Welcome
Welcome to our seventh issue of The Health Record - our healthcare law insights e-newsletter. This will be our final issue of 2024. When we started this publication earlier this year, our goal was to provide our clients, colleagues and friends a monthly breakdown of the top trending healthcare news stories – but also include WHY we felt those stories were important. Our intention was to bring certain issues to the surface so you could be aware of potential future topics, but also be armed with vital legal information to face those challenges and take advantage of those opportunities. Our sincere hope is that we achieved that goal. If you have suggestions for 2025 or know of someone you think should receive this newsletter, simply email us.
In this edition, we take a look at the most impactful development this month – the new Trump administration and what could develop next year; cybersecurity and third-party entities; ghost networks; federal government and billing, retail healthcare, the OCR security assessment, rising costs and impacts; and North Carolina regulations. In this month's Featured Attorney Q&A, we thank all of the attorneys who participated and set goals for next year.
In Spilman news, we are very pleased to announce the firm was named to the 2025 "Best Law Firms" list by Best Lawyers in 71 areas of law throughout the firm’s footprint. The rankings are based on a rigorous assessment process that involved the collection of client and lawyer evaluations, peer review from leading attorneys, and review of additional information provided by law firms. Click here to learn more.
We hope you enjoyed this year of The Health Record and wish you joyous holidays and a prosperous 2025!
Brienne T. Marco
Member, Chair of the Corporate Department, and Co-Editor of The Health Record
and
Joel P. Jones, Jr.
Counsel and Co-Editor of The Health Record
| |
“Trump has not been vocal about healthcare policies but indicated that RFK Jr will have a big influence on the sector.”
Why this is important: In the wake of Donald Trump’s second election as President, he appointed Robert Kennedy, Jr. as the head of the Health and Human Services Department, with control over the Center for Disease Control and the U.S. Food and Drug Administration. It remains to be seen what RFK, Jr.’s imprint will be on healthcare in the U.S., but given his views on vaccines, his oversight of the CDC is likely to bring changes in how vaccines are mandated. His oversight of the FDA may also bring changes to the types of drugs we use. Among the most controversial is abortion medication. Trump has also campaigned on making changes to the Affordable Care Act, which he tried unsuccessfully to rescind during his first term. He may look to make changes to that program as well. --- Bryan S. Neft
| |
“Hospitals didn't have Change Healthcare on their radar as a risk when the ransomware attack affected them, says John Riggi.”
Why this is important: The risks of a cybersecurity attack on a hospital go much further than financial and reputational harm; a cyberattack on a hospital can also impact patient wellbeing. This article reports that a majority of a hospital’s cybersecurity risk arises from attacks on third parties with whom the hospital does business, not within the hospital’s four walls. Although attacks on hospitals and third parties are inevitable, a hospital can better prepare for an attack on one of its vendors with a little planning, including thorough diligence on the vendor’s security and privacy policies and procedures and negotiation of a robust business associate agreement. --- Brienne T. Marco
| |
“The 5th Circuit Court of Appeals sided with the federal government’s original interpretation of the No Surprises Act in determining how a key metric in billing disputes is calculated.”
Why this is important: This article discusses the recent 5th Circuit Court of Appeals ruling that impacts the No Surprises Act. The No Surprises Act regulates the reimbursement rates/disputes for out-of-network services by providers. The Act has been challenged several times in the past two years impacting the dispute resolution process used by insurers and providers. The recent ruling by the 5th Circuit Court of Appeals has paved the way for insurers to have the upper hand in using lower rates in the dispute resolution process, thereby lowering the reimbursement amounts providers are to receive for certain services for out-of-network care. This could have a negative economic impact on providers as they could see lower amounts for services rendered. Stay tuned, as time will tell the true impact this ruling will have on the medical field nationwide. --- Matthew W. Georgitis
| |
“Healthcare must be more than a transactional experience.”
Why this is important: The retail industry’s recent entry into healthcare quickly gathered momentum and fostered hopes of improving and transforming primary care delivery. After an initial wave of enthusiasm among consumers and healthcare insiders, it became clear that the advantages of retail healthcare were overshadowed by larger structural and industry-specific issues.
Retail giants, including Walmart, Walgreens, CVS, Kroger, and Amazon, entered the U.S. healthcare space and the trend took off quickly, with promises of quick, accessible and affordable primary care. However, the transaction-based service model employed by these retail players did not mesh well with the traditional continuous care models provided by traditional healthcare systems. The retailers were also generally unprepared to integrate retail on-site care with telehealth and other modes, which meant that retail healthcare was concentrated where stores were located, primarily in highly populated and urban areas. This left the most underserved rural communities to continue to be lacking in care options. Amazon, the most significant retailer without a physical presence, focused on prescription delivery and telehealth, while the big-box brick and mortar retailers followed their own store-based models.
The lack of the retailers’ ability to address healthcare needs in a practical and effective way has caused retail healthcare to struggle. Walmart recently closed all 51 of its health centers, Walgreens announced plans to close 1,200 locations, and CVS has scaled back on its primary care expansion plans.
While retail has some advantages over traditional healthcare including convenience, cost and accessibility, such advantages cannot overcome the need for lasting patient relationships to allow for coordinated care and long-term health outcomes. The downward trend in popularity of retail-based primary care makes it clear that if retail is to continue to operate and succeed in the healthcare space, it must make healthcare a core part of its business and devote proper resources to developing patient relationships, coordinated care, and off-site accessibility. This likely would necessitate partnerships with established healthcare systems, which can fill the gaps of long-term personalized care, while still providing the conveniences of retail availability. --- Anthony L. Huber
| |
“Hacking incidents and ransomware attacks continue to increase within the healthcare and public health sector but in many cases, these attacks could have been prevented by conducting a comprehensive and accurate risk analysis and addressing the identified risks.”
Why this is important: The Security Management Standard of the HIPAA Security Rule, and more particularly its risk analysis implementation specification, is an active enforcement initiative of the Department of Health and Human Services Office for Civil Rights (OCR). HIPAA requires that covered entities and business associates conduct a risk assessment of their organization to ensure compliance with administrative, physical, and technical safeguards and to learn where protected health information could be at risk. To support HIPAA-regulated entities’ compliance with the HIPAA Security Rule, OCR and the Office of the National Coordinator for Health Information Technology (ONC) have recently released a new version of their Security Risk Assessment (SRA) Tool, a desktop application that walks users through a security risk assessment. Because the healthcare sector continues to be a prime target of cyberattacks, the SRA Tool is aimed at helping entities identify risks and vulnerabilities before they are manipulated by cyber criminals to access healthcare networks and patient data. According to the ONC, the target audience for the SRA Tool is small to medium providers. As this article highlights, the updated SRA Tool, which is available on the official website of the ONC, includes enhanced guidance and instructions, content on supply chain risks, and mitigation strategies. --- Erin Jones Adams
| |
“Employers’ biggest concern is higher drug costs, according to the National Alliance of Healthcare Purchaser Coalitions report.”
Why this is important: Companies are facing increased anxiety about rising healthcare costs. A recent poll from the National Alliance of Healthcare Purchaser Coalitions (NAHPC) revealed that employers expect spending on healthcare benefits to increase by 8 percent to 9 percent in 2025. One respondent summarized the general feeling that “it’s not just about cost control anymore; it’s about survival.”
Respondents pointed to increasing drug prices, high-cost claims, and hospital prices as the main drivers of increasing costs. Almost all of the employers surveyed pointed to rising drug prices as a significant threat to the affordability of healthcare.
The high price of GLP-1s significantly contributes to the increased cost of pharmaceuticals. GLP-1s, such as the popular brand Ozempic, are traditionally used to treat diabetes but are gaining popularity for weight loss and other conditions. The high price of GLP-1s leads companies to consider whether they should cover the drugs. Around 46 percent of respondents currently cover GLP-1s for obesity, and another 21 percent are considering coverage in the next three years. Of these employers, many are considering mitigating the cost of GLP-1 coverage by limiting access to specific populations, tying coverage to lifestyle changes, or covering copycat drugs.
As employers look for ways to cut healthcare costs, companies are considering measures such as changing pharmacy benefit managers, carving out prior authorization, purchasing drugs through nontraditional channels, and directly contracting with providers. Even still, most employers believe that rising healthcare costs will impact wage and salary increases and may require employers to shift more of the cost of healthcare onto employees.
Employers expect healthcare costs to increase over the next year, leading companies to search for ways to manage the increasing cost of employee benefits. Companies are considering various methods to manage healthcare costs, including shifting costs to employees, limiting drug coverage, changing pharmacy benefit managers, and purchasing drugs through nontraditional means. --- Arianna P. Webb
| |
“Class action finds ‘staggering’ cases of people struggling to find mental health care coinciding with mental health crisis.”
Why this is important: A number of national healthcare providers have been accused of running “ghost networks” of mental health practitioners that don’t really offer care to the plans’ patients. Recently, patients brought a class action case against Anthem Blue Cross Blue Shield of New York alleging that its network of mental health providers was so narrow that the patients were unable to secure treatment. The complaint alleges that patients contacted 100 providers but were only able to make appointments with seven. Some no longer accepted insurance and others did not accept new patients. The case alleges violations of the mental health parity law that requires mental health to be covered the same as physical health. Much of the blame may go to the carriers themselves which inadequately reimburse providers and allow them to claw back payments without notice. Until the issue is resolved, patients are at risk of being unable to find adequate mental healthcare. --- Bryan S. Neft
| |
“A N.C. Supreme Court decision has the potential to upend the state’s certificate of need regulations, which govern how health care facilities and services get allocated.”
Why this is important: A landmark legal challenge seeking to overturn North Carolina's Certificate of Need (CON) law could fundamentally reshape how healthcare facilities are regulated in the state, which has the potential of expanding or reducing costs and access to healthcare.
The challenge comes from Dr. Jay Singleton, an ophthalmologist in New Bern, whose lawsuit filed in April 2020 recently received a unanimous ruling from the North Carolina Supreme Court ordering the case back to a three-judge panel to evaluate the law's constitutionality. The Court's October 18, 2024 decision noted that Singleton's complaint "contains allegations that, if proven, could render the Certificate of Need law unconstitutional in all its applications," suggesting potential far-reaching implications for healthcare delivery across the state.
According to the lawsuit, the current CON system prevented Singleton from offering outpatient surgeries at his facility despite being just two miles from CarolinaEast Hospital, where he must perform most procedures. The North Carolina Healthcare Association defends the law, arguing it ensures access to care for underserved populations and helps hospitals balance losses from essential services with profitable procedures -- highlighting Texas as an example where the state saw a spike in the number of its rural acute care hospitals closing after repeal of its CON law. However, economic research, including a 2020 study by Duke University economist Chris Conover, suggests CON laws may cost hundreds of millions annually nationwide.
In 2023, as part of Medicaid expansion negotiations, North Carolina made its most significant updates to the CON law since the 1970s. Several hospitals compromised on the Medicaid expansion plan by agreeing to make several changes to the CON law. Furthermore, NC Healthcare Association agreed to allow certain mental health facilities to expand without obtaining certificates of need and increased opportunities for ambulatory surgical centers. As the case returns to the lower court, it could take several years before there is a final resolution on the constitutionality of North Carolina's CON law and its implications for healthcare delivery across the state. --- Hikmat N. Al-Chami
| |
The Corporate Transparency Act: Deadline Approaching | |
By Brienne T. Marco
Before we know it, 2024 will be coming to a close. As we approach the end of the year, we want to remind you of an important upcoming deadline under the Corporate Transparency Act. Companies formed before January 1, 2024 must file their initial beneficial owner report no later than December 31, 2024.
As a reminder, the Corporate Transparency Act requires some businesses to submit information to the Financial Crimes Enforcement Network (FinCEN) about the beneficial owners of the business. For more information about who is required to file a report, who is considered a beneficial owner, and what information must be reported, please see our prior update on this topic, which can be found here or FinCEN’s FAQs, which can be found here.
If your company was formed before January 1, 2024, your initial report is due by December 31, 2024. If your company was formed between January 1, 2024 and December 31, 2024, your initial report is due within 90 calendar days of the date the entity is formed. Companies formed on or after January 1, 2025, will have 30 calendar days from their formation to file their reports.
If you have not already done so, we encourage you to determine whether your company is required to file a beneficial owner report. If you are required to file a report, we encourage you to begin collecting the information needed to make the submission. Please contact us if you have any questions about your reporting obligations or would like assistance with filing your initial beneficial owner report.
| |
Featured Attorneys Questions & Answers | |
This year, we took some time to introduce you to our large healthcare law team. We highlighted an attorney in each issue by asking them a healthcare-related question. We hope their responses were insightful for you. | |
Spilman has more than 35 attorneys who practice in healthcare law and many more in related areas. Our goal is to staff appropriately, giving you the best possible team of professionals who can navigate the myriad of issues facing the healthcare industry. Areas covered include:
- Corporate transactions in the healthcare space, including mergers, acquisitions, dispositions, corporate reorganizations and formation of health systems
- The formation, development and operation of integrated delivery systems, managed care organizations, medical corporations and management services organizations
- Defense of hospitals and individuals in civil and criminal litigation matters, including employment litigation, medical malpractice actions, and government investigations
- Advising, assisting, and litigating issues concerning the revocation of physician Medicare privileges by the Centers for Medicare & Medicaid Services
- Counseling clients on structuring transactions and relationships to comply with federal Medicare and Medicaid fraud and abuse laws and regulations, including the Stark Law, the Anti-Kickback Law, and the False Claims Act
- Guidance on other issues such as bankruptcy, healthcare contracts, corporate law (including corporate governance), employment law, EMTALA, Health Care Quality Improvement Act, academic medical centers, teaching hospitals, HIPAA compliance, integrated delivery systems, telemedicine, internal investigations, licensure and credentialing, regulatory matters, certificate of need proceedings, joint ventures, labor law, managed care, medical staff issues, nonprofit hospitals and other nonprofit health care businesses, and reimbursement issues
To recap our Featured Attorney Q&A section this year, our topics included:
Did we cover topics you find interesting? Is there a question or issue you would like to see covered? Email us! We are happy to look into a variety of topics.
| |
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.
Responsible Attorney: Michael J. Basile, 800-967-8251
| | | | |