In the wake of last week’s Supreme Court decision granting a TRO in favor of a fiscal intermediary, All American Homecare, many providers are questioning whether or not they have obligations to disclose their personal assistant and consumer information to PPL or any of the number of managed care organizations that have been requesting this information as part of the single statewide FI (“SFI”) transition. In this article, we provide our take on this important question.
Category: Premium Articles
OCR Proposes Major Changes to Strengthen HIPAA Security Rule
The U.S. Department of Health & Human Services Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (Proposed Rule) aiming to strengthen cybersecurity protections and better defend against large-scale data breaches involving patient health information (PHI). The comment period will close on March 7, 2025 (60 days after the Proposed Rule was published in the Federal Register).
$68 Million CDPAP Fraud Indictment Unsealed Amidst Ongoing Criticism and Changes to CDPAP
On October 9, 2024, the United States Attorney’s office in the Eastern District of New York unsealed an indictment, that had charged 8 defendants for their alleged roles in a scheme to defraud Medicaid of approximately $68 million through the operation of two social adult day cares and a CDPAP fiscal intermediary that were paying kickbacks and bribes for services that were not provided.
HHS Imposes Penalty for Violations of HIPAA Privacy Rule and Security Rule
On December 5, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a civil penalty of $548,265 against Children’s Hospital Colorado for violations of the HIPAA Privacy and Security Rules. These violations stemmed from security breaches in 2017 and 2020, linked to email phishing and cyberattacks. The investigation found that one breach occurred when multi-factor authentication was disabled on an email account, exposing 3,370 individuals’ Protected Health Information (PHI). The second breach involved three email accounts compromised by unknown third parties, affecting 10,840 individuals’ PHI.
NYS Department of Health Announces New Funding Opportunities: RFA #20422, Direct Caregiver Flexibility
On December 3, 2024, the NYS Department of Health (DOH) released the Request for Applications #20422 (RFA) direct caregiver flexibility grant from DOH. The intent of this RFA is to fund up to $19,000,000 per year for five (5) years for Direct Caregiver Training Centers along with the Direct Caregiver Support Hub component to support the training program. The grant seeks to create a more uniform and centralized “training and support system” for direct care workers—Personal Care Aides (“PCAs”), Home Health Aides (“HHAs”), and Certified Nursing Assistants (“CNAs”). Training Centers are intended to serve as a regional hub for direct caregiver training opportunities that develops a pipeline of individuals trained and able to work in direct care jobs. Per the RFA, the DOH is seeking the establishment of at least one (1) Direct Care Training Center in each of the 10 Economic Development Regions of New York State.
Generative AI and the Applicability of the Fair Credit Reporting Act
The Consumer Financial Protection Board (CFPB) recently issued guidance (found here and here) seeking to protect workers from unchecked digital tracking and opaque decision-making systems. The guidance serves as a reminder to employers that certain decision-making tools and resources including tracking devices and AI algorithmic services used for employment purposes must follow Fair Credit Reporting Act (FCRA) rules.
DOL Proposes Rule to Phase Out Program Allowing Employers to Pay Disabled Employees Less than the Federal Minimum Wage
On December 3, 2024, the U.S. Department of Labor (DOL) announced a proposed rule that would end employers’ ability to pay disabled employees less than the federal minimum wage, which is currently $7.25/hour. Currently, under Section 14(c) of the Fair Labor Standards Act (FLSA), employers can obtain a certificate from the DOL’s Wage and Hour Division authorizing them to pay disabled employees less than the federal minimum wage if the employee’s “productive capacity” is impaired by their physical or mental disability, and only if such certificate is necessary to prevent the curtailment of opportunities for employment.
NYS Department of Health Provides Overview of Compliance Process for MLTC Plans Regarding SADC HCBS Compliance
On December 10, 2024, the NYS Department of Health (“DOH”) held a 90-minute webinar titled “Overview for Manage Long Term Care (MLTC) Plans: Social Adult Day Care (SADC Home and Community Based Services (HCBS) Compliance Process.”
OIG Releases Special Fraud Alert About Suspect Payments in Marketing Arrangements Related to Medicare Advantage and Providers
On Dec. 11, 2024, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) issued a Special Fraud Alert (the “Alert”) related to certain fraud and abuse risks associated with marketing arrangements between Medicare Advantage Organizations (“MAOs”) and health care professionals (“HCPs”), as well as arrangements between HCPs and agents and brokers for Medicare Advantage (“MA”) plans. The Alert addresses marketing practices that could violate federal anti-kickback statutes and other healthcare fraud regulations.
FTC Announces Action Against No-Hire Provisions Used by Building Services Contractor
On December 4, 2024, the Federal Trade Commission (“FTC”) ordered building services contractor Guardian Industries, Inc. (“Guardian”) to cease enforcement of no-hire provisions it included in customer service agreements, prohibiting the hire of Guardian’s employees.