Stuart M. Gerson, Member of the Firm in the Litigation and Health Care & Life Sciences practices, in the firm’s Washington, DC, and New York offices, was quoted in the Report on Medicare Compliance, in “Danger and Opportunity Are Ahead with Cyber, Stark, Payments; Same Compliance Tools Apply,” by Nina Youngstrom.
Following is an excerpt:
The federal government may be slowed by the shutdown, but it doesn’t foreshadow the pace of compliance and enforcement in 2019. Payment changes, technology advances and new enforcement targets will keep health care organizations moving fast, and there will be no break from the challenges to their claims from Medicare and commercial payers.
New payment rules that took effect Jan. 1 will put reimbursement and compliance pressure on hospitals, including site neutrality, which CMS is expected to push even further this year, compliance officers and attorneys say. Cybersecurity will become more of an enforcement target and focus more on patient harm. False Claims Act (FCA) cases based on the Stark Law may favor the structure of compensation over fair market value. More organizations are expected to revisit their conflicts of interest and conflicts of commitment policies in the wake of the scandal at Memorial Sloan Kettering Cancer Center. And the use of data will drive enforcement and health care innovation, prompting compliance officers to adapt their skill sets accordingly. These and other predictions—on audits, telehealth, export control and more—indicate 2019 will be anything but dull. …
HHS Report Will Focus HIPAA on Safety
Health care will, again, be the main source of FCA recoveries, says former Acting Attorney General Stuart Gerson, an attorney with Epstein, Becker & Green in Washington, D.C. But new roads will be traveled. “The single biggest new enforcement effort will be in the area of cybersecurity preparedness. The OIG is likely to pursue enforcement of the recent HHS guidelines regarding cyber preparedness, and there will be a significant emphasis on pursuing internet of things cases with respect to medical devices,” says Gerson. The HHS’s Dec. 28 guidelines, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, which were developed with industry partners, presents cybersecurity as baked into health care delivery: “To adequately maintain patient safety and protect our sector’s information and data, there must be a culture change and an acceptance of the importance and necessity of cybersecurity as an integrated part of patient care.” The report also identifies the five top cybersecurity risks—phishing (RMC 12/10/18, p. 1); ransomware; loss or theft of equipment or data; insider, accidental or intentional data loss; and attacks against connected medical devices that may affect patient safety—and describes strategies for reducing them. …
DOJ Dismissals, But ‘More Show Than Go’
Health care cases will continue to be the primary source of FCA recoveries. That’s what the qui tam bar, which brings most of the cases, is emphasizing. More whistleblower cases will be dismissed “that the government views as a nuisance or a contradiction to its policies” per the Granston memo, Gerson says. “However, those cases, if left intact, would not produce major recoveries, and so the Granston memo is more show than go.” On Jan. 10, 2018, Michael Granston, director of the civil fraud section in the DOJ civil division, said “the department should consider moving to dismiss where a qui tam complaint is facially lacking in merit” or for other reasons (RMC 2/5/18, p. 4). For example, on Dec. 17, DOJ moved to dismiss 11 cases (RMC 12/24/18, p. 1).