Stuart M. Gerson, Member of the Firm in the Litigation and Health Care & Life Sciences practices, in the firm’s Washington, DC, and New York offices, was quoted in the Report on Medicare Compliance, in “Danger and Opportunity Are Ahead with Cyber, Stark, Payments; Same Compliance Tools Apply,” by Nina Youngstrom.

Following is an excerpt:

The federal government may be slowed by the shutdown, but it doesn’t foreshadow the pace of compliance and enforcement in 2019. Payment changes, technology advances and new enforcement targets will keep health care organizations moving fast, and there will be no break from the challenges to their claims from Medicare and commercial payers.

New payment rules that took effect Jan. 1 will put reimbursement and compliance pressure on hospitals, including site neutrality, which CMS is expected to push even further this year, compliance officers and attorneys say. Cybersecurity will become more of an enforcement target and focus more on patient harm. False Claims Act (FCA) cases based on the Stark Law may favor the structure of compensation over fair market value. More organizations are expected to revisit their conflicts of interest and conflicts of commitment policies in the wake of the scandal at Memorial Sloan Kettering Cancer Center. And the use of data will drive enforcement and health care innovation, prompting compliance officers to adapt their skill sets accordingly. These and other predictions—on audits, telehealth, export control and more—indicate 2019 will be anything but dull. …

HHS Report Will Focus HIPAA on Safety

Health care will, again, be the main source of FCA recoveries, says former Acting Attorney General Stuart Gerson, an attorney with Epstein, Becker & Green in Washington, D.C. But new roads will be traveled. “The single biggest new enforcement effort will be in the area of cybersecurity preparedness. The OIG is likely to pursue enforcement of the recent HHS guidelines regarding cyber preparedness, and there will be a significant emphasis on pursuing internet of things cases with respect to medical devices,” says Gerson. The HHS’s Dec. 28 guidelines, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, which were developed with industry partners, presents cybersecurity as baked into health care delivery: “To adequately maintain patient safety and protect our sector’s information and data, there must be a culture change and an acceptance of the importance and necessity of cybersecurity as an integrated part of patient care.” The report also identifies the five top cybersecurity risks—phishing (RMC 12/10/18, p. 1); ransomware; loss or theft of equipment or data; insider, accidental or intentional data loss; and attacks against connected medical devices that may affect patient safety—and describes strategies for reducing them. …

DOJ Dismissals, But ‘More Show Than Go’

Health care cases will continue to be the primary source of FCA recoveries. That’s what the qui tam bar, which brings most of the cases, is emphasizing. More whistleblower cases will be dismissed “that the government views as a nuisance or a contradiction to its policies” per the Granston memo, Gerson says. “However, those cases, if left intact, would not produce major recoveries, and so the Granston memo is more show than go.” On Jan. 10, 2018, Michael Granston, director of the civil fraud section in the DOJ civil division, said “the department should consider moving to dismiss where a qui tam complaint is facially lacking in merit” or for other reasons (RMC 2/5/18, p. 4). For example, on Dec. 17, DOJ moved to dismiss 11 cases (RMC 12/24/18, p. 1).

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.