencies, including the Centers for Medicare & Medicaid Services (CMS), allowed for flexibility in the delivery of care to patients, including the expanded use of telehealth. Originally intended to conserve healthcare resources and prevent unnecessary exposure to COVID-19, the use of virtual care has exploded since the beginning of the pandemic to become an intrinsic, essential part of the healthcare delivery system. Now, at the end of the PHE, we examine the path forward for telehealth and the extent to which providers may continue to offer it to patients.

On September 19, 2020, the U.S. Department of Health and Human Services (HHS) released long-awaited details about upcoming reporting requirements for certain providers that accepted funding of one or more payments exceeding $10,000 from the Provider Relief Fund (PRF). Key aspects of HHS’ new PRF reporting guidance are summarized in today’s legal alert.

On July 10, 2020, the U.S. Department of Health and Human Services (HHS) announced dentists and other dental providers are eligible to apply for relief from the Provider Relief Fund. The Provider Relief Fund General Distribution FAQs outlined the eligibility requirements and payment methodology for calculating distribution amounts. The deadline for applying is July 24, 2020.

On June 12, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), issued guidance confirming HIPAA permits a covered healthcare provider (Provider) to use protected health information (PHI) to identify and contact recovered COVID-19 patients to inform them of how they can donate their blood and plasma.  As background, HIPAA

Under new guidance from the U.S. Department of Health and Human Services (HHS), hospices and other providers who received CARES Act Provider Relief Fund payments can hold off on filing their first quarterly compliance report, slated to be due on July 10, 2020.[1] Instead, HHS states that it will develop its own report and this report itself will contain “all information necessary for recipients of Provider Relief Fund payments to comply with” the quarterly reporting requirements under the Relief Fund Terms and Conditions.

On April 7, 2020, the U.S. District Court for the Western District of Arkansas granted summary judgment in favor of the U.S. Department of Health and Human Services (“DHHS”) in the closely-watched Northport case. In this case, certain nursing facility industry plaintiffs challenged the enforceability of the most recent iteration of the Centers for Medicare & Medicaid Services’ (“CMS”) rule governing the use of pre-dispute arbitration agreements with residents in long-term care (“LTC”) facilities that participate in the Medicare or Medicaid programs. In finding for the government, the Northport court held that the rule was a valid exercise of CMS’s authority under the Administrative Procedures Act (“APA”), was adopted in accordance with federal procedural rules, and does not conflict with the Federal Arbitration Act (“FAA”).

Updated Thursday, April 2, 2020

CMS 1135 waivers allow the U.S. Dep’t of Health and Human Services Secretary to temporarily waive or modify certain Medicare, Medicaid, Children’s Health Insurance Policy (CHIP), and Health Insurance Portability and Accountability Act (HIPAA) requirements to ensure that sufficient health care items and services are available to meet needs during a declared public health emergency.  Individual health care providers and associations may trigger additional waivers through feedback and requests to the Assistant Secretary for Preparedness and Response or CMS Regional Offices.

Updated Thursday, April 2, 2020

CMS 1135 waivers allow the U.S. Dep’t of Health and Human Services Secretary to temporarily waive or modify certain Medicare, Medicaid, Children’s Health Insurance Policy (CHIP), and Health Insurance Portability and Accountability Act (HIPAA) requirements to ensure that sufficient health care items and services are available to meet needs during a declared public health emergency.  Individual health care providers and associations may trigger additional waivers through feedback and requests to the Assistant Secretary for Preparedness and Response or CMS Regional Offices.

On March 24, 2020, the Wisconsin Department of Health Services (DHS) prepared correspondence to the Center for Medicare and Medicaid Services (CMS) seeking waivers of certain Medicaid requirements pursuant to Section 1135 of the Social Security Act (42 U.S.C. § 1320b-5) due to the COVID-19 pandemic. The correspondence to CMS was shared on March 24, 2020 with the Wisconsin Legislature Joint Committee on Finance seeking their approval to submit the Section 1135 Waiver to CMS. The letter to CMS prepared by DHS states that Wisconsin is implementing all the blanket waivers issued by CMS on March 13, 2020 in Medicare, Medicaid and the Children’s Health Insurance Program (CHIP), to the extent applicable.