CMS and ONC Unveil Proposals Transforming Interoperability and Patient Access to Data
The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), on Feb. 11, 2019, released separate but related rules addressing interoperability, information blocking, patient access to data and electronic health record (EHR) certification criteria. The rules propose transformative changes that will have major implications for health IT stakeholders and will have ripple effects that spread far beyond the healthcare technology system. Specifically, if finalized, the rules will have a significant impact on data sharing arrangements among health providers and health IT developers. Comments are due 60 days following publication in the Federal Register. Both rules are scheduled to be published on March 4, 2019.
The regulations draw on the policies advanced in the 21st Century Cures Act. The act contained several new requirements intended to enhance the interoperable exchange of health information among stakeholders; for example, the act urged the implementation of application programming interfaces (APIs) to modernize data exchange and better facilitate patient access to their health information. These proposed requirements will be finalized or modified in an upcoming regulation that CMS expects to release later in 2019.If finalized, the provisions will go into effect on Jan. 1, 2020, for Medicare Advantage (MA) organizations and qualified health plans (QHPs), and on July 1, 2020, for Medicaid and Children's Health Insurance Program (CHIP) organizations. CMS has indicated that they expect other payers, including commercial plans, to align with the proposals included in the rule.
The proposed rules underscore that this is an initial step. More rulemaking advancing interoperability and a draft version of the Trusted Exchange Framework and Common Agreement (TEFCA) will be forthcoming.
CMS Proposed Rule
The CMS Interoperability and Patient Access Proposed Rule, with a few exceptions, would apply to the 125 million patients within MA organizations, Medicaid managed care plans, Medicaid state agencies, CHIP managed care entities, CHIP agencies operating fee-for-service (FFS) systems and QHPs in the federal exchanges. The proposal is similar to the Blue Button 2.0 initiative, which uses an open API to give private technology developers access to data in a form that can be built into their applications so that patients could have information readily available during a clinical visit. The Blue Button 2.0 API uses the Fast Healthcare Interoperable Resources (FHIR) standard as the format and OAuth 2.0 standard and SMART as the authorization mechanism.
CMS focuses much of its API push on health plans. CMS proposes that the plans implement, test and monitor openly published FHIR-based APIs to make patient claims and other health information available to patients through third-party applications and developers by 2020. At a minimum, the plans would have to exchange the data elements in the United States Core Data for Interoperability (USCDI) standard at an enrollee request. As proposed, plans can place limits on applications that pose an untenable security risk to their systems, consistent with their own security risk assessment and obligations to guard Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
CMS offers the following three policy goals for API attributes: (1) standardization, (2) technical transparency and (3) pro-competitive implementation. CMS is primarily linking its proposed requirements to the FHIR standard and OAuth 2.0 standard and SMART authorization mechanism.
CMS is also proposing to require that payers in CMS programs be able to participate in a trusted exchange network, which verifies the security and identity of participants and lets providers and plans share information regardless of their health IT networks. CMS also proposes to require MA plans, Medicaid, CHIP managed care plans and QHPs on the federal exchange to participate in these networks to improve interoperability. CMS proposes to update the frequency with which states must exchange Medicare and Medicaid data on dually eligible beneficiaries from a monthly to daily basis starting in April 2022. The agency is also seeking input on how to reach greater interoperability on federal-state data for the dual eligible population.
Regarding providers, CMS proposes to update the conditions of participation (CoP) to require facilities to send admit, discharge, transfer (ADT) notices. Providers would have to participate in a trusted health information exchange network, and send notifications to the relevant facilities when a patient is admitted, discharged or transferred to or from a hospital. CMS said such "notifications are a proven tool for improving transitions of care between settings and improving patient safety," but added that "many hospitals have not developed capabilities to send these notifications ... ."
To address information blocking, CMS proposes to publish the names of clinicians and hospitals that have not committed to data sharing or have failed to submit digital contact information to CMS. Information blocking occurs when a person or entity — typically a healthcare provider, IT developer or EHR vendor — knowingly and unreasonably interferes with the exchange and use of electronic health information (EHI), contrary to HIPAA. In addition to payment and policy proposals, the rule includes a Request for Information (RFI) on (1) interoperability and health IT adoption in post-acute care (PAC) settings, and (2) the role of patient matching in interoperability and improved patient care.
ONC Proposed Rule
The ONC 21st Century Cures Act: Interoperability, Information Blocking and the ONC Health IT Certification Program Proposed Rule calls on the healthcare industry to adopt standard APIs based on FHIR standards, which will help EHI be accessed, exchanged and used at no cost without special effort through the use of APIs or successor technology or standards, as provided for under applicable law. Generally, the types of APIs referenced enable data to be read but not written into the system. Any documentation associated with the API must be publicly accessible on the entity's website or another public URL. It cannot be behind a paywall or require account creation, "click-through" agreements or a requirement to provide contact details. Through the APIs, a developer must also provide access to all USCDI data elements of a patient's EHR to the extent permissible under law.
The ONC rule also implements the information blocking provisions of the 21st Century Cures Act. ONC proposes the following seven exceptions to the definition of information blocking: (1) preventing harm; (2) promoting privacy of EHI; (3) promoting security of EHI; (4) recovering the costs reasonably incurred; (5) responding to requests that are infeasible; (6) licensing of interoperability elements on reasonable and non-discriminatory terms; and (7) maintaining and improving health IT performance.
ONC also proposes to establish Conditions and Maintenance of Certification requirements for health IT developers as separate, standalone requirements (i.e., to separate "Conditions of Certification" from "Maintenance of Certification"). ONC proposes to define these conditions as established under the act, and would create the following criterion and requirements under these Conditions: information blocking, assurances, communications, APIs, real-world testing, attestations, EHR reporting criteria submission and enforcement.
Regarding certification criteria, ONC is calling for removal from the 2015 Edition the Common Clinical Data Set definition and replacing it with the USCDI standard. ONC also has developed recommendations for the voluntary certification of health IT for pediatric care that does not include a separate certification program for pediatric care and practice settings. Finally, ONC is seeking comments on what pricing information should be included in EHR data to inject more pricing and cost transparency into the industry.
Hospital Wins Summary Judgment in FCA and Anti-Kickback Case
In United States ex rel. Strubbe v. Crawford Cnty. Mem'l Hosp., No. 18-1022, 2019 WL 512190 (8th Cir. Feb. 11, 2019), the court affirmed dismissal of some claims and entry of summary judgment on others in the defendant's favor of a current and former employee who brought a qui tam action under the False Claims Act (FCA). The relators alleged that the hospital submitted false claims for Medicare reimbursement, made false statements or reports to get fraudulent claims paid, conspired to violate the Anti-Kickback Statute and then retaliated against them. Specifically, the relators alleged that the hospital inappropriately billed for breathing treatments, having paramedics and emergency medical technicians perform laboratory services, misclassifying employees' titles and reporting improper expenses. But the relators did not (1) include any details about the hospital's billing practices, (2) allege that they had personal knowledge of the billing system or submission of false claims, (3) provide any statement of facts on which their beliefs were founded, (4) plead the details of an agreement between defendants or an overt act in furtherance of a conspiracy, or (5) make any allegations connecting the hospital's allegedly fraudulent statements to any claim made to the government. Consequently, the court determined that the relators failed to state a claim under the FCA.
The court also ruled that the hospital's chief executive officer was not subject to individual liability under the FCA for allegedly retaliating against hospital employees for reporting the hospital's billing practices. In addition, the hospital did not violate the FCA anti-retaliation provision by taking adverse employment action against paramedics after they began investigating the hospital's billing practices, absent an allegation that the hospital knew they were taking action in furtherance of a qui tam action or to stop FCA violations. The court concluded that employee complaints to the hospital board and sheriff about "financial wrongdoing" and her investigations into the hospital's finances were not protected activities either, where there was no indication they were made in furtherance of the FCA action or were an effort to stop an FCA violation, and the employee did not connect her concerns about the hospital's financials to fraud, the FCA or any unlawful activity. Last, the court determined that the hospital employee failed to establish that the hospital's decision to remove her from part-time status, effectively terminating her, was motivated solely by her protected activity, as required to establish a retaliation claim under the FCA, where the hospital did not terminate her until four months after learning of the FCA claim, and the hospital stated that its decision was made pursuant to its policy requiring employees to have worked during the prior six months.
To Violate FCA, Labs Must Encourage Medically Unnecessary Tests Rather than Merely Induce Test Referrals
In United States v. Lab. Corp. of Am. Holdings, No. 9:14-cv-3699-RMG, 2019 WL 236799 (D.S.C. Jan. 16, 2019), relators filed a qui tam complaint alleging that LabCorp violated the FCA through several fraudulent schemes impacting government healthcare programs, such as billing for medically unnecessary tests and paying kickbacks to physicians for ordering tests from LabCorp, and that it did so as part of a conspiracy with two other laboratories. In addition to claims under the FCA, relators brought claims under the California Insurance Fraud Prevention Act (CIFPA), Cal. Ins. Code §1871.7 and the Illinois Insurance Claims Fraud Prevention Act (ICFPA), 740 Ill. Comp. Stat. Ann. 92/15, both of which allow interested persons to bring a qui tam suit for fraudulent claims submitted to private insurers. Defendant LabCorp sought the dismissal of most claims brought by the relators.
The court dismissed the relators' claims alleging medically unnecessary tests because the relators merely alleged that LabCorp financially induced doctors to refer tests to LabCorp, but did not allege that LabCorp encouraged specific tests that were medically unnecessary for patients. Similarly, while relators alleged that LabCorp knew that Health Diagnostic Laboratory (HDL) offered above-market draw fees dating back to 2010, they did not allege that LabCorp knew that blood draws provided for the other laboratories were inherently medically unnecessary. The court also granted LabCorp's motion to dismiss the relators' claims under CIFPA and ICFPA because it found that the relators are not "interested persons" under those statutes. Something more than merely being a source of the information or standing to gain from any ultimate recovery is required to qualify as an "interested person" under the statutes. Furthermore, the complaint did not allege that relators have any contacts, were employed, or were in any other way affected by or involved in the submission of allegedly false claims and/or kickback-tainted claims in California or Illinois.
To state a cause of action for conspiracy under the FCA, "[t]he complaint must allege the existence of an agreement to violate the FCA and at least one act performed in furtherance of that agreement." The court held that relators properly pled a conspiracy claim under the FCA with the particularity requirements of Rule 9(b). The complaint included allegations of specific agreements entered into between LabCorp and both Singulex and HDL regarding blood draw services that caused false claims to be submitted. The complaint also alleged that LabCorp knew of the other laboratories' kickback scheme with physicians and continued to draw blood for tests referred to them. By doing so, the complaint also alleged, LabCorp shared the two laboratories' specific intent to submit false claims and/or kickback-tainted claims to government programs.
FCA Retaliation Claim Against Pharmaceutical Company Remanded
In Dhaliwal v. Salix Pharm., Ltd., No. 17-3281-cv, 2019 WL 545202 (2d Cir. Feb. 12, 2019), the court affirmed in part and vacated in part summary judgment granted to the defendants on the plaintiff's retaliation claims under the FCA and remanded for further proceedings consistent with the decision. The plaintiff claimed that she engaged in protected activity when she voiced concerns about particular marketing materials for Solesta, payments for continuing medical education programs, price protection arrangements for Xifaxan and a speaker program known as "Doc-in-a-Box." With respect to the Solesta marketing materials, she claimed a slide presentation "does not set us [i.e., Salix] up for success." The court deemed this insufficient to put Salix on notice that she was raising an FCA-related concern. Likewise, the court ruled that the plaintiff failed to point to anything in the record indicating that she expressed concerns to anyone at Salix that its payment for continuing medical education programs or price protection arrangements for Xifaxan were illegal or could lead to the submission of false claims.
The court reversed as to the last claimed protected activity. The plaintiff telephoned a Salix supervisor to state her concern that an FDA official was in attendance at a Doc-in-a-Box dinner. She said she wanted to raise her concern about the improper marketing activity with a Salix legal/compliance officer, but the supervisor dissuaded her from making the contact by stating that he himself would bring her concern to legal/compliance. The court ruled that a jury could reasonably infer that (1) the reason the plaintiff claimed the Doc-in-a-Box program was "improper" was because it looked like a kickback scheme, and (2) Salix was on notice that the plaintiff was raising a concern that Salix was violating the FCA. The court remanded the case for a causation analysis to determine whether Salix retaliated against the plaintiff on account of her protected activity.
Heightened Pleading Standard Defeats FCA Billing Claim
In United States ex rel. Benaissa v. Trinity Health, No. 4:15-cv-159, 2018 WL 6843624 (D.N.D. Dec. 31, 2018), the district court granted the defendants' motion to dismiss an ex-employee's FCA claim with prejudice. The plaintiff alleged that Trinity Health paid physicians based on the volume and value of referrals they provided and that Trinity Health physicians had a practice of up-coding and providing improper and unnecessary treatment to patients. But the court ruled that the plaintiff failed to satisfy the Eighth Circuit's heightened Rule 9(b) pleading requirements. The court reasoned that Rule 9(b) only can be satisfied when the relator alleges the particular details of a scheme to submit false claims, "paired with a reliable indicia that leads to a strong inference the claims were actually submitted." If such "reliable indicia" is lacking, a motion to dismiss can be overcome if the relator provides representative examples of false claims. The court found that the plaintiff's mere assertion that there existed a fraudulent scheme to provide improper treatments and kickbacks was inadequate in providing reliable indicia. Due to the plaintiff's inability to provide some representative examples of false claims, the court granted Trinity Health's motion to dismiss with prejudice.
FDA Releases New Guidance on Nonbinding Feedback After Device Facility Inspections
On Feb. 19, 2019, the U.S. Food and Drug Administration (FDA) issued draft guidance entitled "Nonbinding Feedback After Certain FDA Inspections of Device Establishments." The guidance, which was required by Section 702 of the FDA Reauthorization Act of 2017, specifically addresses inspections not undertaken "for cause" and provides guidance for how manufacturers may solicit nonbinding feedback on corrective actions resulting from the FDA's observations during the inspections. Final guidance on the issue must be published within a year.
In the past, device companies have been able to request nonbinding feedback on specific corrective actions in response to an FDA inspection. However, there has been no formal pathway or framework for the agency to send nonbinding feedback to a manufacturer to supplement its inspection observations so that it is most helpful and productive to the manufacturer. A request for nonbinding feedback must describe how relevant inspection observations meet one of the following criteria:
- involve a public health priority
- implicate systemic or major actions
- relate to emerging safety issues as determined by FDA
Requests must be made by a manufacturer within 15 business days after the FDA issues its inspection form (known as a Form FDA 483). FDA must respond either with nonbinding feedback or a notice that the requestor is not eligible to receive nonbinding feedback. FDA emphasized that acting on nonbinding feedback from the agency does not preclude future regulatory action by the agency in response to an inspection observation, and that companies can address manufacturing issues in an alternative manner from that stated in its nonbinding feedback.
FDA Announces Plan to Strengthen Dietary Supplement Oversight
FDA Commissioner Scott Gottlieb issued a statement on Feb. 11, 2019, announcing the agency's plan to modernize and reform its oversight of dietary supplements, calling it one of the most significant actions addressing dietary supplements since the passage of the Dietary Supplement Health and Education Act (DSHEA) 25 years ago. Pointing to the dramatic growth of the dietary supplement industry since the enactment of DSHEA, Commissioner Gottlieb stated that FDA's goal is to strike the right balance between ensuring that legitimate supplements are available to consumers and protecting the public from unsafe products. FDA broadly outlined the following five steps it intends to take to further its modernization initiative:
- create a "rapid-response tool" that will allow FDA to more quickly warn the public about unsafe products (currently under development)
- issue guidance and a new compliance policy to encourage dietary supplement manufacturers to file New Dietary Ingredient (NDI) notifications, and hold a public meeting to obtain stakeholder feedback
- increase collaboration with industry partners, including via the Botanical Safety Consortium, a public-private partnership created "to promote scientific advances in evaluating the safety of botanical ingredients and mixtures in dietary supplements"
- engage stakeholders to determine whether additional efforts are necessary to modernize DSHEA, including statutory changes
- continue to take enforcement action against firms marketing unlawful or unsafe products, while developing new enforcement strategies to protect the public health
Concurrently, FDA announced the issuance of 12 warning letters and five advisory letters, highlighting numerous products being sold illegally as dietary supplements, many of which are "unproven new drugs and/or misbranded drugs that claim to prevent, treat, or cure Alzheimer's disease and a number of other serious disease and health conditions." Three of these letters were issued by FDA in conjunction with the Federal Trade Commission (FTC), which has overlapping jurisdiction with regard to web-based product advertising. FTC's mandate is to ensure that consumer advertisements are truthful, not misleading and in the case of certain products such as dietary supplements, backed by reliable scientific evidence. Over the past five years, "FDA has issued more than 40 warning letters ... to companies illegally marketing over 80 products making Alzheimer's disease claims." FDA also has taken enforcement action against companies making similar disease claims for the treatment of cancer and opioid addiction.