Category Archives: Government Enforcement

Enforcement Trend: Patient Assistance Programs

binoculars-clipart-as1859Multiple pharmaceutical companies have disclosed the receipt of subpoenas from various U.S. Attorney’s offices, including Massachusetts and the Southern District of New York, related to the companies’ patient assistance programs. Patient assistance programs also have been the subject of recent Congressional inquiries related generally to the increasing price of certain prescription drugs.

Continue reading

Leave a comment

Filed under Corporate Compliance, Government Enforcement

OIG Issues Final Rule Re: Exclusion Authority

The Final Rule related to the Health and Human Services Office of Inspector General’s (OIG) exclusion authority pursuant to the Social Security Act (the Act), as amended by the Affordable Care Act (ACA) and the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), was released last week. The Proposed Rule was issued previously by the OIG in May 2014. The effective date of the Final Rule is February 13, 2017.

Noteworthy changes made by the Final Rule include the following key items:

Continue reading

Leave a comment

Filed under Fraud and Abuse, Government Enforcement, OIG Guidance

OIG Releases Criteria for Implementing Exclusion Authority

On April 18, 2016, the Health and Human Services Office of Inspector General (OIG) released updated guidance related to the criteria it may use for evaluating its permissive exclusion authority under Section 1128(b)(7) of the Social Security Act. This guidance replaces guidance previously released by the OIG in 1997. All of the OIG’s special advisory bulletins and guidance documents related to its exclusion authority can be found here.

The OIG stated that in determining where a person or entity falls on the “compliance risk spectrum”, thereby determining whether exclusion should be pursued, the OIG will consider the following four risk areas:

Continue reading

Leave a comment

Filed under Compliance, DHHS OIG, Fraud and Abuse, Government Enforcement, OIG Guidance

FDA Issues Draft Guidance on Medical Device Cybersecurity

Recently, the U.S. Food and Drug Administration (FDA) published draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices” (the Guidance) that sets forth ways in which medical device manufacturers should monitor and address cybersecurity risks.  The Guidance is the latest manifestation of a federal agency weighing in on the continually growing concern caused by cybersecurity threats.  Suzanne Schwartz of the FDA’s Center for Devices and Radiological Health commented that the Guidance “will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

Continue reading

Leave a comment

Filed under FDA, FDA Draft Guidance, FDA Enforcement, Government Enforcement, Health Information Privacy, Medical Devices, Privacy and Security, Technology, Uncategorized

University of Washington Medicine Agrees to Settle Alleged HIPAA Breach

Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and implementing a substantial corrective action plan.

Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, Health IT, HIPAA, Privacy and Security

Lahey Hospital Agrees to Settle Alleged HIPAA Breach

Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan. Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, Health IT, HIPAA, Privacy and Security

University of Rochester Medical Center Reaches Agreement to Settle Alleged HIPAA Breach

Last week, the University of Rochester Medical Center (URMC) reached agreement with the New York Office of the Attorney General (NYOAG) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $15,000 and adopting a substantial corrective action plan. Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, HIPAA, Privacy and Security