The Department of Justice (DOJ) announced this week that it recovered a record $5.69 billion in civil False Claims Act (FCA) settlements during fiscal year 2014. This recovery included $2.3 billion for FCA cases involving federal health care programs, such as Medicare, Medicaid and TRICARE. Some of the significant health care fraud recoveries included $1.1 billion for Johnson & Johnson’s civil FCA settlement ($2.2 billion total) in November 2013 and $116 million for Omnicare’s civil FCA settlement ($124 million total) in June 2014, as well as cases involving hospitals, home health service providers, and medical device companies. This was the 5th consecutive year that the DOJ recovered more than $2 billion in health care fraud cases due, in part, to the HEAT program.
Additionally, the DOJ disclosed that of the $5.69 billion recovered, nearly $3 billion related to lawsuits filed under the FCA’s qui tam whistleblower provisions. Whistleblowers received $435 million in payouts in the last fiscal year. There also are over 700 qui tam cases pending for the second consecutive year.
The Centers for Medicare and Medicaid Services (CMS) held a webinar today to address the process for correcting and resubmitting records that were removed from the Open Payments system in August 2014 by CMS due to data integrity issues. CMS started the webinar by stating that of the 4.4 million records disclosed to the public on September 30, 2014, 1.7 million records ($2.2 billion) were “deidentified” due to these data integrity issues. CMS also disclosed that another 199,000 records ($1.1 billion) were not published because (i) the payments were under dispute at the time of publication; (ii) applicable manufacturers had requested delayed publication of the research payment; (iii) the payment was a research payment related to a non-covered recipient; or (iv) records that were submitted or attested to on July 7th, the last day of data submission and attestation, were excluded due to a technical issue by CMS when it pulled the data for publication.
The Connecticut Supreme Court held that the federal Health Insurance Portability and Accountability Act (HIPAA) does not bar individuals from bringing negligence and emotional distress claims under state common law for breach of confidentiality against medical providers who unlawfully exposed their protected health information (PHI). In an opinion released this week, which will be officially released November 11th, the court recognized that HIPAA does not provide a private right of action for the disclosure of PHI. However, the court stated that the availability of a private right of action under state law does not “preclude, conflict with, or complicate health care providers’ compliance with HIPAA.” The court went on to say that state law claims support HIPAA’s goals by providing a “disincentive to wrongfully disclose” PHI.
The court stated that to the extent that adherence to HIPAA has become common practice for health care providers, HIPAA may be used to inform the standard of care related to negligence claims. Connecticut follows a series of other states in holding that plaintiffs may bring claims for unlawful disclosures of medical records under state common laws.
On October 21-22 the U.S. Food and Drug Administration (FDA), in collaboration with the U.S. Departments of Health and Human Services and Homeland Security, conducted a public workshop entitled “Collaborative Approaches for Medical Device and Healthcare Cybersecurity.” The FDA held this public workshop in order to bring together stakeholders in the field to obtain information on medical device cybersecurity. Cyber vulnerabilities can result in unauthorized access to patient information; device malfunction; disruption of health care; or compromised health record data integrity.
Interested parties can register for an upcoming webinar hosted by the Centers for Medicare & Medicaid Services (CMS) related to the data that was excluded from public disclosure in August 2014 due to data errors. The webinar is scheduled for Thursday, November 13th from 1-3 PM Eastern. As of late last week, applicable manufacturers and group purchasing organizations (GPOs) can log into the Open Payments system to download a Removed Records Report to see which reported items were excluded from reporting and the reason for such exclusion. Applicable manufacturers and GPOs have until the end of the 2014 data submission and attestation period to address these items so that they may be subject to the covered recipient review and dispute process and made public during the next data release cycle, projected for June 30, 2015. In addition to the webinar, CMS also released a quick reference guide and a downloadable Validated Physician List (via the CMS Enterprise Portal) in an effort to avoid further reporting inconsistencies.
Late last week, the Centers for Medicare and Medicaid Services (CMS) issued the 2015 physician payment fee schedule, which includes changes to the Final Rule implementing the federal Sunshine law. Most significantly, CMS announced that it had exempted payments to speakers at all continuing medical education (CME) events under §403.904(i)(1) if the applicable manufacturer “provides funding to a continuing education provider, but does not either select or pay the covered recipient speaker directly, or provide the continuing education provider with a distinct, identifiable set of covered recipients to be considered as speakers for the continuing education program.” According to CMS, this change “will create a more consistent reporting requirement, and will also be more consistent for consumers who will ultimately have access to the reported data.” However, grants influenced by a company, and speakers paid directly by an applicable manufacturer, will continue to be subject to reporting.
On Friday October 31, 2014, the U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) released its annual “Work Plan” for fiscal year 2015. The Work Plan is a compilation of the OIG’s plans for new and ongoing reviews and activities (including audits, evaluations, and certain legal and investigative initiatives) with respect to HHS programs and operations, for 2015 (and beyond). The OIG summarized its FY2015 plans as follows:
“In FY 2015 and beyond, we will continue to focus on emerging payment, eligibility, management, and IT systems security vulnerabilities in health care reform programs, such as the health insurance marketplaces. OIG plans to add to its portfolio of work on care quality and access in Medicare and Medicaid, as well as on public health and human services programs. OIG’s examination of the appropriateness of Medicare and Medicaid payments will continue, with possible additional work on the efficiency and effectiveness of payment policies and practices in inpatient and outpatient settings, for prescription drugs, and in managed care. Other areas under consideration for new work include, for example, the integrity of the food, drug, and medical device supply chains; the security of electronic data; the use and exchange of health information technology; and emergency preparedness and response efforts.”
Filed under 340B, Corporate Compliance, DHHS OIG, FDA, Fraud and Abuse, Government Enforcement, Government Pricing, Health Care, Health Reform, Medicaid, Medicare, OIG Guidance, Part D, The Affordable Care Act